CN113067908A - NAT traversal method, device, electronic equipment and storage medium - Google Patents
NAT traversal method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113067908A CN113067908A CN202010002187.4A CN202010002187A CN113067908A CN 113067908 A CN113067908 A CN 113067908A CN 202010002187 A CN202010002187 A CN 202010002187A CN 113067908 A CN113067908 A CN 113067908A
- Authority
- CN
- China
- Prior art keywords
- nat
- cpe
- type
- address information
- public network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 104
- 238000013519 translation Methods 0.000 claims abstract description 7
- 238000012545 processing Methods 0.000 claims description 58
- 238000012360 testing method Methods 0.000 claims description 54
- 238000004590 computer program Methods 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 9
- 230000005641 tunneling Effects 0.000 claims description 2
- 102100039223 Cytoplasmic polyadenylation element-binding protein 1 Human genes 0.000 description 24
- 101710143198 Cytoplasmic polyadenylation element-binding protein 1 Proteins 0.000 description 24
- 238000001514 detection method Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 12
- 238000013507 mapping Methods 0.000 description 11
- 230000003993 interaction Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- UDPGUMQDCGORJQ-UHFFFAOYSA-N (2-chloroethyl)phosphonic acid Chemical compound OP(O)(=O)CCCl UDPGUMQDCGORJQ-UHFFFAOYSA-N 0.000 description 2
- 238000004690 coupled electron pair approximation Methods 0.000 description 2
- 238000011330 nucleic acid test Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004080 punching Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a NAT (network Address translation) traversing method, a NAT traversing device, electronic equipment and a storage medium. The method comprises the following steps: determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE; and configuring the tunnel and the tunnel address information of the L2TP based on the type of the first NAT equipment, the type of the second NAT equipment and the NAT-passed public network address information corresponding to the second CPE.
Description
Technical Field
The present invention relates to mobile communication technologies, and in particular, to a Network Address Translation (NAT) traversal method, an apparatus, an electronic device, and a storage medium.
Background
A Layer Two Tunneling Protocol (L2 TP) technology is a very widely used Virtual Private Network (VPN) technology, and a L2TP user is first connected to a L2TP Access Concentrator (LAC, L2TP Access Concentrator) device through an Access Network, and then connected to a remote L2TP Network Server (LNS, L2TP Network Server) device through an L2TP tunnel of a lower Network. The LAC and the LNS have a user management function, the LNS manages all L2TP users corresponding to one VPN in a centralized manner, and the L2TP tunnel passes through lower-layer network equipment between the LAC and the LNS.
In the related art, the L2TP tunnel operating on the public network must have public network addresses at least at one end, otherwise, the L2TP tunnel cannot be established.
Disclosure of Invention
In view of the above, the present invention mainly aims to provide a NAT traversal method, apparatus, electronic device, and storage medium.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides a Network Address Translation (NAT) traversal method, which is applied to a first Customer Premise Equipment (CPE); the method comprises the following steps:
determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and configuring the tunnel and the tunnel address information of the L2TP based on the type of the first NAT equipment, the type of the second NAT equipment and the NAT-passed public network address information corresponding to the second CPE.
In the foregoing solution, the determining the type of the second NAT device includes:
and receiving the type of the second NAT equipment sent by the server.
In the above solution, the type corresponding to the first NAT device is a basic NAT, and the type of the second NAT device is a basic NAT or Network Address Port Translation (NAPT); determining the NAT-enabled public network address information corresponding to the second CPE, comprising:
and receiving an L2TP message which is sent by the second CPE and comprises the NAT public network address information corresponding to the second CPE.
In the above scheme, the method further comprises:
sending a first test message to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
In the above scheme, the method further comprises:
sending an L2TP message with an arbitrary destination address; the destination address is an L2TP message of any address, which is used to make a hole in the first NAT device.
In the foregoing solution, determining the NAT-passed public network address information corresponding to the second CPE when the type of the first NAT device is basic NAT or NAPT and the type of the second NAT device is basic NAT includes:
and receiving the public network address information which is sent by the server and corresponds to the second CPE after NAT.
In the above scheme, the method further comprises:
sending a second test message to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
In the above scheme, the method further comprises:
and sending an L2TP message including the NAT public network address information corresponding to the first CPE to the second CPE.
In the foregoing embodiment, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the foregoing solution, the tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
In the above scheme, the public network address information includes: public network address and port number.
The embodiment of the invention also provides a Network Address Translation (NAT) traversal method, which is applied to a server and comprises the following steps:
determining the type of a first NAT device and the type of a second NAT device; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
In the foregoing solution, the determining the type of the first NAT device and the type of the second NAT device includes:
receiving a first test message sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device; receiving the type of the first NAT equipment sent by a first CPE;
receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the above scheme, the public network address information includes: public network address and port number.
An embodiment of the present invention further provides a device for NAT traversal for network address translation, where the device is applied to a first CPE, and the device includes: a first processing module and a second processing module;
the first processing module is used for determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
the second processing module is configured to configure an L2TP tunnel and tunnel address information based on the type of the first NAT device, the type of the second NAT device, and the NAT-passed public network address information corresponding to the second CPE.
In the foregoing solution, the first processing module is configured to receive the type of the second NAT device sent by the server.
In the above solution, the type corresponding to the first NAT device is basic NAT, and the type of the second NAT device is basic NAT or NAPT; the first processing module is configured to receive an L2TP message that includes public network address information after NAT and that corresponds to the second CPE, and that is sent by the second CPE.
In the above scheme, the first processing module is further configured to send a first test packet to the server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
In the above scheme, the second processing module is further configured to send an L2TP message whose destination address is an arbitrary address; the destination address is an L2TP message of any address, which is used to make a hole in the first NAT device.
In the foregoing solution, the first processing module is configured to receive public network address information after NAT, which is sent by a server and corresponds to the second CPE, where the type of the first NAT device is basic NAT or NAPT, and the type of the second NAT device is basic NAT.
In the above scheme, the first processing module is further configured to send a second test packet to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
In the foregoing solution, the first processing module is further configured to send, to the second CPE, an L2TP message including public network address information after NAT, where the public network address information corresponds to the first CPE.
Specifically, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the foregoing solution, the tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
In the above scheme, the public network address information includes: public network address and port number.
The embodiment of the invention also provides a NAT traversal device, which comprises: the device comprises a third processing module, a fourth processing module and a fifth processing module; wherein,
the third processing module is used for determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
the fourth processing module is configured to send the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
the fifth processing module is configured to determine public network address information after NAT processing corresponding to the first CPE when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, and send the public network address information after NAT processing corresponding to the first CPE to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
In the above solution, the third processing module is configured to receive a first test packet sent by a first CPE, where the first test packet includes address information of the first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device;
receiving a second test message sent by a second CPE, wherein the second test message comprises address information of the second CPE; sending a second result message based on the second test message; the second result message is used for the first CPE to determine the type of the second NAT device.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the above scheme, the public network address information includes: public network address and port number.
The embodiment of the invention also provides electronic equipment, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that the processor realizes the steps of the NAT traversal method at any one of the first CPE sides when executing the program; or,
the processor executes the program to realize the steps of any NAT traversal method at the server side.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the NAT traversal method on any one of the first CPE sides; or,
the processor executes the program to realize the steps of any NAT traversal method at the server side.
The NAT traversal method, the NAT traversal device, the electronic equipment and the storage medium provided by the embodiment of the invention determine the type of a first NAT equipment, the type of a second NAT equipment and public network address information corresponding to a second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE; configuring an L2TP tunnel and tunnel address information based on the type of the first NAT device, the type of the second NAT device and the NAT-passed public network address information corresponding to the second CPE; thus, in the scenario that neither end has a public network address, an L2TP tunnel may also be established.
Drawings
FIG. 1 is an architecture diagram of a conventional L2TP tunnel;
FIG. 2 is another architecture diagram of the existing L2TP tunnel establishment
Fig. 3 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention;
fig. 5 is a schematic view of a scenario where one end traverses the NAT according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a second L2TP message according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a third L2TP message according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a NAT traversal device according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of another NAT traversal device according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Before describing the present invention in further detail with reference to examples, the L2TP tunnel will be described.
The L2TP tunnel running on the public network must have public network addresses at least at one end, otherwise the L2TP tunnel can not be established. FIG. 1 is an architecture diagram of a conventional L2TP tunnel; both tunnels as shown in fig. 1 have a public network address at least one end (no NAT device connected), i.e. an L2TP tunnel can be established.
Fig. 2 is another architecture diagram of the conventional L2TP tunnel establishment, as shown in fig. 2, both ends do not have public network addresses, and an L2TP tunnel cannot be actually established.
The present invention will be described in further detail with reference to examples.
Fig. 3 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention; as shown in fig. 3, the NAT traversal method is applied to the first CPE; the method comprises the following steps:
Specifically, the determining the type of the second NAT device includes: and receiving the type of the second NAT equipment sent by the server.
Here, the type of the second NAT device may be determined by a CPE connected to the second NAT device and the determined type is sent to the server; sending, by the server, the type of the second NAT device to the first CPE.
In an embodiment, the type of the first NAT device connected to the first CPE is basic NAT, and the type of the second NAT device connected to the second CPE is basic NAT or NAPT; the determining the public network address information corresponding to the second CPE after NAT includes:
and receiving an L2TP message which is sent by the second CPE and comprises (or carries) public network address information corresponding to the second CPE after NAT.
That is, the first CPE determines the public network address information after NAT corresponding to the second CPE based on the received L2TP message.
Here, it can be understood that the second CPE sends an L2TP message, the sent L2TP message includes or carries an address, the L2TP message is received by the first CPE after being subjected to NAT, and the displayed address is public network address information after being subjected to NAT corresponding to the second CPE, that is, the first CPE can determine public network address information after being subjected to NAT corresponding to the second CPE based on the received L2TP message.
Here, the source address of the L2TP message sent by the second CPE is the private network address of the second CPE itself, and the destination address is the public network address information (including the public network address and the port number) after NAT corresponding to the first CPE.
Specifically, the method further comprises:
sending a first test message to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
Here, the first test packet includes address information of the first CPE.
Specifically, the method further comprises:
sending an L2TP message with an arbitrary destination address; the destination address is an L2TP message of any address, which is used to make a hole in the first NAT device.
Here, the type of the first NAT device connected to the first CPE is basic NAT, and the type of the second NAT device connected to the second CPE is basic NAT or NAPT; the first CPE may be an LNS, and the second CPE may be a Personal Computer (PC) or the like.
In an embodiment, when the type of the first NAT device connected to the first CPE is basic NAT or NAPT and the type of the second NAT device connected to the second CPE is basic NAT, the determining the NAT-enabled public network address information corresponding to the second CPE includes:
and receiving the public network address information which is sent by the server and corresponds to the second CPE after NAT.
Specifically, the method further comprises:
sending a second test message to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
Specifically, the method further comprises: an L2TP message is sent to the second CPE that includes NAT-enabled public network address information corresponding to the first CPE.
Here, the second CPE may be an LNS, and the first CPE is a Personal Computer (PC) or the like, corresponding to a case where the type of the first NAT device to which the first CPE is connected is basic NAT or NAPT, and the type of the second NAT device to which the second CPE is connected is basic NAT.
Specifically, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Specifically, the tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
Specifically, the private network address information includes: private network address and port number.
The public network address information comprises: public network address and port number.
Fig. 4 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention; as shown in fig. 4, the NAT traversal method is applied to a server, and the method includes:
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
Here, when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, the corresponding first CPE is LNS and the second CPE is a device such as a PC.
Conversely, when the type of the first NAT device is basic NAT or NAPT and the type of the second NAT device is basic NAT, that is, the corresponding first CPE is a device such as a PC, and the second CPE is an LNS.
Specifically, the determining the type of the first NAT device and the type of the second NAT device includes:
receiving a first test message sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device; receiving the type of the first NAT equipment sent by the first CPE
Receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
Here, the first test packet may include address information of the first CPE; the second test packet may include address information of the second CPE.
Specifically, when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, the determining the NAT-passed public network address information corresponding to the first CPE includes:
and determining public network address information corresponding to the first CPE after NAT based on the received first test message.
Specifically, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Specifically, the public network address information includes: public network address and port number.
The following describes the NAT traversal performed at both ends in conjunction with the above-mentioned methods shown in fig. 3 and fig. 4.
For example, the two ends include a CPEA (such as LNS) and a CPEB (such as PC), the CPEA is connected to the first NAT device, and the type of the first NAT device can only be a basic NAT; the CPEB is connected with second NAT equipment, and the type of the second NAT equipment can be basic NAT or NAPT; the method for NAT traversal at two ends comprises the following steps:
step 01, the CPEA interacts with the server (specifically, sends a first test message and receives a corresponding result message) to determine the type of the first NAT equipment, and sends the type of the first NAT equipment to the server; the CPEB interacts with the server (specifically, sends a second test message and receives a corresponding result message) to determine the type of the second NAT equipment, and sends the type of the second NAT equipment to the server;
step 02, the server sends the type of the second NAT equipment to the CPEA; sending the type of the first NAT device to the CPEB;
step 03, the server determines public network address information corresponding to the CPEA after the NAT based on the first test message, and sends the public network address information corresponding to the CPEA after the NAT to the CPEB;
step 04, configuring and sending an L2TP message with an arbitrary destination address by the CPEA, and punching the hole on the first NAT equipment;
step 05, the CPEB sends an L2TP message to the CPEA;
here, the source address of the L2TP message sent by the CPEB is the home-end private network address, and the destination address is the public network address information after NAT corresponding to the CPEA (including the public network address and port after NAT corresponding to the CEPA);
step 06, the CPEA receives the L2TP message sent by the CPEB, and determines the public network address information corresponding to the CPEB after NAT;
here, after receiving the L2TP message, the CPEA displays the address as the public network address information (including the public network address and port number after NAT corresponding to the CPEB) after NAT corresponding to the CPEB; it can be understood that the L2TP message includes or carries an address, and after the CPEA receives the message, the displayed address is the public network address information after NAT corresponding to the CPEB.
And step 07, performing interaction and forwarding of the conventional L2TP tunnel message between the CPEA and the CPEB.
As further explained below with respect to scenarios of the L2TP tunnel, the L2TP tunnel generally has the following two types of scenarios:
1. l2TP normal scenario, i.e. scenario where only one end is required to traverse the NAT;
a scenario in which one end of the L2TP traverses the NAT is mainly a mobile office scenario, a source end of the L2TP tunnel is at a PC end, and no L2TP Access Concentrator (LAC, L2TP Access Concentrator) device exists. The L2TP message at the PC end uses a User Datagram Protocol (UDP) 1701 port as a destination port. Specifically, refer to fig. 5, which is a schematic diagram of a scenario in which one end traverses the NAT.
2. The two ends of the L2TP tunnel pass through the NAT, namely the method is suitable for the application scene;
1) in the scenario that two ends of L2TP pass through NAT, L2TP is used as a bearing tunnel;
2) one end of the CPE is an LNS used for receiving the message with the destination port 1701, and the other end of the CPE is equipment such as a PC.
Here, in the methods shown in fig. 3 and 4, the CPE that can be connected to the NAT device of the type basic NAT or NAPT is the PC or the like, and the CPE that can be connected only to the NAT device of the type basic NAT is the LNS.
Here, description is made for each type of NAT in the methods shown in fig. 3 and 4.
NAT can be mainly divided into two categories: basic NAT, NAPT (Network Address Port transfer); wherein,
the basic NAT is generally applicable to statically binding a public network address and an intranet host under the condition that NAT equipment has multiple public network Internet Protocol (IP) addresses (hereinafter referred to as public network addresses), and fewer types of NAT equipment are available.
The NAPT is a conventional NAT type, and a NAT device of the NAPT type can map an internal address to a separate IP address in the external network, while adding a port number selected by the NAT device to the address. According to different mapping modes, NAPT can be divided into symmetric NAT and conical NAT, where the conical NAT includes: full cone NAT, address restricted cone NAT and port restricted cone NAT.
Specifically, NAPT is the most common NAT type in public networks, and is classified into the following four types:
1. symmetric NAT (symmetric NAT)
The symmetric NAT maps all requests from the same internal network address and port to the same destination address and port to the same public network address and port. If the same intranet host sends a message to another destination address by using the same intranet address and port, different mappings are used. Unlike port-restricted NATs, which map all requests to the same public IP address and port, symmetric NATs map different requests with different mappings.
2. Full Cone type NAT (full Cone NAT)
The full cone NAT maps all requests from one internal IP address and port to the same external IP address and port. And any external host can realize the communication with the internal host by sending a message to the mapped external address. This is a relatively loose policy, and as long as the mapping relationship between the IP address and port of the internal network and the IP address and port of the public network is established, all hosts on the Internet can access the hosts behind the NAT device.
3. Address Restricted Cone type NAT (Address Restricted Cone NAT)
The address restriction cone NAT also maps all requests from the same internal IP address and port to the same public network IP address and port. However, unlike the full cone NAT, the public network host address can only send messages to the intranet host if and only if the intranet host has previously sent a message to the public network host address.
4. Port Restricted Cone type NAT (Port Restricted Cone NAT)
The port restriction cone NAT is similar to the address restriction cone NAT, but is more restrictive. The port limiting conical NAT increases the limitation of the port number, and only when the intranet host sends a message to the address and the port number of the public network host before, the address and the port number of the public network host can communicate with the intranet host.
Fig. 6 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 6, in order to implement that two ends of the L2TP tunnel traverse the NAT, the NAT traversal method provided in the embodiment of the present invention includes: detecting the type of NAT equipment; after the type of the NAT equipment is determined, the L2TP tunnel and the related address information are configured according to the type of the NAT equipment.
The detecting the type of the NAT device comprises the following steps: in combination with other protocols (refer to NAT detection server, that is, protocols required for interaction with the above server, such as IP protocol, etc.), the client-side gateway CPEA and the client-side gateway CPEB perform message interaction through the server for NAT detection (corresponding to the server in the methods shown in fig. 3 and 4, which may be a public network toll-free server or a network controller), respectively, and detect the types of NAT devices that the CPEA and the CPEB need to traverse, that is, the types of NAT devices connected to the CPEA and the types of NAT devices connected to the CPEB.
The L2TP tunnel and associated address information, including:
l2TP is configured to use tunnel mode;
configuring tunnel address information; for each CPE, the tunnel address information includes: the private network address of the home terminal and the public network address of the opposite terminal after NAT.
The method of the above embodiment of the present invention is explained below using different types of NAT devices.
In the first embodiment, after the message interaction with the NAT detection server, it is determined that the type of the CPEA-connected NAT device is the basic NAT and the type of the CPEB-connected NAT device is the basic NAT.
The NAT traversal method comprises the following steps:
001, the NAT detection Server sends a first L2TP message to the CPEB to inform the NAT detection Server of the public network address which is recorded by the NAT detection Server and corresponds to the CPEA and is subject to NAT;
step 002, the CPEA configures and sends a second L2TP message; the configured source address information of the second L2TP message includes a home-end private network address and a port number (for example, the port number is 1701 in fig. 5, and the port is still 1701 after basic NAT mapping), and the destination address is an arbitrary address; here, configuring a message with a destination address as an arbitrary address for punching a hole in the NAT connected to the CPEA);
fig. 7 is a schematic structural diagram of a second L2TP message according to an embodiment of the present invention; as shown in fig. 7, the second L2TP message at least includes one of the following: an Outer Ethernet header (Outer Ethernet header), an Outer IP header (Outer IP header), an Outer UDP header (Outer UDP header); the source address of the second L2TP message includes: the destination address of the home private network port 1701 is an arbitrary address.
Step 003, the CPEB configures a third L2TP message, the source address of the third L2TP message is a local private network address, and the destination address is a public network address and a port (also called 1701) corresponding to the CPEA after NAT; and the CPEB sends the third LT2P message to the CPEA, so that after the CPEA receives the third L2TP message, the public network address and the port corresponding to the CPEB after NAT are obtained based on the third L2TP message.
Fig. 8 is a schematic structural diagram of a third L2TP message according to an embodiment of the present invention; as shown in fig. 8, the third L2TP message at least includes one of the following: an external ethernet header, an external IP header, an external UDP header; the destination address of the third L2TP message is the public network address and port 1701 after NAT corresponding to CPEA.
Step 004, through the above configuration, an L2TP tunnel is established between the CPEA and the CPEB, and interaction and forwarding of the conventional L2TP message can be performed.
In the second embodiment, after the message interaction with the NAT detection server, it is determined that the type of the CPEA-connected NAT device is the basic NAT and the type of the CPEB-connected NAT device is the full cone NAT:
here, the full cone NAT has the same NAT mapping for the same source and port IP packets, that is, the full cone NAT maps all requests from the same internal IP address and port to the same external IP address and port. And any external host can realize the communication with the internal host by sending a message to the mapped external address.
Therefore, the same method as in the first embodiment described above may be used for the treatment.
After the message interaction with the NAT detection server, the type of the CPEA-connected NAT device is determined to be a basic NAT, and the type of the CPEB-connected NAT device is determined to be an address restriction cone:
here, the address restriction cone NAT has the same NAT mapping for the same source same port IP packet (i.e. mapping all requests from the same internal IP address and port to the same public network IP address and port); however, unlike the full cone NAT, the public network host can send a message to the intranet host if and only if the intranet host has previously sent a message to the public network host address.
For the scenario that the CPEB-connected NAT device is an address-restricted conical NAT, the same method as the above embodiment is used to perform the processing.
After the message interaction with the NAT detection server, the type of the CPEA-connected NAT device is determined to be the basic NAT, and the type of the CPEB-connected NAT device is determined to be the port restricted conical NAT:
here, the port restricted conical NAT, also the same-source same-port IP packet NAT mapping (i.e. mapping all requests from the same internal IP address and port to the same public network IP address and port), however, the port restricted conical NAT adds the restriction of the port number, and the public network host can communicate with the internal network host only if the internal host has previously sent a packet to the public network host address.
For the scenario that the CPEB-connected NAT device is a port-restricted conical NAT, the same method as that in the first embodiment may be used to perform the processing.
And in the fifth embodiment, after the message interaction with the NAT detection server, the type of the NAT equipment connected with the CPEA is determined to be the basic NAT, and the type of the NAT equipment connected with the CPEB is determined to be the symmetrical NAT.
Here, a symmetric NAT will map all requests from the same internal IP address and port to the same public IP address and port. If the same intranet host sends a message to another destination address by using the same intranet address and port, different mappings are used.
That is, the destination address sent by CPEB is always the NAT-enabled public network address and port number 1701 corresponding to CPEA. Therefore, for a scenario in which the CPEB-connected NAT device is a symmetric NAT, the same method as the first embodiment may be used to perform the processing.
The following further describes detecting the type of NAT device.
Taking CPEA-connected NAT devices as an example (the detection methods of CPEA-connected NAT devices are the same, and therefore only one of the CPEA-connected NAT devices is taken as an example for explanation here), the NAT detection server receives a first test message sent by the CPEA; the first test message comprises address information (IP address and port) of the CPEA, and the NAT detection server executes the following steps after determining that the first test message is received.
The first step is as follows: detecting whether the CPE is positioned behind NAT equipment or not;
a client of the CPEA establishes a UDP socket (socket), sends a data packet (namely the first test message) to an IP-1 Port-1 server by using the established UDP socket, requires the server to return address information (including the IP and the Port) of the CPE, immediately starts to receive the data packet after the client sends a request, can set socket Timeout (300ms), and prevents infinite blockage; this process was repeated several times. If the time is out every time and the response of the server cannot be received, the CPEA cannot carry out UDP communication, and possibly a firewall or NAT equipment prevents the UDP communication.
When the client of the CPEA can receive the response of the server, the (IP, Port) returned by the server needs to be compared with the (localp, LocalPort) of the CPE socket, and if the (IP, Port) returned by the server is completely the same as the (LocalPort), the CPEA is determined not to be behind the NAT device; if not, the CPEA is determined to be behind the NAT equipment, and the type of the NAT equipment needs to be further detected.
The second step is that: detecting whether the NAT equipment is a complete cone type NAT or not;
the client of the CPEA establishes a UDP socket, the established UDP socket is used for sending a data packet to (IP-1, Port-1) of the server to request the server to respond to the client by another pair (IP-2, Port-2), the server responds to a request and returns a data packet, the client immediately starts to receive the data packet after sending the request, the socket Timeout (300ms) can be set, infinite blockage is prevented, and the process is repeated for a plurality of times. If the response UDP packet returned by the server from (IP-2, Port-2) can be received, the NAT is a complete cone type NAT; if the time is out every time and the response of the server cannot be received, the fact that the CPEA connected NAT equipment is not a complete cone type NAT is shown, the specific type of the CPEA connected NAT equipment is detected in the next step, and the next step is started.
The third step: detecting whether the NAT equipment is a symmetric NAT or not;
the client of the CPEA establishes a UDP socket, sends a data packet to (IP-1, Port-1) of the server by using the established UDP socket, requires the server to return the IP and the Port of the client, immediately starts to receive the data packet after the client sends a request, can set socket Timeout (300ms), and prevents infinite blockage; this process is repeated until a response is received;
sending a packet to the server's (IP-2, Port-2) with another socket in the same way requires the server to return both IP and Port.
Comparing the IP (Port) returned from the server in the two processes, if the IP (Port) returned from the two processes is different in a pair, the two processes are indicated as symmetrical NAT, otherwise, the two processes are restricted cone NAT, and specifically, whether the two processes are Port restricted cone NAT or not is detected in the next step;
the fourth step: detecting that the NAT equipment is an address limiting cone type NAT or a port limiting cone type NAT;
the client of the CPEA establishes a UDP socket, sends a data packet to (IP-1, Port-1) of the server by using the established UDP socket, requires the server to send a UDP data packet to respond by using the IP-1 and a Port different from the Port-1, immediately starts to receive the data packet after the client sends a request, sets socket Timeout (300ms), and prevents infinite blockage; this process was repeated several times. If the time is out each time and the response of the server cannot be received, the terminal is indicated to be a port restriction cone type NAT, and if the response of the server can be received, the terminal is indicated to be an address restriction cone type NAT.
The data packet sent by the client of the CEPA is the first test packet, and correspondingly, the data packet sent by the server is the first result packet fed back.
The server to which the NAT traversal method in the embodiment of the present invention is applied may be a public network toll-free server or a public network controller, that is, the public network toll-free server or the public network controller is functionally expanded to implement the above-described scheme.
It should be noted that the method for detecting the type of the NAT device is only one embodiment, and other methods may also be used for detection in the embodiment of the present invention, and after the type of the connected NAT device is determined after the detection, the result is sent to the server, and is sent to the opposite-end CPE through the server. For example: after the CPEA determines the type of the connected NAT equipment through interaction with the server, the CPEA sends a result to the server, and the server can send the result to the CPEB; the reverse is the same.
Fig. 9 is a schematic structural diagram of a NAT traversal device according to an embodiment of the present invention; as shown in fig. 9, the NAT traversal apparatus is applied to a first CPE, and the apparatus includes: a first processing module and a second processing module;
the first processing module is used for determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
the second processing module is configured to configure an L2TP tunnel and tunnel address information based on the type of the first NAT device, the type of the second NAT device, and the NAT-passed public network address information corresponding to the second CPE.
Specifically, the first processing module is configured to receive the type of the second NAT device sent by the server.
In an embodiment, the type corresponding to the first NAT device is basic NAT, and the type of the second NAT device is basic NAT or NAPT; the first processing module is configured to receive an L2TP message that includes public network address information after NAT and that corresponds to the second CPE, and that is sent by the second CPE.
Specifically, the first processing module is further configured to send a first test packet to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
Specifically, the second processing module is further configured to send an L2TP message whose destination address is an arbitrary address; the destination address is an L2TP message of any address, which is used to make a hole in the first NAT device.
In an embodiment, in response to the fact that the type of the first NAT device is basic NAT or NAPT and the type of the second NAT device is basic NAT, the first processing module is configured to receive public network address information after NAT processing, which is sent by the server and corresponds to the second CPE.
Specifically, the first processing module is further configured to send a second test packet to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
Specifically, the first processing module is further configured to send, to the second CPE, an L2TP message including public network address information after NAT corresponding to the first CPE.
Specifically, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
The tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
The public network address information comprises: public network address and port number.
Fig. 10 is a schematic structural diagram of another NAT traversal device according to an embodiment of the present invention; as shown in fig. 10, the NAT traversal apparatus is applied to a server, and the apparatus includes: the device comprises a third processing module, a fourth processing module and a fifth processing module; wherein,
the third processing module is used for determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
the fourth processing module is configured to send the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
the fifth processing module is configured to determine public network address information after NAT processing corresponding to the first CPE when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, and send the public network address information after NAT processing corresponding to the first CPE to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
Specifically, the third processing module is configured to receive a first test packet sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device; receiving the type of the first NAT equipment sent by the first CPE
Receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
Specifically, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
The public network address information comprises: public network address and port number.
Fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present invention; as shown in fig. 11, the apparatus 110 includes: a processor 1101 and a memory 1102 for storing computer programs operable on the processor; wherein, when the electronic device is applied to a first CPE, the processor 1101 is configured to execute, when running the computer program, the following steps:
in an embodiment, the processor 1101 is further configured to execute, when running the computer program, the following: determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and configuring the tunnel and the tunnel address information of the L2TP based on the type of the first NAT equipment, the type of the second NAT equipment and the NAT-passed public network address information corresponding to the second CPE.
Specifically, the method shown in fig. 3 is executed by the electronic device, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 3, and the specific implementation process of the method is described in detail in the method embodiment and is not described herein again.
As another embodiment, when the electronic device is applied to a server, the processor 1101 is configured to execute, when running the computer program, the following steps: determining the type of a first NAT device and the type of a second NAT device; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
Specifically, the method shown in fig. 4 is executed by the electronic device, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 4, and the specific implementation process of the method is described in detail in the method embodiment and is not described herein again.
In practical applications, the apparatus 110 may further include: at least one network interface 1103. The various components in electronic device 110 are coupled together by a bus system 1104. It is understood that the bus system 1104 is used to enable communications among the components for connection. The bus system 1104 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, however, the various buses are designated as the bus system 1104 in FIG. 11. The number of the processors 1101 may be at least one. The network interface 1103 is used for wired or wireless communication between the electronic device 110 and other devices.
The memory 1102 in embodiments of the present invention is used to store various types of data to support the operation of the electronic device 110.
The methods disclosed in the embodiments of the present invention described above may be implemented in the processor 1101 or by the processor 1101. The processor 1101 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by instructions in the form of hardware, integrated logic circuits, or software in the processor 1101. The Processor 1101 described above may be a general purpose Processor, a DiGital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Processor 1101 may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 1102, and the processor 1101 reads the information in the memory 1102 to perform the steps of the aforementioned methods in conjunction with its hardware.
In an exemplary embodiment, the electronic Device 110 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, Micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned methods.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs: determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE; and configuring the tunnel and the tunnel address information of the L2TP based on the type of the first NAT equipment, the type of the second NAT equipment and the NAT-passed public network address information corresponding to the second CPE. Specifically, when the computer program is executed by the processor, the method shown in fig. 3 is executed, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 3, and the specific implementation process thereof is described in detail in the method embodiment and is not described herein again.
As another implementation manner, when executed by a processor, the computer program performs: determining the type of a first NAT device and the type of a second NAT device; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE; sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE; under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE; under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE; wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information. Specifically, when being executed by the processor, the computer program may execute the method shown in fig. 4, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 4.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (19)
1. A NAT traversing method is applied to a first Customer Premise Equipment (CPE); characterized in that the method comprises:
determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and configuring a tunnel and tunnel address information of a second layer tunneling protocol L2TP based on the type of the first NAT equipment, the type of the second NAT equipment and the NAT-passed public network address information corresponding to the second CPE.
2. The method of claim 1, wherein the determining the type of the second NAT device comprises:
and receiving the type of the second NAT equipment sent by the server.
3. The method of claim 1, wherein the method corresponds to a case where the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or network address port translation NAPT; determining the NAT-enabled public network address information corresponding to the second CPE, comprising:
and receiving an L2TP message which is sent by the second CPE and comprises the NAT public network address information corresponding to the second CPE.
4. The method of claim 3, further comprising:
sending a first test message to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
5. The method of claim 3, further comprising:
sending an L2TP message with an arbitrary destination address; the destination address is an L2TP message of any address, which is used to make a hole in the first NAT device.
6. The method of claim 1, wherein the determining the NAT-enabled public network address information corresponding to the second CPE, in response to the first NAT device being of a basic NAT or NAPT type and the second NAT device being of a basic NAT type, comprises:
and receiving the public network address information which is sent by the server and corresponds to the second CPE after NAT.
7. The method of claim 6, further comprising:
sending a second test message to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
8. The method of claim 6, further comprising:
and sending an L2TP message including the NAT public network address information corresponding to the first CPE to the second CPE.
9. The method according to claim 3 or 6, wherein the NAPT comprises at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
10. The method of claim 1, wherein the tunnel address information comprises at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
11. The method of claim 10, wherein the public network address information comprises: public network address and port number.
12. A NAT traversal method is applied to a server, and is characterized by comprising the following steps:
determining the type of a first NAT device and the type of a second NAT device; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
13. The method of claim 12, wherein determining the type of the first NAT device and the type of the second NAT device comprises:
receiving a first test message sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device; receiving the type of the first NAT equipment sent by a first CPE;
receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
14. The method of claim 12, wherein the NAPT comprises at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
15. The method of claim 12, wherein the public network address information comprises: public network address and port number.
16. An apparatus for NAT traversal, the apparatus being applied to a first CPE, the apparatus comprising: a first processing module and a second processing module;
the first processing module is used for determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
the second processing module is configured to configure an L2TP tunnel and tunnel address information based on the type of the first NAT device, the type of the second NAT device, and the NAT-passed public network address information corresponding to the second CPE.
17. An apparatus for NAT traversal, the apparatus comprising: the device comprises a third processing module, a fourth processing module and a fifth processing module; wherein,
the third processing module is used for determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
the fourth processing module is configured to send the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
the fifth processing module is configured to determine public network address information after NAT processing corresponding to the first CPE when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, and send the public network address information after NAT processing corresponding to the first CPE to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
wherein the public network address information is used for configuring an L2TP tunnel and tunnel address information.
18. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any one of claims 1 to 11 are carried out when the program is executed by the processor; or,
the processor, when executing the program, performs the steps of the method of any of claims 12 to 15.
19. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 11; or,
the processor, when executing the program, performs the steps of the method of any of claims 12 to 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010002187.4A CN113067908B (en) | 2020-01-02 | 2020-01-02 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010002187.4A CN113067908B (en) | 2020-01-02 | 2020-01-02 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113067908A true CN113067908A (en) | 2021-07-02 |
| CN113067908B CN113067908B (en) | 2023-03-31 |
Family
ID=76558203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010002187.4A Active CN113067908B (en) | 2020-01-02 | 2020-01-02 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113067908B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080126528A1 (en) * | 2003-01-15 | 2008-05-29 | Matsushita Electric Industrial Co., Ltd. | PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS |
| CN101217435A (en) * | 2008-01-16 | 2008-07-09 | 中兴通讯股份有限公司 | L2TP over IPSEC remote access method and device |
| WO2015131609A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Method for implementing l2tp over ipsec access |
| CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
| CN106027508A (en) * | 2016-05-11 | 2016-10-12 | 北京网御星云信息技术有限公司 | Authentication encrypted data transmission method and device |
| CN108512755A (en) * | 2017-02-24 | 2018-09-07 | 华为技术有限公司 | A kind of learning method and device of routing iinformation |
-
2020
- 2020-01-02 CN CN202010002187.4A patent/CN113067908B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080126528A1 (en) * | 2003-01-15 | 2008-05-29 | Matsushita Electric Industrial Co., Ltd. | PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS |
| CN101217435A (en) * | 2008-01-16 | 2008-07-09 | 中兴通讯股份有限公司 | L2TP over IPSEC remote access method and device |
| WO2015131609A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Method for implementing l2tp over ipsec access |
| CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
| CN106027508A (en) * | 2016-05-11 | 2016-10-12 | 北京网御星云信息技术有限公司 | Authentication encrypted data transmission method and device |
| CN108512755A (en) * | 2017-02-24 | 2018-09-07 | 华为技术有限公司 | A kind of learning method and device of routing iinformation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113067908B (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fall et al. | Tcp/ip illustrated | |
| US6591306B1 (en) | IP network access for portable devices | |
| CN105376299B (en) | Network communication method, equipment and network attached storage equipment | |
| US20050066035A1 (en) | Method and apparatus for connecting privately addressed networks | |
| US9705844B2 (en) | Address management in a connectivity platform | |
| CN100464540C (en) | Communication for spanning gateway | |
| US11888818B2 (en) | Multi-access interface for internet protocol security | |
| WO2017107871A1 (en) | Access control method and network device | |
| CN115022281B (en) | NAT penetration method, client and system | |
| US9413590B2 (en) | Method for management of a secured transfer session through an address translation device, corresponding server and computer program | |
| CN113067910B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| CN113067908B (en) | NAT (network Address translation) traversing method and device, electronic equipment and storage medium | |
| US20180063255A1 (en) | Method and Apparatus for Terminal Application Accessing NAS | |
| CN110351394B (en) | Network data processing method and device, computer device and readable storage medium | |
| CN103516820A (en) | Port forwarding method and apparatus based on MAC address | |
| Chiu et al. | Design the dns-like smart switch for heterogeneous network base on sdn architecture | |
| WO2011044810A1 (en) | Method, device and system for implementing multiparty communication | |
| CN113542441B (en) | Communication processing method and device | |
| JP3575369B2 (en) | Access routing method and access providing system | |
| CN113067911B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| CN106656718B (en) | VxLAN gateway and method for accessing host to internet based on VxLAN gateway | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
| US20240214307A1 (en) | Methods and apparatuses for controlling traffic flow in a network | |
| Pandya | Transmission control protocol/internet protocol packet analysis | |
| CN114513387A (en) | Tunnel establishment method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |