CN110474922A - A kind of communication means, PC system and access control router - Google Patents
A kind of communication means, PC system and access control router Download PDFInfo
- Publication number
- CN110474922A CN110474922A CN201910823389.2A CN201910823389A CN110474922A CN 110474922 A CN110474922 A CN 110474922A CN 201910823389 A CN201910823389 A CN 201910823389A CN 110474922 A CN110474922 A CN 110474922A
- Authority
- CN
- China
- Prior art keywords
- address
- message
- outer layer
- data
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application discloses a kind of communication means, PC system and access control routers.PC system sends the first request of data message to access control router in this method, first request of data message is used for intranet server request data, and the first request of data message includes outer layer IP address requesting, internal layer IP address requesting, the first heading and data request information;Receive the first data answering message that access control router is sent according to the first request of data message;First data answering message includes outer layer response IP address, internal layer response IP address, the second heading and reply data.Compared with prior art, the method achieve access control router be not pc client issue distribution IP address in the case where data message communication, improve communication efficiency.
Description
Technical field
This application involves field of communication technology more particularly to a kind of communication means, PC system and access control router.
Background technique
Network address translation (Network Address Translation, NAT) belongs to access wide area network (Wide Area
Network, WAN) technology is a kind of switch technology for converting one group of IP address to another group of IP address, it is widely used
In various types Internet access way and various types of networks.
Terminal inside private network, after local ip address is assigned such as PC machine, when user wants the PC visitor by PC machine
Family end, such as browser, when accessing the destination server on internet, access control router is receiving pc client transmission
It after authentication request packet, first checks for whether the user had authenticated, if also unverified, the user is just redirected to certification system
The certification page of system is authenticated, and after user's input account verification passes through, access control router is that the pc client distributes mesh
The IP address of server belonging network is marked, that is, the access authority of pc client access target server is provided.Pc client incite somebody to action this
Ground IP address is converted into the IP address of distribution and the communication of destination server progress data message.
However, pc client, which only has the IP address for carrying distribution to be just able to achieve, completes the logical of data message with destination server
Letter, if pc client certification passes through, but access control router is not the IP address that pc client issues distribution, then PC visitor
Family end and destination server will not can be carried out the communication of data message, reduce communication efficiency.
Summary of the invention
The embodiment of the present application provides a kind of communication means, PC system and access control router, solves the prior art and exists
Access control router is not that can not achieve asking for data message communication in the case that pc client issues the IP address of distribution
Topic, improves communication efficiency.
In a first aspect, providing a kind of communication means, this method may include:
The first request of data message is sent to access control router in PC system, the first request of data message is used for
To intranet server request data, the first request of data message includes outer layer IP address requesting, internal layer IP address requesting,
One heading and data request information;Wherein, the outer layer IP address requesting includes the first source IP address of outer layer and outer layer first
Purpose IP address, the internal layer IP address requesting include the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
The PC system receives the first number that the access control router is sent according to the first request of data message
According to response message;The first data answering message include outer layer response IP address, internal layer response IP address, the second heading and
Reply data;Wherein, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, described
Internal layer response IP address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address.
One it is optional realize, if PC system there are the IP address of internal network that the access control router distributes,
The first source IP address of the outer layer in the first request of data message is the IP address of PC system, first purpose of outer layer
IP address is the IP address of the access control router;First source IP address of internal layer is the IP address of internal network, described
The first purpose IP address of internal layer is the IP address of the intranet server;
The second source IP address of the outer layer in the first data answering message is the IP of the access control router
Address, second purpose IP address of outer layer are the IP address of the PC system;Second source IP address of internal layer is in described
The IP address of network server, second purpose IP address of internal layer are the IP address of internal network.
It is described if the PC system includes pc client and do not include that private connects router in an optional realization
The IP address of PC system is the IP address of the client;
If the PC system includes the pc client and when private connects router, first source IP address of outer layer is institute
The private IP address for connecing router is stated, first source IP address of internal layer is the IP address of the pc client, the outer layer second
Purpose IP address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
In an optional realization, when the PC system includes the pc client and private connects router, PC system
The first request of data message is sent to access control router, comprising:
The pc client connects router to the private and sends initial data requests message, the initial data requests message
Including initial outer layer IP address requesting, initial internal layer IP address requesting, initial heading and the data request information;
The private connects router using network address translation rule, carries out weight to the received initial data requests message
After new encapsulation obtains the first request of data message, Xiang Suoshu access control router sends the first request of data report
Text;Wherein, the initial outer layer IP address requesting includes initial the first source IP address of outer layer and initial outer layer the first destination IP
Location;The initial internal layer IP address requesting includes the first purpose IP address of initial the first source IP address of internal layer and initial internal layer;
If the IP address of internal network of access control router distribution, initial first source of outer layer is not present in PC system
IP address is the IP address of the pc client, and initial first purpose IP address of outer layer is the access control router
IP address;First source IP address of initial internal layer is the IP address of the pc client, initial first destination IP of internal layer
Address is the IP address of intranet server;
The PC system receives the first number that the access control router is sent according to the first request of data message
According to response message, comprising:
The pc client reception private connects router and uses network address translation rule, the access to receiving
What control router obtained after being Resealed according to the first data answering message that first data request information is sent
Target data response message;
The target data response message includes target outer layer response IP address, target internal layer response IP address and described answers
Answer evidence;Wherein, the target outer layer response IP address includes the second purpose of the second source IP address of target outer layer and target outer layer
IP address, the target internal layer response IP address include the second source IP address of target internal layer and target internal layer the second destination IP
Location;
If the IP address of internal network of access control router distribution, the second source IP of target outer layer is not present in pc client
Address is the IP address of the access control router, and target outer layer the second purpose IP address is the IP of the pc client
Location, second source IP address of target internal layer are the IP address of the intranet server, and the second purpose IP address of target internal layer is
The IP address of the pc client.
One it is optional realize, if pc client there are the IP address of internal network that the access control router distributes,
Then initial first source IP address of outer layer in the initial data requests message is the IP address of the pc client, described
Initial the first purpose IP address of outer layer is the IP address of the access control router;First source IP address of initial internal layer is
The IP address of internal network, initial first purpose IP address of internal layer are the IP address of the intranet server;
The second source IP address of target outer layer in the target data response message is the IP of the access control router
Address, the second purpose IP address of target outer layer are the IP address of the pc client, and the second source IP address of target internal layer is described
The IP address of intranet server, the second purpose IP address of target internal layer are the IP address of internal network.
In an optional realization, the method also includes:
The PC system sends control request message to the access control router;
Wherein, the control request message includes control IP address requesting, control heading and controls solicited message, described
The IP address that the source IP address in IP address requesting is the PC system is controlled, the destination IP in the control IP address requesting
Location is the IP address of the access control router;
The PC system receives the control response report that the access control router is sent according to the control solicited message
Text;
Wherein, the control response message includes control response message and control response IP address;Wherein, the control is answered
Answer the IP address that the source IP address in IP address is the access control router, the destination IP in the control response IP address
Address is the IP address of the PC system.
In an optional realization, when the PC system includes the pc client and private connects router, the PC
System sends control request message to access control router, comprising:
The pc client connects router to the private and sends initial control request message;
The private connects router using network address translation rule, carries out weight to the received initial control request message
New encapsulation obtains the control request message, and sends the control request message to the access control router;
Wherein, the initial control request message includes initial control IP address requesting and the control solicited message;Its
In, the source IP address in the initial control IP address requesting is the IP address of the pc client, the initial control request
Purpose IP address in IP address is the IP address of the access controller;
The PC system receives the control response report that the access control router is sent according to the control solicited message
Text, comprising:
The private connect router receive the access control router according to it is described control solicited message send control answer
Answer message;
The private connects router using network address translation rule, to the access control router received according to institute
State the target control response message obtained after the control response message that control solicited message is sent is Resealed;The target
Controlling response message includes the control response message and target control response IP address;
The pc client receives the target control response message;
Wherein, the source IP address in the target control response IP address is the IP address of the access control router,
Purpose IP address in the target control response IP address is the IP address of the pc client.
Second aspect, provides a kind of communication means, and this method may include:
Access control router receives the first request of data message sent in PC system, the first request of data message
For to intranet server request data, the first request of data message includes outer layer IP address requesting, internal layer request IP
Location, heading and data request information;Wherein, the outer layer IP address requesting includes the first source IP address of outer layer and outer layer first
Purpose IP address, the internal layer IP address requesting include the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
The access control router Reseals the first request of data message, obtains the second request of data
Message;The second request of data message includes IP address requesting, the second heading and data request information, wherein described to ask
Seeking the source IP address in IP address is the IP address of internal network, and the destination address in the IP address requesting is intranet server
IP address;
The access control router sends the second request of data message to the intranet server;
The access control router receives that the intranet server is sent according to the second request of data message
Two data answering messages;The second data answering message includes response IP address and reply data, wherein the response IP
Source IP address in location is the IP address of the intranet server, the purpose IP address in the response IP address is Intranet IP
Location;
The access control router uses network address translation rule, carries out again to the second data answering message
Encapsulation, obtains the first data answering message;The first data answering message includes outer layer response IP address, internal layer response IP
Location and reply data;Wherein, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer,
The internal layer response IP address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address;
The access control router sends the first data answering message to the pc client.
One it is optional realize, if PC system there are the IP address of internal network that the access control router distributes,
The first source IP address of the outer layer in the first request of data message is the IP address of the PC system, the outer layer first
Purpose IP address is the IP address of the access control router;First source IP address of internal layer is the IP address of internal network,
First purpose IP address of internal layer is the IP address of the intranet server;
The second source IP address of the outer layer in the first data answering message is the IP of the access control router
Address, second purpose IP address of outer layer are the IP address of the PC system;Second source IP address of internal layer is in described
The IP address of network server, second purpose IP address of internal layer are the IP address of internal network.
It is described if the PC system includes pc client and do not include that private connects router in an optional realization
The IP address of PC system is the IP address of the client;
If the PC system includes the pc client and when private connects router, first source IP address of outer layer is institute
The private IP address for connecing router is stated, first source IP address of internal layer is the IP address of the pc client, the outer layer second
Purpose IP address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
It is described to connect when the PC system includes the pc client and private connects router in an optional realization
Enter to control router and receive the first request of data message that PC system is sent, comprising:
The access control router receives the first request of data message that private connects router transmission, and first data are asked
Seeking message is the initial data requests message that the private connects that router receives the pc client transmission, and using network address turn
Rule is changed, is obtained after being Resealed to the initial data requests message;The initial data requests message includes just
Beginning outer layer IP address requesting, initial internal layer IP address requesting, initial heading and the data request information;
Wherein, the initial outer layer IP address requesting includes the first purpose of initial the first source IP address of outer layer and initial outer layer
IP address;First IP address requesting of initial internal layer includes the first destination IP of initial the first source IP address of internal layer and initial internal layer
Address;
If the IP address of internal network of access control router distribution, the initial outer layer first is not present in pc client
Source IP address is the IP address of the pc client, and initial first purpose IP address of outer layer is the access control router
IP address;First source IP address of initial internal layer is the IP address of the pc client, initial first purpose of internal layer
IP address is the IP address of intranet server;
The access control router sends the first data answering message to the PC system, comprising:
The access control router connects router to the private and sends the first data answering message, so that the private
It connects router and uses network address translation rule, the target data Resealed to the first data answering message
Response message, and the target data response message is sent to the pc client;The target data response message includes mesh
Mark outer layer response IP address, target internal layer response IP address and the reply data;
Wherein, the target outer layer response IP address includes the second purpose of the second source IP address of target outer layer and target outer layer
IP address, the target internal layer response IP address include the second source IP address of target internal layer and target internal layer the second destination IP
Location;
If the IP address of internal network of access control router distribution, the second source IP of target outer layer is not present in pc client
Address is the IP address of the access control router, and target outer layer the second purpose IP address is the IP of the pc client
Location, second source IP address of target internal layer are the IP address of the intranet server, and the second purpose IP address of target internal layer is
The IP address of the pc client.
One it is optional realize, if pc client there are the IP address of internal network that the access control router distributes,
Then initial first source IP address of outer layer in the initial data requests message is the IP address of the pc client, described
Initial the first purpose IP address of outer layer is the IP address of the access control router;First source IP address of initial internal layer is
The IP address of internal network, initial first purpose IP address of internal layer are the IP address of the intranet server;
The second source IP address of target outer layer in the target data response message is the IP of the access control router
Address, the second purpose IP address of target outer layer are the IP address of the pc client, and the second source IP address of target internal layer is described
The IP address of intranet server, the second purpose IP address of target internal layer are the IP address of internal network.
In an optional realization, the method also includes:
The access control router receives the control request message that the PC system is sent, the control request message packet
Control IP address requesting and control solicited message are included, the source IP address in the control IP address requesting is the IP of the PC system
Address, the purpose IP address controlled in IP address requesting are the IP address of the access control router;
The access control router generates control response message, the control response according to the control solicited message
Message includes control response message and control response IP address;Wherein, the source IP address in the control response IP address is institute
State the IP address of access control router, the purpose IP address in the control response IP address is the IP of the PC system
Location;
The access control router sends the control response message to the pc client.
It is described to connect when the PC system includes the pc client and private connects router in an optional realization
Enter to control router and receive the control request message that the pc client is sent, comprising:
The access control router receives the private and connects router using network address translation rule, to the PC client
The control request message that the initial control request message that end is sent is Resealed;The initial control request report
Text includes initial control IP address requesting and the control solicited message;
Wherein, the source IP address in the initial control IP address requesting is the IP address of the pc client, described first
Beginning to control the purpose IP address in IP address requesting is the IP address that the private connects router, so that the private connects router use
Network address translation rule Reseals the received initial control request message, obtains the control request report
Text, and the control request message is sent to the access control router;
The access control router sends the control response message to the PC system, comprising:
The access control router connects router to the private and sends the control response message, so that the road Si Jie
Institute is sent to the pc client after being Resealed to obtain target control response message to the control response message from device
State target control response message;The target control response message includes the control response message and target control response IP
Location;
Wherein, the source IP address in the target control response IP address is the IP address of the access control router,
Purpose IP address in the target control response IP address is the IP address of the pc client.
The third aspect provides a kind of PC system, which may include: transmission unit and receiving unit;
The transmission unit, for sending the first request of data message to access control router, first data are asked
Ask message for intranet server request data, the first request of data message includes that outer layer IP address requesting, internal layer are asked
Ask IP address, the first heading and data request information;Wherein, the outer layer IP address requesting includes the first source IP address of outer layer
With the first purpose IP address of outer layer, the internal layer IP address requesting includes the first source IP address of internal layer and internal layer the first destination IP
Location;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
The receiving unit is sent according to the first request of data message for receiving the access control router
First data answering message;The first data answering message includes outer layer response IP address, internal layer response IP address, the second report
Literary head and reply data;Wherein, the outer layer response IP address includes the second source IP address of outer layer and outer layer the second destination IP
Location, the internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address.
Fourth aspect provides a kind of access control router, the access control router may include: receiving unit,
Encapsulation unit and transmission unit;
The receiving unit receives the first request of data message that PC system is sent for access control router, described
First request of data message is used for intranet server request data, and the first request of data message includes outer layer request IP
Location, internal layer IP address requesting, heading and data request information;Wherein, the outer layer IP address requesting includes the first source of outer layer
The first purpose IP address of IP address and outer layer, the internal layer IP address requesting include the first mesh of the first source IP address of internal layer and internal layer
IP address;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
The encapsulation unit obtains the second request of data for Resealing to the first request of data message
Message;The second request of data message includes IP address requesting, the second heading and data request information, wherein described to ask
Seeking the source IP address in IP address is the IP address of internal network, and the destination address in the IP address requesting is intranet server
IP address;
The transmission unit, for sending the second request of data message to the intranet server;
The receiving unit is also used to receive the intranet server is sent according to the second request of data message
Two data answering messages;The second data answering message includes response IP address and reply data, wherein the response IP
Source IP address in location is the IP address of the intranet server, the purpose IP address in the response IP address is Intranet IP
Location;
The encapsulation unit, is also used to using network address translation rule, carries out weight to the second data answering message
New encapsulation, obtains the first data answering message;The first data answering message includes outer layer response IP address, internal layer response IP
Address and reply data;Wherein, the outer layer response IP address includes the second source IP address of outer layer and outer layer the second destination IP
Location, the internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address;
The transmission unit is also used to send the first data answering message to the PC system.
5th aspect, provides a kind of communication system, and the communication system includes PC system described in the third aspect and the
Access control router described in four aspects.
6th aspect, provides a kind of electronic equipment, which includes processor, communication interface, memory and lead to
Believe bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any side in above-mentioned first aspect
The upper method and step of any one of method step or above-mentioned second aspect.
7th aspect, provides a kind of computer readable storage medium, meter is stored in the computer readable storage medium
Calculation machine program, the computer program realized when being executed by processor in above-mentioned first aspect any method and step or on
State any method and step in second aspect.
The method that the above embodiment of the present invention provides sends the first request of data to access control router by PC system
Message, the first request of data message are used for intranet server request data, and the first request of data message includes outer layer request IP
Address, internal layer IP address requesting, the first heading and data request information;Wherein, outer layer IP address requesting includes outer layer first
The first purpose IP address of source IP address and outer layer, internal layer IP address requesting include the first purpose of the first source IP address of internal layer and internal layer
IP address;If the IP address of internal network of access control router distribution is not present in PC system, the first source IP address of outer layer is PC system
The IP address of system, the first purpose IP address of outer layer are the IP address of access control router;The first source IP address of internal layer is PC system
The IP address of system, the first purpose IP address of internal layer are the IP address of intranet server;Access control router is received according to first
The first data answering message that request of data message is sent;First data answering message includes that outer layer response IP address, internal layer are answered
Answer IP address, the second heading and reply data;Wherein, outer layer response IP address includes the second source IP address of outer layer and outer layer
Two purpose IP address, internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;If PC system
There is no the IP address of internal network of access control router distribution, then outer layer the second source IP address is the IP of access control router
Location, the second purpose IP address of outer layer are the IP address of PC system;The second source IP address of internal layer is the IP address of intranet server, interior
The second purpose IP address of layer is the IP address of PC system end.Compared with prior art, this method passes through in the outer of former message structure
Layer encapsulates default IP structure, i.e. change message structure, and realizing in access control router is not that pc client issues Intranet
The communication of data message, improves communication efficiency in the case where IP address.
Detailed description of the invention
Fig. 1 is a kind of system architecture schematic diagram of communication means application provided in an embodiment of the present invention;
Fig. 2 is the structural schematic diagram of PC system in Fig. 1;
Fig. 3 is a kind of flow diagram of communication means provided in an embodiment of the present invention;
Fig. 4 A is a kind of message structure schematic diagram for controlling request message provided in an embodiment of the present invention;
Fig. 4 B is the structural schematic diagram that solicited message is controlled in Fig. 4 A;
Fig. 4 C is that the structural schematic diagram that information is extended in solicited message is controlled in Fig. 4 A;
Fig. 4 D is a kind of structural schematic diagram extended in information including MAC Address;
Fig. 4 E is a kind of structural schematic diagram extended in information including encrypted public key;
Fig. 4 F is a kind of structural schematic diagram extended in information including user name;
Fig. 4 G is a kind of structural schematic diagram extended in information including password;
Fig. 4 H is a kind of structural schematic diagram extended in information including IP address of internal network;
Fig. 5 is a kind of communication means of registration request message provided in an embodiment of the present invention;
Fig. 6 is a kind of communication means of authentication request packet provided in an embodiment of the present invention;
Fig. 7 is a kind of communication means of keep-alive request message provided in an embodiment of the present invention;
Fig. 8 is a kind of flow diagram of communication means provided in an embodiment of the present invention;
Fig. 9 is a kind of structural schematic diagram of first request of data message provided in an embodiment of the present invention;
Figure 10 is a kind of flow diagram of communication means provided in an embodiment of the present invention;
Figure 11 is a kind of structural schematic diagram of communication device provided in an embodiment of the present invention;
Figure 12 is the structural schematic diagram of another communication device provided in an embodiment of the present invention;
Figure 13 is the structural schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiment is only some embodiments of the present application, is not whole embodiments.Based on this
Apply for embodiment, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall in the protection scope of this application.
Communication means provided in an embodiment of the present invention can be using in system architecture shown in Fig. 1, which can wrap
Include PC system, access control router and intranet server.PC system can be with intranet server by access control router
It is communicated.Network where intranet server is different from the network where PC system.
It optionally, can be by pc client when pc client, which connects router by private, to be connect with access control router
Connect router as PC system with private, i.e., PC system can only include pc client or PC system may include pc client and
Private connects router.As shown in Fig. 2, pc client and private local area network (Local Area Network, LAN) interface for connecing router
It is connected, private connects the LAN interface phase of wide area network (Wide Area Network, WAN) interface and access control router of router
Even, the wan interface of access control router is connected with intranet server.
Pc client is mounted in PC terminal, which can be mobile phone, smart phone, laptop, number
The user equipmenies such as word radio receiver, personal digital assistant (PDA), tablet computer (PAD) (User Equipment, UE), hand
Holding equipment, wearable device, calculates equipment or is connected to other processing equipments of radio modem, movement mobile unit
Platform (Mobile station, MS), mobile terminal (Mobile Terminal) etc..
Communication means provided in an embodiment of the present invention includes the communication means for controlling the communication means and data message of message,
Wherein, control message may include logon message, message identifying and keep alive Packet etc..
Below in conjunction with Figure of description to preferred embodiment of the present application respectively to the communication means and data of control message
The communication means of message is described in detail.
For controlling the communication means of message:
Fig. 3 is a kind of flow diagram of communication means provided in an embodiment of the present invention.As shown in figure 3, this method can be with
Include:
Step 310, PC system send control request message to access control router.
As shown in Figure 4 A, control request message may include control IP address requesting, control heading and control request letter
Breath, wherein the source IP address in control IP address requesting is the IP address of PC system, with controlling the destination IP in IP address requesting
Location is the IP address of access control router;Control solicited message be used to indicate control message registered, authenticated, the behaviour such as keep-alive
Make.
Controlling heading may include: source port number, destination slogan, message length and message protocol.
As shown in Figure 4 B, control solicited message fixes 8 byte longs, may include the behaviour of the version number of 1 byte, 1 byte
Make code, the message code of 1 byte, the message length of 1 byte and 1 byte pc client IP address and be up to the expansions of 8 bytes
Open up information.
Wherein, operation code may include that mark control request message is the operation code 1 of registration request message, identifies to control and ask
Asking the operation code 2 that message is registration reply message, mark control request message is the operation code 3 of authentication request packet, mark control
Request message processed is the operation code 4 for authenticating response message, mark control request message is the operation code 5 of keep-alive request message, mark
Know the operation code 6 that control request message is keep-alive response message.
Message code is for recording current operation code corresponding states information, if data transmission channel is not established in the expression of message code 0,
Data transmission channel is established in the expression of message code 1.
Message length refers to the length of the control solicited message.
Extension information is used to indicate control request message and supports the mac address information carried, encrypted public key, user information,
The IP address of internal network information of such as username and password, distribution.
Wherein, the message structure for extending information is " identification field (tag)+length field (length)+codomain (value) "
TLV structure, mark domain representation extend information type, and length domain representation extension message length, codomain are used to store the content of extension.
As shown in Figure 4 C.
If extending the MAC Address that Informational support carries PC terminal, extending information can be as shown in Figure 4 D, identification field 1,
The MAC Address that length field is 6, codomain is b083fe66aaaa.
If extending Informational support carries encrypted public key, extending information can be as shown in Figure 4 E, identification field 2, length field
The encrypted public key for being XXXXXX for 6, codomain.
If extending the user name in Informational support carrying user information, extending information can as illustrated in figure 4f, identification field
The user name for being YYYYYY for 3, length field 4, codomain.
If extending the password in Informational support carrying user information, extending information can be as shown in Figure 4 G, and identification field is
4, the password that length field 8, codomain are ZZZZZZ.
If extending the IP address of internal network that Informational support carries distribution, extending information can as shown at figure 4h, and identification field is
5, the IP address of internal network for the distribution that length field 4, codomain are dddddd.
Controlling request message may include registration request message, authentication request packet and keep-alive request message.
Optionally, when PC system and access control router carry out control request message transmission:
If PC system includes pc client and do not include that private connects router, the IP address of PC system is the IP of pc client
Address controls IP address (or the local IP that the source IP address in IP address requesting is pc client in control request message
Address), control the IP address that the purpose IP address in IP address requesting is access control router;
If PC system includes pc client and private connects router, the IP address of PC system is that private connects router.It is specific:
Pc client in PC system connects router to private and sends initial control request message, and the initial request message that controls includes initial control
IP address requesting processed and control solicited message, the initial source IP address controlled in IP address requesting are the IP address of pc client,
Purpose IP address in initial control IP address requesting is the IP address of access controller;
Private connects router using network address translation rule, Reseals to received initial control request message,
Control request message is obtained, and sends control request message to access control router;That is, being controlled in control request message
Source IP address in IP address requesting processed is the IP address that private connects router, and controlling the purpose IP address in IP address requesting is to connect
Enter to control the IP address of router.
Step 320, access control router generate control response message according to control solicited message.
After access control router receives control request message, control request message is parsed, it is available to be somebody's turn to do
Control control IP address requesting, control heading and the control solicited message in request message.
Access control router can be operated according to requests such as registration, certification, the keep-alives of control solicited message instruction, be generated
Corresponding control response message.Controlling response message includes control response message and control response IP address;
Wherein, when access control router detects in source IP address and control solicited message in control IP address requesting
Pc client IP address it is identical when, determine that PC system includes pc client and do not include that private connects router, the control of generation
The source IP address that response IP address is controlled in response message is the IP address of access control router, is controlled in response IP address
Purpose IP address is the IP address of pc client.
When access control router detects the PC in source IP address and control solicited message in control IP address requesting
When the IP address of client is not identical, determine that PC system includes that pc client and private connect router, the control response message of generation
The source IP address of middle control response IP address is the IP address of access control router, with controlling the destination IP in response IP address
Location is the IP address that private connects router.
Control response message may include registration reply message, certification response message and keep-alive response message.
(1) optionally, the extension information when above-mentioned control request message is registration request message, in registration request message
MAC Address and user information to be registered for PC terminal, operation code 1;
Access control router parses received registration request message, the MAC Address of PC terminal is obtained, by right
The legitimate verification of the MAC Address of PC terminal, however, it is determined that PC terminal is legal hosts, then infuses to user information to be registered
Volume, and generate the registration reply message to succeed in registration;The operation code in registration reply message is 2, message code 1, extends at this time
Information is encrypted public key.
If it is determined that PC terminal is illegal host, then the registration reply message of registration failure is generated.Registration reply message at this time
In operation code be 2, message code 0, extension information are empty.
It should be noted that when controlling request message is logon message, access control router be can receive or in advance
Control strategy, the control strategy are as follows: if there are privates to connect router for PC system are set, it is determined that it is hidden that current PC system has safety
Suffer from, refuse the registration request of PC system, is i.e. PC system registry fails;
If PC system connects router there is no private, it is determined that security risk is not present in current PC system, allows PC system
The success of registration request, i.e. PC system registry.
(2) optionally, the extension information when above-mentioned control request message is authentication request packet, in authentication request packet
For the user information of encryption, operation code 3, the user information of encryption is that PC system adds user information using encrypted public key
It is close to obtain;
After PC system authentication success, access control router parses received authentication request packet, is encrypted
User information, and the user information of encryption is decrypted using encryption key, obtains readable user information, and will be readable
User information and registered user information carry out certification effect, if unanimously, it is determined that authenticate successfully, then generate and authenticate successfully
Certification response message;The message code in response message is authenticated at this time to be 1, operation code 4, extend the Intranet IP that information is distribution
Address;
If inconsistent, the certification response message of authentification failure is generated.At this time authenticate response message in message code be 0,
Operation code is 4, extension information is sky IP address.
(3) optionally, after certification passes through, in order to guarantee being normally carried out for data communication, access control router may be used also
To send to PC system for detecting whether access control router and PC intersystem communications normally control request message, that is, protect
Request message living, the extension information in keep-alive request message can be presupposed information, or empty information, and operation code 5, message code are
1;
If normal, then in default receiving time section, access control router can receive the keep-alive response of PC system transmission
Message, the extension information in keep-alive request message can be presupposed information, or empty information, operation code 5, message code 1;
If abnormal, then in default receiving time section, access control router does not receive the keep-alive of PC system transmission
Response message.
Step 330, access control router send control response message to pc client.
If access control router determines that PC system only includes pc client, the pc client in PC system is directly received
The control response message.
If access control router determines that PC system includes that pc client and private connect router, the road PC system Zhong Sijie
Network address translation rule is used by device, received control response message is Resealed, target control response report is obtained
Text, and target control response message is sent to pc client, target control response message includes control response message and target control
Response IP address processed;Wherein, the source IP address in target control response IP address is the IP address of access control router, target
Control the IP address that the purpose IP address in response IP address is pc client.
As shown in figure 5, to control request message as registration request message, and PC system includes that private connects router and PC client
For end, wherein the IP address of pc client is 10.1.1.2, the private IP address for connecing router is 192.168.45.6, access
The IP address for controlling router is 192.168.45.1.
The registration process of PC system may comprise steps of:
Step 501, pc client connect router to private and send initial registration request message.
The initial registration request message may include the MAC Address of initial registration request IP address and PC terminal and to be registered
User information.Wherein, the source IP address in registration request IP address is the IP address of pc client: 10.1.1.2, destination IP
Address is the IP address of access control router: 192.168.45.1.
Step 502, private connect router using network address translation rule, carry out weight to received initial registration request message
New encapsulation, obtains registration request message.
The initial registration request message may include registration request IP address and PC terminal MAC Address and use to be registered
Family information.Wherein, the source IP address in registration request IP address is the IP address that private connects router: 192.168.45.6, purpose
IP address is the IP address of access control router: 192.168.45.1.
Step 503, private connect router and send registration request message to access control router.
Step 504, access control router parse received registration request message, obtain MAC Address, and right
The legitimacy of MAC Address is verified.
Step 505, access control router connect router to private and send registration reply message.
If access control router is verified, and registers user information to be registered, then router is connect to private
Sending the registration reply message to succeed in registration includes response message and response IP address;If access control router verifying is not led to
It crosses, then connecing router to send the failed registration reply message of registration to private includes response message and response IP address;
The source IP address of response IP address is the IP address of access control router: 192.168.45.1, response IP address
In purpose IP address be that private connects the IP address of router: 192.168.45.6.
Step 506, private connect router using network address translation rule, are sealed again to received registration reply message
Dress, obtains target registered response message.
Target registered response message includes registration reply information and target registered response IP address.Target registered response IP
Source IP address in location is the IP address of access control router: 192.168.45.1, the mesh in target registered response IP address
IP address be pc client IP address: 10.1.1.2.
Step 507, private connect router and send target registered response message to pc client.
As shown in fig. 6, to control request message as authentication request packet, and PC system includes that private connects router and PC client
For end, wherein the IP address of pc client is 10.1.1.2, the private IP address for connecing router is 192.168.45.6, access
The IP address for controlling router is 192.168.45.1.
The verification process of PC system may comprise steps of:
Step 601, pc client connect router to private and send initial authentication request message.
The initial authentication request message may include initial authentication request IP address and user information to be certified.Wherein,
Source IP address in certification request IP address is the IP address of pc client: 10.1.1.2, and purpose IP address is access control road
By the IP address of device: 192.168.45.1.
Step 602, private connect router using network address translation rule, carry out weight to received initial authentication request message
New encapsulation, obtains authentication request packet.
The initial authentication request message may include certification request IP address and PC terminal MAC Address and use to be registered
Family information.Wherein, the source IP address in certification request IP address is the IP address that private connects router: 192.168.45.6, purpose
IP address is the IP address of access control router: 192.168.45.1.
Step 603, private connect router and send authentication request packet to access control router.
Step 604, access control router parse received authentication request packet, obtain user's letter to be certified
Breath, and user information to be certified is matched with the user information of registration.
Step 605, access control router connect router to private and send registration reply message.
If user information to be certified is matched with the user information of registration, connects router to private and send to authenticate and successfully recognize
Demonstrate,proving response message includes response message and response IP address;If the user information of user information and registration to be certified mismatches,
Then connecing router to send the failed certification response message of certification to private includes response message and response IP address;
The source IP address of response IP address is the IP address of access control router: 192.168.45.1, response IP address
In purpose IP address be that private connects the IP address of router: 192.168.45.6.
Step 606, private connect router using network address translation rule, are sealed again to received certification response message
Dress, obtains target authentication response message.
Target authentication response message includes certification response message and target authentication response IP address.Target authentication response IP
Source IP address in location is the IP address of access control router: 192.168.45.1, the mesh in target authentication response IP address
IP address be pc client IP address: 10.1.1.2.
Step 607, private connect router and send target authentication response message to pc client.
As shown in fig. 7, to control request message as keep-alive request message, and PC system includes that private connects router and PC client
For end, wherein the IP address of pc client is 10.1.1.2, the private IP address for connecing router is 192.168.45.6, access
The IP address for controlling router is 192.168.45.1.
The keep-alive confirmation process of PC system may comprise steps of:
Step 701, access controller connect router to private and send keep-alive request message.
Keep-alive request message includes keep-alive IP address requesting and default keep-alive information;Wherein, in keep-alive IP address requesting
Source IP address is the IP address of access control router: 192.168.45.1, and purpose IP address is the IP address that private connects router:
192.168.45.6。
Step 702, private connect router using network address translation rule, are sealed again to received keep-alive request message
Dress, obtains target keep-alive request message.
Target keep-alive request message includes keep-alive solicited message and target keep-alive IP address;Wherein, target keep-alive IP address
In source IP address be access control router IP address: 192.168.45.1, destination IP in target keep-alive IP address
Location is the IP address of pc client: 10.1.1.2.
Step 703, private connect router and send target keep-alive request message to pc client.
Step 704, pc client connect router to private and send target keep-alive response message.
Target keep-alive response message includes keep-alive response message and target response IP address;Wherein, target response IP address
In source IP address be pc client IP address: 10.1.1.2, the purpose IP address in target response IP address are access control
The IP address of router processed: 192.168.45.1.
Step 705, private connect router using network address translation rule, carry out weight to received target keep-alive response message
New encapsulation, obtains keep-alive response message.
Keep-alive response message includes keep-alive response message and keep-alive response IP address.Source IP in keep-alive response IP address
Location is the IP address that private connects router: 192.168.45.6, and the purpose IP address in target registered response IP address is access control
The IP address of router processed: 192.168.45.1.
Step 706, private connect router and send keep-alive response message to access controller.
For the communication means of data message:
The Intranet IP that access control router is PC system client only is received in pc client in the prior art
Behind location, access control router and pc client part can just carry out the communication of data message, and number provided by the embodiments of the present application
The normal communication for guaranteeing data message according to the communication means of message realizes PC system using network address translation rule
The communication of data message when receiving the IP address of internal network of access control router distribution, and realize PC system and exist
Do not receive access control router distribution IP address of internal network in the case of data message communication, as shown in Figure 8.
Fig. 8 is a kind of flow diagram of communication means provided in an embodiment of the present invention.As shown in figure 8, this method can be with
Include:
Step 810, PC system send the first request of data message to access control router.
As shown in figure 9, data message includes outer layer IP address, internal layer IP address, the first heading and data load.Its
In, outer layer IP address requesting and internal layer IP address requesting include source IP address and purpose IP address.Outer layer IP address requesting packet
Include the first purpose IP address of the first source IP address of outer layer and outer layer, internal layer IP address requesting includes the first source IP address of internal layer and interior
The first purpose IP address of layer;
If PC system, there are the IP address of internal network that access control router distributes, the first source IP address of outer layer is PC system
IP address, the first purpose IP address of outer layer be access control router IP address;The first source IP address of internal layer is Intranet IP
Address, the first purpose IP address of internal layer are the IP address of intranet server;
If the IP address of internal network of access control router distribution is not present in PC system, outer layer source IP address is the PC system
The IP address of system, outer layer purpose IP address are the IP address of access control router;Internal layer source IP address is the IP of PC system
Location, internal layer purpose IP address are the IP address of intranet server.
Further, if PC system includes pc client and do not include that private connects router, the IP address of PC system is true
It is set to the IP address of pc client, i.e. pc client in PC system directly sends the first request of data to access control router
Message.
If PC system includes that pc client and private connect router, by the first source IP of outer layer in the first request of data message
Location is the IP address that private connects router, and the first source IP address of internal layer is the IP address of pc client.
Specifically, pc client, which connects router to private, sends initial data requests message, initial data requests message includes
Initial outer layer IP address requesting, initial internal layer IP address requesting, initial heading and the data request information;
Private connects router using network address translation rule, Reseal to received initial data requests message
To after the first request of data message, the first request of data message is sent to access control router;
Wherein, initial outer layer IP address requesting includes initial the first source IP address of outer layer and initial outer layer the first destination IP
Location;Initial the first IP address requesting of internal layer includes the first purpose IP address of initial the first source IP address of internal layer and initial internal layer;
If there are the IP address of internal network that access control router distributes, initial the first source IP address of outer layer to be for pc client
The IP address of pc client, initial the first purpose IP address of outer layer are the IP address of access control router;Initial internal layer first
Source IP address is IP address of internal network, and initial the first purpose IP address of internal layer is the IP address of intranet server;
If the IP address of internal network of access control router distribution, initial the first source IP address of outer layer is not present in pc client
For the IP address of pc client, initial the first purpose IP address of outer layer is the IP address of access control router;Initial internal layer the
One source IP address is the IP address of the pc client, and initial the first purpose IP address of internal layer is the IP address of intranet server.
Step 820, access control router Reseal the first request of data message, obtain the second request of data
Message.
First request of data message is Resealed, the second request of data message is obtained;Second request of data message
Including IP address requesting, the second heading and data request information, wherein the source IP address in IP address requesting is for Intranet IP
Location, the destination address in IP address requesting are the IP address of intranet server;
Access control router stores outer layer IP address requesting, the internal layer IP address requesting in the first request of data message
In default session information, to be subsequently generated the corresponding response message of the first request of data message.
Step 830, access control router send the second request of data message to intranet server.
Step 840, intranet server send the second data answering message to access control router.
Intranet server obtains respective acknowledgement data, that is, asks according to the data request information in the second request of data message
The data asked generate the second data answering message, and the second data answering message may include response IP address and reply data,
In, the source IP address in response IP address is the IP address of intranet server, the purpose IP address in response IP address is Intranet
IP address.
Step 850, access control router use network address translation rule, carry out again to the second data answering message
Encapsulation, obtains the first data answering message.
Access control router uses the default session information of network address translation rule and storage, to the second data answering
Message is Resealed, and the first data answering message is obtained.First data answering message includes outer layer response IP address, internal layer
Response IP address, the second heading and reply data;Wherein, outer layer response IP address includes the second source IP address of outer layer and outer layer
Second purpose IP address, internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;
If PC system, there are the IP address of internal network that access control router distributes, the second source IP address of outer layer is access control
The IP address of router processed, the second purpose IP address of outer layer are the IP address of PC system;The second source IP address of internal layer is Intranet clothes
The IP address of business device, the second purpose IP address of internal layer are IP address of internal network;
If the IP address of internal network of access control router distribution is not present in PC system, the second source IP address of outer layer is access
The IP address of router is controlled, the second purpose IP address of outer layer is the IP address of PC system;The second source IP address of internal layer is Intranet
The IP address of server, the second purpose IP address of internal layer are the IP address of PC system.
Step 860, access control router send the first data answering message to pc client.
If PC system includes pc client and does not include that private connects router, by the PC system in the first data answering message
IP address be determined as the IP address of pc client, i.e. pc client in PC system directly receives access control router transmission
The first data answering message.
If PC system includes that pc client and private connect router, by the second purpose of outer layer in the first data answering message
IP address is the IP address that private connects router, and the second purpose IP address of outer layer is the IP address that private connects router, the second mesh of internal layer
IP address be pc client IP address.
Further, the private router that connects receives the first data answering message that access control router is sent, and uses net
Network address translation rule, the target data response message that the first data answering message is Resealed;Wherein, target
Data answering message includes target outer layer response IP address, target internal layer response IP address and reply data;Target outer layer response
IP address includes the second purpose IP address of the second source IP address of target outer layer and target outer layer, and target internal layer response IP address includes
The second purpose IP address of the second source IP address of target internal layer and target internal layer.
If the IP address of internal network of access control router distribution, the second source IP address of target outer layer is not present in pc client
For the IP address of access control router, the second purpose IP address of target outer layer is the IP address of pc client, target internal layer the
Two source IP address are the IP address of intranet server, and the second purpose IP address of target internal layer is the IP address of pc client.
If pc client is there are the IP address of internal network that access control router distributes, in the target data response message
The second source IP address of target outer layer be access control router IP address, the second purpose IP address of target outer layer be PC client
The IP address at end, the second source IP address of target internal layer are the IP address of intranet server, and the second purpose IP address of target internal layer is
The IP address of internal network.
In one example, as shown in Figure 10, by PC system include for private connects router, wherein the IP of pc client
Address is 10.1.1.2, private connects that the IP address of router is 192.168.45.6, the IP address of access control router is
192.168.45.1 the IP address of intranet server is 192.168.50.36, IP address of internal network 192.168.46.2.
Step 1001, pc client connect router to private and send initial data requests message.
If pc client is there are the IP address of internal network that the access control router distributes, in initial data requests message
The first source IP address of initial outer layer in initial outer layer IP address requesting is the IP address of pc client: 10.1.1.2, initial outer
The first purpose IP address of layer is the IP address of access control router: 192.168.45.1;In initial internal layer IP address requesting
Initial the first source IP address of internal layer is IP address of internal network: 192.168.45.6, and initial the first purpose IP address of internal layer is Intranet clothes
The IP address of business device: 192.168.50.36;
If the IP address of internal network of access control router distribution, initial data requests message is not present in pc client
In the first source IP address of initial outer layer in initial outer layer IP address requesting be pc client IP address: 10.1.1.2, initially
The first purpose IP address of outer layer is the IP address of access control router: 192.168.45.1;In initial internal layer IP address requesting
The first source IP address of initial internal layer be pc client IP address: 10.1.1.2, initial the first purpose IP address of internal layer is interior
The IP address of network server: 192.168.50.36.
Step 1002, private connect router using network address translation rule, carry out to received initial data requests message
It Reseals, obtains the first request of data message.
If pc client is there are the IP address of internal network that the access control router distributes, in the first request of data message
The first source IP address of outer layer in outer layer IP address requesting is the IP address that private connects router: 192.168.45.6, outer layer first
Purpose IP address is the IP address of access control router: 192.168.45.1;The first source of internal layer in internal layer IP address requesting
IP address is IP address of internal network: 192.168.46.2, and the first purpose IP address of internal layer is the IP address of intranet server:
192.168.50.36。
If the IP address of internal network of access control router distribution, the first request of data message is not present in pc client
The first source IP address of outer layer in middle outer layer IP address requesting is the IP address that private connects router: 192.168.45.6, outer layer the
One purpose IP address is the IP address of access control router: 192.168.45.1;Internal layer first in internal layer IP address requesting
Source IP address is the IP address of pc client: 10.1.1.2, and the first purpose IP address of internal layer is the IP address of intranet server:
192.168.50.36。
Step 1003, private connect router and send the first request of data message to access control router.
Step 1004, access control router Reseal the first request of data message, obtain the second data and ask
Seek message.
If pc client is there are the IP address of internal network that the access control router distributes, in the second request of data message
Source IP address in IP address requesting is IP address of internal network: 192.168.46.2, and destination address is the IP address of intranet server:
192.168.50.36。
If the IP address of internal network of access control router distribution, the second request of data message is not present in pc client
The source IP address of middle IP address requesting is the IP address that private connects router: 192.168.45.6, destination address are intranet server
IP address: 192.168.46.2.
Step 1005, access control router send the second request of data message to intranet server.
Step 1006, intranet server send the second data answering message to access control router.
If pc client is there are the IP address of internal network that the access control router distributes, in the second data answering message
Source IP address in response IP address is the IP address of intranet server: 192.168.50.36, purpose IP address are Intranet IP
Location: 192.168.46.2.
If the IP address of internal network of access control router distribution, the second request of data message is not present in pc client
The source IP address of middle IP address requesting is the IP address that private connects router: 192.168.45.6, destination address are intranet server
IP address: 192.168.50.36;
Step 1007, access control router use network address translation rule, carry out weight to the second data answering message
New encapsulation, obtains the first data answering message.
If pc client is there are the IP address of internal network that the access control router distributes, in the first data answering message
The second source IP address of outer layer in outer layer response IP address is the IP address of access control router: 192.168.45.1, outer layer
Second purpose IP address is the IP address that private connects router: 192.168.45.6;The second source of internal layer in internal layer response IP address
IP address is the IP address of intranet server: 192.168.50.36, and the second purpose IP address of internal layer is the IP address of internal network:
192.168.46.2。
If the IP address of internal network of access control router distribution, the first data answering message is not present in pc client
The second source IP address of outer layer in middle outer layer response IP address is the IP address of access control router: 192.168.45.1, outside
The second purpose IP address of layer is the IP address that private connects router: 192.168.45.6;Internal layer second in internal layer response IP address
Source IP address is the IP address of intranet server: 192.168.50.36, and internal layer the second purpose IP address is the IP of pc client
Location: 10.1.1.2.
Step 1008, access control router connect router to private and send the first data answering message.
Step 1009, private connect router using network address translation rule, are sealed again to the first data answering message
Dress, obtains target data response message.
If pc client is there are the IP address of internal network that the access control router distributes, in target data response message
The second source IP address of target outer layer in target outer layer response IP address is the IP address of access control router:
192.168.45.1, the second purpose IP address of target outer layer is the IP address of pc client: 10.1.1.2;Target internal layer response IP
The second source IP address of target internal layer in address is the IP address of intranet server: 192.168.50.36, the second mesh of target internal layer
IP address be IP address of internal network: 192.168.46.2.
If the IP address of internal network of access control router distribution, target data response message is not present in pc client
The second source IP address of target outer layer in middle target outer layer response IP address is the IP address of access control router:
192.168.45.1, the second purpose IP address of target outer layer is the IP address of pc client: 10.1.1.2;Target internal layer response IP
The second source IP address of target internal layer in address is the IP address of intranet server: 192.168.50.36, the second mesh of target internal layer
IP address be pc client IP address: 10.1.1.2.
Step 1010, private connect router and send the target data response message to pc client.
PC system sends the first request of data report to access control router in the method that the above embodiment of the present invention provides
Text, the first request of data message are used for intranet server request data, and the first request of data message includes outer layer request IP
Location, internal layer IP address requesting, the first heading and data request information;Wherein, outer layer IP address requesting includes the first source of outer layer
The first purpose IP address of IP address and outer layer, internal layer IP address requesting include the first destination IP of the first source IP address of internal layer and internal layer
Address;If the IP address of internal network of access control router distribution is not present in PC system, the first source IP address of outer layer is PC system
IP address, the first purpose IP address of outer layer be access control router IP address;The first source IP address of internal layer is PC system
IP address, the first purpose IP address of internal layer be intranet server IP address;Access control router is received according to the first number
The the first data answering message sent according to request message;First data answering message includes outer layer response IP address, internal layer response
IP address, the second heading and reply data;Wherein, outer layer response IP address includes the second source IP address of outer layer and outer layer second
Purpose IP address, internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;If PC system is not
There are the IP address of internal network of access control router distribution, then outer layer the second source IP address is the IP of access control router
Location, the second purpose IP address of outer layer are the IP address of PC system;The second source IP address of internal layer is the IP address of intranet server, interior
The second purpose IP address of layer is the IP address of PC system.Compared with prior art, this method passes through the outer layer in former message structure
Default IP structure, i.e. change message structure are encapsulated, realizing in access control router is not that pc client issues Intranet IP
The communication of data message, improves communication efficiency in the case where address.
Corresponding with the above method, the embodiment of the present invention also provides a kind of PC system, and as shown in figure 11, which sets packet
It includes: transmission unit 1110 and receiving unit 1120;
Transmission unit 1110, for sending the first request of data message to access control router, first data are asked
Ask message for intranet server request data, the first request of data message includes that outer layer IP address requesting, internal layer are asked
Ask IP address, the first heading and data request information;Wherein, the outer layer IP address requesting includes the first source IP address of outer layer
With the first purpose IP address of outer layer, the internal layer IP address requesting includes the first source IP address of internal layer and internal layer the first destination IP
Location;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
Receiving unit 1120 is sent according to the first request of data message for receiving the access control router
First data answering message;The first data answering message includes outer layer response IP address, internal layer response IP address, the second report
Literary head and reply data;Wherein, the outer layer response IP address includes the second source IP address of outer layer and outer layer the second destination IP
Location, the internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address.
It is described if the PC system includes pc client and do not include that private connects router in an optional realization
The IP address of PC system is the IP address of the client;
If the PC system includes the pc client and when private connects router, first source IP address of outer layer is institute
The private IP address for connecing router is stated, first source IP address of internal layer is the IP address of the pc client, the outer layer second
Purpose IP address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
The function of each functional unit for the communication device that the above embodiment of the present invention provides, can be walked by above-mentioned each method
It is rapid to realize, therefore, the specific work process and beneficial effect of each unit in communication device provided in an embodiment of the present invention,
It does not repeat again herein.
Corresponding with the above method, the embodiment of the present invention also provides a kind of access control router, and as shown in figure 12, this connects
Entering to control router includes: receiving unit 1210, encapsulation unit 1220 and transmission unit 1230;
Receiving unit 1210 receives the first request of data message that PC system is sent for access control router, described
First request of data message is used for intranet server request data, and the first request of data message includes outer layer request IP
Location, internal layer IP address requesting, heading and data request information;Wherein, the outer layer IP address requesting includes the first source of outer layer
The first purpose IP address of IP address and outer layer, the internal layer IP address requesting include the first mesh of the first source IP address of internal layer and internal layer
IP address;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
Encapsulation unit 1220 obtains the second request of data for Resealing to the first request of data message
Message;The second request of data message includes IP address requesting, the second heading and data request information, wherein described to ask
Seeking the source IP address in IP address is the IP address of internal network, and the destination address in the IP address requesting is intranet server
IP address;
Transmission unit 1230, for sending the second request of data message to the intranet server;
Receiving unit 1210 is also used to receive the intranet server is sent according to the second request of data message
Two data answering messages;The second data answering message includes response IP address and reply data, wherein the response IP
Source IP address in location is the IP address of the intranet server, the purpose IP address in the response IP address is Intranet IP
Location;
Encapsulation unit 1220, is also used to using network address translation rule, carries out weight to the second data answering message
New encapsulation, obtains the first data answering message;The first data answering message includes outer layer response IP address, internal layer response IP
Address and reply data;Wherein, the outer layer response IP address includes the second source IP address of outer layer and outer layer the second destination IP
Location, the internal layer response IP address include the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC client
The IP address at end;
Transmission unit 1230 is also used to send the first data answering message to the pc client;
Wherein, when the PC system includes the pc client, the IP address of the PC system is the pc client
IP address;When the PC system includes the pc client and private connects router, the IP address of the PC system is described
Private connects the IP address of router.
It is described if the PC system includes pc client and do not include that private connects router in an optional realization
The IP address of PC system is the IP address of the client;
If the PC system includes the pc client and when private connects router, first source IP address of outer layer is institute
The private IP address for connecing router is stated, first source IP address of internal layer is the IP address of the pc client, the outer layer second
Purpose IP address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
The function of each functional unit for the communication device that the above embodiment of the present invention provides, can be walked by above-mentioned each method
It is rapid to realize, therefore, the specific work process and beneficial effect of each unit in communication device provided in an embodiment of the present invention,
It does not repeat again herein.
The embodiment of the invention also provides a kind of electronic equipment, as shown in figure 13, including processor 1310, communication interface
1320, memory 1330 and communication bus 1340, wherein processor 1310, communication interface 1320, memory 1330 pass through communication
Bus 1340 completes mutual communication.
Memory 1330, for storing computer program;
Processor 1310 when for executing the program stored on memory 1330, realizes following steps:
The first request of data message is sent to access control router, the first request of data message is used to take to Intranet
Business device request data, the first request of data message includes outer layer IP address requesting, internal layer IP address requesting, the first heading
And data request information;Wherein, the outer layer IP address requesting includes the first source IP address of outer layer and outer layer the first destination IP
Location, the internal layer IP address requesting include the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
Receive the first data answering message that the access control router is sent according to the first request of data message;
The first data answering message includes outer layer response IP address, internal layer response IP address, the second heading and reply data;Its
In, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, the internal layer response IP
Address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address.
One it is optional realize, if PC system there are the IP address of internal network that the access control router distributes,
The first source IP address of the outer layer in the first request of data message is the IP address of PC system, first purpose of outer layer
IP address is the IP address of the access control router;First source IP address of internal layer is the IP address of internal network, described
The first purpose IP address of internal layer is the IP address of the intranet server;
The second source IP address of the outer layer in the first data answering message is the IP of the access control router
Address, second purpose IP address of outer layer are the IP address of the PC system;Second source IP address of internal layer is in described
The IP address of network server, second purpose IP address of internal layer are the IP address of internal network.
It is described if the PC system includes pc client and do not include that private connects router in an optional realization
The IP address of PC system is the IP address of the client;
If the PC system includes the pc client and when private connects router, first source IP address of outer layer is institute
The private IP address for connecing router is stated, first source IP address of internal layer is the IP address of the pc client, the outer layer second
Purpose IP address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
Or execute following steps:
The the first request of data message sent in PC system is received, the first request of data message is used for Intranet service
Device request data, the first request of data message include outer layer IP address requesting, internal layer IP address requesting, heading and data
Solicited message;Wherein, the outer layer IP address requesting includes the first purpose IP address of the first source IP address of outer layer and outer layer, described
Internal layer IP address requesting includes the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, first source IP of outer layer is not present in PC system
Location is the IP address of the PC system, and first purpose IP address of outer layer is the IP address of the access control router;Institute
The IP address that the first source IP address of internal layer is the PC system is stated, first purpose IP address of internal layer is the IP of intranet server
Address;
The first request of data message is Resealed, the second request of data message is obtained;Second data
Request message includes IP address requesting, the second heading and data request information, wherein source IP in the IP address requesting
Location is the IP address of internal network, and the destination address in the IP address requesting is the IP address of intranet server;
The second request of data message is sent to the intranet server;
Receive the second data answering message that the intranet server is sent according to the second request of data message;It is described
Second data answering message includes response IP address and reply data, wherein the source IP address in the response IP address is institute
State the IP address of intranet server, the purpose IP address in the response IP address is IP address of internal network;
Using network address translation rule, the second data answering message is Resealed, the first data are obtained
Response message;The first data answering message includes outer layer response IP address, internal layer response IP address and reply data;Its
In, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, the internal layer response IP
Address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution, second source IP of outer layer is not present in PC system
Location is the IP address of the access control router, and second purpose IP address of outer layer is the IP address of the PC system;Institute
The IP address that the second source IP address of internal layer is the intranet server is stated, second purpose IP address of internal layer is the PC system
IP address;
The first data answering message is sent to the pc client.
If the PC system includes pc client and does not include that private meets router, the PC in an optional realization
The IP address of system is the IP address of the client;
If the PC system includes the pc client and when private connects router, first source IP address of outer layer is institute
The private IP address for connecing router is stated, first source IP address of internal layer is the IP address of the pc client, the outer layer second
Purpose IP address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
Communication bus mentioned above can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control bus etc..For just
It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, RAM), also may include non-easy
The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be storage device that at least one is located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processing, DSP), it is specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete
Door or transistor logic, discrete hardware components.
The embodiment and beneficial effect solved the problems, such as due to each device of electronic equipment in above-described embodiment can join
See Fig. 3, figure 5-8, each step in embodiment shown in Fig. 10 realizes that therefore, electronics provided in an embodiment of the present invention is set
Standby specific work process and beneficial effect, does not repeat again herein.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer, so that computer executes any institute in above-described embodiment
The communication means stated.
In another embodiment provided by the invention, a kind of computer program product comprising instruction is additionally provided, when it
When running on computers, so that computer executes any communication means in above-described embodiment.
It should be understood by those skilled in the art that, the embodiment in the embodiment of the present application can provide as method, system or meter
Calculation machine program product.Therefore, complete hardware embodiment, complete software embodiment can be used in the embodiment of the present application or combine soft
The form of the embodiment of part and hardware aspect.Moreover, being can be used in the embodiment of the present application in one or more wherein includes meter
Computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, the optical memory of calculation machine usable program code
Deng) on the form of computer program product implemented.
It is referring to according to the method for embodiment, equipment (system) and calculating in the embodiment of the present application in the embodiment of the present application
The flowchart and/or the block diagram of machine program product describes.It should be understood that can be realized by computer program instructions flow chart and/or
The combination of the process and/or box in each flow and/or block and flowchart and/or the block diagram in block diagram.It can mention
For the processing of these computer program instructions to general purpose computer, special purpose computer, Embedded Processor or other programmable datas
The processor of equipment is to generate a machine, so that being executed by computer or the processor of other programmable data processing devices
Instruction generation refer to for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of fixed function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment in the embodiment of the present application has been described, once a person skilled in the art knows
Basic creative concept, then additional changes and modifications may be made to these embodiments.So appended claims are intended to explain
Being includes preferred embodiment and all change and modification for falling into range in the embodiment of the present application.
Obviously, those skilled in the art embodiment in the embodiment of the present application can be carried out various modification and variations without
It is detached from the spirit and scope of embodiment in the embodiment of the present application.If in this way, in the embodiment of the present application embodiment these modification
Within the scope of belonging in the embodiment of the present application claim and its equivalent technologies with modification, then also it is intended in the embodiment of the present application
It includes these modifications and variations.
Claims (13)
1. a kind of communication means, which is characterized in that the described method includes:
PC system sends the first request of data message to access control router, and the first request of data message is used for Intranet
Server request data, the first request of data message include outer layer IP address requesting, internal layer IP address requesting, the first message
Head and data request information;Wherein, the outer layer IP address requesting includes the first destination IP of the first source IP address of outer layer and outer layer
Address, the internal layer IP address requesting include the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, first source IP address of outer layer is
The IP address of the PC system, first purpose IP address of outer layer are the IP address of the access control router;In described
The first source IP address of layer is the IP address of the PC system, and first purpose IP address of internal layer is the IP of intranet server
Location;
The PC system receives the access control router and is answered according to the first data that the first request of data message is sent
Answer message;The first data answering message includes outer layer response IP address, internal layer response IP address, the second heading and response
Data;Wherein, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, the internal layer
Response IP address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, second source IP address of outer layer is
The IP address of the access control router, second purpose IP address of outer layer are the IP address of the PC system;In described
The second source IP address of layer is the IP address of the intranet server, and second purpose IP address of internal layer is the IP of the PC system
Address.
2. the method as described in claim 1, which is characterized in that
If PC system is there are the IP address of internal network that the access control router distributes, in the first request of data message
First source IP address of outer layer is the IP address of the PC system, and first purpose IP address of outer layer is access control
The IP address of router;First source IP address of internal layer is the IP address of internal network, and first purpose IP address of internal layer is
The IP address of the intranet server;
The second source IP address of the outer layer in the first data answering message is the IP address of the access control router,
Second purpose IP address of outer layer is the IP address of the PC system;Second source IP address of internal layer is the Intranet service
The IP address of device, second purpose IP address of internal layer are the IP address of internal network.
3. method according to claim 1 or 2, which is characterized in that
If the PC system includes pc client and do not include that private connects router, the IP address of the PC system is the client
The IP address at end;
If the PC system includes the pc client and private connects router, first source IP address of outer layer is that the private connects
The IP address of router, first source IP address of internal layer are the IP address of the pc client, second destination IP of outer layer
Address is the IP address that private connects router, and second purpose IP address of internal layer is the IP address of the pc client.
4. method as claimed in claim 3, which is characterized in that when the PC system includes that the pc client and private connect routing
When device, PC system sends the first request of data message to access control router, comprising:
The pc client connects router to the private and sends initial data requests message, and the initial data requests message includes
Initial outer layer IP address requesting, initial internal layer IP address requesting, initial heading and the data request information;
The private connects router using network address translation rule, is sealed again to the received initial data requests message
After dress obtains the first request of data message, Xiang Suoshu access control router sends the first request of data message;Its
In, the initial outer layer IP address requesting includes the first purpose IP address of initial the first source IP address of outer layer and initial outer layer;Institute
Stating initial internal layer IP address requesting includes the first purpose IP address of initial the first source IP address of internal layer and initial internal layer;
If the IP address of internal network of access control router distribution, initial first source IP of outer layer is not present in pc client
Address is the IP address of the pc client, and initial first purpose IP address of outer layer is the IP of the access control router
Address;First source IP address of initial internal layer is the IP address of the pc client, initial first destination IP of internal layer
Location is the IP address of intranet server;
The PC system receives the access control router and is answered according to the first data that the first request of data message is sent
Answer message, comprising:
The pc client receives the private and connects router using network address translation rule, controls the access received
The target that router obtains after being Resealed according to the first data answering message that first data request information is sent
Data answering message;
The target data response message includes target outer layer response IP address, target internal layer response IP address and the answer number
According to;Wherein, the target outer layer response IP address includes the second source IP address of target outer layer and target outer layer the second destination IP
Location, the target internal layer response IP address include the second purpose IP address of the second source IP address of target internal layer and target internal layer;
If the IP address of internal network of access control router distribution, the second source IP address of target outer layer is not present in pc client
For the IP address of the access control router, the second purpose IP address of target outer layer is the IP address of the pc client, institute
The IP address that the second source IP address of target internal layer is the intranet server is stated, the second purpose IP address of target internal layer is the PC
The IP address of client.
5. method as claimed in claim 4, which is characterized in that
If pc client is there are the IP address of internal network that the access control router distributes, in the initial data requests message
Initial first source IP address of outer layer be the pc client IP address, initial first purpose IP address of outer layer is
The IP address of the access control router;First source IP address of initial internal layer is the IP address of internal network, described initial
The first purpose IP address of internal layer is the IP address of the intranet server;
The second source IP address of target outer layer in the target data response message is the IP address of the access control router,
The second purpose IP address of target outer layer is the IP address of the pc client, and the second source IP address of target internal layer is Intranet clothes
The IP address of business device, the second purpose IP address of target internal layer are the IP address of internal network.
6. method as claimed in claim 3, which is characterized in that the method also includes:
The PC system sends control request message to the access control router;
Wherein, the control request message includes control IP address requesting, control heading and control solicited message, the control
Source IP address in IP address requesting is the IP address of the PC system, and the purpose IP address in the control IP address requesting is
The IP address of the access control router;
The PC system receives the control response message that the access control router is sent according to the control solicited message;
Wherein, the control response message includes control response message and control response IP address;Wherein, the control response IP
Source IP address in address is the IP address of the access control router, the purpose IP address in the control response IP address
For the IP address of the PC system.
7. method as claimed in claim 6, which is characterized in that when the PC system includes that the pc client and private connect routing
When device, the PC system sends control request message to access control router, comprising:
The pc client connects router to the private and sends initial control request message;
The private connects router using network address translation rule, is sealed again to the received initial control request message
Dress obtains the control request message, and sends the control request message to the access control router;
Wherein, the initial control request message includes initial control IP address requesting and the control solicited message;Wherein, institute
State the IP address that the source IP address in initial control IP address requesting is the pc client, the initial control IP address requesting
In purpose IP address be the access controller IP address;
The PC system receives the control response message that the access control router is sent according to the control solicited message, packet
It includes:
The private connects router and receives the control response report that the access control router is sent according to the control solicited message
Text;
The private connects router using network address translation rule, to the access control router received according to the control
The control response message that solicited message processed is sent is Resealed, and target control response message is obtained;The target control is answered
Answering message includes the control response message and target control response IP address;
The pc client receives the target control response message;
Wherein, the source IP address in the target control response IP address is the IP address of the access control router, described
Purpose IP address in target control response IP address is the IP address of the pc client.
8. a kind of communication means, which is characterized in that the described method includes:
Access control router receive PC system send the first request of data message, the first request of data message be used for
Intranet server request data, the first request of data message include outer layer IP address requesting, internal layer IP address requesting, message
Head and data request information;Wherein, the outer layer IP address requesting includes the first destination IP of the first source IP address of outer layer and outer layer
Address, the internal layer IP address requesting include the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, first source IP address of outer layer is
The IP address of the PC system, first purpose IP address of outer layer are the IP address of the access control router;In described
The first source IP address of layer is the IP address of the PC system, and first purpose IP address of internal layer is the IP of intranet server
Location;
The access control router Reseals the first request of data message, obtains the second request of data report
Text;The second request of data message includes IP address requesting, the second heading and data request information, wherein the request
Source IP address in IP address is the IP address of internal network, and the destination address in the IP address requesting is the IP of intranet server
Address;
The access control router sends the second request of data message to the intranet server;
The access control router receives the second number that the intranet server is sent according to the second request of data message
According to response message;The second data answering message includes response IP address and reply data, wherein in the response IP address
Source IP address be the IP address of the intranet server, the purpose IP address in the response IP address is IP address of internal network;
The access control router uses network address translation rule, is sealed again to the second data answering message
Dress, obtains the first data answering message;The first data answering message includes outer layer response IP address, internal layer response IP address
And reply data;Wherein, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, institute
Stating internal layer response IP address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, second source IP address of outer layer is
The IP address of the access control router, second purpose IP address of outer layer are the IP address of the PC system;In described
The second source IP address of layer is the IP address of the intranet server, and second purpose IP address of internal layer is the IP of the PC system
Address;
The access control router sends the first data answering message to the PC system.
9. a kind of PC system, which is characterized in that the PC system includes: transmission unit and receiving unit;
The transmission unit, for sending the first request of data message, the first request of data report to access control router
Text is for intranet server request data, the first request of data message to include outer layer IP address requesting, internal layer request IP
Address, the first heading and data request information;Wherein, the outer layer IP address requesting includes the first source IP address of outer layer and outer
The first purpose IP address of layer, the internal layer IP address requesting includes the first purpose IP address of the first source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, first source IP address of outer layer is
The IP address of the PC system, first purpose IP address of outer layer are the IP address of the access control router;In described
The first source IP address of layer is the IP address of the PC system, and first purpose IP address of internal layer is the IP of intranet server
Location;
The receiving unit, first sent for receiving the access control router according to the first request of data message
Data answering message;The first data answering message includes outer layer response IP address, internal layer response IP address, the second heading
And reply data;Wherein, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, institute
Stating internal layer response IP address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, second source IP address of outer layer is
The IP address of the access control router, second purpose IP address of outer layer are the IP address of the PC system;In described
The second source IP address of layer is the IP address of the intranet server, and second purpose IP address of internal layer is the IP of the PC system
Address.
10. a kind of access control router, which is characterized in that the access control router includes: receiving unit, encapsulation unit
And transmission unit;
The receiving unit, for access control router receive PC system send the first request of data message, described first
Request of data message be used for intranet server request data, the first request of data message include outer layer IP address requesting,
Internal layer IP address requesting, heading and data request information;Wherein, the outer layer IP address requesting includes outer layer the first source IP
The first purpose IP address of location and outer layer, the internal layer IP address requesting include the first destination IP of the first source IP address of internal layer and internal layer
Address;
If the IP address of internal network of access control router distribution is not present in PC system, first source IP address of outer layer is
The IP address of the PC system, first purpose IP address of outer layer are the IP address of the access control router;In described
The first source IP address of layer is the IP address of the PC system, and first purpose IP address of internal layer is the IP of intranet server
Location;
The encapsulation unit obtains the second request of data message for Resealing to the first request of data message;
The second request of data message includes IP address requesting, the second heading and data request information, wherein the request IP
Source IP address in location is the IP address of internal network, and the destination address in the IP address requesting is the IP of intranet server
Location;
The transmission unit, for sending the second request of data message to the intranet server;
The receiving unit is also used to receive the second number that the intranet server is sent according to the second request of data message
According to response message;The second data answering message includes response IP address and reply data, wherein in the response IP address
Source IP address be the IP address of the intranet server, the purpose IP address in the response IP address is IP address of internal network;
The encapsulation unit is also used to seal the second data answering message again using network address translation rule
Dress, obtains the first data answering message;The first data answering message includes outer layer response IP address, internal layer response IP address
And reply data;Wherein, the outer layer response IP address includes the second purpose IP address of the second source IP address of outer layer and outer layer, institute
Stating internal layer response IP address includes the second purpose IP address of the second source IP address of internal layer and internal layer;
If the IP address of internal network of access control router distribution is not present in PC system, second source IP address of outer layer is
The IP address of the access control router, second purpose IP address of outer layer are the IP address of the PC system;In described
The second source IP address of layer is the IP address of the intranet server, and second purpose IP address of internal layer is the IP of the PC system
Address;
The transmission unit is also used to send the first data answering message to the PC system.
11. a kind of communication system, which is characterized in that the communication system includes that PC system and right as claimed in claim 9 are wanted
Access control router described in asking 10.
12. a kind of electronic equipment, which is characterized in that the electronic equipment includes that processor, communication interface, memory and communication are total
Line, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor, when for executing the program stored on memory, realize method and step as claimed in claim 1 to 7 or
Person realizes method and step according to any one of claims 8.
13. a kind of computer readable storage medium, which is characterized in that be stored with computer in the computer readable storage medium
Program, the computer program realize method and step as claimed in claim 1 to 7 or realize power when being executed by processor
Benefit require 8 described in method and step.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910823389.2A CN110474922B (en) | 2019-09-02 | 2019-09-02 | Communication method, PC system and access control router |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910823389.2A CN110474922B (en) | 2019-09-02 | 2019-09-02 | Communication method, PC system and access control router |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110474922A true CN110474922A (en) | 2019-11-19 |
CN110474922B CN110474922B (en) | 2022-02-22 |
Family
ID=68514720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910823389.2A Active CN110474922B (en) | 2019-09-02 | 2019-09-02 | Communication method, PC system and access control router |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110474922B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114157632A (en) * | 2021-10-12 | 2022-03-08 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
CN114765614A (en) * | 2020-12-31 | 2022-07-19 | 华为技术有限公司 | Method for accessing local area network service equipment and electronic equipment |
WO2023284626A1 (en) * | 2021-07-15 | 2023-01-19 | 华为技术有限公司 | Method for optimizing data access performance, and intermediate device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101043447A (en) * | 2007-04-23 | 2007-09-26 | 重庆大学 | Method for mapping dynamically inside and outside network of server based on DDNS and NAT |
CN102148878A (en) * | 2010-02-05 | 2011-08-10 | 中国移动通信集团公司 | IP (internet protocol) address allocation method, system and device |
US20130103834A1 (en) * | 2011-10-21 | 2013-04-25 | Blue Coat Systems, Inc. | Multi-Tenant NATting for Segregating Traffic Through a Cloud Service |
CN103369065A (en) * | 2013-07-05 | 2013-10-23 | 杭州华三通信技术有限公司 | Massage forwarding method and equipment |
CN105100299A (en) * | 2010-11-25 | 2015-11-25 | 华为技术有限公司 | Message sending method, NAT (Network Address Translation) table entry establishment method and NAT device |
US20160232019A1 (en) * | 2015-02-09 | 2016-08-11 | Broadcom Corporation | Network Interface Controller with Integrated Network Flow Processing |
CN106534278A (en) * | 2016-11-01 | 2017-03-22 | 锐捷网络股份有限公司 | Message forwarding method and switching equipment |
CN107809386A (en) * | 2017-11-15 | 2018-03-16 | 锐捷网络股份有限公司 | IP address conversion method, routing device and communication system |
-
2019
- 2019-09-02 CN CN201910823389.2A patent/CN110474922B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101043447A (en) * | 2007-04-23 | 2007-09-26 | 重庆大学 | Method for mapping dynamically inside and outside network of server based on DDNS and NAT |
CN102148878A (en) * | 2010-02-05 | 2011-08-10 | 中国移动通信集团公司 | IP (internet protocol) address allocation method, system and device |
CN105100299A (en) * | 2010-11-25 | 2015-11-25 | 华为技术有限公司 | Message sending method, NAT (Network Address Translation) table entry establishment method and NAT device |
US20130103834A1 (en) * | 2011-10-21 | 2013-04-25 | Blue Coat Systems, Inc. | Multi-Tenant NATting for Segregating Traffic Through a Cloud Service |
CN103369065A (en) * | 2013-07-05 | 2013-10-23 | 杭州华三通信技术有限公司 | Massage forwarding method and equipment |
US20160232019A1 (en) * | 2015-02-09 | 2016-08-11 | Broadcom Corporation | Network Interface Controller with Integrated Network Flow Processing |
CN106534278A (en) * | 2016-11-01 | 2017-03-22 | 锐捷网络股份有限公司 | Message forwarding method and switching equipment |
CN107809386A (en) * | 2017-11-15 | 2018-03-16 | 锐捷网络股份有限公司 | IP address conversion method, routing device and communication system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114765614A (en) * | 2020-12-31 | 2022-07-19 | 华为技术有限公司 | Method for accessing local area network service equipment and electronic equipment |
WO2023284626A1 (en) * | 2021-07-15 | 2023-01-19 | 华为技术有限公司 | Method for optimizing data access performance, and intermediate device |
CN114157632A (en) * | 2021-10-12 | 2022-03-08 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
CN114157632B (en) * | 2021-10-12 | 2023-11-21 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110474922B (en) | 2022-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11838841B2 (en) | System, apparatus and method for scalable internet of things (IOT) device on-boarding with quarantine capabilities | |
CN110324287B (en) | Access authentication method, device and server | |
CA2820378C (en) | Secure tunneling platform system and method | |
US11736304B2 (en) | Secure authentication of remote equipment | |
CN110800331A (en) | Network verification method, related equipment and system | |
WO2004034645A1 (en) | Identification information protection method in wlan interconnection | |
CN109218263A (en) | A kind of control method and device | |
CN103067337B (en) | Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system | |
CN110474922A (en) | A kind of communication means, PC system and access control router | |
US10212144B2 (en) | Digital credential with embedded authentication instructions | |
CN105207778B (en) | A method of realizing packet identity and digital signature on accessing gateway equipment | |
CN114143788B (en) | Method and system for realizing authentication control of 5G private network based on MSISDN | |
CN109309684A (en) | A kind of business access method, apparatus, terminal, server and storage medium | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
CN107295510A (en) | The method, equipment and system of Home eNodeB access control are realized based on OCSP | |
US11681813B2 (en) | System and method for enforcing context-based data transfer and access | |
CN111586017A (en) | Method and device for authenticating communication user | |
CN114301967B (en) | Control method, device and equipment for narrowband Internet of things | |
CN102281287B (en) | TLS (transport layer security)-based separation mechanism mobile signaling protection system and method | |
CN113132323B (en) | Communication method and device | |
JP4009273B2 (en) | Communication method | |
JP2008211446A (en) | Communication system and communication method | |
Mahajan | Application and Research on Performance Analysis and Security Implementation in Hybrid Networks | |
JP2007329951A (en) | Authentication server, network utilizing terminal, secondary terminal and communication method | |
CN110602124A (en) | Method for continuous authentication in Internet of things |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |