CN113067911A - NAT traversal method, device, electronic equipment and storage medium - Google Patents
NAT traversal method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113067911A CN113067911A CN202010003317.6A CN202010003317A CN113067911A CN 113067911 A CN113067911 A CN 113067911A CN 202010003317 A CN202010003317 A CN 202010003317A CN 113067911 A CN113067911 A CN 113067911A
- Authority
- CN
- China
- Prior art keywords
- cpe
- nat
- message
- network address
- vxlan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
Abstract
The invention discloses a NAT (network Address translation) traversing method, a NAT traversing device, electronic equipment and a storage medium. The method comprises the following steps: determining public network address information of a second CPE under the condition that the type of NAT equipment connected with the first CPE is NAPT, and sending a first VXLAN extension message to the second CPE based on the public network address information of the second CPE; receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message; sending a second VXLAN extension message with the source UDP port number as a target port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT; and receiving a VXLAN service message sent by the second CPE.
Description
Technical Field
The present invention relates to mobile communication technologies, and in particular, to a Network Address Translation (NAT) traversal method, an apparatus, an electronic device, and a storage medium.
Background
With the increasing demand for networks, the shortcomings of the conventional Virtual Local Area Network (VLAN) are gradually reflected, mainly in that: insufficient VLAN quantity, two-layer network boundary limitation, multi-tenant problem and the like.
Therefore, a Virtual Extensible local area network (VXLAN) arises. VXLAN is a network virtualization technology that creates a large number of virtual extensible lans over existing network architectures by establishing VXLAN tunnels.
However, VXLAN tunnels running on the public network must have public network addresses at both ends, otherwise VXLAN tunnels cannot be established.
Disclosure of Invention
In view of the above, the present invention mainly aims to provide a NAT traversal method, apparatus, electronic device, and storage medium.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides an NAT traversal method, which is applied to a first Customer Premise Equipment (CPE); the method comprises the following steps:
determining public Network Address information of a second CPE under the condition that the type of NAT equipment connected with the first CPE is Network Address Port Translation (NAPT), and sending a first virtual extensible local area Network VXLAN extension message to the second CPE based on the public Network Address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a source User Datagram Protocol (UDP) port number of the VXLAN service message;
sending a second VXLAN extension message with the source UDP port number as a target port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
and receiving a VXLAN service message sent by the second CPE.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the foregoing solution, the determining the public network address information of the second CPE includes:
and receiving the public network address information of the second CPE sent by the server.
In the above scheme, the method further comprises:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
In the foregoing solution, any one of the first VXLAN extension packet, the second VXLAN extension packet, and the VXLAN service packet includes: an external ethernet header, an external Internet Protocol (IP) header, an external User Datagram Protocol (UDP) header, a VXLAN header, an internal ethernet header, an internal IP header, and a load.
The embodiment of the invention also provides an NAT traversal method, which is applied to the second CPE and comprises the following steps:
under the condition that the type of NAT equipment connected with the first CPE is determined to be NAPT, receiving a first VXLAN extension message sent by the first CPE; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
sending a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
The embodiment of the invention also provides an NAT traversal method, which is applied to the CPE of the first customer premise equipment; the method comprises the following steps:
under the condition that the type of the NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on the private network address information of the first CPE;
and sending a VXLAN service message to the second CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
In the above scheme, the method further comprises:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
In the above scheme, the method further comprises:
sending a second test message to the server; and the second test message is used for the server to determine the public network address information corresponding to the first CPE after NAT.
In the foregoing solution, the determining the public network address information of the second CPE includes:
and receiving the public network address information of the second CPE sent by the server.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides an NAT traversal method, which is applied to the second CPE; the method comprises the following steps:
under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT;
configuring a source address based on the private network address information of the second CPE;
and sending a VXLAN service message to the first CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
In the above scheme, the method further comprises:
receiving public network address information which is sent by a server and corresponds to the first CPE after NAT;
and receiving the type of the NAT equipment connected with the first CPE and sent by the server.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides an NAT traversal method, which is applied to the server and comprises the following steps:
and sending the public network address information of the second CPE to the first CPE.
In the above scheme, the method further comprises:
receiving a first test message sent by a first CPE, and sending a first result message to the first CPE based on the first test message; the first result message is used for the first CPE to determine the type of the NAT equipment connected with the first CPE;
receiving the type of the NAT equipment sent by the first CPE;
and sending the type of the NAT equipment connected with the first CPE to the second CPE.
In the foregoing solution, when the type of the NAT device connected to the first CPE is a basic NAT, the method further includes:
and receiving a second test message sent by the first CPE, and determining public network address information corresponding to the first CPE after NAT based on the second test message.
In the foregoing solution, when the type of the NAT device connected to the first CPE is a basic NAT, the method further includes:
and sending the public network address information corresponding to the first CPE after NAT to the second CPE.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to the first CPE and comprises: the device comprises a first determining module, a first receiving module and a first sending module; wherein the content of the first and second substances,
the first determining module is configured to determine public network address information of a second CPE when it is determined that the type of the NAT device connected to the first CPE is NAPT, and send a first virtual extensible local area network VXLAN extension message to the second CPE based on the public network address information of the second CPE;
the first receiving module is configured to receive a response packet sent by the second CPE; the response message carries the UDP port number of the VXLAN service message;
the first sending module is configured to send a second VXLAN extension packet using the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
the first receiving module is further configured to receive a VXLAN service message sent by the second CPE.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the foregoing solution, the first determining module is configured to receive public network address information of the second CPE, which is sent by the server.
In the above scheme, the first sending module is further configured to send a first test packet to the server; the first test message is used for requesting the server to send a first result message;
the first receiving module is further configured to receive a first result message sent by the server, and determine the type of the self-connected NAT device based on the first result message;
the first sending module is further configured to send the determined type of the NAT device connected to the first sending module to the server.
In the foregoing solution, any one of the first VXLAN extension packet, the second VXLAN extension packet, and the VXLAN service packet includes: an outer ethernet header, an outer IP header, an outer UDP header, a VXLAN header, an inner ethernet header, an inner IP header, a payload.
The embodiment of the invention also provides a NAT traversal device, which is applied to the second CPE and comprises the following components: the device comprises a second determining module, a second receiving module and a second sending module; wherein the content of the first and second substances,
the second determining module is configured to receive the first VXLAN extension message sent by the first CPE when determining that the type of the NAT device connected to the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
the second sending module is configured to send a response message based on a source address and a destination address that are symmetric to the received first VXLAN extension message after the NAT; the response message carries a source UDP port number of the VXLAN service message;
the second receiving module is configured to receive a second VXLAN extension packet that is sent by the first CPE and takes the source UDP port number as a destination port;
the second sending module is further configured to send the VXLAN service packet using the source port corresponding to the second VXLAN extension packet after the NAT as the destination port.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
The embodiment of the invention also provides a NAT traversal device, which is applied to the first CPE and comprises: a first configuration module and a first communication module; wherein the content of the first and second substances,
the first configuration module is configured to configure the VXLAN message to use a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is the basic NAT; determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; configuring a source address based on the private network address information of the first CPE;
the first communication module is configured to send a VXLAN service packet to the second CPE based on the configured source address and the configured destination address in the normal encapsulation mode.
In the above scheme, the first communication module is further configured to send a first test packet to the server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
In the above scheme, the first communication module is further configured to send a second test packet to the server; and the second test message is used for the server to determine the public network address information corresponding to the first CPE after NAT.
In the above scheme, the first communication module is further configured to receive public network address information of the second CPE, which is sent by the server.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to the second CPE and comprises the following components: a second configuration module and a second communication module; wherein the content of the first and second substances,
the second configuration module is configured to configure the VXLAN message to use a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is the basic NAT; determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT; configuring a source address based on the private network address information of the second CPE;
and the second communication module is configured to send a VXLAN service packet to the first CPE based on the configured source address and the configured destination address in the conventional encapsulation mode.
In the above scheme, the second communication module is further configured to receive public network address information, which is sent by the server and corresponds to the first CPE after NAT, and the public network address information corresponds to the first CPE after NAT.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to a server and comprises: and the sending module is used for sending the public network address information of the second CPE to the first CPE.
In the above scheme, the apparatus further comprises: the receiving module is used for receiving a first test message sent by a first CPE;
the sending module is further configured to send a first result packet to the first CPE based on the first test packet; the first result message is used for the first CPE to determine the type of the NAT equipment connected with the first CPE;
the receiving module is further configured to receive the type of the NAT device sent by the first CPE
The sending module is further configured to send the type of the NAT device connected to the first CPE to the second CPE.
In the above scheme, the apparatus further comprises: and the determining module is used for receiving a second test message sent by the first CPE under the condition that the type of the NAT equipment connected with the first CPE is the basic NAT, and determining the public network address information corresponding to the first CPE after the NAT based on the second test message.
In the foregoing solution, the sending module is further configured to send, to the second CPE, public network address information after NAT, which corresponds to the first CPE, when the type of the NAT device connected to the first CPE is the basic NAT.
In the above scheme, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides electronic equipment, which comprises a memory, a processor and a computer program which is stored on the memory and can be run on the processor, wherein the processor executes the program and realizes the step of the NAT traversal method at any one side of the first CPE; alternatively, the first and second electrodes may be,
when the processor executes the program, implementing the NAT traversal method on any one of the second CPE sides; alternatively, the first and second electrodes may be,
when the processor executes the program, the steps of the NAT traversal method at any one of the server sides are realized.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the NAT traversal method described in any of the above first CPE sides; alternatively, the first and second electrodes may be,
when the processor executes the program, implementing the NAT traversal method on any one of the second CPE sides; alternatively, the first and second electrodes may be,
when the processor executes the program, the steps of the NAT traversal method at any one of the server sides are realized.
The NAT traversal method, the apparatus, the electronic device, and the storage medium provided in the embodiments of the present invention determine the public network address information of the second CPE when determining that the type of the NAT device connected to the first CPE is NAPT, and send the first VXLAN extension packet to the second CPE based on the public network address information of the second CPE; receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message; sending a second VXLAN extension message with the source UDP port number as a target port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT; and receiving a VXLAN service message sent by the second CPE. By adopting the technical scheme of the embodiment of the invention, the VXLAN tunnel can be established under the condition that one end of the VXLAN tunnel is connected with the NAT equipment, namely the VXLAN tunnel does not have a public network address.
Drawings
Fig. 1 is an architecture diagram of a conventional VXLAN tunnel setup;
fig. 2 is another architecture diagram of existing VXLAN tunnel setup
Fig. 3 is a schematic flowchart of a first method for NAT traversal on a CPE side according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a NAT traversal method on the second CEP side according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of another NAT traversal method on the first CPE side according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of another NAT traversal method on the second CPE side according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a NAT traversal system according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a VXLAN extension packet according to an embodiment of the present invention; as shown in figure 8 of the drawings,
fig. 9 is a schematic diagram of a first VXLAN extension packet according to an embodiment of the present invention;
fig. 10 is a schematic diagram of a response packet for a first VXLAN extension packet according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a VXLAN service message according to an embodiment of the present invention;
fig. 12 is a schematic diagram of a VXLAN extension message structure according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of a first CPE side NAT traversal device according to an embodiment of the present invention;
fig. 14 is a schematic structural diagram of a second CPE side NAT traversal device according to an embodiment of the present invention;
fig. 15 is a schematic structural diagram of another NAT traversal device on the first CPE side according to an embodiment of the present invention;
fig. 16 is a schematic structural diagram of another second CPE side NAT traversal device according to an embodiment of the present invention;
fig. 17 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Prior to describing the present invention in further detail with reference to embodiments, the related art of VXLAN tunnels will be described.
The VXLAN tunnel running on the public network has to have public network address at least at one end, otherwise the VXLAN tunnel can not be established. Fig. 1 is an architecture diagram of a conventional VXLAN tunnel setup; at least one end of the two tunnels shown in fig. 1 has a public network address (no NAT device is connected), i.e., VXLAN tunnels can be established.
Fig. 2 is another architecture diagram of the conventional VXLAN tunnel establishment, as shown in fig. 2, both ends do not have public network addresses, and the VXLAN tunnel cannot be actually established.
The present invention will be described in further detail with reference to examples.
Fig. 3 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention; as shown in fig. 3, the NAT traversal method is applied to the first CPE; the method comprises the following steps:
and step 304, receiving the VXLAN service message sent by the second CPE.
Specifically, the public network address information includes: a public network address and a UDP port number.
Specifically, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Specifically, the determining the public network address information of the second CPE includes:
and receiving the public network address information of the second CPE sent by the server.
Here, the server may be implemented in a form of a process of the second CPE, so that the server determines that the public network address information of the second CPE exists, that is, the public network address information of the second CPE may be transmitted to the first CPE.
Specifically, before sending the first VXLAN extension packet to the second CPE, the method further includes:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
Here, the first test packet may carry address information of the first CPE.
Here, the type of NAT device is determined by a combination with other protocols (specifically, protocols required for the first CPE to communicate with the server, such as IP protocols) and by interaction with the server using VXLAN extension messages.
Specifically, the corresponding VXLAN packet (specifically, the first VXLAN extension packet and the second VXLAN extension packet) includes: an external ethernet header, an external Internet Protocol (IP) header, an external User Datagram Protocol (UDP) header, a VXLAN header, an internal ethernet header, an internal IP header, and a load.
The VXLAN service packet may also include: an outer ethernet header, an outer IP header, an outer UDP header, a VXLAN header, an inner ethernet header, an inner IP header, a payload.
Fig. 4 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 4, the method is applied to a second CPE, and the method includes:
and step 404, sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
Specifically, the public network address information includes: a public network address and a UDP port number.
Specifically, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Here, the NAT traversal performed at one end is described in detail with reference to the methods shown in fig. 3 and fig. 4.
When the first CPE is connected with the NAT equipment and the second CPE is not connected with the CPE, the first CPE interacts with the server to determine that the type of the NAT equipment is NAPT; the method for performing NAT traversal at one end comprises the following steps:
step 11, the first CPE receives public network address information (including a public network address and a port number, generally 4789) of the second CPE, which is sent by the server; sending a first VXLAN extension message to a public network address and a port number 4789 of a second CPE; the first VXLAN extension message is used for requesting the second CPE to send related information;
here, it should be noted that the VXLAN protocol encapsulates an ethernet packet into a UDP packet for tunneling, a source UDP port is provided by a VXLAN Tunnel Endpoint emulator (VTEP, VXLAN Tunnel Endpoint), and a port value is calculated by an HASH algorithm (specifically, an inner layer ethernet header HASH is used); the destination UDP port is a known port and is generally set to 4789 for the interactive nature of the network.
Step 12, the second CPE sends a response message according to the source port (i.e. 4789) and the destination port that are completely symmetrical to the received first VXLAN extension message after the NAT;
the response packet includes, in the DATA portion, a source UDP port number used to notify a subsequent second CPE of a source UDP port number (e.g., DDD) of the formal VXLAN service packet that needs to be sent, where the source UDP port number DDD is obtained by hashing an inner IP header by a VXLAN protocol of the second CPE.
Step 13, the first CPE sends a second VXLAN extension message using the 4789 as a source port and the DDD as a destination port, where the second VXLAN extension message is used to punch a hole in the NAT device;
and step 14, the second CPE sends a formal VXLAN service message by taking the source port of the received second VXLAN extension message after passing through the NAT as a destination port and the DDD as a source port.
Fig. 5 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 5, the method is applied to a first CPE, and the method includes:
Specifically, before sending the first VXLAN extension packet to the second CPE, the method further includes:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
Specifically, the method further comprises:
sending a second test message to the server; and the second test message is used for the server to determine the public network address information corresponding to the first CPE after NAT.
The second test message may also adopt the first test message, that is, the server may directly determine, through the received first test message, public network address information after NAT corresponding to the first CPE.
Here, the first CPE sends a message, after the sent test message passes through the NAT device, corresponding address information passes through the NAT, and an address corresponding to the test message received by the server is the public network address information after passing through the NAT, so that the server can determine the public network address information after passing through the NAT corresponding to the first CPE. The corresponding test message (e.g., the first test message, the second test message, etc.) may be in the same format as the VXLAN extension message described above.
Specifically, the determining the public network address information of the second CPE includes:
and receiving the public network address information of the second CPE sent by the server.
Here, the server may be implemented in a form of a process of the second CPE, so that the server determines that the public network address information of the second CPE exists, that is, the public network address information of the second CPE may be transmitted to the first CPE.
Specifically, the public network address information includes: a public network address and a UDP port number.
Fig. 6 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 6, the method is applied to a second CPE; characterized in that the method comprises:
601, configuring a VXLAN message to adopt a conventional encapsulation mode under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT;
Specifically, the determining public network address information after NAT corresponding to the first CPE includes:
and receiving public network address information which is sent by the server and corresponds to the first CPE after NAT.
Specifically, the method may further include: and receiving the type of the NAT equipment connected with the first CPE and sent by the server.
It should be noted that the server may also be implemented in the form of a process of the second CPE, so that the server determines that the NAT-enabled public network address information corresponding to the first CPE exists, that is, the second CPE determines the NAT-enabled public network address information corresponding to the first CPE.
Specifically, the public network address information includes: a public network address and a UDP port number.
The following describes the NAT traversal at one end in conjunction with the methods shown in fig. 5 and fig. 6.
When the first CPE is connected with the NAT equipment and the second CPE is not connected with the CPE, the first CPE interacts with the server to determine that the type of the NAT equipment is the basic NAT; the method for performing NAT traversal at one end comprises the following steps:
step 01, configuring a VXLAN message by the first CPE in a conventional packaging mode; determining public network address information (including a public network address and a port number 4789) of the second CPE, configuring a source address as a home terminal private network address and a port number (the port number is obtained by calculating through a HASH algorithm), and configuring a destination address as the public network address and the port number 4789 of the second CPE;
step 03, configuring a VXLAN message by the second CPE in a conventional packaging mode; determining public network address information (including a public network address and a port number 4789 after NAT corresponding to the first CPE) after NAT corresponding to the first CPE, configuring a source address as a local public network address and a port number calculated by using a HASH algorithm, and configuring a destination address as the public network address and the port number 4789 after NAT corresponding to the first CPE;
and step 04, performing conventional message forwarding between the first CPE and the second CPE through the VXLAN tunnel obtained based on the configuration.
Here, before the step 01, the method further includes:
the first CPE interacts with the server (specifically, sends a first test message and receives a first result message) to determine the type of the first NAT equipment and sends the type of the first NAT equipment to the server;
the server determines public network address information corresponding to the first CPE after NAT based on the first test message; and the server sends the public network address information of the second CPE to the first CPE.
The embodiment of the invention provides a flow diagram of another NAT traversal method; the method is applied to a server, and the function of the server can be realized by one process of the second CPE; the method comprises the following steps:
and sending the public network address information of the second CPE to the first CPE.
Specifically, the method further comprises:
receiving a first test message sent by a first CPE, and sending a first result message to the first CPE based on the first test message; the first result message is used for the first CPE to determine the type of the NAT equipment connected with the first CPE;
receiving the type of the NAT equipment sent by the first CPE;
and sending the type of the NAT equipment connected with the first CPE to the second CPE.
It should be noted that the server may also be implemented in the form of a process of the second CPE, so that the server determines that there is a type of the NAT device, that is, the second CPE determines the type of the NAT device.
Specifically, in a case that the type of the NAT device to which the first CPE is connected is a basic NAT, the method further includes:
and receiving a second test message sent by the first CPE, and determining public network address information corresponding to the first CPE after NAT based on the second test message.
Specifically, in a case that the type of the NAT device to which the first CPE is connected is a basic NAT, the method further includes:
and sending the public network address information corresponding to the first CPE after NAT to the second CPE.
It should be noted that the server may also be implemented in the form of a process of the second CPE, so that the server sends the public network address information after NAT corresponding to the first CPE to the second CPE, which may be understood as that the corresponding process sends the public network address information after NAT corresponding to the first CPE to a process that performs other operations.
Specifically, the public network address information includes: a public network address and a UDP port number.
Here, description is made for each NAT type in the NAT traversal method.
NAT can be mainly divided into two categories: basic NAT, NAPT (Network Address Port transfer); wherein the content of the first and second substances,
the basic NAT is generally applicable to statically binding a public network address and an intranet host under the condition that NAT equipment has multiple public network Internet Protocol (IP) addresses (hereinafter referred to as public network addresses), and fewer types of NAT equipment are available.
The NAPT is a conventional NAT type, and a NAT device of the NAPT type can map an internal address to a separate IP address in the external network, while adding a port number selected by the NAT device to the address. According to different mapping modes, NAPT can be divided into symmetric NAT and conical NAT, where the conical NAT includes: full cone NAT, address restricted cone NAT and port restricted cone NAT.
Specifically, NAPT is the most common NAT type in public networks, and is classified into the following four types:
1. symmetric NAT (symmetric NAT)
The symmetric NAT maps all requests from the same internal network address and port to the same destination address and port to the same public network address and port. If the same intranet host sends a message to another destination address by using the same intranet address and port, different mappings are used. Unlike port-restricted NATs, which map all requests to the same public IP address and port, symmetric NATs map different requests with different mappings.
2. Full Cone type NAT (full Cone NAT)
The full cone NAT maps all requests from one internal IP address and port to the same external IP address and port. And any external host can realize the communication with the internal host by sending a message to the mapped external address. This is a relatively loose policy, and as long as the mapping relationship between the IP address and port of the internal network and the IP address and port of the public network is established, all hosts on the Internet can access the hosts behind the NAT device.
3. Address Restricted Cone type NAT (Address Restricted Cone NAT)
The address restriction cone NAT also maps all requests from the same internal IP address and port to the same public network IP address and port. However, unlike the full cone NAT, the public network host address can only send messages to the intranet host if and only if the intranet host has previously sent a message to the public network host address.
4. Port Restricted Cone type NAT (Port Restricted Cone NAT)
The port restriction cone NAT is similar to the address restriction cone NAT, but is more restrictive. The port limiting conical NAT increases the limitation of the port number, and only when the intranet host sends a message to the address and the port number of the public network host before, the address and the port number of the public network host can communicate with the intranet host.
The VXLAN protocol encapsulates an Ethernet message into a UDP message for tunnel transmission, a source UDP port is provided by VTEP, and a port value is calculated by a hash algorithm (inner layer Ethernet message header hash is used); the destination UDP port is a known port and is generally set to 4789 for the interactive nature of the network.
Fig. 7 is a schematic structural diagram of a NAT traversal system according to an embodiment of the present invention; as shown in fig. 7, the system includes: CPEA, NAT equipment connected with CPEA, CPEB and NAT detection server (server)
The method of the embodiment of the present invention described above is described below with reference to the structure shown in fig. 7, using NAT devices of different types.
In the first embodiment, after the message interaction with the NAT detection server, the type of the NAT device connected with the CPEA is determined to be the basic NAT. The NAT traversal method comprises the following steps:
111, detecting message interaction between servers through NAT of CPEA and CPEB, and confirming as basic NAT;
step 112, the CPEA configures VXLAN and adopts a conventional encapsulation mode, wherein a source address is a local private network address and a port number obtained by using HASH algorithm, and a destination address is a public network address of the CPEB and the port number 4789;
step 113, the CPEB configures VXLAN and adopts a conventional encapsulation mode, wherein a source address is a local public network address and a port number calculated by using a HASH algorithm, and a destination address is a public network address which corresponds to the CPEA and is subjected to NAT and the port number 4789;
and step 114, forwarding the conventional message between the CPEA and the CPEB through a VXLAN tunnel.
And in the second embodiment, after the message interaction with the NAT detection server, the type of the NAT equipment connected with the CPEA is determined to be a symmetric NAT. The NAT traversal method comprises the following steps:
step 211, the CPEA sends a first VXLAN extension message to the public network address and port number 4789 of the CPEB to request the CPEB to send related information;
here, fig. 8 is a schematic diagram of a first VXLAN extension message according to an embodiment of the present invention; as shown in fig. 8, the destination port of the first VXLAN extension packet is 4789.
Step 212, the CPEB sends a response message according to the source port (4789) and the destination IP/port number which are completely symmetrical to the received NAT message, and in the DATA part, notifies the subsequent CPEB of the source UDP port number DDD of the formal VXLAN service message to be sent (the DDD is obtained by the VXLAN protocol of the CPEB hashing according to the inner IP header);
here, fig. 9 is a schematic diagram of a response message for the first VXLAN extension message according to an embodiment of the present invention; as shown in fig. 9, the source port of the response packet is 4789, and the destination port is BBB.
Step 213, the CPEA sends a second VXLAN extension message to the NAT device by using 4789 as a source port and DDD as a destination port, for punching a hole in the NAT device;
here, fig. 10 is a schematic diagram of a second VXLAN extension message according to an embodiment of the present invention; as shown in fig. 10, the source port of the second VXLAN extension packet is 4789, and the destination port is DDD.
And step 214, the CPEB sends the formal VXLAN service message by using the source port of the second received extension message after passing through the NAT as the destination port and the DDD as the source port.
Fig. 11 is a schematic diagram of a VXLAN service message according to an embodiment of the present invention; as shown in fig. 11, the destination port of the response packet after NAT is 4789, and the source port is DDD.
In the above embodiments, the NAT type is detected by combining with other protocols. Specifically, the method is combined with other protocols, message interaction is carried out through a server for NAT detection at a CPEA side, whether a client side gateway CPEA needs to pass through the NAT or not is detected, and if the client side gateway CPEA needs to pass through the NAT, the type of the NAT is detected; the system can be used as a public free server or a controller.
After the type detection of the NAT equipment is finished, if the NAT equipment needs to be traversed, the CPEA transmits an extension message to the CPEB by extending a VXLAN protocol message to obtain a source UDP port number DDD of a formal data service message which needs to be transmitted by the CPEB side; the CPEA side sends an extension message to the CPEB by using a source UDP port 4789 and a target UDP port DDD, and holes are punched on NAT equipment; the CPEB can send the formal VXLAN data service message to the CPEA through the destination port 4789 and the source port DDD.
And in the third embodiment, after the message interaction with the NAT detection server, the type of the NAT equipment connected with the CPEA is determined to be a complete cone type NAT.
Here, the complete cone type NAT has the same NAT mapping for the same source same port IP messages, that is, all requests from the same internal IP address and port are mapped to the same public network IP address and port; therefore, the same method as in the above embodiment may be used.
And in the fourth embodiment, after the message interaction with the NAT detection server, the type of the NAT equipment connected with the CPEA is determined to be the address restriction cone type NAT.
Here, the address restriction cone NAT has the same NAT mapping for the same source same port IP packet (i.e. mapping all requests from the same internal IP address and port to the same public network IP address and port); however, unlike the full cone NAT, the public network host can send a message to the intranet host if and only if the intranet host has previously sent a message to the public network host address. Therefore, the same method as in the above embodiment may be used.
And in the fifth embodiment, after the message interaction with the NAT detection server, the type of the NAT equipment connected with the CPEA is determined to be the port restricted cone type NAT.
Here, the port restricted conical NAT, also the same-source same-port IP packet NAT mapping (i.e. mapping all requests from the same internal IP address and port to the same public network IP address and port), however, the port restricted conical NAT adds the restriction of the port number, and the public network host can communicate with the internal network host only if the internal host has previously sent a packet to the public network host address. Therefore, the same method as in the above embodiment may be used.
The following further describes detecting the type of NAT device.
The NAT detection server receives a first test message sent by the CPEA; the first test message comprises address information (IP address and port) of the CPEA, and the NAT detection server executes the following steps after determining that the first test message is received.
The first step is as follows: detecting whether the CPE is positioned behind NAT equipment or not;
the client of the CPEA establishes a UDP socket (socket), sends a data packet (namely the first test message) to an IP-1 Port-1 server by using the established UDP socket, requires the server to return address information (IP and Port) of the CPE, immediately starts to receive the data packet after the client sends a request, can set socket Timeout (300ms), and prevents infinite blockage; this process was repeated several times. If the time is out every time and the response of the server cannot be received, the CPEA cannot carry out UDP communication, and possibly a firewall or NAT equipment prevents the UDP communication.
When the client of the CPEA can receive the response of the server, the (IP, Port) returned by the server needs to be compared with the (localp, LocalPort) of the CPE socket, and if the (IP, Port) returned by the server is completely the same as the (LocalPort), the CPEA is determined not to be behind the NAT device; if not, the CPEA is determined to be behind the NAT equipment, and the type of the NAT equipment needs to be further detected.
The second step is that: detecting whether the NAT equipment is a complete cone type NAT or not;
the client of the CPEA establishes a UDP socket, the established UDP socket is used for sending a data packet to (IP-1, Port-1) of the server to request the server to respond to the client by another pair (IP-2, Port-2), the server responds to a request and returns a data packet, the client immediately starts to receive the data packet after sending the request, the socket Timeout (300ms) can be set, infinite blockage is prevented, and the process is repeated for a plurality of times. If the response UDP packet returned by the server from (IP-2, Port-2) can be received, the NAT is a complete cone type NAT; if the time is out every time and the response of the server cannot be received, the fact that the CPEA connected NAT equipment is not a complete cone type NAT is shown, the specific type of the CPEA connected NAT equipment is detected in the next step, and the next step is started.
The third step: detecting whether the NAT equipment is a symmetric NAT or not;
the client of the CPEA establishes a UDP socket, sends a data packet to (IP-1, Port-1) of the server by using the established UDP socket, requires the server to return the IP and the Port of the client, immediately starts to receive the data packet after the client sends a request, can set socket Timeout (300ms), and prevents infinite blockage; this process is repeated until a response is received;
sending a packet to the server's (IP-2, Port-2) with another socket in the same way requires the server to return both IP and Port.
Comparing the IP (Port) returned from the server in the two processes, if the IP (Port) returned from the two processes is different in a pair, the two processes are indicated as symmetrical NAT, otherwise, the two processes are restricted cone NAT, and specifically, whether the two processes are Port restricted cone NAT or not is detected in the next step;
the fourth step: detecting that the NAT equipment is an address limiting cone type NAT or a port limiting cone type NAT;
the client of the CPEA establishes a UDP socket, sends a data packet to (IP-1, Port-1) of the server by using the established UDP socket, requires the server to send a UDP data packet to respond by using the IP-1 and a Port different from the Port-1, immediately starts to receive the data packet after the client sends a request, sets socket Timeout (300ms), and prevents infinite blockage; this process was repeated several times. If the time is out each time and the response of the server cannot be received, the terminal is indicated to be a port restriction cone type NAT, and if the response of the server can be received, the terminal is indicated to be an address restriction cone type NAT.
The data packet sent by the client of the CEPA is the first test packet, and correspondingly, the data packet sent by the server is the first result packet fed back.
The server to which the NAT traversal method in the embodiment of the present invention is applied may be a public network toll-free server or a public network controller, that is, the public network toll-free server or the public network controller is functionally expanded to implement the above-described scheme.
It should be noted that the method for detecting the type of the NAT device is only one embodiment, and other methods may also be used for detection in the embodiment of the present invention, and after the type of the connected NAT device is determined after the detection, the result is sent to the server, and is sent to the opposite-end CPE through the server. For example: after the CPEA determines the type of the connected NAT equipment through interaction with the server, the result is sent to the server, and the server can send the result to the CPEB.
Fig. 12 is a schematic diagram of a VXLAN extension message structure according to an embodiment of the present invention; as shown in fig. 12, the VXLAN extension packet includes: original message part, VXLAN packaging message;
wherein, the original message part includes: an Inner Ethernet header, an Inner IP header, and a Payload.
A VXLAN encapsulation portion comprising: an Outer Ethernet header, an Outer IP header, an Outer user datagram protocol header, and a VXLAN header.
The VXLAN header, comprising: a VXLAN tag (VXLAN Flags, occupying 8bits), a Reserved field (Reserved, respectively occupying 24bits), an identifier of a virtual network (VNI, occupying 24bits), and another Reserved (8 bits);
the Outer UDP header comprises: source Port (16 bits), destination Port (DestPort, 16bits), UDP Length (16 bits), and UDP Checksum (16 bits).
Fig. 13 is a schematic structural diagram of a first CPE side NAT traversal device according to an embodiment of the present invention; as shown in fig. 13, the NAT traversal apparatus is applied to a first CPE, and the apparatus includes: the device comprises a first determining module, a first receiving module and a first sending module; wherein the content of the first and second substances,
the first determining module is configured to determine public network address information of a second CPE when it is determined that the type of the NAT device connected to the first CPE is NAPT, and send a first virtual extensible local area network VXLAN extension message to the second CPE based on the public network address information of the second CPE;
the first receiving module is configured to receive a response packet sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
the first sending module is configured to send a second VXLAN extension packet using the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
the first receiving module is further configured to receive a VXLAN service message sent by the second CPE.
Specifically, the public network address information includes: a public network address and a UDP port number.
The NAPT, comprising at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Specifically, the first determining module is configured to receive public network address information of the second CPE, which is sent by the server.
Specifically, the first sending module is further configured to send a first test packet to a server; the first test message is used for requesting the server to send a first result message;
the first receiving module is further configured to receive a first result message sent by the server, and determine the type of the self-connected NAT device based on the first result message;
the first sending module is further configured to send the determined type of the NAT device connected to the first sending module to the server.
Specifically, any one of the first VXLAN extension packet, the second VXLAN extension packet, and the VXLAN service packet includes: an outer ethernet header, an outer IP header, an outer UDP header, a VXLAN header, an inner ethernet header, an inner IP header, a payload.
Fig. 14 is a schematic structural diagram of a second CPE side NAT traversal device according to an embodiment of the present invention; as shown in fig. 14, the apparatus is applied to a second CPE, and includes: the device comprises a second determining module, a second receiving module and a second sending module; wherein the content of the first and second substances,
the second determining module is configured to receive a first VXLAN extension message sent by the first CPE when determining that the type of the NAT device connected to the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
the second sending module is configured to send a response message based on a source address and a destination address that are symmetric to the received first VXLAN extension message after the NAT; the response message carries a source UDP port number of the VXLAN service message;
the second receiving module is configured to receive a second VXLAN extension packet that is sent by the first CPE and takes the source UDP port number as a destination port;
the second sending module is further configured to send the VXLAN service packet using the source port corresponding to the second VXLAN extension packet after the NAT as the destination port.
Specifically, the public network address information includes: a public network address and a UDP port number.
The NAPT, comprising at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Fig. 15 is a schematic structural diagram of another NAT traversal device on the first CPE side according to an embodiment of the present invention; as shown in fig. 15, the apparatus is applied to a first CPE, and includes: a first configuration module and a first communication module; wherein the content of the first and second substances,
the first configuration module is configured to configure the VXLAN message to use a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is the basic NAT; determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; configuring a source address based on the private network address information of the first CPE;
the first communication module is configured to send a VXLAN service packet to the second CPE based on the configured source address and the configured destination address in the normal encapsulation mode.
Specifically, the first communication module is further configured to send a first test packet to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
Specifically, the first communication module is further configured to send a second test packet to the server; and the second test message is used for the server to determine the public network address information corresponding to the first CPE after NAT.
Specifically, the first communication module is further configured to receive public network address information of the second CPE, which is sent by the server.
The public network address information comprises: a public network address and a UDP port number.
Fig. 16 is a schematic structural diagram of another second CPE side NAT traversal device according to an embodiment of the present invention; as shown in fig. 16, the apparatus is applied to a second CPE, and includes: a second configuration module and a second communication module; wherein the content of the first and second substances,
the second configuration module is configured to configure the VXLAN message to use a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is the basic NAT; determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT; configuring a source address based on the private network address information of the second CPE;
and the second communication module is configured to send a VXLAN service packet to the first CPE based on the configured source address and the configured destination address in the conventional encapsulation mode.
Specifically, the second communication module is further configured to receive public network address information after NAT, which is sent by the server and corresponds to the first CPE.
Specifically, the public network address information includes: a public network address and a UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to a server and comprises: and the sending module is used for sending the public network address information of the second CPE to the first CPE.
Specifically, the apparatus further comprises: the receiving module is used for receiving a first test message sent by a first CPE;
the sending module is further configured to send a first result packet to the first CPE based on the first test packet; the first result message is used for the first CPE to determine the type of the NAT equipment connected with the first CPE;
the receiving module is further configured to receive the type of the NAT device sent by the first CPE
The sending module is further configured to send the type of the NAT device connected to the first CPE to the second CPE.
Specifically, the apparatus further comprises: and the determining module is used for receiving a second test message sent by the first CPE under the condition that the type of the NAT equipment connected with the first CPE is the basic NAT, and determining the public network address information corresponding to the first CPE after the NAT based on the second test message.
Specifically, the sending module is further configured to send public network address information after NAT corresponding to the first CPE to the second CPE, when the type of the NAT device connected to the first CPE is the basic NAT.
Specifically, the public network address information includes: a public network address and a UDP port number.
Fig. 17 is a schematic structural diagram of an electronic device according to an embodiment of the present invention; as shown in fig. 17, the apparatus 170 includes: a processor 1701 and a memory 1702 for storing computer programs executable on the processor; wherein the content of the first and second substances,
in an embodiment, when the electronic device is applied to a first CPE, the processor 1701 is configured to execute, when running the computer program: determining public network address information of a second CPE under the condition that the type of NAT equipment connected with the first CPE is NAPT, and sending a first VXLAN extension message to the second CPE based on the public network address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
sending a second VXLAN extension message with the source UDP port number as a target port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
and receiving a VXLAN service message sent by the second CPE.
Specifically, the electronic device specifically executes the method shown in fig. 3, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 3, and the specific implementation process of the method embodiment is described in detail in the method embodiment, which is not described herein again.
In another embodiment, when the electronic device is applied to a second CPE, the processor 1701 is configured to execute, when running the computer program: receiving a first VXLAN extension message sent by the first CPE under the condition that the type of the NAT equipment connected with the first CPE is determined to be NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
sending a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
Specifically, the method shown in fig. 4 is executed by the electronic device, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 4, and the specific implementation process of the method is described in detail in the method embodiment and is not described herein again.
In yet another embodiment, when the electronic device is applied to a first CPE, the processor 1701 is further configured to execute, when running the computer program:
under the condition that the type of the NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on the private network address information of the first CPE;
and sending a VXLAN service message to the second CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
Specifically, the method shown in fig. 5 is executed by the electronic device, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 5, and the specific implementation process of the method is described in detail in the method embodiment and is not described herein again.
In a further embodiment, when the electronic device is applied to a second CPE, the processor 1701 is further configured to execute, when running the computer program: under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT;
configuring a source address based on the private network address information of the second CPE;
and sending a VXLAN service message to the first CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
Specifically, the method shown in fig. 6 is executed by the electronic device, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 6, and the specific implementation process of the method is described in detail in the method embodiment and is not described herein again.
In yet another embodiment, the electronic device is applied to a server, and the processor 1701 is further configured to execute, when running the computer program: and sending the public network address information of the second CPE to the first CPE.
In practical applications, the apparatus 170 may further include: at least one network interface 1703. Various components in the electronic device 170 are coupled together by a bus system 1704. It is understood that the bus system 1704 is used to enable communications among the components connected. The bus system 1704 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, however, the various buses are designated in FIG. 17 as the bus system 1704. The number of the processors 1701 may be at least one. The network interface 1703 is used for communication between the electronic device 170 and other devices in a wired or wireless manner.
The memory 1702 in embodiments of the present invention is used to store various types of data to support the operation of the electronic device 170.
The methods disclosed in the embodiments of the present invention described above may be applied to the processor 1701 or implemented by the processor 1701. The processor 1701 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by instructions in the form of hardware, integrated logic circuits, or software in the processor 1701. The Processor 1701 may be a general purpose Processor, a DiGital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 1701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 1702 and the processor 1701 may read the information in the memory 1702 in conjunction with its hardware to perform the steps of the methods previously described.
In an exemplary embodiment, the electronic Device 170 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, Micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned methods.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs: determining public network address information of a second CPE under the condition that the type of NAT equipment connected with the first CPE is NAPT, and sending a first VXLAN extension message to the second CPE based on the public network address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
sending a second VXLAN extension message with the source UDP port number as a target port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
and receiving a VXLAN service message sent by the second CPE.
As another implementation manner, when executed by a processor, the computer program performs: receiving a first VXLAN extension message sent by the first CPE under the condition that the type of the NAT equipment connected with the first CPE is determined to be NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
sending a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where as yet another implementation, when the computer program is executed by a processor, the computer program executes: under the condition that the type of the NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on the private network address information of the first CPE;
and sending a VXLAN service message to the second CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
In an embodiment of the present invention, a computer-readable storage medium is provided, on which a computer program is stored, and as yet another implementation, when executed by a processor, the computer program performs: under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT;
configuring a source address based on the private network address information of the second CPE;
and sending a VXLAN service message to the first CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where as yet another implementation, when the computer program is executed by a processor, the computer program executes: and sending the public network address information of the second CPE to the first CPE.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (29)
1. A NAT traversing method is applied to a first Customer Premise Equipment (CPE); characterized in that the method comprises:
determining public network address information of a second CPE under the condition that the type of NAT equipment connected with the first CPE is determined to be network address port translation NAPT, and sending a first virtual extensible local area network VXLAN extension message to the second CPE based on the public network address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a source User Datagram Protocol (UDP) port number of the VXLAN service message;
sending a second VXLAN extension message with the source UDP port number as a target port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
and receiving a VXLAN service message sent by the second CPE.
2. The method of claim 1, wherein the public network address information comprises: a public network address and a UDP port number.
3. The method of claim 1, wherein the NAPT comprises at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
4. The method of claim 1, wherein determining the public network address information of the second CPE comprises:
and receiving the public network address information of the second CPE sent by the server.
5. The method of claim 1, further comprising:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
6. The method of claim 1, wherein any of the first VXLAN extension message, the second VXLAN extension message, and the VXLAN service message comprises: an outer ethernet header, an outer internet protocol, IP, outer UDP header, VXLAN header, an inner ethernet header, an inner IP header, payload.
7. A NAT traversal method applied to a second CPE, the method comprising:
under the condition that the type of NAT equipment connected with the first CPE is determined to be NAPT, receiving a first VXLAN extension message sent by the first CPE; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
sending a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
8. The method of claim 7, wherein the public network address information comprises: a public network address and a UDP port number.
9. The method of claim 7, wherein the NAPT comprises at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
10. A NAT traversal method is applied to a first Customer Premise Equipment (CPE); characterized in that the method comprises:
under the condition that the type of the NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on the private network address information of the first CPE;
and sending a VXLAN service message to the second CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
11. The method of claim 10, further comprising:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server to the server.
12. The method of claim 10, further comprising:
sending a second test message to the server; and the second test message is used for the server to determine the public network address information corresponding to the first CPE after NAT.
13. The method of claim 10, wherein determining the public network address information of the second CPE comprises:
and receiving the public network address information of the second CPE sent by the server.
14. The method according to any one of claims 10 to 13, wherein the public network address information comprises: a public network address and a UDP port number.
15. A NAT traversal method is applied to a second CPE; characterized in that the method comprises:
under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring a VXLAN message and adopting a conventional packaging mode;
determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT;
configuring a source address based on the private network address information of the second CPE;
and sending a VXLAN service message to the first CPE according to the conventional packaging mode based on the configured source address and the configured destination address.
16. The method of claim 15, further comprising:
receiving public network address information which is sent by a server and corresponds to the first CPE after NAT;
and receiving the type of the NAT equipment connected with the first CPE and sent by the server.
17. The method according to claim 15 or 16, wherein the public network address information comprises: a public network address and a UDP port number.
18. A NAT traversal method is applied to a server, and is characterized by comprising the following steps:
and sending the public network address information of the second CPE to the first CPE.
19. The method of claim 18, further comprising:
receiving a first test message sent by a first CPE, and sending a first result message to the first CPE based on the first test message; the first result message is used for the first CPE to determine the type of the NAT equipment connected with the first CPE;
receiving the type of the NAT equipment sent by the first CPE;
and sending the type of the NAT equipment connected with the first CPE to the second CPE.
20. The method of claim 18, wherein in the case that the type of the NAT device to which the first CPE is connected is basic NAT, the method further comprises:
and receiving a second test message sent by the first CPE, and determining public network address information corresponding to the first CPE after NAT based on the second test message.
21. The method of claim 20, wherein in the case that the type of the NAT device to which the first CPE is connected is basic NAT, the method further comprises:
and sending the public network address information corresponding to the first CPE after NAT to the second CPE.
22. The method according to any one of claims 19 to 21, wherein the public network address information comprises: a public network address and a UDP port number.
23. An apparatus for NAT traversal, the apparatus being applied to a first CPE, the apparatus comprising: the device comprises a first determining module, a first receiving module and a first sending module; wherein the content of the first and second substances,
the first determining module is configured to determine public network address information of a second CPE when it is determined that the type of the NAT device connected to the first CPE is NAPT, and send a first virtual extensible local area network VXLAN extension message to the second CPE based on the public network address information of the second CPE;
the first receiving module is configured to receive a response packet sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
the first sending module is configured to send a second VXLAN extension packet using the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used for punching a hole in the NAT;
the first receiving module is further configured to receive a VXLAN service message sent by the second CPE.
24. An NAT traversal apparatus, applied to a second CPE, the apparatus comprising: the device comprises a second determining module, a second receiving module and a second sending module; wherein the content of the first and second substances,
the second determining module is configured to receive the first VXLAN extension message sent by the first CPE when determining that the type of the NAT device connected to the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of the second CPE;
the second sending module is configured to send a response message based on a source address and a destination address that are symmetric to the received first VXLAN extension message after the NAT; the response message carries a source UDP port number of the VXLAN service message;
the second receiving module is configured to receive a second VXLAN extension packet that is sent by the first CPE and takes the source UDP port number as a destination port;
the second sending module is further configured to send the VXLAN service packet using the source port corresponding to the second VXLAN extension packet after the NAT as the destination port.
25. An apparatus for NAT traversal, the apparatus being applied to a first CPE, the apparatus comprising: a first configuration module and a first communication module; wherein the content of the first and second substances,
the first configuration module is configured to configure the VXLAN message to use a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is the basic NAT; determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; configuring a source address based on the private network address information of the first CPE;
the first communication module is configured to send a VXLAN service packet to the second CPE based on the configured source address and the configured destination address in the normal encapsulation mode.
26. An NAT traversal apparatus, applied to a second CPE, the apparatus comprising: a second configuration module and a second communication module; wherein the content of the first and second substances,
the second configuration module is configured to configure the VXLAN message to use a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is the basic NAT; determining public network address information corresponding to the first CPE after NAT, and configuring a destination address based on the public network address information corresponding to the first CPE after NAT; configuring a source address based on the private network address information of the second CPE;
and the second communication module is configured to send a VXLAN service packet to the first CPE based on the configured source address and the configured destination address in the conventional encapsulation mode.
27. An NAT traversal device, wherein the device is applied to a server, and the device comprises: and the sending module is used for sending the public network address information of the second CPE to the first CPE.
28. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any one of claims 1 to 6 are implemented when the program is executed by the processor; alternatively, the first and second electrodes may be,
the processor, when executing the program, implementing the steps of the method of any one of claims 7 to 9; alternatively, the first and second electrodes may be,
the processor, when executing the program, implementing the steps of the method of any one of claims 10 to 14; alternatively, the first and second electrodes may be,
the processor, when executing the program, implementing the steps of the method of any one of claims 15 to 17; alternatively, the first and second electrodes may be,
the processor, when executing the program, performs the steps of the method of any one of claims 18 to 22.
29. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6; alternatively, the first and second electrodes may be,
the processor, when executing the program, implementing the steps of the method of any one of claims 7 to 9; alternatively, the first and second electrodes may be,
the processor, when executing the program, implementing the steps of the method of any one of claims 10 to 14; alternatively, the first and second electrodes may be,
the processor, when executing the program, implementing the steps of the method of any one of claims 15 to 17; alternatively, the first and second electrodes may be,
the processor, when executing the program, performs the steps of the method of any one of claims 18 to 22.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010003317.6A CN113067911B (en) | 2020-01-02 | 2020-01-02 | NAT traversal method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010003317.6A CN113067911B (en) | 2020-01-02 | 2020-01-02 | NAT traversal method and device, electronic equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113067911A true CN113067911A (en) | 2021-07-02 |
CN113067911B CN113067911B (en) | 2023-06-30 |
Family
ID=76558376
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010003317.6A Active CN113067911B (en) | 2020-01-02 | 2020-01-02 | NAT traversal method and device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113067911B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488904A (en) * | 2009-02-27 | 2009-07-22 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
CN104363312A (en) * | 2014-11-14 | 2015-02-18 | 浙江宇视科技有限公司 | Concise and efficient NAT holing method and device |
CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
WO2017000633A1 (en) * | 2015-06-29 | 2017-01-05 | 中兴通讯股份有限公司 | Nat traversal method and device |
CN107580081A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of NAT penetrating methods and device |
CN108667945A (en) * | 2017-03-30 | 2018-10-16 | 华为技术有限公司 | A kind of message transmitting method and device |
CN109547316A (en) * | 2018-12-29 | 2019-03-29 | 瑞斯康达科技发展股份有限公司 | Method, the system, storage medium of VXLAN message cross-over NAT equipment |
CN109831547A (en) * | 2019-03-14 | 2019-05-31 | 腾讯科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
CN110266828A (en) * | 2019-06-11 | 2019-09-20 | 华为技术有限公司 | A kind of method, apparatus and network system for establishing end to end network connection |
-
2020
- 2020-01-02 CN CN202010003317.6A patent/CN113067911B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488904A (en) * | 2009-02-27 | 2009-07-22 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
CN104363312A (en) * | 2014-11-14 | 2015-02-18 | 浙江宇视科技有限公司 | Concise and efficient NAT holing method and device |
WO2017000633A1 (en) * | 2015-06-29 | 2017-01-05 | 中兴通讯股份有限公司 | Nat traversal method and device |
CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
CN108667945A (en) * | 2017-03-30 | 2018-10-16 | 华为技术有限公司 | A kind of message transmitting method and device |
CN107580081A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of NAT penetrating methods and device |
CN109547316A (en) * | 2018-12-29 | 2019-03-29 | 瑞斯康达科技发展股份有限公司 | Method, the system, storage medium of VXLAN message cross-over NAT equipment |
CN109831547A (en) * | 2019-03-14 | 2019-05-31 | 腾讯科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
CN110266828A (en) * | 2019-06-11 | 2019-09-20 | 华为技术有限公司 | A kind of method, apparatus and network system for establishing end to end network connection |
Also Published As
Publication number | Publication date |
---|---|
CN113067911B (en) | 2023-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113452686B (en) | Data processing method, data processing device, proxy server and storage medium | |
CN112671628B (en) | Business service providing method and system | |
US7930370B2 (en) | Method and system for remote configuration of managed nodes | |
US20210273915A1 (en) | Multi-access interface for internet protocol security | |
US20120177049A1 (en) | Method and system for implementing network intercommunication | |
CN112671938B (en) | Business service providing method and system and remote acceleration gateway | |
WO2020135381A1 (en) | Packet processing method, device, and system | |
CN111835764B (en) | ARP anti-spoofing method, tunnel endpoint and electronic equipment | |
KR20230026424A (en) | IPv6 network communication method, apparatus and system | |
CN107733930B (en) | Method and system for forwarding Internet Protocol (IP) packets at multiple WAN network gateways | |
US10819617B1 (en) | Loop-back packet for determining operational capabilities of border relay device | |
CN113364660B (en) | Data packet processing method and device in LVS load balancing | |
US11855888B2 (en) | Packet verification method, device, and system | |
CN110351394B (en) | Network data processing method and device, computer device and readable storage medium | |
CN107547691B (en) | Address resolution protocol message proxy method and device | |
US7505418B1 (en) | Network loopback using a virtual address | |
WO2006060908A1 (en) | Method for running an x.25-based application on a second protocol-based network | |
CN113472912B (en) | ARP cache table item updating method, VTEP, VM and device | |
CN113067911A (en) | NAT traversal method, device, electronic equipment and storage medium | |
CN113067910B (en) | NAT traversal method and device, electronic equipment and storage medium | |
EP4160997A1 (en) | Bier oam detection method, and device and system | |
CN113542441B (en) | Communication processing method and device | |
CN108337331B (en) | Network penetration method, device and system and network connectivity checking method | |
CN113067908B (en) | NAT (network Address translation) traversing method and device, electronic equipment and storage medium | |
CN106656718B (en) | VxLAN gateway and method for accessing host to internet based on VxLAN gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |