CN110474922B

CN110474922B - Communication method, PC system and access control router

Info

Publication number: CN110474922B
Application number: CN201910823389.2A
Authority: CN
Inventors: 陈熹
Original assignee: Ruijie Networks Co Ltd
Current assignee: Ruijie Networks Co Ltd
Priority date: 2019-09-02
Filing date: 2019-09-02
Publication date: 2022-02-22
Anticipated expiration: 2039-09-02
Also published as: CN110474922A

Abstract

The application discloses a communication method, a PC system and an access control router. In the method, a PC system sends a first data request message to an access control router, wherein the first data request message is used for requesting data from an internal network server and comprises an external layer request IP address, an internal layer request IP address, a first message header and data request information; receiving a first data response message sent by the access control router according to the first data request message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data. Compared with the prior art, the method realizes the communication of the data message under the condition that the access control router does not issue the allocated IP address for the PC client, and improves the communication efficiency.

Description

Communication method, PC system and access control router

Technical Field

The present application relates to the field of communications technologies, and in particular, to a communication method, a PC system, and an access control router.

Background

Network Address Translation (NAT) belongs to the technology of Wide Area Network (WAN), is a Translation technology for converting one group of IP addresses into another group of IP addresses, and is widely applied to various types of Internet access modes and various types of networks.

After a terminal in a private network, such as a PC, is assigned a local IP address, when a user wants to access a target server on the internet through a PC client of the PC, such as a browser, an access control router first checks whether the user is authenticated after receiving an authentication request message sent by the PC client, if not, redirects the user to an authentication page of an authentication system for authentication, and after the user inputs an account number for verification, the access control router assigns an IP address of a network to which the target server belongs to the PC client, that is, provides an access right for the PC client to access the target server. And the PC client converts the local IP address into the allocated IP address to carry out data message communication with the target server.

However, the PC client can only carry the allocated IP address to complete the communication of the data packet with the target server, and if the PC client passes the authentication and the access control router does not issue the allocated IP address for the PC client, the PC client and the target server cannot perform the communication of the data packet, which reduces the communication efficiency.

Disclosure of Invention

The embodiment of the application provides a communication method, a PC system and an access control router, which solves the problem that data message communication cannot be realized in the prior art under the condition that the access control router does not issue a distributed IP address for a PC client, and improves the communication efficiency.

In a first aspect, a communication method is provided, which may include:

sending a first data request message to an access control router in a PC system, wherein the first data request message is used for requesting data from an internal network server and comprises an external layer request IP address, an internal layer request IP address, a first message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

if the PC system does not have the intranet IP address allocated by the access control router, the outer layer first source IP address is the IP address of the PC system, and the outer layer first destination IP address is the IP address of the access control router; the inner layer first source IP address is the IP address of the PC system, and the inner layer first destination IP address is the IP address of the intranet server;

the PC system receives a first data response message sent by the access control router according to the first data request message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

if the PC system does not have the intranet IP address allocated by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the IP address of the PC system.

In an optional implementation, if an intranet IP address allocated by the access control router exists in the PC system, the outer-layer first source IP address in the first data request message is an IP address of the PC system, and the outer-layer first destination IP address is an IP address of the access control router; the inner layer first source IP address is the intranet IP address, and the inner layer first destination IP address is the IP address of the intranet server;

the outer layer second source IP address in the first data response message is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the intranet IP address.

In an optional implementation, if the PC system includes a PC client and does not include a private router, the IP address of the PC system is the IP address of the client;

if the PC system comprises the PC client and a private router, the outer layer first source IP address is the IP address of the private router, the inner layer first source IP address is the IP address of the PC client, the outer layer second destination IP address is the IP address of the private router, and the inner layer second destination IP address is the IP address of the PC client.

In an optional implementation, when the PC system includes the PC client and a private router, the sending, by the PC system, a first data request packet to an access control router includes:

the PC client sends an initial data request message to the private router, wherein the initial data request message comprises an initial outer layer request IP address, an initial inner layer request IP address, an initial message header and the data request information;

the private access router adopts a network address conversion rule to repackage the received initial data request message to obtain the first data request message, and then sends the first data request message to the access control router; wherein the initial outer layer request IP address comprises an initial outer layer first source IP address and an initial outer layer first destination IP address; the initial inner layer request IP address comprises an initial inner layer first source IP address and an initial inner layer first destination IP address;

if the PC system does not have the intranet IP address allocated by the access control router, the initial outer layer first source IP address is the IP address of the PC client, and the initial outer layer first destination IP address is the IP address of the access control router; the initial inner layer first source IP address is the IP address of the PC client, and the initial inner layer first destination IP address is the IP address of the intranet server;

the receiving, by the PC system, a first data response packet sent by the access control router according to the first data request packet includes:

the PC client receives a target data response message obtained by repackaging a first data response message sent by the access control router according to the first data request message by adopting a network address conversion rule;

the target data response message comprises a target outer layer response IP address, a target inner layer response IP address and the response data; the target outer layer response IP address comprises a target outer layer second source IP address and a target outer layer second destination IP address, and the target inner layer response IP address comprises a target inner layer second source IP address and a target inner layer second destination IP address;

and if the intranet IP address allocated by the access control router does not exist in the PC client, the target outer layer second source IP address is the IP address of the access control router, the target outer layer second target IP address is the IP address of the PC client, the target inner layer second source IP address is the IP address of the intranet server, and the target inner layer second target IP address is the IP address of the PC client.

In an optional implementation, if an intranet IP address allocated by the access control router exists in the PC client, the initial outer layer first source IP address in the initial data request message is an IP address of the PC client, and the initial outer layer first destination IP address is an IP address of the access control router; the initial inner layer first source IP address is the intranet IP address, and the initial inner layer first destination IP address is the IP address of the intranet server;

and the target outer layer second source IP address in the target data response message is the IP address of the access control router, the target outer layer second destination IP address is the IP address of the PC client, the target inner layer second source IP address is the IP address of the intranet server, and the target inner layer second destination IP address is the intranet IP address.

In an optional implementation, the method further comprises:

the PC system sends a control request message to the access control router;

the control request message comprises a control request IP address, a control message header and control request information, wherein a source IP address in the control request IP address is the IP address of the PC system, and a target IP address in the control request IP address is the IP address of the access control router;

the PC system receives a control response message sent by the access control router according to the control request information;

the control response message comprises control response information and a control response IP address; and the source IP address in the control response IP address is the IP address of the access control router, and the target IP address in the control response IP address is the IP address of the PC system.

