CN112954061A - Device for realizing P2P hole punching in port-limited network - Google Patents
Device for realizing P2P hole punching in port-limited network Download PDFInfo
- Publication number
- CN112954061A CN112954061A CN202110192466.6A CN202110192466A CN112954061A CN 112954061 A CN112954061 A CN 112954061A CN 202110192466 A CN202110192466 A CN 202110192466A CN 112954061 A CN112954061 A CN 112954061A
- Authority
- CN
- China
- Prior art keywords
- nat
- network
- port
- hole punching
- messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004080 punching Methods 0.000 title claims abstract description 45
- 238000001514 detection method Methods 0.000 claims abstract description 23
- 238000013507 mapping Methods 0.000 claims abstract description 12
- 238000004891 communication Methods 0.000 claims abstract description 10
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 235000008694 Humulus lupulus Nutrition 0.000 claims description 5
- 230000000149 penetrating effect Effects 0.000 claims description 3
- 230000001960 triggered effect Effects 0.000 abstract description 3
- 238000011330 nucleic acid test Methods 0.000 description 50
- 239000000523 sample Substances 0.000 description 7
- 230000003993 interaction Effects 0.000 description 5
- 238000000034 method Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 2
- 230000001502 supplementing effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
Abstract
The invention discloses a device for realizing P2P hole punching in a network with limited ports, which comprises the following steps: step 1: a connection is established with the external server so that the external server can get the egress IP and port of a and B. According to the invention, transmission of network packets is limited through a symmetric NAT by communication hop count, a port limitation strategy at the other end is prevented from being triggered, and a hole detection purpose is achieved, so that P2P hole punching of two networks is realized, when two network devices of two parties which need to establish P2P connection are symmetric NAT, after the two network devices acquire respective known external network ports, an external server and the second party network device exchange respective internal network ports and external network ports, and meanwhile, whether a gateway corresponding to the network device has a preset port mapping rule or not is judged by comparing the internal network ports and the external network ports of the network device, and hole punching is carried out through a predicted external network port of the related network device and a newly applied internal network port.
Description
Technical Field
The invention relates to the technical field of terminal access management of the Internet, in particular to a device for realizing P2P hole punching in a network with limited ports.
Background
In the process of establishing connection between two network devices in the P2P network, two network devices in the network need to be holed through a gateway. At the gateway, firstly, a packet from a network device of an internal network needs to be sent to the outside, and at this time, a corresponding mapping is left on the gateway, wherein the mapping means that an internal network port of the network device in the gateway is X X, an external network port is X ': X', the mapping is X X < -X ': X', and after the mapping is formed, the packet sent to X ': X' by the external network is forwarded to X: X under a certain condition. The condition is related to the NAT type. The mapping is generally called "hole", and a packet from an external network device can only be forwarded to a corresponding internal network device through the mapping stored in the gateway through the "hole". Before the hole appears, all packets sent to the hole by an external network are discarded, the hole punching technology is widely applied in the P2P network, and according to different NAT network limitations, the following traditional hole punching technologies are available: 1. full cone NAT: no pre-probing is needed, internal and external ports are consistent and open to the outside, direct connection is possible for communication, 2, limiting conical NAT: need to bridge through the intermediate node, after surveying each other, can communicate, survey arbitrary party of message and send and can survey successfully, 3, port restriction toper NAT: the need to bridge through intermediate nodes and the port of the other party must be probed by the port-restricted party first to allow the other party to probe and communicate requires that at least one of the ports is not port-restricted, if the unrestricted party probes first, the restricted party will lock the port, and then will not be able to communicate with the opposite party through the port for some time, even if the probe packet is sent first, 4, symmetric NAT: both segments are networks with limited ports, and cannot bridge and probe through intermediate nodes, because a probe packet sent by any one end is detected by the other end as an illegal connection and communication is limited.
Therefore, in the prior art, no good solution is provided for P2P hole punching of port-restricted conical NAT and symmetric NAT, interaction is generally realized through proxy, operation is complex, and information security cannot be guaranteed, so that a device for realizing P2P hole punching in a port-restricted network is provided, and the problems provided above are solved.
Disclosure of Invention
The invention aims to provide a device for realizing P2P hole punching in a network with limited ports, which has the advantage of directly realizing interaction without proxy and solves the problem that the prior art does not have a good hole punching solution for the port-limited conical NAT and the symmetric NAT and generally realizes interaction through proxy.
In order to achieve the purpose, the invention provides the following technical scheme: an apparatus for implementing P2P hole punching in a port-limited network, comprising the following steps:
step 1: establishing connection with an external server, so that the external server can obtain the outlet IP and the port of A and B;
step 2: a and B respectively obtain an outlet IP and a port of the opposite side from an external server;
and step 3: a and B respectively send heartbeat detection messages to each other at the same time, the number of the messages in an IP transmission protocol needs to be modified, the number of the messages reaching an NAT gateway is judged according to the condition of a local network, the number of the messages reaching the NAT gateway can be increased progressively from an empirical value until the detection messages of each other are received, the pace of the messages sent by A and B is ensured to be consistent, and one party can be prevented from not penetrating the NAT through negotiation of an intermediate server, while the detection messages of the other party reach the local NAT;
and 4, step 4: when the detection messages of each other are received, the hole punching is successful.
Preferably, in step 3, when the number of hops of the probe packet needs to be limited and the number of hops is gradually increased, the probe packets of a and B can reach the NAT network of themselves without reaching the NAT of the other party, and finally when the packet of a reaches B, because a has sent out the packet of itself from the NAT, the NAT of a can receive the packet of B, and the NAT principle of B is also the same, thereby implementing the hole punching communication between a and B.
Preferably, in step 3, one of the two network devices that are to establish the P2P connection corresponds to a symmetric NAT, and the other corresponds to one of the following NATs: symmetric NAT, address and port restriction cone NAT; and the gateway corresponding to one network device of the symmetric NAT has a preset port mapping rule.
Compared with the prior art, the invention has the following beneficial effects:
the invention limits the transmission of network packets through communication hops aiming at a port-limited conical NAT and a symmetrical NAT, avoids triggering a port-limited strategy at the other end, and achieves the aim of hole-punching detection, thereby realizing the hole-punching of P2P of two networks, when two network devices of two parties which need to establish P2P connection are symmetrical NAT, after the two network devices acquire respective known external network ports, an external server exchanges respective internal network ports and external network ports with the second party network device, simultaneously, the internal network ports and the external network ports of the network devices are compared to judge whether a gateway corresponding to the network devices has a preset port mapping rule or not, the hole-punching is carried out through the predicted external network ports of the related network devices and the newly applied internal network ports, and the hole-punching method of the embodiment of the invention ensures that the hole-punching of P2P can be successful, does not conflict with the existing hole-punching mode, and can be used for supplementing the existing hole-punching mode, and according to the fact that the port restriction conical NAT and the symmetric NAT do not have good punching solutions, the final punching situation can be achieved only by means of proxy interaction, and according to the scheme provided by the patent, transmission of network packets is limited through communication hop numbers, a port restriction strategy at the other end is prevented from being triggered, the purpose of punching detection is achieved, and therefore P2P punching of two networks of the port restriction conical NAT and the symmetric NAT is achieved.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "upper", "lower", "inner", "outer", "front", "rear", "both ends", "one end", "the other end", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be configured in a specific orientation, and operate, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "disposed," "connected," and the like are to be construed broadly, such as "connected," which may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1, an apparatus for implementing P2P hole punching in a port-limited network includes the following steps:
step 1: establishing connection with an external server, so that the external server can obtain the outlet IP and the port of A and B;
step 2: a and B respectively obtain an outlet IP and a port of the opposite side from an external server;
and step 3: a and B respectively send heartbeat detection messages to each other at the same time, the number of the messages in an IP transmission protocol needs to be modified, the heartbeat detection messages are given according to the condition of a local network, namely, the number of the messages reaching an NAT gateway is judged, the heartbeat detection messages can be increased progressively from an empirical value until the detection messages of each other are received, the pace of the messages sent by A and B is ensured to be consistent, one party is prevented from not penetrating the NAT through negotiation of an intermediate server, the detection messages of the other party reach the local NAT, when the hop count of the detection messages is required to be limited and gradually increased, the detection messages of A and B can reach the NAT network of the A and cannot reach the NAT network of the other party, when the message of the A finally reaches the B, the A sends the message of the A out, the message of the A can receive the message of the B, the NAT principle of the NAT is consistent, and the punching communication of the A and the, one of the two network devices that are to establish P2P connection corresponds to a symmetric NAT, and the other corresponds to one of the following NATs: symmetric NAT, address and port restriction cone NAT; a gateway corresponding to one network device of the symmetric NAT has a preset port mapping rule;
and 4, step 4: when the detection messages of each other are received, the hole punching is successful.
When the method is used, the conical NAT and the symmetrical NAT are limited aiming at ports, the transmission of a network packet is limited through communication hop count, the port limitation strategy at the other end is prevented from being triggered, and the aim of punching detection is achieved, so that the P2P punching of two networks is realized, when two network devices of two sides which need to establish P2P connection are symmetrical NAT, after the two network devices obtain respective known external network ports, an external server and the second side network device exchange respective internal network ports and external network ports, and simultaneously, whether a gateway corresponding to the network device has a preset port mapping rule or not is judged by comparing the internal network ports and the external network ports of the network devices, punching is carried out through the predicted external network ports of the related network devices and a newly applied internal network port, and the P2P punching can be successful is ensured, the punching method of the embodiment of the invention does not conflict with the existing punching mode, the method can be used for supplementing the existing hole punching mode, and the situation that final hole punching can be realized only by realizing interaction through agency generally because no good hole punching solution is available according to the port restriction conical NAT and the symmetrical NAT, and the scheme provided by the patent avoids triggering the port restriction strategy at the other end by limiting the transmission of network packets through communication hop number, and achieves the hole punching detection purpose, thereby realizing the P2P hole punching of two networks of the port restriction conical NAT and the symmetrical NAT.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (3)
1. An apparatus for implementing P2P hole punching in a port-limited network, comprising the following steps:
step 1: establishing connection with an external server, so that the external server can obtain the outlet IP and the port of A and B;
step 2: a and B respectively obtain an outlet IP and a port of the opposite side from an external server;
and step 3: a and B respectively send heartbeat detection messages to each other at the same time, the number of the messages in an IP transmission protocol needs to be modified, the number of the messages reaching an NAT gateway is judged according to the condition of a local network, the number of the messages reaching the NAT gateway can be increased progressively from an empirical value until the detection messages of each other are received, the pace of the messages sent by A and B is ensured to be consistent, and one party can be prevented from not penetrating the NAT through negotiation of an intermediate server, while the detection messages of the other party reach the local NAT;
and 4, step 4: when the detection messages of each other are received, the hole punching is successful.
2. An apparatus for implementing P2P hole punching in a port-limited network according to claim 1, wherein: in the step 3, when the number of hops of the detection message is required to be limited and the number of hops is gradually increased, the detection messages of a and B can reach the NAT network of the A and cannot reach the NAT of the opposite side, and when the message of the A finally reaches the B, because the A sends the message of the A out from the NAT, the NAT of the A can receive the message of the B, the NAT principle of the B is consistent, and the punching communication of the A and the B is realized.
3. An apparatus for implementing P2P hole punching in a port-limited network according to claim 1, wherein: in step 3, the NAT corresponding to one of the two network devices that are to establish the P2P connection is a symmetric NAT, and the NAT corresponding to the other network device is one of the following: symmetric NAT, address and port restriction cone NAT; and the gateway corresponding to one network device of the symmetric NAT has a preset port mapping rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110192466.6A CN112954061A (en) | 2021-02-20 | 2021-02-20 | Device for realizing P2P hole punching in port-limited network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110192466.6A CN112954061A (en) | 2021-02-20 | 2021-02-20 | Device for realizing P2P hole punching in port-limited network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112954061A true CN112954061A (en) | 2021-06-11 |
Family
ID=76244716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110192466.6A Pending CN112954061A (en) | 2021-02-20 | 2021-02-20 | Device for realizing P2P hole punching in port-limited network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112954061A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301183A (en) * | 2021-06-15 | 2021-08-24 | 杭州华橙软件技术有限公司 | Network connectivity detection method and device, storage medium and electronic device |
| CN113873041A (en) * | 2021-09-30 | 2021-12-31 | 迈普通信技术股份有限公司 | Message transmission method, device, network equipment and computer readable storage medium |
| CN114844856A (en) * | 2022-04-26 | 2022-08-02 | 夏宇 | Network penetration method, device, electronic equipment and storage medium |
| CN115499411A (en) * | 2022-09-21 | 2022-12-20 | 北京百度网讯科技有限公司 | Network penetration system, method and device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007142786A (en) * | 2005-11-18 | 2007-06-07 | Hitachi Ltd | Handover server, and mobile communication terminal communcable thereof |
| CN107580082A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | The penetrating method and device of a kind of symmetric NAT |
| CN109660637A (en) * | 2018-11-16 | 2019-04-19 | 深圳市网心科技有限公司 | P2P burrows transmission method and system, electronic device and computer readable storage medium |
| CN111600968A (en) * | 2020-03-31 | 2020-08-28 | 普联技术有限公司 | NAT (network Address translation) hole punching method, device and equipment in P2P network and readable storage medium |
| CN112351115A (en) * | 2019-08-09 | 2021-02-09 | 华为技术有限公司 | Port prediction method and device of symmetric NAT equipment |
-
2021
- 2021-02-20 CN CN202110192466.6A patent/CN112954061A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007142786A (en) * | 2005-11-18 | 2007-06-07 | Hitachi Ltd | Handover server, and mobile communication terminal communcable thereof |
| CN107580082A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | The penetrating method and device of a kind of symmetric NAT |
| CN109660637A (en) * | 2018-11-16 | 2019-04-19 | 深圳市网心科技有限公司 | P2P burrows transmission method and system, electronic device and computer readable storage medium |
| CN112351115A (en) * | 2019-08-09 | 2021-02-09 | 华为技术有限公司 | Port prediction method and device of symmetric NAT equipment |
| CN111600968A (en) * | 2020-03-31 | 2020-08-28 | 普联技术有限公司 | NAT (network Address translation) hole punching method, device and equipment in P2P network and readable storage medium |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301183A (en) * | 2021-06-15 | 2021-08-24 | 杭州华橙软件技术有限公司 | Network connectivity detection method and device, storage medium and electronic device |
| CN113873041A (en) * | 2021-09-30 | 2021-12-31 | 迈普通信技术股份有限公司 | Message transmission method, device, network equipment and computer readable storage medium |
| CN113873041B (en) * | 2021-09-30 | 2024-03-01 | 迈普通信技术股份有限公司 | Message transmission method, device, network equipment and computer readable storage medium |
| CN114844856A (en) * | 2022-04-26 | 2022-08-02 | 夏宇 | Network penetration method, device, electronic equipment and storage medium |
| CN114844856B (en) * | 2022-04-26 | 2024-03-22 | 夏宇 | Network penetration method, device, electronic equipment and storage medium |
| CN115499411A (en) * | 2022-09-21 | 2022-12-20 | 北京百度网讯科技有限公司 | Network penetration system, method and device and electronic equipment |
| CN115499411B (en) * | 2022-09-21 | 2023-07-21 | 北京百度网讯科技有限公司 | Network penetration system, method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112954061A (en) | Device for realizing P2P hole punching in port-limited network | |
| US11075802B2 (en) | Methods for dynamic router configuration in a mesh network | |
| US7583667B2 (en) | Automatic determination of connectivity problem locations or other network-characterizing information in a network utilizing an encapsulation protocol | |
| US11812271B2 (en) | Methods, systems, and computer readable media for mitigating 5G roaming attacks for internet of things (IoT) devices based on expected user equipment (UE) behavior patterns | |
| ES2596528T3 (en) | Method and system for filtering multimedia traffic based on IP address links | |
| Schulzrinne et al. | GIST: general internet signalling transport | |
| US8356092B2 (en) | Methods, apparatuses, system, and related computer program product for policy control | |
| JP4511603B2 (en) | Configuration for providing peer-to-peer communication in public land mobile networks | |
| US10015162B2 (en) | Firewall authentication of controller-generated internet control message protocol (ICMP) echo requests | |
| US7804830B2 (en) | IP connectivity with NAT traversal | |
| JP2008517556A (en) | Apparatus and method for firewall traversal | |
| EP3300307A1 (en) | Method for providing hybrid network connectivity to at least one client device being connected to a telecommunications network using a customer premises equipment device or functionality, telecommunications network, logical or physical central office point of delivery, and system for providing hybrid network connectivity to at least one client device, program and computer program product | |
| US9450920B2 (en) | Method for providing access of an user end device to a service provided by an application function within a network structure and a network structure | |
| CN112583705A (en) | Communication method, device and system of hybrid network | |
| JPH09116549A (en) | Atm network constitution management method | |
| WO2015184840A1 (en) | Method, apparatus and system for acquiring response message, and method, apparatus and system for routing response message | |
| ES2760613T3 (en) | Communication procedure to ensure the maintenance of an application session between a terminal and an application server | |
| Cisco | Debug Commands (aaa - ip) | |
| KR100660123B1 (en) | Vpn server system and vpn terminal for a nat traversal | |
| EP1848151A1 (en) | Method and apparatus for configuring service equipment elements in a network | |
| CN114513486B (en) | Message processing method and device | |
| JPH10336228A (en) | Router and network management equipment | |
| Bjarnason | RFC 8994: An Autonomic Control Plane (ACP) | |
| Aoun | NSIS Working Group M. Stiemerling Internet-Draft NEC Expires: April 27, 2006 H. Tschofenig Siemens | |
| CN117955731A (en) | Communication system and communication establishment method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210611 |