CN110995766A - Network communication method and client and central site adopting network communication method - Google Patents
Network communication method and client and central site adopting network communication method Download PDFInfo
- Publication number
- CN110995766A CN110995766A CN201911409068.4A CN201911409068A CN110995766A CN 110995766 A CN110995766 A CN 110995766A CN 201911409068 A CN201911409068 A CN 201911409068A CN 110995766 A CN110995766 A CN 110995766A
- Authority
- CN
- China
- Prior art keywords
- message
- network communication
- communication method
- header
- udp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network communication method, which comprises the following steps: calling message encapsulation information from a Dest table, wherein the message encapsulation information comprises a carrying field and UDP (user Datagram protocol) data; receiving an encrypted GRE header message, and encapsulating the carried field to the encrypted GRE header message to form a field header message; encapsulating the UDP data into the field header message to form a UDP header message. The invention also provides a client and a central station. According to the network communication method, the field and the UDP header are packaged and carried in the message through the client, so that a message format passing through the intermediate equipment is generated, and communication connection with the central station is achieved. Even if the source port and the source IP of the intermediate device are changed due to the problems of power-off restart and the like of the intermediate device, the central site can update the content of the Dest table in time, so that the communication connection with the client is maintained.
Description
Technical Field
The invention belongs to the field of communication, and particularly relates to a network communication method, a client and a central station using the network communication method.
Background
Network communication technology has been widely used in the present communication field. In VPN networking, a central site Hub has a globally unique public network IP, and a client CPE is in network communication with the Hub through an intermediate device NAT. However, the current VPN networking adopts a dynamic multi-tunnel technology mreb, and a data message sent by a client to a central site cannot normally pass through intermediate equipment. When the intermediate device is deleted or restarted after power failure, the central site loses the communication connection with the client.
Disclosure of Invention
The invention provides a network communication method, which is applied to a client and comprises the following steps: calling message encapsulation information from a Dest table, wherein the message encapsulation information comprises a carrying field and UDP (user Datagram protocol) data; encapsulating the carried field to an encrypted GRE header message to form a field header message; encapsulating the UDP data into the field header message to form a UDP header message.
Optionally, the message encapsulation information further includes GRE information; before receiving the encrypted GRE header packet, encapsulating the carried field in the encrypted GRE header packet, and forming a field header packet, the network communication method further includes: encapsulating the GRE information into an original message to form a GRE header message; and carrying out IPSec encryption on the GRE header message through an encryption rule in a preset IPSec protocol to form the encrypted GRE header message.
Optionally, the packet encapsulation information further includes an outer IP address, and after the step of encapsulating the UDP data into the field header packet to form a UDP header packet, the network communication method further includes: and encapsulating the outer layer IP address to the UDP header message to form an encapsulated IP message.
Optionally, the carried data includes a tunnel interface IP address of 4 bytes and a physical interface IP address of 4 bytes; the UDP data comprises a source port number of 2 bytes, a port number of a program of 2 bytes, the UDP message length of 2 bytes and a checksum of 2 bytes; the outer layer IP address comprises a client end physical interface IP address and a destination port IP address.
The invention also provides a network communication method, which is applied to the central site and comprises the following steps: receiving the IP message modified by the intermediate equipment; judging whether the IP message has a destination port which accords with the presetting; and if so, stripping the UDP header and the carrying field from the IP message.
Optionally, if the determination result in the step is yes, after stripping the UDP header and the carried field from the IP packet, the network communication method further includes: placing the stripped UDP header and the carried field in a cache header at the forefront of the IP message; carrying out decryption operation on the IP message according to an IPsec rule; inquiring a Dest table, and judging whether a connection is established with a sending end; if the judgment result is yes, updating the source port and the source IP address of the intermediate equipment in the Dest table; and carrying out IP protocol processing, and if the message is an NHRP message, handing the message to the NHRP application for continuous processing.
Optionally, if the step determines that the IP packet has a result that the result of determining whether the IP packet matches the preset destination port number is negative, the IP packet is processed normally.
Optionally, if the step queries a Dest table, and determines whether the determination result of establishing the connection with the sending end is negative, the following steps are performed: judging whether the IP message is an NHRP message or not; if the judgment result is yes, adding a source port and a source IP address into the IP message; entering the step to carry out IP protocol processing, if the message is NHRP, handing over to NHRP application for continuous processing; if not, directly entering the step to perform IP protocol processing, and if the NHRP message is the NHRP message, handing over the message to the NHRP application for continuous processing.
The present invention also provides a client, which is characterized in that the client includes: at least one processor for implementing each program; at least one memory for storing at least one program; the at least one program, when executed by the at least one processor, causes the client to implement the network communication method applied to the client.
The present invention also provides a central station, wherein the central station comprises: at least one processor for implementing each program; at least one memory for storing at least one program; when the at least one program is executed by the at least one processor, the central site implements the network communication method applied to the central site.
The network communication method provided by the invention encapsulates the carried field and the UDP header in the message through the client, thereby generating the message format passing through the intermediate equipment to realize the communication connection with the central station. Even if the source port and the source IP of the intermediate device are changed due to the problems of power-off restart and the like of the intermediate device, the central site can update the content of the Dest table in time, so that the communication connection with the client is maintained.
Drawings
Fig. 1 is a schematic diagram of a network communication structure applied in the embodiment of the present invention.
Fig. 2 is a schematic diagram of a packet encapsulation structure according to an embodiment of the present invention.
Fig. 3 is a flowchart of a network communication method applied to a client according to an embodiment of the present invention.
Fig. 4 is a flowchart of a network communication method applied to a central station according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a client using a network communication method according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of a central station using a network communication method according to an embodiment of the present invention
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 illustrates a network communication system 800 in which an embodiment of the present invention is applied. The network communication system 800 employs a dynamic multi-tunnel network communication technology mcre. The network communication system 800 includes a transmitting end 100, a communication network 200, and a destination 300. The sending end 100 establishes a network communication connection with the destination end 300 through the communication network 200, so that the sending end 100 sends the data message to the destination end 300 through the communication network 200. In this embodiment, the transmitting end 100 includes a client 110 and an intermediate device 120. The clients 110 include 2, CPE1, CPE 2. In this embodiment, the IP addresses of the physical interfaces of the clients of the CPE1 are GE0:172.1.1.1, and the IP addresses of the tunnel interfaces are Tun0: 10.1.1.1; the outer IP address of the intermediate device NAT is GE0: 1.1.1.1. The communication network is the Internet network 200. The destination 300 is the central station 300, the destination port IP address of the central station 300 is GE0:1.3.3.3, and the tunnel interface IP address is 10.1.1.3. In addition, the destination port of the central station 300 is the preset port 10000, and the source port of the CPE1 randomly gets one port, for example, 10001, within a certain range.
To implement traversing intermediary 120, client 110 needs to encapsulate a carry field and UDP header in a data message. Fig. 2 is a schematic diagram of a packet encapsulation structure according to an embodiment of the present invention. In the packet encapsulation structure, an internal original packet, a GRE header, IPSec encryption, a carrying field, UDP encapsulation, and an external IP structure are sequentially provided from right to left. In actual operation, packaging is performed from right to left in sequence according to packaging logic. In the present embodiment, the carry field includes a 4-byte tunnel interface IP address Tun0:10.1.1.1 and an IP address GE0:172.1.1.1 of a 4-byte physical interface. The UDP data is an 8-byte structure, and includes a source port 10001 of 2 bytes, a destination port 10000 of 2 bytes, a UDP packet length of 2 bytes, and a checksum of 2 bytes. The checksum is calculated through a preset mechanism and is used for checking whether the message is changed.
With reference to fig. 1, fig. 2 and fig. 3, the method for network communication applied to the transmitting end according to the embodiment of the present invention includes the following steps 402-416. Wherein, step 402-.
172.1.1.1 |
1.3.3.3 |
data of |
At step 410, UDP data is encapsulated into a field header message to form a UDP header message. The UDP data is an 8-byte structure, and includes a source port 10001 of 2 bytes, a destination port 10000 of 2 bytes, a UDP packet length of 2 bytes, and a checksum of 2 bytes. The checksum is calculated through a preset mechanism and is used for checking whether the message is changed.
172.1.1.1 |
1.3.3.3 |
10001→10000 |
172.1.1.1 |
10.1.1.1 |
data of |
And step 414, the intermediate device modifies the information of the encapsulated IP packet to form a modified IP packet. The intermediate device modifies the source port 10001 in the encapsulated IP packet into an intermediate device source port 7892, and modifies the client physical interface IP address GE0:172.1.1.1 in the encapsulated IP packet into an intermediate device source IP address 1.1.1.1 to form a modified IP packet. The following is an example of a modified IP packet:
1.1.1.1 |
1.3.3.3 |
7892→10000 |
172.1.1.1 |
10.1.1.1 |
data of |
According to the network communication method provided by the embodiment of the invention, the field and the UDP header are packaged and carried in the message through the client, so that the message format passing through the intermediate equipment is generated, and the communication connection with the central site is realized. Even if the source port and the source IP of the intermediate device are changed due to the problems of power-off restart and the like of the intermediate device, the central site can update the content of the Dest table in time, so that the communication connection with the client is maintained.
Fig. 4 is a diagram illustrating a network communication method applied to a destination according to an embodiment of the present invention. In this embodiment, the destination is a central site. The network communication method includes the following steps.
And step 510, setting the stripped UDP header and the buffer header carrying the field at the forefront of the IP message.
And step 512, decrypting the IP message according to the IPSsec rule.
In step 516, the intermediate device source port and the source IP address in the Dest table are updated.
And 518, performing IP protocol processing, and if the message is the NHRP message, handing the message to the NHRP application for continuous processing.
At step 522, add the source IP and source port to the message, and proceed to step 518.
Fig. 5 is a schematic diagram of the client 110 according to an embodiment of the present invention. The client 110 employs the network communication method of the present invention. Client 110 includes a processor 112 and a memory 114. The processor 112 is used to implement various programs. The memory 114 is used for storing at least one program, and when the at least one program is executed by the processor 112, the memory 114 can implement the network communication method applied to the client terminal provided by the present invention.
Fig. 4 is a schematic diagram of a central station 300 according to an embodiment of the present invention. The central station 300 employs the network communication method of the present invention. The central site 300 includes a processor 310 and a memory 320. The processor 310 is used to implement various programs. The memory 320 is used to store at least one program, and when the at least one program is executed by the processor 310, the memory 320 may implement the network communication method applied to the central site according to the present invention.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A network communication method, characterized in that the network communication method comprises:
calling message encapsulation information from a Dest table, wherein the message encapsulation information comprises a carrying field and UDP (user Datagram protocol) data;
encapsulating the carried field to an encrypted GRE header message to form a field header message;
encapsulating the UDP data into the field header message to form a UDP header message.
2. The network communication method of claim 1, wherein the message encapsulation information further includes GRE information; before receiving the encrypted GRE header packet, encapsulating the carried field in the encrypted GRE header packet, and forming a field header packet, the network communication method further includes:
encapsulating the GRE information into an original message to form a GRE header message;
and carrying out IPSec encryption on the GRE header message through an encryption rule in a preset IPSec protocol to form the encrypted GRE header message.
3. The network communication method according to claim 2, wherein the packet encapsulation information further includes an outer IP address, and after said step of encapsulating the UDP data into the field header packet to form a UDP header packet, the network communication method further comprises:
and encapsulating the outer layer IP address to the UDP header message to form an encapsulated IP message.
4. The network communication method according to claim 3, wherein the carried data includes a 4-byte tunnel interface IP address and a 4-byte physical interface IP address; the UDP data comprises a source port number of 2 bytes, a port number of a program of 2 bytes, the UDP message length of 2 bytes and a checksum of 2 bytes; the outer layer IP address comprises a client end physical interface IP address and a destination port IP address.
5. A network communication method, characterized in that the network communication method comprises:
receiving the IP message modified by the intermediate equipment;
judging whether the IP message has a destination port which accords with the presetting;
and if so, stripping the UDP header and the carrying field from the IP message.
6. The network communication method according to claim 5, wherein after stripping the UDP header and the carried field from the IP packet if the determination result in the step is yes, the network communication method further comprises:
placing the stripped UDP header and the carried field in a cache header at the forefront of the IP message;
carrying out decryption operation on the IP message according to an IPsec rule;
inquiring a Dest table, and judging whether a connection is established with a sending end;
if the judgment result is yes, updating the source port and the source IP address of the intermediate equipment in the Dest table;
and carrying out IP protocol processing, and if the message is an NHRP message, handing the message to the NHRP application for continuous processing.
7. The network communication method according to claim 6, wherein if the step of determining whether the IP packet has the predetermined destination port number is negative, the IP packet is processed normally.
8. The network communication method according to claim 7, wherein if said step queries a Dest table and determines whether the determination result of establishing the connection with the transmitting end is negative, the following steps are performed:
judging whether the IP message is an NHRP message or not;
if the judgment result is yes, adding a source port and a source IP address into the IP message;
entering the step to carry out IP protocol processing, if the message is NHRP, handing over to NHRP application for continuous processing;
if not, directly entering the step to perform IP protocol processing, and if the NHRP message is the NHRP message, handing over the message to the NHRP application for continuous processing.
9. A client, the client comprising:
at least one processor for implementing each program;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the client to implement the method of any one of claims 1-4.
10. A central site, comprising:
at least one processor for implementing each program;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the electronic device to implement the method of any of claims 5-8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911409068.4A CN110995766B (en) | 2019-12-31 | 2019-12-31 | Network communication method and client and central site adopting network communication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911409068.4A CN110995766B (en) | 2019-12-31 | 2019-12-31 | Network communication method and client and central site adopting network communication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110995766A true CN110995766A (en) | 2020-04-10 |
CN110995766B CN110995766B (en) | 2021-09-14 |
Family
ID=70079602
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911409068.4A Active CN110995766B (en) | 2019-12-31 | 2019-12-31 | Network communication method and client and central site adopting network communication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110995766B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101119273A (en) * | 2007-09-10 | 2008-02-06 | 杭州华三通信技术有限公司 | Method and equipment for implementing universal router packaging tunnel crossing |
CN101227376A (en) * | 2008-02-04 | 2008-07-23 | 杭州华三通信技术有限公司 | Equipment and method for virtual special-purpose network multi-case safe access |
CN102420772A (en) * | 2011-12-31 | 2012-04-18 | 杭州华三通信技术有限公司 | Tunnel message transmission and receiving methods and devices |
WO2014198217A1 (en) * | 2013-06-14 | 2014-12-18 | 中兴通讯股份有限公司 | Tunnel processing method and system, control plane equipment and forwarding plane equipment |
CN105703999A (en) * | 2016-03-29 | 2016-06-22 | 华为技术有限公司 | Method and equipment for establishing GRE channel |
CN106411783A (en) * | 2016-09-30 | 2017-02-15 | 杭州华三通信技术有限公司 | Message sending method and device |
WO2017189176A2 (en) * | 2016-04-27 | 2017-11-02 | Intel Corporation | Generic multi-access protocols for next generation multi-access networks |
CN109302354A (en) * | 2018-10-26 | 2019-02-01 | 盛科网络(苏州)有限公司 | A kind of chip implementing method and device of UDP encapsulation GRE message |
-
2019
- 2019-12-31 CN CN201911409068.4A patent/CN110995766B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101119273A (en) * | 2007-09-10 | 2008-02-06 | 杭州华三通信技术有限公司 | Method and equipment for implementing universal router packaging tunnel crossing |
CN101227376A (en) * | 2008-02-04 | 2008-07-23 | 杭州华三通信技术有限公司 | Equipment and method for virtual special-purpose network multi-case safe access |
CN102420772A (en) * | 2011-12-31 | 2012-04-18 | 杭州华三通信技术有限公司 | Tunnel message transmission and receiving methods and devices |
WO2014198217A1 (en) * | 2013-06-14 | 2014-12-18 | 中兴通讯股份有限公司 | Tunnel processing method and system, control plane equipment and forwarding plane equipment |
CN105703999A (en) * | 2016-03-29 | 2016-06-22 | 华为技术有限公司 | Method and equipment for establishing GRE channel |
WO2017189176A2 (en) * | 2016-04-27 | 2017-11-02 | Intel Corporation | Generic multi-access protocols for next generation multi-access networks |
CN106411783A (en) * | 2016-09-30 | 2017-02-15 | 杭州华三通信技术有限公司 | Message sending method and device |
CN109302354A (en) * | 2018-10-26 | 2019-02-01 | 盛科网络(苏州)有限公司 | A kind of chip implementing method and device of UDP encapsulation GRE message |
Also Published As
Publication number | Publication date |
---|---|
CN110995766B (en) | 2021-09-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108848100B (en) | Stateful IPv6 address generation method and device | |
US7215667B1 (en) | System and method for communicating IPSec tunnel packets with compressed inner headers | |
CN106992917B (en) | Message forwarding method and device | |
JP3793083B2 (en) | Method and apparatus for providing security by network address translation using tunneling and compensation | |
US20170324849A1 (en) | Partial reassembly and fragmentation for decapsulation | |
US20200021558A1 (en) | Packet transmission method and apparatus | |
WO2020156166A1 (en) | Packet processing method and device | |
US20140294018A1 (en) | Protocol for layer two multiple network links tunnelling | |
US20170359448A1 (en) | Methods and systems for creating protocol header for embedded layer two packets | |
WO2014026571A1 (en) | Method and device for sending generic routing encapsulation tunnel message | |
CN106878259B (en) | Message forwarding method and device | |
KR100748698B1 (en) | Apparatus and method of packet processing in security communication system | |
CN108989175B (en) | Communication method and device | |
CN110995766B (en) | Network communication method and client and central site adopting network communication method | |
CN113676389B (en) | Message sending method and device | |
CN115225414B (en) | Encryption strategy matching method and device based on IPSEC (Internet protocol Security) and communication system | |
CN115695308A (en) | Message processing method and device, electronic equipment and storage medium | |
CN107547691B (en) | Address resolution protocol message proxy method and device | |
US20230239279A1 (en) | Method and apparatus for security communication | |
CN107580084B (en) | Method and device for acquiring real source IP address of data packet | |
CN112019568A (en) | Message forwarding method, device and communication method and system | |
WO2016145629A1 (en) | Method and apparatus for performing communication in software-defined networking, and communications system | |
EP3461098B1 (en) | Method and apparatus for encapsulating service data packet | |
CN116471345B (en) | Data communication method, device, equipment and medium | |
JP6075871B2 (en) | Network system, communication control method, communication control apparatus, and communication control program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |