CN110557443A - cross-network communication method and address translation equipment - Google Patents
cross-network communication method and address translation equipment Download PDFInfo
- Publication number
- CN110557443A CN110557443A CN201910767528.4A CN201910767528A CN110557443A CN 110557443 A CN110557443 A CN 110557443A CN 201910767528 A CN201910767528 A CN 201910767528A CN 110557443 A CN110557443 A CN 110557443A
- Authority
- CN
- China
- Prior art keywords
- address
- access request
- user
- request
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/106—Mapping addresses of different types across networks, e.g. mapping telephone numbers to data network addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
the invention discloses a cross-network communication method and address translation equipment, wherein the method comprises the following steps: based on a first network center, receiving a user access request, and analyzing the user access request to obtain a request resource type carried in the user access request; determining a network center to which the request resource type belongs; if the request resource type belongs to the first network center, sending the user access request to a server at the side of the first network center; if the request resource type belongs to the second network center, the address carried in the user access request is converted to obtain a modified access request, and the modified access request is sent to a server on the side of the second network center. The method of the invention can realize cross-network communication of two different networks, the address translation equipment can selectively translate the address according to the type of the requested resource, thereby greatly reducing the times of data forwarding and skipping, shortening the data transmission path and improving the speed of accessing the resource by the user.
Description
Technical Field
The present invention belongs to the technical field of data communication, and more particularly, to a method for cross-network communication and an address translation device.
Background
At present, when different network operators access across networks, particularly education networks and public networks, the data access speed is low. There is always a choice to access the educational network and the public network represented by three operators in a campus, especially a university campus. There are a number of educational resources in the educational network, particularly resources on the IPV6 network, but these resources are directed only to schools and research institutions, are relatively closed, and do not serve the primary purpose of profitability. For public telecommunication networks represented by telecommunications, mobile and telecommunications, profitability is the primary objective, and the types of resources, user types and user volumes are also extremely large.
But quite unfortunately, the speed of mutual access between public telecommunication networks and educational networks is very slow. For a long time, teachers and students in general have the advantages that the teachers and students access the Internet through a cheap education network, and the pain of slow access to public resources is endured. Why access to the woolen by three operators was not previously due to historical legacy factors, now mainly is a barrier to some technical factors: although the education network is low in charge, the education network is a income source and has a plurality of means for realizing mastery of end users, and colleges and universities are reluctant to give up the users; moreover, the internet is accessed through three operator networks, so that the time delay of accessing the resources of the education network is very long, some resources can not be accessed even, the first factor can be solved through business means, for example, cooperation division is realized, and the existing schools support two access modes, so that students can use the resources as required and switch between the two types of access.
From the current situation, teachers and students access the internet through an education network, so that scientific research institutions are equivalently performing network operation, but performing operation is obviously not the responsibility of the units and is not the strong item, so that the operation quality is general, the online experience of teachers and students is always poor, and the teachers and students often cannot recover for a long time after the online is slow due to network faults or the network is disconnected due to the faults. The operation is the basis of the peaceful life of the public telecommunication operators, so from the rationality, teachers and students can access the internet through the public telecommunication operators to be more reasonable choices. Therefore, how to solve the problem of quickly accessing the resources of the education network through the access of public telecommunication operators is a serious problem.
In the prior art, a proxy server is generally erected on a backbone network, when a user accesses a website, and a web browser is connected with a corresponding Internet site to obtain network information, data is transmitted to the backbone network from a network node where the user is located and then transmitted to a target server, the same operation is performed on data return, the data needs to be continuously forwarded, a large number of jumping nodes are provided, and the delay of a route is caused in the middle, so that the data transmission time of the user is prolonged. As shown in fig. 1, when accessing across networks, a user of a common telecommunications access network accesses an education network by a path of the user- > BRAS- > telecommunications backbone network router- > telecommunications backbone network egress router- > education network backbone network router- > education network intermediate router (each institution egress router in colleges) — a final resource server.
On the other hand, when performing cross-network access through the proxy server mode, the user side must perform configuration, for example, to perform website access through the proxy server, the IP address of the proxy server, such as an IE browser, must be set in the browser, that is, the user is sensible; the proxy server is specific to a specific application, for example, access web pages (HTTP services) are one type, and send and receive mail (SMTP/POP3 services) are one type, each type needs to be separately configured, and the client needs to be separately configured for each type.
In view of the above, overcoming the drawbacks of the prior art is an urgent problem in the art.
Disclosure of Invention
The present invention provides a method for cross-network communication and an address translation device, aiming at selectively performing address translation according to the type of the requested resource, so as to greatly reduce the times of data forwarding and skipping, shorten the data transmission path, and improve the speed of accessing the resource by the user.
to achieve the above object, according to an aspect of the present invention, there is provided a method for cross-network communication, the method being applied to a cross-network communication system, the cross-network communication system including a first hub and a second hub, an address translation device being disposed between the first hub and the second hub, the method including:
receiving a user access request based on the first network center, and analyzing the user access request to obtain a request resource type carried in the user access request;
Determining a network center to which the request resource type belongs;
If the request resource type belongs to the first network center, sending the user access request to a server at the side of the first network center so as to obtain a response result corresponding to the user access request;
if the request resource type belongs to a second network center, converting the address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the side of the second network center to obtain a response result corresponding to the user access request.
preferably, the user access request carries a domain name, the receiving the user access request, and analyzing the user access request to obtain a request resource type carried in the user access request includes:
Receiving the user access request;
analyzing the user access request to obtain a first source address, a first target address and a domain name carried in the user access request, and determining the type of the request resource according to the domain name;
the first source address is an address of a user side terminal, and the first destination address is an address of the DNS server on the first network center side.
Preferably, if the request resource type belongs to a second network center, converting an address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the side of the second network center to obtain a response result corresponding to the user access request includes:
If the request resource type belongs to a second network center, converting the first source address into a second source address, and converting the first target address into a second target address to obtain a modified access request, wherein the second source address is an address allowing access to the second network center, and the second target address is an address of a DNS server at the side of the second network center;
And sending the modified access request to a DNS server at the second network center side to obtain a response result corresponding to the user access request.
Preferably, the sending the modified access request to the DNS server on the second hub side to obtain a response result corresponding to the user access request includes:
Sending the modified access request to a DNS server at the second network center side;
acquiring a DNS response result matched with the domain name, where the DNS response result carries an access address, a third source address, and a third destination address, where the access address is obtained by performing DNS resolution by a DNS server on the second network center side according to the domain name, the third source address is the second destination address, and the third destination address is the second source address;
Converting the third source address into the first destination address, and converting the third destination address into the first source address to obtain a modified DNS response result;
and sending the modified DNS response result to a user side terminal so that the user side terminal can obtain corresponding resources according to the access address.
Preferably, the modified DNS response result is sent to a user side terminal, so that the user side terminal obtains a corresponding resource according to the access address;
acquiring a resource request generated by a user side terminal according to the access address, wherein the resource request carries a first source address and the access address, and the access address points to the second network center;
converting the first source address into the second source address to obtain a modified resource request, and sending the modified resource request to the second network center side gateway;
Acquiring a resource response result matched with the access address, wherein the resource response result carries a third target address, and the third target address is the second source address;
converting the third target address into the first source address to obtain a modified resource response result;
And sending the modified resource response result to a user side terminal so that the user side terminal can obtain corresponding resources.
Preferably, the user access request carries a target access address, the receiving the user access request, and analyzing the user access request to obtain a request resource type carried in the user access request includes:
receiving the user access request;
Analyzing the user access request to obtain a first source address and a target access address carried in the user access request, and determining the type of the requested resource according to the target access address, wherein the first source address is the address of a user side terminal.
Preferably, if the request resource type belongs to a second network center, converting an address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the side of the second network center to obtain a response result corresponding to the user access request includes:
If the request resource type belongs to a second network center, converting the first source address into a second source address to obtain a modified access request, wherein when the request resource type belongs to the second network center, the target access address points to the second network center, and the second source address is an address allowing access to the second network center;
and sending the modified access request to the second network center side gateway to obtain a response result corresponding to the user access request.
Preferably, the sending the modified access request to the second hub-side gateway to obtain a response result corresponding to the user access request includes:
Sending the modified access request to the second network center side gateway;
Acquiring a response result matched with the target access address, wherein the response result carries a third target address, and the third target address is the second source address;
Converting the third target address into the first source address to obtain a modified response result;
And sending the modified response result to a user side terminal so that the user side terminal can obtain corresponding resources.
Preferably, based on the first hub, receiving a user access request, analyzing the user access request, and before obtaining a request resource type carried in the user access request, the method further includes:
Acquiring an access request of a user side terminal;
Sending the access request to the first network center side server, and receiving an address distributed by the first network center side server for the user side terminal;
And sending the address distributed to the user side terminal by the first network center side server to the user side terminal.
according to another aspect of the present invention, there is provided an address translation device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor programmed to perform the method of the present invention.
generally, compared with the prior art, the technical scheme of the invention has the following beneficial effects: the invention discloses a cross-network communication method and address translation equipment, wherein the method comprises the following steps: based on a first network center, receiving a user access request, and analyzing the user access request to obtain a request resource type carried in the user access request; determining a network center to which the request resource type belongs; if the request resource type belongs to the first network center, sending the user access request to a server at the side of the first network center; if the request resource type belongs to the second network center, the address carried in the user access request is converted to obtain a modified access request, and the modified access request is sent to a server on the side of the second network center. The method of the invention can realize cross-network communication of two different networks, the address translation equipment can selectively translate the address according to the type of the requested resource, thereby greatly reducing the times of data forwarding and skipping, shortening the data transmission path and improving the speed of accessing the resource by the user. Moreover, when the method of the invention is used for accessing resources, the method is not limited to specific applications, and users do not need to set themselves when accessing different applications, so that the users are not sensible, the operation that the users need to repeatedly configure according to the access reference based on the proxy server mode is simplified, and the user experience is improved.
Drawings
in order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
fig. 1 is a schematic diagram of a network structure according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a cross-network communication system according to an embodiment of the present invention;
Fig. 3 is a flowchart illustrating a method of cross-network communication according to an embodiment of the present invention;
Fig. 4 is a schematic data interaction diagram of a method for cross-network communication according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of data interaction of another method for communicating across a network according to an embodiment of the present invention;
fig. 6 is a schematic data interaction diagram of another method for cross-network communication according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of data interaction based on cross-network communication of a public telecommunication network and an education network provided by an embodiment of the invention;
Fig. 8 is a schematic structural diagram of an address translation device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1:
for a clearer understanding of the contents of the present solution, the abbreviations and key terms appearing hereinafter are first briefly described:
DNS (Domain Name System, abbreviated DNS) server: the method is a distributed database which is used for mapping a domain name and an IP Address (namely, Internet Protocol Address) on the Internet, and can enable a user to more conveniently access the Internet without remembering an IP number string which can be directly read by a machine. The DNS server is used for domain name resolution, and finally obtains the IP address corresponding to the domain name through the domain name so as to access data.
SNAT (Source network address transition, abbreviated SNAT): and the source address translation is used for translating the source address in the data packet into another address.
DNAT (Destination Network Address transition, abbreviated DNAT): and the destination address translation is used for translating the destination address in the data packet into another address.
NAT (Network Address Translation, abbreviated NAT): address translation, including SNAT and/or DNAT.
BRAS (Broadband Remote Access Server, abbreviated BRAS): it is a new type access gateway facing wideband network application, it is positioned in the edge layer of backbone network, and can implement data access of IP/ATM network of user bandwidth.
CR: refers to a widely used core network router of Cisco.
In order to solve the problem that the inter-access speed is slow in the current cross-network communication, the embodiment provides a cross-network communication method, which can realize the cross-network communication of two different networks, and address translation equipment can selectively perform address translation according to the type of the requested resource, so that the times of data forwarding and skipping can be greatly reduced, the data transmission path is shortened, and the speed of accessing the resource by a user is improved. In addition, when the method of the embodiment is used for accessing resources, the method is not limited to specific applications, and users do not need to set themselves when accessing different applications, so that the users are not sensitive, the operation that the users need to repeatedly configure according to the access reference based on the proxy server mode is simplified, and the user experience is improved.
For clarity of explanation of the method of cross-network communication according to the present embodiment, a cross-network communication system to which the method is applied will be described first based on fig. 2. As shown in fig. 2, the cross-network communication system includes a first network center and a second network center, where an address translation device is disposed between the first network center and the second network center, and DNS servers are disposed at both sides of the first network center and the second network center, and are used for resolving a domain name and an IP address.
the address translation device may specifically be a DPI device, and is used for identifying and analyzing traffic and performing address translation.
the first network center may be a network center based on a public network, where the public network includes public networks such as a telecommunication network, a mobile network, and a communication network. The second network center is a network center based on a private network/intranet, wherein the private network/intranet comprises an education network, a campus network, an enterprise network and the like.
the user side terminal and the address conversion device are connected through the public network. In a practical application scenario, the address translation device is disposed close to the second hub, so that traffic accessing the second hub can be guided to the second hub at the first time without winding a large circle around the second hub.
In the cross-network communication system of this embodiment, the user side terminal is connected to the first network center, the address translation device is installed in the first network center and the second network center, address translation is selectively performed according to the network resource requested by the user, and the data selectively passes through the branch 1 or the branch 2 and the corresponding network center to obtain the resource.
In this embodiment, the data transmission path is the user side terminal- > DPI device- > egress router- > final resource server, which greatly reduces data forwarding before the router and can reduce delay compared to the manner shown in fig. 1.
Referring to fig. 3 and 4, the implementation process of the method for cross-network communication according to the embodiment is described. The method comprises the following steps:
step 10: and receiving a user access request based on the first network center, and analyzing the user access request to obtain a request resource type carried in the user access request.
The user side terminal and the address conversion equipment are connected through a public network, the speed of the public network is high, the user access request can be received at the first time, and the address conversion equipment analyzes the user access request after receiving the user access request to obtain the request resource type carried in the user access request.
The request resource type refers to whether the user access request is directed to the first hub or the second hub, so that the user access request is sent to the corresponding hub to obtain the corresponding resource.
step 11: and determining the network center to which the request resource type belongs.
the user access request comprises a user access request based on a domain name and a user access request based on an IP address, and when the user access request is the user access request based on the domain name, the type of a request resource is determined through the domain name; when the user access request is based on the IP address for the access request, the type of the request resource is determined through the IP address.
specifically, a domain name matching table and an IP address matching table are preset in the address translation device, and after a domain name or an IP address in a user access request is obtained, the type of the requested resource is determined by traversing the corresponding matching table.
Step 12: and if the request resource type belongs to the first network center, sending the user access request to a server at the side of the first network center so as to obtain a response result corresponding to the user access request.
in this embodiment, if the request resource type belongs to the first hub, the user access request is directly sent to the server on the first hub side, so as to obtain a response result corresponding to the user access request. That is, data is transmitted through the network via branch 1.
Step 13: if the request resource type belongs to a second network center, converting the address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the side of the second network center to obtain a response result corresponding to the user access request.
In this embodiment, if the request resource type belongs to the second hub, the address carried in the user access request is converted to obtain a modified access request, and the modified access request is sent to the server on the second hub side to obtain a response result corresponding to the user access request. I.e. data is transmitted over the network via branch 2.
When there is a difference in the manner of the user access request, there is a corresponding difference in the manner of converting the address carried in the user access request, which will be described in detail below.
The method of the embodiment can realize cross-network communication of two different networks, the address translation equipment can selectively carry out address translation according to the type of the requested resource, the times of data forwarding and skipping can be greatly reduced, the data transmission path is shortened, and the speed of accessing the resource by a user is improved. Meanwhile, resources of the public network or the education network can be rapidly acquired based on the network architecture, the network does not need to be switched automatically, and user experience is improved. Moreover, when the resource is accessed, the method is not limited to specific applications, and when different applications are accessed, a user does not need to set the applications by himself, so that the user feels insensitive, the operation that the user needs to repeatedly configure according to the access reference based on a proxy server mode is simplified, and the user experience is improved.
Further, before step 10, a process of allocating an IP address to the user side terminal is also included. Specifically, a user side terminal initiates a network access request, for example, a network access request is initiated to a first network center in a PPPOE dialing manner, an address translation device obtains the access request of the user side terminal, and then, the access request is sent to a first network center side BARS server. The first network center side BARS server responds to the access request of the user and allocates an IP address and an IP address of the DNS server to the user side terminal so as to carry out network connection. And the address conversion equipment receives the address distributed by the first network center side server for the user side terminal and feeds the address back to the user side terminal, wherein the address corresponds to a source address of the user side terminal, namely a first source address in the following text.
in an actual application scenario, two modes exist for a user to access a request:
(1) For this way, DNS interaction needs to be performed first, an IP address corresponding to the domain name is obtained through a DNS server, and the IP address obtained after resolution is returned to the user side terminal, and the user side terminal initiates an access request through the IP address, thereby obtaining the resource. It is to be appreciated that this approach experiences at least two different interactions, DNS interactions and non-DNS interactions (e.g., HTTP interactions).
(2) According to the method, DNS interaction is not needed, the network center to which the access address points is directly determined, and the user access request is forwarded to the corresponding network center to obtain the corresponding resource. It is to be understood that this approach does not require going through DNS interactions, and that non-DNS interactions (e.g., HTTP interactions) can be made directly by accessing addresses.
Based on the above two methods, since the IP address is generally a numeric string and is difficult to memorize, the method (1) is generally adopted to request the resource. For the two different methods, there is a difference in the method of converting the address carried in the user access request, and the method (1) will be described first.
with reference to fig. 5, when the user access request carries a domain name, for example, a user side terminal initiates a DNS request, in step 10, the user access request is received and analyzed to obtain a first source address, a first destination address and a domain name carried in the user access request, so as to determine the request resource type according to the domain name, where the first source address is an address of the user side terminal (that is, in the foregoing process, a first network center side BARS server allocates an IP address to the user side terminal), and the first destination address is an address of the first network center side DNS server.
in step 11, the hub to which the requested resource type belongs is determined according to the domain name. Specifically, a domain name matching table is stored in the address translation device, and the network center to which the requested resource type belongs is determined by traversing the domain name matching table.
In practical application scenarios, especially when the second network center is an educational network-based network center, some educational resources limit the IP address of the visitor, and often only requests with the IP address as the source IP address can be accessed, and such resources include some core periodicals or course entry systems in libraries.
To solve this problem, not only the destination address translation but also the source address translation is required. In step 13, if the requested resource type belongs to a second hub, converting the first source address into a second source address, and converting the first destination address into a second destination address, so as to obtain a modified access request, where the second source address is an address allowing access to the second hub, and the source address conversion is performed in order to allow the second hub to obtain the user access request after obtaining the replaced source address, and when confirming the access right, to confirm that the second hub has the access right according to the second source address; and the second target address is the address of the DNS server at the side of the second network center, and the target address conversion is carried out to switch the target address in the access request from the default first target address to the second target address when the request resource type is determined to belong to the second network center. This is because, in the current network mechanism, if the first hub is an external network, the destination address corresponding to the access request initiated by the first hub as the user of the external network is directed to the first hub by default.
and sending the modified access request to a DNS server at the second network center side to obtain a response result corresponding to the user access request.
in an actual application scenario, a user request generally corresponds to a data structure to describe information thereof, and for different networks, the data structure has differences, particularly PPPOE information and VLAN information. Therefore, in the address translation process, the format of the access request needs to be translated according to the data structures applicable to different hubs.
explaining by taking cross-network communication of a public network and an education network as an example, a message sent to a BRAS server at the public network side by a user is PPPOE plus a double-layer VLAN, and the message sent to the education network needs to be subjected to head stripping of the PPPOE and the VLAN and then subjected to NAT; and the flow returned by the education network firstly performs reverse NAT, and then adds the VLAN header and the PPPOE header and sends the added VLAN header and the added PPPOE header to the user so as to convert the message into a data structure suitable for the respective network.
In this embodiment, after receiving the modified access request, the DNS server on the second network center side resolves the domain name in the access request to obtain a DNS response result matching the domain name, and sends the DNS response result to the address translation device, where the DNS response result carries an access address, a third source address, and a third destination address, the access address is obtained by the DNS server on the second network center side performing DNS resolution according to the domain name, the third source address is the second destination address, the third destination address is the second source address, that is, the third source address is an address of the DNS server on the second network center side, and the third destination address is an address allowing access to the second network center.
Then, the address translation device translates the third source address into the first destination address (i.e., the first hub-side DNS server address), and the purpose of translating the third source address into the first hub-side DNS server address is that, since the user-side terminal initiates access to the DNS server of the first hub, if the address of the returned result is the address of another server, the user-side terminal may assume that the returned DNS response result is incorrect and may ignore the DNS response result, and therefore, it is necessary to translate the DNS server address (third source address) of the second hub side into the DNS server address (first destination address) of the first hub side, so that the user-side terminal can be guaranteed to receive and respond to the DNS response result. The third destination address is converted into the first source address (namely, the address corresponding to the user side terminal), and a modified DNS response result is obtained; and sending the modified DNS response result to a user side terminal so that the user side terminal can obtain corresponding resources according to the access address. The purpose of converting the third destination address into the first source address (i.e. the address corresponding to the user-side terminal) is to direct the DNS response result to the user-side terminal, so as to send the DNS response result to the user-side terminal.
Meanwhile, the address translation equipment acquires an access address in the DNS response result, and the access address is returned by the DNS server address on the side of the second network center, so that the access address points to the second network center, and the address is added into the address matching table to realize a self-learning process, so that the subsequent request resource type is judged through the address.
After the user-side terminal acquires the access address again, a corresponding resource request (e.g., an HTTP request) needs to be generated based on the access address, so as to initiate access to the second hub through the resource request, and acquire a corresponding resource. Specifically, the address translation device obtains a resource request generated by the user side terminal according to the access address, where the resource request carries a first source address and the access address, and the access address points to the second network center. And then, converting the first source address into the second source address to obtain a modified resource request, and sending the modified resource request to the second network center side gateway.
and after receiving the resource request, the gateway at the second network center side acquires corresponding resources according to the access address in the resource request and returns the resources to the address conversion equipment. That is, the address translation device obtains a resource response result matched with the access address, where the resource response result carries a third destination address, where the third destination address is the second source address (that is, an address allowed to be accessed by the second hub). Then, the third destination address is converted into the first source address (namely, the user side terminal address), and a modified resource response result is obtained; and sending the modified resource response result to a user side terminal so that the user side terminal can obtain corresponding resources.
In this embodiment, after performing address translation, the address translation device generates an address translation log to facilitate backtracking.
example 2:
with reference to embodiment 1, the following describes a process of cross-network communication in relation to the foregoing manner (2), where a process of allocating an IP address to a user-side terminal is further included before acquiring a user access request. Specifically, a user side terminal initiates a network access request, for example, a network access request is initiated to a first network center in a PPPOE dialing manner, an address translation device obtains the access request of the user side terminal, and then, the access request is sent to a first network center side BARS server. The first network center side BARS server responds to the access request of the user and allocates an IP address and an IP address of the DNS server to the user side terminal so as to carry out network connection. And the address conversion equipment receives the address distributed by the first network center side server for the user side terminal and feeds the address back to the user side terminal, wherein the address corresponds to a source address of the user side terminal, namely a first source address in the following text.
With reference to fig. 3 and fig. 6, the user access request carries a target access address, and in step 10, the user access request is received; analyzing the user access request to obtain a first source address and a target access address carried in the user access request, and determining the type of the requested resource according to the target access address, wherein the first source address is the address of a user side terminal.
in step 11, the hub to which the requested resource type belongs is determined according to the target access address. Specifically, the address translation device stores an address matching table, and determines a hub to which the requested resource type belongs by traversing the domain name matching table.
In practical application scenarios, especially when the second network center is an educational network-based network center, some educational resources limit the IP address of the visitor, and often only requests with the IP address as the source IP address can be accessed, and such resources include some core periodicals or course entry systems in libraries.
to solve this problem, source address translation is required. In step 13, if the requested resource type belongs to a second hub, the first source address is converted into a second source address, and a modified access request is obtained, where when the requested resource type belongs to the second hub, the target access address points to the second hub, and the second source address is an address allowing access to the second hub.
And sending the modified access request to the second network center side gateway to obtain a response result corresponding to the user access request. Specifically, after receiving the user access request, the second hub side gateway obtains a corresponding resource according to a target access address in the user access request, and returns the resource to the address translation device. That is, the address translation device obtains a response result matching the target access address, where the response result carries a third target address, and the third target address is the second source address (that is, an address allowed to be accessed by the second hub). Then, the third target address is converted into the first source address ((namely, the address of the user side terminal) to obtain a modified response result, and the modified response result is sent to the user side terminal to enable the user side terminal to obtain the corresponding resource.
the method of the embodiment can realize cross-network communication of two different networks, the address translation equipment can selectively carry out address translation according to the type of the requested resource, the times of data forwarding and skipping can be greatly reduced, the data transmission path is shortened, and the speed of accessing the resource by a user is improved. Meanwhile, resources of the public network or the education network can be rapidly acquired based on the network architecture, the network does not need to be switched automatically, and user experience is improved.
example 3:
With reference to fig. 7, one of the implementation manners of the method for cross-network communication according to the present invention is described in a practical application scenario, where a first hub is a public network-based hub, and a second hub is an educational network-based hub.
In the foregoing embodiment, the first source address is a user side terminal address, the first destination address is a DNS server address of a public network, the second source address is an address allowing access to an education network, the second destination address is a DNS server address of an education network, the third source address is a DNS server address (second destination address) of the education network, and the third destination address is an address allowing access to the education network (second source address).
the address translation device is specifically a DPI device.
step 201: the user side terminal initiates an access request.
In this embodiment, the ue connects to a network center based on the public network through the public network, and sends a broadband access request to a BRAS of the public network by dialing.
Step 202: and allocating an IP address and a DNS server address for the user side terminal.
the BRAS of the public network receives the broadband access request and allocates an IP address (user address) and a DNS address to the user side terminal, wherein the DNS address is the DNS address of the public network, namely, the DNS request initiated by the user points to the DNS server of the public network by default.
step 203: the user side terminal initiates an access request, and the access request carries a domain name.
In this embodiment, the access request is a DNS request, and the DNS request carries a domain name.
Step 204: and resolving the access request to obtain a terminal address, a DNS server address of a public network and a domain name.
the DPI equipment analyzes the access request to obtain a terminal address (source address), a DNS server address (target address) of the public network and a domain name.
Step 205: and determining the network center to which the request resource type belongs according to the domain name.
in this embodiment, if the hub to which the requested resource type belongs is a public network, step 206b is executed, and if the hub to which the requested resource belongs is an educational network, step 206a is executed.
Step 206 a: if the request resource type belongs to the education network, the terminal address is converted into an address allowing access to the education network, and the DNS server address of the public network is converted into the DNS server address of the education network, so that the modified access request is obtained.
In this embodiment, the DPI device first performs source address conversion to convert the terminal address to an address allowing access to the education network to acquire access authority to access the education network, and then performs destination address conversion to convert the DNS server address of the public network to the DNS server address of the education network to direct the access request to the education network.
step 207: the modified access request is sent to a DNS server of the education network.
Step 208: and acquiring a DNS response result matched with the domain name, wherein the DNS response result carries an access address, an address allowing access to the education network and a DNS server address of the education network.
In this embodiment, when the resource corresponding to the domain name is an educational network resource, a DNS server of the educational network needs to perform domain name resolution to obtain an access address corresponding to the domain name, and then the access address is returned to the user, and the user initiates an access according to the access address to obtain the corresponding resource.
The DNS server of the education network sends a DNS response result to the DPI equipment, wherein the DNS response result carries an access address, an address (target address) allowing access to the education network and a DNS server address (source address) of the education network.
Step 209: and converting the address allowing to access the education network into the DNS server address of the public network, and converting the DNS server address of the education network into the terminal address to obtain a modified DNS response result.
In this embodiment, the DPI device needs to perform source address translation and destination address translation to match the address carried in the response result with the address carried in the access request, otherwise, the user side terminal may misunderstand that the returned result is incorrect after receiving the DNS response result, and thus ignore the DNS response result. Namely, the source address corresponding to the modified DNS response result is the DNS server address of the public network, and the destination address corresponding to the modified DNS response result is the terminal address.
Step 210: and sending the modified DNS response result to the user side terminal.
Step 211: and acquiring a resource request generated by the user side terminal according to the access address.
And acquiring an access address matched with the domain name according to the manner, and then generating a resource request, such as an HTTP request, by the user side terminal according to the access address, wherein a source address carried in the resource request is a terminal address, and a target address is an access address (the address points to the education network).
Step 212: and converting the terminal address into an address allowing the education network to be accessed to obtain a modified resource request, and sending the modified resource request to a gateway of the education network.
In order to obtain the access right of the education network, the DPI device needs to set the source address as an address allowing access to the education network, that is, convert the terminal address into an address allowing access to the education network, obtain a modified resource request, and send the modified resource request to a gateway of the education network.
Step 213: and acquiring a resource response result matched with the access address, wherein the resource response result carries an address allowing the education network to be accessed.
And after receiving the modified resource request, the gateway of the education network acquires a resource response result according to the resource request and then sends the resource response result to the DPI equipment, wherein the target address carried in the resource response result is an address allowing the education network to be accessed.
Step 214: and converting the address allowing the education network to be accessed into the terminal address to obtain the modified resource response result. In order to transmit the resource response result to the terminal, it is necessary to convert the destination address into a terminal address, that is, an address allowing access to the education network into a terminal address, resulting in a modified resource response result.
step 215: and sending the modified resource response result to the user side terminal.
According to the foregoing steps 206a to 215, the resource of the education network is acquired by accessing the public network, and in this process, the data transmission path is the user side terminal- > DPI device- > egress router- > final resource server, which greatly reduces data forwarding before the router and can reduce delay compared to the manner shown in fig. 1.
Step 206 b: and if the request resource type belongs to the public network, sending a user access request to the public network, and acquiring a DNS response result matched with the domain name, wherein the DNS response result carries an access address.
In this embodiment, because the DNS request initiated by the user is directly directed to the public network, when the request resource type belongs to the public network, the DPI device directly sends the user request to the DNS server of the public network, and the DNS server of the public network obtains a DNS response result matched with the domain name according to the domain name, where the DNS response result carries the access address.
Step 216: and sending the DNS response result to the user side terminal.
and the DNS server of the public network sends the DNS response result to the DPI equipment, and the DPI equipment sends the DNS response result to the user side terminal.
Step 217: and sending the resource request generated by the user side terminal according to the access address to the public network.
And acquiring an access address matched with the domain name according to the manner, and then generating a resource request, such as an HTTP request, by the user side terminal according to the access address, wherein a source address carried in the resource request is a terminal address, and a target address is an access address (the address points to a public network).
Step 218: and sending the resource response result to the user side terminal.
and the public network acquires a corresponding resource response result according to the access address and then sends the resource response result to the user side terminal.
In the steps 206b to 218, the public network resources are acquired by accessing the public network. When a user initiates different resource accesses, the DPI equipment can selectively switch addresses according to the request resource types, the user does not need to set the addresses by himself or herself, the user is noninductive, the operation that the user needs to repeatedly configure according to the access references based on the proxy server mode is simplified, and the user experience is improved.
the foregoing is described by taking the user access request as the DNS request as an example, and when the user access request is the HTTP request, the network address can be switched according to the foregoing embodiment 2, and details are not described here.
Example 4:
referring to fig. 8, fig. 8 is a schematic structural diagram of an address translation device according to an embodiment of the present invention. The address translation device of the present embodiment includes one or more processors 41 and a memory 42. In fig. 8, one processor 41 is taken as an example.
The processor 41 and the memory 42 may be connected by a bus or other means, and fig. 8 illustrates the connection by a bus as an example.
The memory 42, which is a non-volatile computer-readable storage medium based on cross-network communication, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as the cross-network communication method and corresponding program instructions in embodiments 1-3. The processor 41 implements the functions of the method of cross-network communication of embodiments 1 to 3 by executing various functional applications and data processing of the method of cross-network communication by executing nonvolatile software programs, instructions, and modules stored in the memory 42.
The memory 42 may include, among other things, high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, memory 42 may optionally include memory located remotely from processor 41, which may be connected to processor 41 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
for the method of cross-network communication, please refer to fig. 2 to fig. 7 and the related text description, which are not repeated herein.
It should be noted that, for the information interaction, execution process and other contents between the modules and units in the apparatus and system, the specific contents may refer to the description in the embodiment of the method of the present invention because the same concept is used as the embodiment of the processing method of the present invention, and are not described herein again.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for cross-network communication, wherein the method is applied to a cross-network communication system, the cross-network communication system comprises a first hub and a second hub, and an address translation device is arranged between the first hub and the second hub, and the method comprises:
Receiving a user access request based on the first network center, and analyzing the user access request to obtain a request resource type carried in the user access request;
Determining a network center to which the request resource type belongs;
If the request resource type belongs to the first network center, sending the user access request to a server at the side of the first network center so as to obtain a response result corresponding to the user access request;
If the request resource type belongs to a second network center, converting the address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the side of the second network center to obtain a response result corresponding to the user access request.
2. The method according to claim 1, wherein the user access request carries a domain name, and the receiving the user access request and analyzing the user access request to obtain a request resource type carried in the user access request comprises:
receiving the user access request;
analyzing the user access request to obtain a first source address, a first target address and a domain name carried in the user access request, and determining the type of the request resource according to the domain name;
The first source address is an address of a user side terminal, and the first destination address is an address of the DNS server on the first network center side.
3. The method according to claim 2, wherein if the request resource type belongs to a second hub, converting an address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the second hub side to obtain a response result corresponding to the user access request includes:
If the request resource type belongs to a second network center, converting the first source address into a second source address, and converting the first target address into a second target address to obtain a modified access request, wherein the second source address is an address allowing access to the second network center, and the second target address is an address of a DNS server at the side of the second network center;
And sending the modified access request to a DNS server at the second network center side to obtain a response result corresponding to the user access request.
4. The method according to claim 3, wherein the sending the modified access request to the DNS server on the second hub side to obtain a response result corresponding to the user access request includes:
Sending the modified access request to a DNS server at the second network center side;
Acquiring a DNS response result matched with the domain name, where the DNS response result carries an access address, a third source address, and a third destination address, where the access address is obtained by performing DNS resolution by a DNS server on the second network center side according to the domain name, the third source address is the second destination address, and the third destination address is the second source address;
Converting the third source address into the first destination address, and converting the third destination address into the first source address to obtain a modified DNS response result;
And sending the modified DNS response result to a user side terminal so that the user side terminal can obtain corresponding resources according to the access address.
5. The method according to claim 4, wherein the modified DNS response result is sent to a user side terminal, so that the user side terminal obtains a corresponding resource according to the access address;
Acquiring a resource request generated by a user side terminal according to the access address, wherein the resource request carries a first source address and the access address, and the access address points to the second network center;
Converting the first source address into the second source address to obtain a modified resource request, and sending the modified resource request to the second network center side gateway;
Acquiring a resource response result matched with the access address, wherein the resource response result carries a third target address, and the third target address is the second source address;
converting the third target address into the first source address to obtain a modified resource response result;
and sending the modified resource response result to a user side terminal so that the user side terminal can obtain corresponding resources.
6. the method of claim 1, wherein the user access request carries a target access address, and the receiving the user access request and analyzing the user access request to obtain a request resource type carried in the user access request comprises:
Receiving the user access request;
Analyzing the user access request to obtain a first source address and a target access address carried in the user access request, and determining the type of the requested resource according to the target access address, wherein the first source address is the address of a user side terminal.
7. The method according to claim 6, wherein if the request resource type belongs to a second hub, converting an address carried in the user access request to obtain a modified access request, and sending the modified access request to a server on the second hub side to obtain a response result corresponding to the user access request includes:
if the request resource type belongs to a second network center, converting the first source address into a second source address to obtain a modified access request, wherein when the request resource type belongs to the second network center, the target access address points to the second network center, and the second source address is an address allowing access to the second network center;
And sending the modified access request to the second network center side gateway to obtain a response result corresponding to the user access request.
8. The method according to claim 7, wherein the sending the modified access request to the second hub-side gateway to obtain a response result corresponding to the user access request comprises:
Sending the modified access request to the second network center side gateway;
Acquiring a response result matched with the target access address, wherein the response result carries a third target address, and the third target address is the second source address;
Converting the third target address into the first source address to obtain a modified response result;
And sending the modified response result to a user side terminal so that the user side terminal can obtain corresponding resources.
9. The method according to any one of claims 1 to 8, wherein, based on the first hub, receiving a user access request, analyzing the user access request, and before obtaining a request resource type carried in the user access request, the method further includes:
Acquiring an access request of a user side terminal;
Sending the access request to the first network center side server, and receiving an address distributed by the first network center side server for the user side terminal;
And sending the address distributed to the user side terminal by the first network center side server to the user side terminal.
10. an address translation device, comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor and programmed to perform the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910767528.4A CN110557443A (en) | 2019-08-20 | 2019-08-20 | cross-network communication method and address translation equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910767528.4A CN110557443A (en) | 2019-08-20 | 2019-08-20 | cross-network communication method and address translation equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110557443A true CN110557443A (en) | 2019-12-10 |
Family
ID=68737679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910767528.4A Pending CN110557443A (en) | 2019-08-20 | 2019-08-20 | cross-network communication method and address translation equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110557443A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112383594A (en) * | 2020-10-30 | 2021-02-19 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
| CN113468445A (en) * | 2021-05-24 | 2021-10-01 | 北京旷视科技有限公司 | Request processing method and device, electronic equipment and computer readable medium |
| CN114401119A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Method, device and system for detecting interconnection of internal network and external network and readable storage medium |
| CN114785781A (en) * | 2022-03-22 | 2022-07-22 | 阿里巴巴(中国)有限公司 | Data access method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060133367A1 (en) * | 2004-12-21 | 2006-06-22 | Cisco Technology, Inc. | Selecting a routing mode for a call session |
| CN103262505A (en) * | 2010-10-22 | 2013-08-21 | 瑞典爱立信有限公司 | Differentiated handling of network traffic using network address translation |
| CN104995610A (en) * | 2013-03-15 | 2015-10-21 | 英特尔公司 | Intra-platform networking |
| CN106375493A (en) * | 2016-10-10 | 2017-02-01 | 腾讯科技(深圳)有限公司 | Cross-network communication method and proxy servers |
| CN110062064A (en) * | 2019-05-30 | 2019-07-26 | 新华三信息安全技术有限公司 | A kind of Address Resolution Protocol ARP request message response method and device |
-
2019
- 2019-08-20 CN CN201910767528.4A patent/CN110557443A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060133367A1 (en) * | 2004-12-21 | 2006-06-22 | Cisco Technology, Inc. | Selecting a routing mode for a call session |
| CN103262505A (en) * | 2010-10-22 | 2013-08-21 | 瑞典爱立信有限公司 | Differentiated handling of network traffic using network address translation |
| CN104995610A (en) * | 2013-03-15 | 2015-10-21 | 英特尔公司 | Intra-platform networking |
| CN106375493A (en) * | 2016-10-10 | 2017-02-01 | 腾讯科技(深圳)有限公司 | Cross-network communication method and proxy servers |
| CN110062064A (en) * | 2019-05-30 | 2019-07-26 | 新华三信息安全技术有限公司 | A kind of Address Resolution Protocol ARP request message response method and device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112383594A (en) * | 2020-10-30 | 2021-02-19 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
| CN112383594B (en) * | 2020-10-30 | 2022-04-22 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
| CN113468445A (en) * | 2021-05-24 | 2021-10-01 | 北京旷视科技有限公司 | Request processing method and device, electronic equipment and computer readable medium |
| CN114401119A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Method, device and system for detecting interconnection of internal network and external network and readable storage medium |
| CN114785781A (en) * | 2022-03-22 | 2022-07-22 | 阿里巴巴(中国)有限公司 | Data access method and device |
| CN114785781B (en) * | 2022-03-22 | 2024-03-26 | 阿里巴巴(中国)有限公司 | Data access method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110557443A (en) | cross-network communication method and address translation equipment | |
| US11582685B2 (en) | Transparent network function discovery and addressing | |
| CN101385315B (en) | Communication using private ip addresses of local networks | |
| DE602004007301T2 (en) | ADDRESSING METHOD AND APPARATUS FOR BUILDING HIP CONNECTIONS BETWEEN CURRENT AND HIP-ABLE NETWORK NODES | |
| CN101420674B (en) | NAT technique implementing method in PCC architecture, PCRF and AF | |
| US9654540B2 (en) | Load balancing among network servers | |
| US20110270996A1 (en) | Method for configuring closed user network using ip tunneling mechanism and closed user network system | |
| US20160080316A1 (en) | Subscriber Identification and Provisioning in IP Translation Environments | |
| Kalwar et al. | A survey of transition mechanisms from IPv4 to IPv6—Simulated test bed and analysis | |
| US20160072764A1 (en) | Dynamic double network address translator | |
| McFarland et al. | IPv6 for enterprise networks | |
| CN103888554B (en) | IPv4 and the domain name analytic method and system of IPv6 intercommunications | |
| JP2008502227A (en) | Method and apparatus for assigning prefix depending on domain | |
| Liu et al. | Recent progress in the study of the next generation Internet in China | |
| CN116232972A (en) | Proxy router based on service or content | |
| JP2011217174A (en) | Communication system, packet transfer method, network exchange apparatus, and program | |
| El Khadiri et al. | LISP: a Novel Solution for the Transition from IPv4 to IPv6 | |
| CN104378301B (en) | A kind of data processing method and data processing equipment | |
| US20200287868A1 (en) | Systems and methods for in-band remote management | |
| US20210320859A1 (en) | An architecture for managing ipv4 based customer premisses equipments through ipv6 | |
| Ding et al. | Speeding up IPv6 transition: Discovering NAT64 and learning prefix for IPv6 address synthesis | |
| EP1841164B1 (en) | System, process and connection unit for dynamically configuring NAT routers | |
| Sharma | Evaluating the performance of Netfilter architecture in Private Realm Gateway. | |
| CN115208614B (en) | Traffic scheduling method, device and storage medium | |
| Hoang | A study of Internet protocols |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191210 |
|
| RJ01 | Rejection of invention patent application after publication |