In an optional implementation, when the PC system includes the PC client and a private router, the sending, by the PC system, a control request packet to an access control router includes:

the PC client sends an initial control request message to the private router;

the private access router adopts a network address conversion rule to repackage the received initial control request message to obtain the control request message and sends the control request message to the access control router;

wherein, the initial control request message comprises an initial control request IP address and the control request information; a source IP address in the initial control request IP address is the IP address of the PC client, and a target IP address in the initial control request IP address is the IP address of the access controller;

the receiving, by the PC system, of the control response packet sent by the access control router according to the control request information includes:

the private access router receives a control response message sent by the access control router according to the control request information;

the private access router adopts a network address conversion rule to repackage the received control response message sent by the access control router according to the control request information to obtain a target control response message; the target control response message comprises the control response information and a target control response IP address;

the PC client receives the target control response message;

and the source IP address in the target control response IP address is the IP address of the access control router, and the target IP address in the target control response IP address is the IP address of the PC client.

In a second aspect, a communication method is provided, which may include:

an access control router receives a first data request message sent by a PC system, wherein the first data request message is used for requesting data from an internal network server, and the first data request message comprises an external layer request IP address, an internal layer request IP address, a message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

the access control router re-encapsulates the first data request message to obtain a second data request message; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is the intranet IP address, and a destination address in the request IP address is the IP address of the intranet server;

the access control router sends the second data request message to the intranet server;

the access control router receives a second data response message sent by the intranet server according to the second data request message; the second data response message comprises a response IP address and response data, wherein a source IP address in the response IP address is an IP address of the intranet server, and a target IP address in the response IP address is an intranet IP address;

the access control router adopts a network address conversion rule to repackage the second data response message to obtain a first data response message; the first data response message comprises an outer layer response IP address, an inner layer response IP address and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

if the PC system does not have the intranet IP address allocated by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the IP address of the PC system;

and the access control router sends the first data response message to the PC client.

In an optional implementation, when the PC system includes the PC client and a private router, the receiving, by the access control router, a first data request packet sent by the PC system includes:

the access control router receives a first data request message sent by a private router, wherein the first data request message is obtained by the private router receiving an initial data request message sent by the PC client and repackaging the initial data request message by adopting a network address conversion rule; the initial data request message comprises an initial outer layer request IP address, an initial inner layer request IP address, an initial message header and the data request information;

wherein the initial outer layer request IP address comprises an initial outer layer first source IP address and an initial outer layer first destination IP address; the initial inner layer first request IP address comprises an initial inner layer first source IP address and an initial inner layer first destination IP address;

if the intranet IP address allocated by the access control router does not exist in the PC client, the initial outer layer first source IP address is the IP address of the PC client, and the initial outer layer first destination IP address is the IP address of the access control router; the initial inner layer first source IP address is the IP address of the PC client, and the initial inner layer first destination IP address is the IP address of the intranet server;

the access control router sends the first data response message to the PC system, including:

the access control router sends the first data response message to the private router, so that the private router adopts a network address conversion rule to repackage the first data response message to obtain a target data response message, and sends the target data response message to the PC client; the target data response message comprises a target outer layer response IP address, a target inner layer response IP address and the response data;

the target outer layer response IP address comprises a target outer layer second source IP address and a target outer layer second destination IP address, and the target inner layer response IP address comprises a target inner layer second source IP address and a target inner layer second destination IP address;

In an optional implementation, the method further comprises:

the access control router receives a control request message sent by the PC system, wherein the control request message comprises a control request IP address and control request information, a source IP address in the control request IP address is an IP address of the PC system, and a destination IP address in the control request IP address is an IP address of the access control router;

the access control router generates a control response message according to the control request information, wherein the control response message comprises control response information and a control response IP address; wherein, the source IP address in the control response IP address is the IP address of the access control router, and the destination IP address in the control response IP address is the IP address of the PC system;

and the access control router sends the control response message to the PC client.

In an optional implementation, when the PC system includes the PC client and a private router, the receiving, by the access control router, a control request packet sent by the PC client includes:

the access control router receives the control request message obtained by repackaging the initial control request message sent by the PC client by the private router according to the network address conversion rule; the initial control request message comprises an initial control request IP address and the control request information;

a source IP address in the initial control request IP address is an IP address of the PC client, and a destination IP address in the initial control request IP address is an IP address of the private router, so that the private router adopts a network address conversion rule to repackage the received initial control request message to obtain the control request message, and sends the control request message to the access control router;

the access control router sends the control response message to the PC system, including:

the access control router sends the control response message to the private router so that the private router repacks the control response message to obtain a target control response message and then sends the target control response message to the PC client; the target control response message comprises the control response information and a target control response IP address;

In a third aspect, a PC system is provided, which may include: a transmitting unit and a receiving unit;

the sending unit is used for sending a first data request message to an access control router, the first data request message is used for requesting data from an internal network server, and the first data request message comprises an external layer request IP address, an internal layer request IP address, a first message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

the receiving unit is configured to receive a first data response packet sent by the access control router according to the first data request packet; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

In a fourth aspect, an access control router is provided, which may include: a receiving unit, a packaging unit and a sending unit;

the receiving unit is used for receiving a first data request message sent by a PC system by an access control router, wherein the first data request message is used for requesting data from an internal network server, and the first data request message comprises an external layer request IP address, an internal layer request IP address, a message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

the encapsulation unit is used for re-encapsulating the first data request message to obtain a second data request message; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is the intranet IP address, and a destination address in the request IP address is the IP address of the intranet server;

the sending unit is configured to send the second data request packet to the intranet server;

the receiving unit is further configured to receive a second data response message sent by the intranet server according to the second data request message; the second data response message comprises a response IP address and response data, wherein a source IP address in the response IP address is an IP address of the intranet server, and a target IP address in the response IP address is an intranet IP address;

the encapsulation unit is further configured to repackage the second data response packet by using a network address translation rule to obtain a first data response packet; the first data response message comprises an outer layer response IP address, an inner layer response IP address and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

the sending unit is further configured to send the first data response packet to the PC system.

In a fifth aspect, there is provided a communication system comprising the PC system of the third aspect and the access control router of the fourth aspect.

In a sixth aspect, an electronic device is provided, which includes a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete communication with each other via the communication bus;

a memory for storing a computer program;

a processor for carrying out the method steps of any of the above first aspects or the method steps of any of the above second aspects when executing a program stored in a memory.

In a seventh aspect, a computer-readable storage medium is provided, in which a computer program is stored, which computer program, when being executed by a processor, performs the method steps of any of the above-mentioned first aspects or the method steps of any of the above-mentioned second aspects.

The method provided by the above embodiment of the present invention sends a first data request packet to an access control router through a PC system, where the first data request packet is used to request data from an intranet server, and the first data request packet includes an outer layer request IP address, an inner layer request IP address, a first packet header, and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address; if the PC system does not have an intranet IP address allocated by the access control router, the outer layer first source IP address is the IP address of the PC system, and the outer layer first destination IP address is the IP address of the access control router; the inner layer first source IP address is an IP address of the PC system, and the inner layer first destination IP address is an IP address of the intranet server; receiving a first data response message sent by the access control router according to the first data request message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address; if the PC system does not have an intranet IP address distributed by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the IP address of the PC system end. Compared with the prior art, the method realizes the communication of the data message under the condition that the access control router does not issue an intranet IP address for the PC client side by encapsulating the preset IP structure on the outer layer of the original message structure, namely changing the message structure, and improves the communication efficiency.

Drawings

Fig. 1 is a schematic diagram of a system architecture of a communication method application according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of the PC system of FIG. 1;

fig. 3 is a flowchart illustrating a communication method according to an embodiment of the present invention;

fig. 4A is a schematic diagram of a message structure of a control request message according to an embodiment of the present invention;

FIG. 4B is a diagram illustrating a structure of the control request message in FIG. 4A;

FIG. 4C is a diagram illustrating a structure of extended information in the control request information in FIG. 4A;

FIG. 4D is a diagram illustrating a structure of extended information including a MAC address;

FIG. 4E is a schematic diagram of a structure of extended information including an encrypted public key;

FIG. 4F is a diagram illustrating a structure of extended information including a user name;

FIG. 4G is a diagram illustrating a structure of extended information including a password;

FIG. 4H is a schematic diagram of a structure of extended information including an intranet IP address;

fig. 5 is a communication method of a registration request packet according to an embodiment of the present invention;

fig. 6 is a communication method of an authentication request packet according to an embodiment of the present invention;

fig. 7 is a communication method of a keep-alive request packet according to an embodiment of the present invention;

fig. 8 is a flowchart illustrating a communication method according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a first data request packet according to an embodiment of the present invention;

fig. 10 is a flowchart illustrating a communication method according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of a communication device according to an embodiment of the present invention;

fig. 12 is a schematic structural diagram of another communication device according to an embodiment of the present invention;

fig. 13 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without any creative effort belong to the protection scope of the present application.

The communication method provided by the embodiment of the invention can be applied to the system architecture shown in fig. 1, and the system can comprise a PC system, an access control router and an intranet server. The PC system can communicate with the intranet server through the access control router. The network where the intranet server is located is different from the network where the PC system is located.

Alternatively, when the PC client is connected to the access control router through the private router, the PC client and the private router may be regarded as a PC system, that is, the PC system may include only the PC client, or the PC system may include the PC client and the private router. As shown in fig. 2, the PC client is connected to a Local Area Network (LAN) interface of the private router, a Wide Area Network (WAN) interface of the private router is connected to a LAN interface of the access control router, and a WAN interface of the access control router is connected to the intranet server.

The PC client is installed in a PC Terminal, which may be a User Equipment (UE) such as a Mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a Personal Digital Assistant (PDA), a tablet computer (PAD), a handheld device, a vehicle-mounted device, a wearable device, a computing device or other processing device connected to a wireless modem, a Mobile Station (MS), a Mobile Terminal (Mobile Terminal), or the like.

The communication method provided by the embodiment of the invention comprises a control message communication method and a data message communication method, wherein the control message can comprise a registration message, an authentication message, a keep-alive message and the like.

The following describes in detail a communication method of a control packet and a communication method of a data packet according to preferred embodiments of the present application with reference to the drawings of the specification.

The communication method for the control message comprises the following steps:

fig. 3 is a flowchart illustrating a communication method according to an embodiment of the present invention. As shown in fig. 3, the method may include:

step 310, the PC system sends a control request message to the access control router.

As shown in fig. 4A, the control request packet may include a control request IP address, a control packet header, and control request information, where a source IP address in the control request IP address is an IP address of the PC system, and a destination IP address in the control request IP address is an IP address of the access control router; the control request information is used for indicating the control message to perform operations such as registration, authentication, keep-alive and the like.

The control header may include: source port number, destination port number, message length, and message protocol.

As shown in fig. 4B, the control request information is fixed to be 8 bytes long, and may include a version number of 1 byte, an operation code of 1 byte, a message code of 1 byte, an information length of 1 byte, and an IP address of a PC client of 1 byte and extended information of a maximum of 8 bytes.

The operation code may include an operation code 1 for identifying the control request message as a registration request message, an operation code 2 for identifying the control request message as a registration response message, an operation code 3 for identifying the control request message as an authentication request message, an operation code 4 for identifying the control request message as an authentication response message, an operation code 5 for identifying the control request message as a keep-alive request message, and an operation code 6 for identifying the control request message as a keep-alive response message.

The message code is used for recording the state information corresponding to the current operation code, for example, the message code 0 indicates that the data transmission channel is not established, and the message code 1 indicates that the data transmission channel is established.

The information length refers to the length of the control request information.

The extension information is used for indicating the MAC address information, the encrypted public key and the user information which are carried by the support of the control request message, such as information of a user name, a password, an allocated intranet IP address and the like.

The information structure of the extended information is a TLV structure of "tag field (tag) + length field (length) + value field (value)", where the tag field indicates the type of the extended information, the length field indicates the length of the extended information, and the value field is used to store the extended content. As shown in fig. 4C.

If the extended information supports the MAC address of the PC-capable terminal, the extended information may be, as shown in fig. 4D, a MAC address with a field 1, a length field 6, and a value field b083fe66 aaaa.

If the extended information supports carrying the encrypted public key, the extended information may be the encrypted public key with an identification field of 2, a length field of 6, and a value field of XXXXXX as shown in fig. 4E.

If the extended information supports carrying the user name in the user information, the extended information may be, as shown in fig. 4F, a user name with a field of 3, a length field of 4, and a value field of YYYYYY.

If the extended information supports carrying the password in the user information, the extended information may be a password with an identification field of 4, a length field of 8, and a value field of zzzz, as shown in fig. 4G.

If the extension information supports carrying the allocated intranet IP address, the extension information may identify the allocated intranet IP address with a domain of 5, a length domain of 4, and a value domain of dddddddd as shown in fig. 4H.

The control request message may include a registration request message, an authentication request message, and a keep-alive request message.

Optionally, when the PC system and the access control router perform control request packet transmission:

if the PC system comprises the PC client and does not comprise the private router, the IP address of the PC system is the IP address of the PC client, namely the source IP address in the control request message is the IP address (or called local IP address) of the PC client, and the destination IP address in the control request IP address is the IP address of the access control router;

if the PC system comprises a PC client and a private router, the IP address of the PC system is the private router. Specifically, the method comprises the following steps: a PC client in a PC system sends an initial control request message to a private router, wherein the initial control request message comprises an initial control request IP address and control request information, a source IP address in the initial control request IP address is the IP address of the PC client, and a target IP address in the initial control request IP address is the IP address of an access controller;

the private access router adopts a network address conversion rule to repackage the received initial control request message to obtain a control request message and sends the control request message to the access control router; that is, the source IP address in the control request message is the IP address of the private access router, and the destination IP address in the control request IP address is the IP address of the access control router.

And step 320, the access control router generates a control response message according to the control request information.

After receiving the control request message, the access control router analyzes the control request message to obtain a control request IP address, a control message header and control request information in the control request message.

The access control router can generate a corresponding control response message according to the registration, authentication, keep-alive and other request operations indicated by the control request information. The control response message comprises control response information and a control response IP address;

when the access control router detects that a source IP address in the control request IP address is the same as the IP address of the PC client in the control request information, the PC system is determined to comprise the PC client and not comprise the private access router, the source IP address of the control response IP address in the generated control response message is the IP address of the access control router, and a target IP address in the control response IP address is the IP address of the PC client.

When the access control router detects that the source IP address in the control request IP address is different from the IP address of the PC client in the control request information, the PC system is determined to comprise the PC client and the private router, the source IP address of the control response IP address in the generated control response message is the IP address of the access control router, and the target IP address in the control response IP address is the IP address of the private router.

The control response message may include a registration response message, an authentication response message, and a keep-alive response message.

(1) Optionally, when the control request message is a registration request message, the extended information in the registration request message is an MAC address of the PC terminal and user information to be registered, and the operation code is 1;

the access control router analyzes the received registration request message to obtain the MAC address of the PC terminal, and registers the user information to be registered and generates a registration response message which is successfully registered if the PC terminal is determined to be a legal host through the validity verification of the MAC address of the PC terminal; at this time, the operation code in the registration reply message is 2, the message code is 1, and the extension information is the encryption public key.

And if the PC terminal is determined to be an illegal host, generating a registration response message of failed registration. At this time, the operation code in the registration reply message is 2, the message code is 0, and the extension information is null.

It should be noted that, when the control request packet is a registration packet, the access control router may receive or preset a control policy, where the control policy is: if the PC system has a private router, determining that the current PC system has potential safety hazard, and rejecting the registration request of the PC system, namely the registration of the PC system fails;

if the PC system does not have a private router, the current PC system is determined to have no potential safety hazard, and the registration request of the PC system is allowed, namely the PC system is successfully registered.

(2) Optionally, when the control request message is an authentication request message, the extension information in the authentication request message is encrypted user information, the operation code is 3, and the encrypted user information is obtained by encrypting the user information by the PC system using an encryption public key;

after the PC system successfully authenticates, the access control router analyzes the received authentication request message to obtain encrypted user information, decrypts the encrypted user information by adopting an encryption private key to obtain readable user information, authenticates and verifies the readable user information and the registered user information, and if the encrypted user information is consistent with the registered user information, an authentication response message which is successfully authenticated is generated; at this time, the message code in the authentication response message is 1, the operation code is 4, and the extension information is the allocated intranet IP address;

and if not, generating an authentication response message of authentication failure. At this time, the message code in the authentication response message is 0, the operation code is 4, and the extension information is a null IP address.

(3) Optionally, after the authentication is passed, in order to ensure normal data communication, the access control router may further send a control request message, that is, a keep-alive request message, to the PC system, where the control request message is used to detect whether communication between the access control router and the PC system is normal, and extension information in the keep-alive request message may be preset information or null information, an operation code is 5, and a message code is 1;

if the message is normal, the access control router receives a keep-alive response message sent by the PC system within a preset receiving time period, the extended information in the keep-alive request message can be preset information or null information, the operation code is 5, and the message code is 1;

if not, the access control router cannot receive the keep-alive response message sent by the PC system in the preset receiving time period.

Step 330, the access control router sends a control response message to the PC client.

If the access control router determines that the PC system only comprises the PC client, the PC client in the PC system directly receives the control response message.

If the access control router determines that the PC system comprises a PC client and a private router, the private router in the PC system repackages the received control response message by adopting a network address conversion rule to obtain a target control response message, and sends the target control response message to the PC client, wherein the target control response message comprises control response information and a target control response IP address; and the source IP address in the target control response IP address is the IP address of the access control router, and the target IP address in the target control response IP address is the IP address of the PC client.

As shown in fig. 5, the control request message is taken as a registration request message, and the PC system includes a private router and a PC client as an example, where the IP address of the PC client is 10.1.1.2, the IP address of the private router is 192.168.45.6, and the IP address of the access control router is 192.168.45.1.

The registration process of the PC system may include the steps of:

step 501, the PC client sends an initial registration request message to the private router.

The initial registration request message may include an initial registration request IP address, a MAC address of the PC terminal, and user information to be registered. Wherein, the source IP address in the registration request IP address is the IP address of the PC client: 10.1.1.2, the destination IP address is the IP address of the access control router: 192.168.45.1.

step 502, the private router adopts the network address conversion rule to repackage the received initial registration request message to obtain the registration request message.

The initial registration request message may include a registration request IP address, a MAC address of the PC terminal, and user information to be registered. Wherein, the source IP address in the registration request IP address is the IP address of the private router: 192.168.45.6, the destination IP address is the IP address of the access control router: 192.168.45.1.

step 503, the private access router sends a registration request message to the access control router.

Step 504, the access control router analyzes the received registration request message to obtain the MAC address, and verifies the validity of the MAC address.

And 505, the access control router sends a registration response message to the private router.

If the access control router passes the verification and registers the user information to be registered, sending a registration response message including response information and a response IP address to the private access router, wherein the registration response message successfully registered; if the access control router fails to verify, sending a registration response message with unsuccessful registration to the private access router, wherein the registration response message comprises response information and a response IP address;

the source IP address of the response IP address is the IP address of the access control router: 192.168.45.1, the destination IP address in the response IP address is the IP address of the private router: 192.168.45.6.

step 506, the private router adopts the network address conversion rule to repackage the received registration reply message to obtain the target registration reply message.

The target registration reply message comprises registration reply information and a target registration reply IP address. The source IP address in the target registration response IP address is the IP address of the access control router: 192.168.45.1, the destination IP address in the destination registration reply IP address is the IP address of the PC client: 10.1.1.2.

step 507, the private router sends a target registration response message to the PC client.

As shown in fig. 6, the control request message is taken as the authentication request message, and the PC system includes a private router and a PC client as an example, where the IP address of the PC client is 10.1.1.2, the IP address of the private router is 192.168.45.6, and the IP address of the access control router is 192.168.45.1.

The authentication process of the PC system may include the steps of:

step 601, the PC client sends an initial authentication request message to the private router.

The initial authentication request message may include an initial authentication request IP address and user information to be authenticated. Wherein, the source IP address in the authentication request IP address is the IP address of the PC client: 10.1.1.2, the destination IP address is the IP address of the access control router: 192.168.45.1.

step 602, the private router re-encapsulates the received initial authentication request message by using the network address translation rule to obtain the authentication request message.

The initial authentication request message may include an authentication request IP address, an MAC address of the PC terminal, and user information to be registered. Wherein, the source IP address in the authentication request IP address is the IP address of the private access router: 192.168.45.6, the destination IP address is the IP address of the access control router: 192.168.45.1.

step 603, the private access router sends an authentication request message to the access control router.

Step 604, the access control router analyzes the received authentication request message to obtain the user information to be authenticated, and matches the user information to be authenticated with the registered user information.

Step 605, the access control router sends a registration response message to the private router.

If the user information to be authenticated is matched with the registered user information, sending an authentication response message with successful authentication to the private access router, wherein the authentication response message comprises response information and a response IP address; if the user information to be authenticated is not matched with the registered user information, sending an authentication response message with unsuccessful authentication to the private access router, wherein the authentication response message comprises response information and a response IP address;

step 606, the private router repackages the received authentication response message by adopting the network address conversion rule to obtain the target authentication response message.

The target authentication response message comprises authentication response information and a target authentication response IP address. And the source IP address in the target authentication response IP address is the IP address of the access control router: 192.168.45.1, the destination IP address in the target authentication response IP address is the IP address of the PC client: 10.1.1.2.

step 607, the private router sends the target authentication response message to the PC client.

As shown in fig. 7, taking the control request packet as the keep-alive request packet, and the PC system includes a private router and a PC client as an example, where the IP address of the PC client is 10.1.1.2, the IP address of the private router is 192.168.45.6, and the IP address of the access control router is 192.168.45.1.

The keep-alive validation process for a PC system can include the steps of:

step 701, the access controller sends a keep-alive request message to the private router.

The keep-alive request message comprises a keep-alive request IP address and preset keep-alive information; wherein, the source IP address in the keep-alive request IP address is the IP address of the access control router: 192.168.45.1, the destination IP address is the IP address of the private router: 192.168.45.6.

step 702, the private router adopts the network address conversion rule to repackage the received keep-alive request message to obtain the target keep-alive request message.

The target keep-alive request message comprises keep-alive request information and a target keep-alive IP address; wherein, the source IP address in the target keep-alive IP address is the IP address of the access control router: 192.168.45.1, the destination IP address in the target keep-alive IP addresses is the IP address of the PC client: 10.1.1.2.

step 703, the private router sends the target keep-alive request message to the PC client.

Step 704, the PC client sends the target keep-alive response message to the private router.

The target keep-alive response message comprises keep-alive response information and a target response IP address; wherein, the source IP address in the target response IP address is the IP address of the PC client: 10.1.1.2, the destination IP address in the target response IP address is the IP address of the access control router: 192.168.45.1.

step 705, the private router repackages the received target keep-alive response message by adopting a network address conversion rule to obtain the keep-alive response message.

The keep-alive reply message comprises keep-alive reply information and a keep-alive reply IP address. The source IP address in the keep-alive response IP address is the IP address of the private router: 192.168.45.6, the destination IP address in the target registration reply IP address is the IP address of the access control router: 192.168.45.1.

step 707, the private router sends keep-alive response message to the access controller.

The communication method for the data message comprises the following steps:

in the prior art, only after the PC client receives the intranet IP address of the PC system client, the access control router and the PC client end-piece can perform data packet communication, but the data packet communication method provided in the embodiment of the present application adopts a network address conversion rule to ensure normal data packet communication, so as to implement data packet communication when the PC system receives the intranet IP address allocated by the access control router, and implement data packet communication when the PC system does not receive the intranet IP address allocated by the access control router, as shown in fig. 8.

Fig. 8 is a flowchart illustrating a communication method according to an embodiment of the present invention. As shown in fig. 8, the method may include:

step 810, the PC system sends a first data request packet to the access control router.

As shown in fig. 9, the data packet includes an outer IP address, an inner IP address, a first header, and a data payload. The outer layer request IP address and the inner layer request IP address both comprise a source IP address and a destination IP address. The outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

if the PC system has an intranet IP address allocated by the access control router, the outer layer first source IP address is the IP address of the PC system, and the outer layer first destination IP address is the IP address of the access control router; the inner layer first source IP address is an intranet IP address, and the inner layer first destination IP address is an IP address of an intranet server;

if the PC system does not have an intranet IP address allocated by the access control router, the outer-layer source IP address is the IP address of the PC system, and the outer-layer target IP address is the IP address of the access control router; the inner layer source IP address is the IP address of the PC system, and the inner layer destination IP address is the IP address of the intranet server.

Further, if the PC system includes a PC client and does not include a private router, the IP address of the PC system is determined as the IP address of the PC client, that is, the PC client in the PC system directly sends the first data request packet to the access control router.

If the PC system comprises the PC client and the private router, the outer layer first source IP address in the first data request message is the IP address of the private router, and the inner layer first source IP address is the IP address of the PC client.

Specifically, the PC client sends an initial data request message to the private router, wherein the initial data request message comprises an initial outer layer request IP address, an initial inner layer request IP address, an initial message header and the data request information;

the private access router adopts a network address conversion rule to repackage the received initial data request message to obtain a first data request message, and then sends the first data request message to the access control router;

the initial outer layer request IP address comprises an initial outer layer first source IP address and an initial outer layer first destination IP address; the initial inner layer first request IP address comprises an initial inner layer first source IP address and an initial inner layer first destination IP address;

if the PC client has an intranet IP address allocated by the access control router, the initial outer layer first source IP address is the IP address of the PC client, and the initial outer layer first destination IP address is the IP address of the access control router; the initial inner layer first source IP address is an intranet IP address, and the initial inner layer first destination IP address is an IP address of an intranet server;

if the internal network IP address distributed by the access control router does not exist in the PC client, the initial outer layer first source IP address is the IP address of the PC client, and the initial outer layer first destination IP address is the IP address of the access control router; the initial inner layer first source IP address is the IP address of the PC client, and the initial inner layer first destination IP address is the IP address of the intranet server.

And step 820, the access control router repackages the first data request message to obtain a second data request message.

Repackaging the first data request message to obtain a second data request message; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is an intranet IP address, and a destination address in the request IP address is an IP address of an intranet server;

the access control router stores the outer layer request IP address and the inner layer request IP address in the first data request message in the preset session information so as to generate a response message corresponding to the first data request message in the following.

Step 830, the access control router sends the second data request packet to the intranet server.

Step 840, the intranet server sends a second data response message to the access control router.

The intranet server obtains corresponding response data, namely requested data, according to the data request information in the second data request message, and generates a second data response message, where the second data response message may include a response IP address and response data, and a source IP address in the response IP address is an IP address of the intranet server, and a destination IP address in the response IP address is an intranet IP address.

Step 850, the access control router repackages the second data response message by adopting the network address conversion rule to obtain the first data response message.

And the access control router adopts the network address conversion rule and the stored preset session information to repackage the second data response message to obtain the first data response message. The first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

if the PC system has an intranet IP address allocated by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is an IP address of the intranet server, and the inner layer second destination IP address is an intranet IP address;

if the PC system does not have an intranet IP address distributed by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the IP address of the PC system.

Step 860, the access control router sends the first data response message to the PC client.

If the PC system comprises the PC client and does not comprise the private access router, the IP address of the PC system in the first data response message is determined as the IP address of the PC client, namely the PC client in the PC system directly receives the first data response message sent by the access control router.

And if the PC system comprises the PC client and the private router, the outer layer second destination IP address in the first data response message is the IP address of the private router, the outer layer second destination IP address is the IP address of the private router, and the inner layer second destination IP address is the IP address of the PC client.

Further, the private access router receives a first data response message sent by the access control router, and repackages the first data response message by adopting a network address conversion rule to obtain a target data response message; the target data response message comprises a target outer layer response IP address, a target inner layer response IP address and response data; the target outer layer response IP address comprises a target outer layer second source IP address and a target outer layer second destination IP address, and the target inner layer response IP address comprises a target inner layer second source IP address and a target inner layer second destination IP address.

If the PC client does not have the intranet IP address allocated by the access control router, the target outer layer second source IP address is the IP address of the access control router, the target outer layer second destination IP address is the IP address of the PC client, the target inner layer second source IP address is the IP address of the intranet server, and the target inner layer second destination IP address is the IP address of the PC client.

If the PC client has an intranet IP address allocated by the access control router, the target outer layer second source IP address in the target data response message is the IP address of the access control router, the target outer layer second destination IP address is the IP address of the PC client, the target inner layer second source IP address is the IP address of the intranet server, and the target inner layer second destination IP address is the intranet IP address.

In one example, as shown in fig. 10, the PC system includes a private router as an example, where the IP address of the PC client is 10.1.1.2, the IP address of the private router is 192.168.45.6, the IP address of the access control router is 192.168.45.1, the IP address of the intranet server is 192.168.50.36, and the intranet IP address is 192.168.46.2.

Step 1001, the PC client sends an initial data request message to the private router.

If the intranet IP address allocated by the access control router exists in the PC client, the initial outer layer first source IP address in the initial outer layer request IP address in the initial data request message is the IP address of the PC client: 10.1.1.2, the initial outer layer first destination IP address is the IP address of the access control router: 192.168.45.1, respectively; the initial inner layer first source IP address in the initial inner layer request IP address is an intranet IP address: 192.168.45.6, the initial inner layer first destination IP address is the IP address of the intranet server: 192.168.50.36, respectively;

if the intranet IP address allocated by the access control router does not exist in the PC client, the initial outer layer first source IP address in the initial outer layer request IP address in the initial data request message is the IP address of the PC client: 10.1.1.2, the initial outer layer first destination IP address is the IP address of the access control router: 192.168.45.1, respectively; the initial inner layer first source IP address in the initial inner layer request IP address is the IP address of the PC client: 10.1.1.2, the initial inner layer first destination IP address is the IP address of the intranet server: 192.168.50.36.

step 1002, the private router repackages the received initial data request message by adopting a network address conversion rule to obtain a first data request message.

If the PC client has the intranet IP address allocated by the access control router, the outer layer first source IP address in the outer layer request IP address in the first data request message is the IP address of the private access router: 192.168.45.6, the outer first destination IP address is the IP address of the access control router: 192.168.45.1, respectively; the inner layer first source IP address in the inner layer request IP address is an intranet IP address: 192.168.46.2, the inner layer first destination IP address is the IP address of the intranet server: 192.168.50.36.

if the PC client does not have the intranet IP address allocated by the access control router, the outer layer first source IP address in the outer layer request IP address in the first data request message is the IP address of the private access router: 192.168.45.6, the outer first destination IP address is the IP address of the access control router: 192.168.45.1, respectively; the inner layer first source IP address in the inner layer request IP address is the IP address of the PC client: 10.1.1.2, the first destination IP address of the inner layer is the IP address of the intranet server: 192.168.50.36.

step 1003, the private access router sends a first data request message to the access control router.

Step 1004, the access control router repackages the first data request message to obtain a second data request message.

If the intranet IP address allocated by the access control router exists in the PC client, the source IP address in the request IP address in the second data request message is the intranet IP address: 192.168.46.2, the destination address is the IP address of the intranet server: 192.168.50.36.

if the PC client does not have the intranet IP address distributed by the access control router, the source IP address of the request IP address in the second data request message is the IP address of the private access router: 192.168.45.6, the destination address is the IP address of the intranet server: 192.168.46.2.

step 1005, the access control router sends the second data request message to the intranet server.

Step 1006, the intranet server sends a second data response message to the access control router.

If the PC client has the intranet IP address distributed by the access control router, the source IP address in the response IP address in the second data response message is the IP address of the intranet server: 192.168.50.36, the destination IP address is an intranet IP address: 192.168.46.2.

if the PC client does not have the intranet IP address distributed by the access control router, the source IP address of the request IP address in the second data request message is the IP address of the private access router: 192.168.45.6, the destination address is the IP address of the intranet server: 192.168.50.36, respectively;

step 1007, the access control router repackages the second data response message by using the network address conversion rule to obtain the first data response message.

If the PC client has the intranet IP address allocated by the access control router, the outer layer second source IP address in the outer layer response IP address in the first data response message is the IP address of the access control router: 192.168.45.1, the outer second destination IP address is the IP address of the private router: 192.168.45.6, respectively; and an inner layer second source IP address in the inner layer response IP address is the IP address of the intranet server: 192.168.50.36, the inner layer second destination IP address is the intranet IP address: 192.168.46.2.

if the PC client does not have the intranet IP address allocated by the access control router, the outer layer second source IP address in the outer layer response IP address in the first data response message is the IP address of the access control router: 192.168.45.1, the outer second destination IP address is the IP address of the private router: 192.168.45.6, respectively; and an inner layer second source IP address in the inner layer response IP address is the IP address of the intranet server: 192.168.50.36, the inner layer second destination IP address is the IP address of the PC client: 10.1.1.2.

step 1008, the access control router sends the first data response message to the private access router.

Step 1009, the private router adopts the network address translation rule to repackage the first data response message, so as to obtain the target data response message.

If the PC client has the intranet IP address allocated by the access control router, the target outer layer second source IP address in the target outer layer response IP address in the target data response message is the IP address of the access control router: 192.168.45.1, the target outer layer second destination IP address is the IP address of the PC client: 10.1.1.2; the target inner layer second source IP address in the target inner layer response IP address is the IP address of the intranet server: 192.168.50.36, the target inner layer second destination IP address is an intranet IP address: 192.168.46.2.

if the PC client does not have the intranet IP address allocated by the access control router, the target outer layer second source IP address in the target outer layer response IP address in the target data response message is the IP address of the access control router: 192.168.45.1, the target outer layer second destination IP address is the IP address of the PC client: 10.1.1.2; the target inner layer second source IP address in the target inner layer response IP address is the IP address of the intranet server: 192.168.50.36, the target inner layer second destination IP address is the IP address of the PC client: 10.1.1.2.

step 1010, the private router sends the target data response message to the PC client.

In the method provided by the above embodiment of the present invention, the PC system sends a first data request packet to the access control router, where the first data request packet is used to request data from the intranet server, and the first data request packet includes an outer layer request IP address, an inner layer request IP address, a first packet header, and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address; if the PC system does not have an intranet IP address allocated by the access control router, the outer layer first source IP address is the IP address of the PC system, and the outer layer first destination IP address is the IP address of the access control router; the inner layer first source IP address is an IP address of the PC system, and the inner layer first destination IP address is an IP address of the intranet server; receiving a first data response message sent by the access control router according to the first data request message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address; if the PC system does not have an intranet IP address distributed by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the IP address of the PC system. Compared with the prior art, the method realizes the communication of the data message under the condition that the access control router does not issue an intranet IP address for the PC client side by encapsulating the preset IP structure on the outer layer of the original message structure, namely changing the message structure, and improves the communication efficiency.

Corresponding to the above method, an embodiment of the present invention further provides a PC system, as shown in fig. 11, where the PC system includes: a transmitting unit 1110 and a receiving unit 1120;

a sending unit 1110, configured to send a first data request packet to an access control router, where the first data request packet is used to request data from an internal network server, and the first data request packet includes an external layer request IP address, an internal layer request IP address, a first packet header, and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

a receiving unit 1120, configured to receive a first data response packet sent by the access control router according to the first data request packet; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

The functions of the functional units of the communication apparatus provided in the above embodiments of the present invention may be implemented by the above method steps, and therefore, detailed working processes and beneficial effects of the units in the communication apparatus provided in the embodiments of the present invention are not described herein again.

Corresponding to the foregoing method, an embodiment of the present invention further provides an access control router, and as shown in fig. 12, the access control router includes: a receiving unit 1210, an encapsulating unit 1220, and a transmitting unit 1230;

a receiving unit 1210, configured to receive, by an access control router, a first data request packet sent by a PC system, where the first data request packet is used to request data from an intranet server, and the first data request packet includes an outer layer request IP address, an inner layer request IP address, a packet header, and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

an encapsulating unit 1220, configured to repackage the first data request packet to obtain a second data request packet; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is the intranet IP address, and a destination address in the request IP address is the IP address of the intranet server;

a sending unit 1230, configured to send the second data request packet to the intranet server;

a receiving unit 1210, further configured to receive a second data response message sent by the intranet server according to the second data request message; the second data response message comprises a response IP address and response data, wherein a source IP address in the response IP address is an IP address of the intranet server, and a target IP address in the response IP address is an intranet IP address;

the encapsulating unit 1220 is further configured to repackage the second data response packet by using a network address translation rule, so as to obtain a first data response packet; the first data response message comprises an outer layer response IP address, an inner layer response IP address and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

if the PC system does not have the intranet IP address allocated by the access control router, the outer layer second source IP address is the IP address of the access control router, and the outer layer second destination IP address is the IP address of the PC system; the inner layer second source IP address is the IP address of the intranet server, and the inner layer second destination IP address is the IP address of the PC client;

a sending unit 1230, further configured to send the first data response packet to the PC client;

when the PC system comprises the PC client, the IP address of the PC system is the IP address of the PC client; and when the PC system comprises the PC client and the private router, the IP address of the PC system is the IP address of the private router.

An embodiment of the present invention further provides an electronic device, as shown in fig. 13, including a processor 1310, a communication interface 1320, a memory 1330 and a communication bus 1340, wherein the processor 1310, the communication interface 1320 and the memory 1330 complete mutual communication through the communication bus 1340.

A memory 1330 for storing a computer program;

the processor 1310, when executing the program stored in the memory 1330, implements the following steps:

sending a first data request message to an access control router, wherein the first data request message is used for requesting data from an internal network server and comprises an external layer request IP address, an internal layer request IP address, a first message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

receiving a first data response message sent by the access control router according to the first data request message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

Or performing the following steps:

receiving a first data request message sent by a PC system, wherein the first data request message is used for requesting data from an internal network server and comprises an external layer request IP address, an internal layer request IP address, a message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

repackaging the first data request message to obtain a second data request message; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is the intranet IP address, and a destination address in the request IP address is the IP address of the intranet server;

sending the second data request message to the intranet server;

receiving a second data response message sent by the intranet server according to the second data request message; the second data response message comprises a response IP address and response data, wherein a source IP address in the response IP address is an IP address of the intranet server, and a target IP address in the response IP address is an intranet IP address;

repackaging the second data response message by adopting a network address conversion rule to obtain a first data response message; the first data response message comprises an outer layer response IP address, an inner layer response IP address and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

and sending the first data response message to the PC client.

The aforementioned communication bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.

The communication interface is used for communication between the electronic equipment and other equipment.

The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.

As the implementation manner and the beneficial effects of the problem solving of each component of the electronic device in the above embodiments can be realized by referring to each step in the embodiments shown in fig. 3, fig. 5 to fig. 8, and fig. 10, the specific working process and the beneficial effects of the electronic device provided in the embodiments of the present invention are not repeated herein.

In yet another embodiment of the present invention, a computer-readable storage medium is further provided, which has instructions stored therein, which when run on a computer, cause the computer to perform the communication method described in any of the above embodiments.

In a further embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the communication method described in any of the above embodiments.

As will be appreciated by one of skill in the art, the embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the true scope of the embodiments of the present application.

It is apparent that those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the embodiments of the present application and their equivalents, the embodiments of the present application are also intended to include such modifications and variations.

Claims

1. A method of communication, the method comprising:

the method comprises the steps that a PC system sends a first data request message to an access control router, the first data request message is used for requesting data from an internal network server, and the first data request message comprises an external layer request IP address, an internal layer request IP address, a first message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

the PC system receives a first data response message sent by the access control router according to the first data request message; the access control router repackages the first data request message to obtain a second data request message; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is the intranet IP address, and a destination address in the request IP address is the IP address of the intranet server; the access control router sends the second data request message to the intranet server; the access control router receives a second data response message sent by the intranet server according to the second data request message; the second data response message comprises a response IP address and response data, wherein a source IP address in the response IP address is an IP address of the intranet server, and a target IP address in the response IP address is an intranet IP address; the access control router adopts a network address conversion rule to repackage the second data response message to obtain a first data response message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

2. The method of claim 1,

if the intranet IP address allocated by the access control router exists in the PC system, the outer layer first source IP address in the first data request message is the IP address of the PC system, and the outer layer first destination IP address is the IP address of the access control router; the inner layer first source IP address is the intranet IP address, and the inner layer first destination IP address is the IP address of the intranet server;

3. The method of claim 1 or 2,

if the PC system comprises a PC client and does not comprise a private router, the IP address of the PC system is the IP address of the client;

4. The method of claim 3, wherein when the PC system includes the PC client and a private access router, the PC system sending a first data request message to an access control router, comprising:

5. The method of claim 4,

if the intranet IP address allocated by the access control router exists in the PC client, the initial outer layer first source IP address in the initial data request message is the IP address of the PC client, and the initial outer layer first destination IP address is the IP address of the access control router; the initial inner layer first source IP address is the intranet IP address, and the initial inner layer first destination IP address is the IP address of the intranet server;

6. The method of claim 3, wherein the method further comprises:

the PC system sends a control request message to the access control router;

7. The method of claim 6, wherein when the PC system includes the PC client and a private access router, the PC system sending a control request message to an access control router, comprising:

the PC client sends an initial control request message to the private router;

wherein, the initial control request message comprises an initial control request IP address and the control request information; wherein, a source IP address in the initial control request IP address is the IP address of the PC client, and a destination IP address in the initial control request IP address is the IP address of the access control router;

the private access router adopts a network address conversion rule to repackage the received control response message sent by the access control router according to the control request message to obtain a target control response message; the target control response message comprises the control response information and a target control response IP address;

the PC client receives the target control response message;

8. A method of communication, the method comprising:

an access control router receives a first data request message sent by a PC system, wherein the first data request message is used for requesting data from an internal network server and comprises an external layer request IP address, an internal layer request IP address, a message header and data request information; the outer layer request IP address comprises an outer layer first source IP address and an outer layer first destination IP address, and the inner layer request IP address comprises an inner layer first source IP address and an inner layer first destination IP address;

and the access control router sends the first data response message to the PC system.

9. A PC system, the PC system comprising: a transmitting unit and a receiving unit;

the receiving unit is configured to receive a first data response packet sent by the access control router according to the first data request packet; the access control router repackages the first data request message to obtain a second data request message; the second data request message comprises a request IP address, a second message header and data request information, wherein a source IP address in the request IP address is the intranet IP address, and a destination address in the request IP address is the IP address of the intranet server; the access control router sends the second data request message to the intranet server; the access control router receives a second data response message sent by the intranet server according to the second data request message; the second data response message comprises a response IP address and response data, wherein a source IP address in the response IP address is an IP address of the intranet server, and a target IP address in the response IP address is an intranet IP address; the access control router adopts a network address conversion rule to repackage the second data response message to obtain a first data response message; the first data response message comprises an outer layer response IP address, an inner layer response IP address, a second message header and response data; the outer layer response IP address comprises an outer layer second source IP address and an outer layer second destination IP address, and the inner layer response IP address comprises an inner layer second source IP address and an inner layer second destination IP address;

10. An access control router, characterized in that the access control router comprises: a receiving unit, a packaging unit and a sending unit;

11. A communication system, characterized in that the communication system comprises a PC system according to claim 9 and an access control router according to claim 10.

12. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;

a memory for storing a computer program;

a processor for carrying out the method steps of any one of claims 1 to 7 or the method steps of claim 8 when executing a program stored on a memory.

13. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of the claims 1-7 or carries out the method steps of claim 8.