CN113067911B - NAT traversal method and device, electronic equipment and storage medium - Google Patents
NAT traversal method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113067911B CN113067911B CN202010003317.6A CN202010003317A CN113067911B CN 113067911 B CN113067911 B CN 113067911B CN 202010003317 A CN202010003317 A CN 202010003317A CN 113067911 B CN113067911 B CN 113067911B
- Authority
- CN
- China
- Prior art keywords
- cpe
- nat
- message
- network address
- public network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 146
- 230000004044 response Effects 0.000 claims abstract description 51
- 238000012360 testing method Methods 0.000 claims description 77
- 238000005538 encapsulation Methods 0.000 claims description 38
- 238000004891 communication Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 21
- 238000013519 translation Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 27
- 102100039223 Cytoplasmic polyadenylation element-binding protein 1 Human genes 0.000 description 16
- 101710143198 Cytoplasmic polyadenylation element-binding protein 1 Proteins 0.000 description 16
- 230000003993 interaction Effects 0.000 description 8
- 238000001514 detection method Methods 0.000 description 7
- 238000013507 mapping Methods 0.000 description 7
- 239000000523 sample Substances 0.000 description 6
- 230000000903 blocking effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000005641 tunneling Effects 0.000 description 2
- UDPGUMQDCGORJQ-UHFFFAOYSA-N (2-chloroethyl)phosphonic acid Chemical compound OP(O)(=O)CCCl UDPGUMQDCGORJQ-UHFFFAOYSA-N 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004690 coupled electron pair approximation Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a NAT traversal method, a NAT traversal device, electronic equipment and a storage medium. The method comprises the following steps: under the condition that the type of NAT equipment connected with the first CPE is NAPT, public network address information of a second CPE is determined, and a first VXLAN extension message is sent to the second CPE based on the public network address information of the second CPE; receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message; transmitting a second VXLAN extension message with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT; and receiving the VXLAN service message sent by the second CPE.
Description
Technical Field
The present invention relates to mobile communication technology, and in particular, to a network address translation (NAT, network Address Translation) traversal method, apparatus, electronic device, and storage medium.
Background
With the increasing demand for networks, the shortcomings of the conventional virtual local area networks (VLANs, virtual Local Area Network) are gradually reflected, and the main aspects are as follows: insufficient number of VLANs, two-layer network boundary restrictions, multi-tenant issues, etc.
Thus, virtual extensible local area networks (VXLANs, virtual Extensible LAN) have evolved. VXLAN is a network virtualization technology that creates a large number of virtual extensible local area networks over existing network architectures by creating VXLAN tunnels.
However, the VXLAN tunnel running on the public network must have a public network address at both ends, otherwise the VXLAN tunnel cannot be established.
Disclosure of Invention
In view of the above, the present invention is directed to a NAT traversal method, apparatus, electronic device and storage medium.
In order to achieve the above purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides a NAT traversal method, which is applied to first customer premise equipment (CPE, customer Premise Equipment); the method comprises the following steps:
under the condition that the type of NAT equipment connected with the first CPE is network address port translation (NAPT, network Address Port Translation), public network address information of a second CPE is determined, and a first virtual expansion local area network VXLAN expansion message is sent to the second CPE based on the public network address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a port number of a source user datagram protocol (UDP, user Datagram Protocol) of the VXLAN service message;
Transmitting a second VXLAN extension message with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
and receiving the VXLAN service message sent by the second CPE.
In the above scheme, the public network address information includes: public network address and UDP port number.
In the above scheme, the NAPT includes at least one of the following:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
In the above solution, the determining public network address information of the second CPE includes:
and receiving public network address information of the second CPE sent by the server.
In the above scheme, the method further comprises:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server.
In the above solution, any one of the first VXLAN extension message, the second VXLAN extension message, and the VXLAN service message includes: external ethernet header, external internet protocol (IP, internet Protocol) header, external user datagram protocol (UDP, user Datagram Protocol) header, VXLAN header, internal ethernet header, internal IP header, payload.
The embodiment of the invention also provides a NAT traversal method, which is applied to the second CPE, and comprises the following steps:
under the condition that the type of NAT equipment connected with the first CPE is NAPT, receiving a first VXLAN extension message sent by the first CPE; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE;
transmitting a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
In the above scheme, the public network address information includes: public network address and UDP port number.
In the above scheme, the NAPT includes at least one of the following:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
The embodiment of the invention also provides a NAT traversal method, which is applied to the CPE of the first customer premise equipment; the method comprises the following steps:
Under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring VXLAN message to adopt a conventional encapsulation mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on private network address information of the first CPE itself;
and sending a VXLAN service message to the second CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
In the above scheme, the method further comprises:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server.
In the above scheme, the method further comprises:
sending a second test message to the server; the second test message is used for determining public network address information after NAT corresponding to the first CPE by the server.
In the above solution, the determining public network address information of the second CPE includes:
And receiving public network address information of the second CPE sent by the server.
In the above scheme, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides a NAT traversal method, which is applied to the second CPE; the method comprises the following steps:
under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring the VXLAN message to adopt a conventional encapsulation mode;
determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE;
configuring a source address based on private network address information of the second CPE itself;
and sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
In the above scheme, the method further comprises:
receiving public network address information which is sent by a server and corresponds to the first CPE and is subjected to NAT;
the type of NAT device connected to the first CPE and sent by the server is received.
In the above scheme, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides a NAT traversal method, which is applied to the server and comprises the following steps:
And sending public network address information of the second CPE to the first CPE.
In the above scheme, the method further comprises:
receiving a first test message sent by a first CPE, and sending a first result message to the first CPE based on the first test message; the first result message is used for the first CPE to determine the type of NAT equipment connected with the first CPE;
receiving the type of the NAT equipment sent by the first CPE;
and sending the type of the NAT equipment connected with the first CPE to the second CPE.
In the above solution, in case that the type of the NAT device connected by the first CPE is a basic NAT, the method further includes:
and receiving a second test message sent by the first CPE, and determining public network address information after NAT corresponding to the first CPE based on the second test message.
In the above solution, in case that the type of the NAT device connected by the first CPE is a basic NAT, the method further includes:
and sending the public network address information after NAT corresponding to the first CPE to the second CPE.
In the above scheme, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to the first CPE, and comprises: the device comprises a first determining module, a first receiving module and a first transmitting module; wherein,,
The first determining module is configured to determine public network address information of a second CPE when determining that the type of NAT equipment connected to the first CPE is NAPT, and send a first virtual expansion local area network VXLAN expansion message to the second CPE based on the public network address information of the second CPE;
the first receiving module is configured to receive a response message sent by the second CPE; the response message carries the UDP port number of the VXLAN service message;
the first sending module is configured to send a second VXLAN extension packet with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
the first receiving module is further configured to receive a VXLAN service packet sent by the second CPE.
In the above scheme, the public network address information includes: public network address and UDP port number.
In the above scheme, the NAPT includes at least one of the following:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
In the above scheme, the first determining module is configured to receive public network address information of the second CPE sent by the server.
In the above scheme, the first sending module is further configured to send a first test message to a server; the first test message is used for requesting the server to send a first result message;
The first receiving module is further configured to receive a first result packet sent by the server, and determine a type of NAT device connected to the first receiving module based on the first result packet;
the first sending module is further configured to send the determined type of the NAT device connected to the server.
In the above solution, any one of the first VXLAN extension message, the second VXLAN extension message, and the VXLAN service message includes: external ethernet header, external IP header, external UDP header, VXLAN header, internal ethernet header, internal IP header, payload.
The embodiment of the invention also provides a NAT traversal device, which is applied to a second CPE, and comprises: the device comprises a second determining module, a second receiving module and a second sending module; wherein,,
the second determining module is configured to receive a first VXLAN extension message sent by the first CPE when determining that the type of NAT equipment connected to the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE;
the second sending module is configured to send a response message based on a source address and a destination address that are symmetrical to the received NAT-back first VXLAN extension message; the response message carries a source UDP port number of the VXLAN service message;
The second receiving module is configured to receive a second VXLAN extension packet sent by the first CPE and using the source UDP port number as a destination port;
and the second sending module is further configured to send a VXLAN service packet with a source port corresponding to the second VXLAN extension packet after NAT as a destination port.
In the above scheme, the public network address information includes: public network address and UDP port number.
In the above scheme, the NAPT includes at least one of the following:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
The embodiment of the invention also provides a NAT traversal device, which is applied to the first CPE, and comprises: a first configuration module and a first communication module; wherein,,
the first configuration module is configured to configure VXLAN messages in a conventional encapsulation mode when determining that the type of NAT equipment connected to the first CPE is a basic NAT; determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; configuring a source address based on private network address information of the first CPE itself;
the first communication module is configured to send a VXLAN service packet to the second CPE based on the configured source address and the destination address according to the conventional encapsulation mode.
In the above scheme, the first communication module is further configured to send a first test packet to the server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server.
In the above scheme, the first communication module is further configured to send a second test message to the server; the second test message is used for determining public network address information after NAT corresponding to the first CPE by the server.
In the above scheme, the first communication module is further configured to receive public network address information of the second CPE sent by the server.
In the above scheme, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to a second CPE, and comprises: the second configuration module and the second communication module; wherein,,
the second configuration module is configured to configure the VXLAN message in a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is a basic NAT; determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE; configuring a source address based on private network address information of the second CPE itself;
And the second communication module is used for sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
In the above scheme, the second communication module is further configured to receive NAT-processed public network address information corresponding to the first CPE sent by the server.
In the above scheme, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to the server and comprises: and the sending module is used for sending the public network address information of the second CPE to the first CPE.
In the above scheme, the device further includes: the receiving module is used for receiving a first test message sent by the first CPE;
the sending module is further configured to send a first result packet to the first CPE based on the first test packet; the first result message is used for the first CPE to determine the type of NAT equipment connected with the first CPE;
the receiving module is further configured to receive a type of the NAT device sent by the first CPE
The sending module is further configured to send, to the second CPE, a type of NAT device connected to the first CPE.
In the above scheme, the device further includes: the determining module is configured to receive a second test packet sent by the first CPE when the type of the NAT device connected to the first CPE is a basic NAT, and determine public network address information after NAT corresponding to the first CPE based on the second test packet.
In the above scheme, the sending module is further configured to send, to the second CPE, public network address information after NAT corresponding to the first CPE, if the type of NAT device connected to the first CPE is a basic NAT.
In the above scheme, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the NAT traversal method of any one of the first CPE side when executing the program; or,
the processor, when executing the program, implementing the steps of the NAT traversal method according to any one of the second CPE sides above; or,
the steps of the NAT traversal method according to any one of the above server sides are implemented when the processor executes the program.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, the computer program implementing the steps of the NAT traversal method according to any one of the above first CPE sides when executed by a processor; or,
the processor, when executing the program, implementing the steps of the NAT traversal method according to any one of the second CPE sides above; or,
the steps of the NAT traversal method according to any one of the above server sides are implemented when the processor executes the program.
In the NAT traversal method, apparatus, electronic device and storage medium provided in the embodiments of the present invention, when it is determined that the type of NAT device connected to the first CPE is NAPT, public network address information of the second CPE is determined, and a first VXLAN extension message is sent to the second CPE based on the public network address information of the second CPE; receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message; transmitting a second VXLAN extension message with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT; and receiving the VXLAN service message sent by the second CPE. By adopting the technical scheme of the embodiment of the invention, the VXLAN tunnel can be established under the scene that one end is connected with NAT equipment, namely, the public network address is not available.
Drawings
Fig. 1 is a diagram of an architecture for a conventional VXLAN tunnel establishment;
fig. 2 is another architecture diagram of a conventional VXLAN tunnel establishment
Fig. 3 is a schematic flow chart of a NAT traversal method on the first CPE side according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of a NAT traversal method on the second CEP side according to an embodiment of the present invention;
fig. 5 is a flowchart of another NAT traversal method on the first CPE side according to an embodiment of the present invention;
fig. 6 is a flowchart of another NAT traversal method on the second CPE side according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a NAT traversal system according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a VXLAN extension packet according to an embodiment of the present invention; as shown in figure 8 of the drawings,
fig. 9 is a schematic diagram of a first VXLAN extension packet according to an embodiment of the present invention;
fig. 10 is a schematic diagram of a response message for a first VXLAN extension message according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a VXLAN service packet according to an embodiment of the present invention;
fig. 12 is a schematic diagram of an extended VXLAN message structure according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of a NAT traversal device on the first CPE side according to an embodiment of the present invention;
Fig. 14 is a schematic structural diagram of a NAT traversal device on the second CPE side according to an embodiment of the present invention;
fig. 15 is a schematic structural diagram of another NAT traversal apparatus on the first CPE side according to an embodiment of the present invention;
fig. 16 is a schematic structural diagram of another NAT traversal apparatus on the second CPE side according to an embodiment of the present invention;
fig. 17 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The related art VXLAN tunnel will be described before the present invention will be described in further detail with reference to the examples.
The VXLAN tunnel running on the public network must have a public network address on at least one of the two ends, otherwise the VXLAN tunnel cannot be established. Fig. 1 is a diagram of an architecture for a conventional VXLAN tunnel establishment; at least one end of the two tunnels shown in fig. 1 has a public network address (NAT device is not connected), so that a VXLAN tunnel can be established.
Fig. 2 is another architecture diagram of the existing VXLAN tunnel establishment, as shown in fig. 2, where both ends do not have public network addresses, and the VXLAN tunnel cannot be actually established.
The present invention will be described in further detail with reference to examples.
Fig. 3 is a schematic flow chart of a NAT traversal method according to an embodiment of the present invention; as shown in fig. 3, the NAT traversal method is applied to the first CPE; the method comprises the following steps:
and step 304, receiving the VXLAN service message sent by the second CPE.
Specifically, the public network address information includes: public network address and UDP port number.
Specifically, the NAPT includes at least one of:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
Specifically, the determining public network address information of the second CPE includes:
and receiving public network address information of the second CPE sent by the server.
Here, the server may be implemented in a process of the second CPE, so that the server determines that there is public network address information of the second CPE, and may send the public network address information of the second CPE to the first CPE.
Specifically, before the first VXLAN extension packet is sent to the second CPE, the method further includes:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server.
Here, the first test packet may carry address information of the first CPE.
Here, the type of NAT device is determined by a combination with other protocols (specifically, protocols required for the first CPE to communicate with the server, such as IP protocols) and interacting with the server using VXLAN extension messages.
Specifically, the corresponding VXLAN packet (specifically, the first VXLAN extension packet and the second VXLAN extension packet) includes: external ethernet header, external internet protocol (IP, internet Protocol) header, external user datagram protocol (UDP, user Datagram Protocol) header, VXLAN header, internal ethernet header, internal IP header, payload.
The VXLAN service packet may also include: external ethernet header, external IP header, external UDP header, VXLAN header, internal ethernet header, internal IP header, payload.
Fig. 4 is a schematic flow chart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 4, the method is applied to a second CPE, and the method includes:
and 404, sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
Specifically, the public network address information includes: public network address and UDP port number.
Specifically, the NAPT includes at least one of:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
Here, NAT traversal is described in detail with reference to the methods shown in fig. 3 and fig. 4.
When the first CPE is connected with NAT equipment and the second CPE is not connected with the CPE, the first CPE interacts with a server to determine that the type of the NAT equipment is NAPT; the method for NAT traversal at one end comprises the following steps:
step 11, the first CPE receives public network address information (including public network address and port number, generally 4789) of the second CPE transmitted by the server; sending a first VXLAN extension message to a public network address and port number 4789 of the second CPE; the first VXLAN extension message is configured to request the second CPE to send related information;
here, it should be noted that, the VXLAN protocol encapsulates an ethernet packet into a UDP packet for tunneling, a source UDP port is provided by a VXLAN tunnel endpoint simulator (VTEP, vxlan Tunnel Endpoint), and a port value is calculated by a HASH algorithm (specifically, an inner ethernet header HASH); the destination UDP port is a known port, and is generally set to 4789 for the interactive nature of the network.
Step 12, the second CPE sends a response message according to a source port (4789) and a destination port which are completely symmetrical to the received first VXLAN extension message after NAT;
the response message, in the DATA portion, includes an active UDP port number, configured to notify a source UDP port number (e.g., DDD) of the formal VXLAN service message that needs to be sent by the subsequent second CPE, where the source UDP port number DDD is obtained by a VXLAN protocol of the second CPE according to the inner layer IP header hash.
Step 13, the first CPE sends a second VXLAN extension message with the 4789 as a source port and the DDD as a destination port, where the second VXLAN extension message is used to make holes in the NAT device;
and step 14, the second CPE sends the formal VXLAN service message by taking the source port of the received second VXLAN extension message after passing through the NAT as a destination port and taking the DDD as a source port.
Fig. 5 is a flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 5, the method is applied to a first CPE, and the method includes:
and step 504, according to the conventional encapsulation mode, sending a VXLAN service message to the second CPE based on the configured source address and destination address.
Specifically, before the first VXLAN extension packet is sent to the second CPE, the method further includes:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
Receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
and sending the determined type of the NAT equipment connected with the server.
Specifically, the method further comprises:
sending a second test message to the server; the second test message is used for determining public network address information after NAT corresponding to the first CPE by the server.
The second test message may also be the first test message, that is, the server may directly determine the NAT-processed public network address information corresponding to the first CPE through the received first test message.
Here, the first CPE sends a message, after the sent test message passes through the NAT device, the corresponding address information passes through the NAT, and the address corresponding to the test message received by the server is the public network address information after passing through the NAT, so that the server can determine the public network address information after passing through the NAT corresponding to the first CPE. The corresponding test message (e.g., the first test message, the second test message, etc.) may be in the same format as the VXLAN extension message described above.
Specifically, the determining public network address information of the second CPE includes:
And receiving public network address information of the second CPE sent by the server.
Here, the server may be implemented in a process of the second CPE, so that the server determines that there is public network address information of the second CPE, and may send the public network address information of the second CPE to the first CPE.
Specifically, the public network address information includes: public network address and UDP port number.
Fig. 6 is a flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 6, the method is applied to a second CPE; characterized in that the method comprises:
Specifically, the determining NAT-post public network address information corresponding to the first CPE includes:
And receiving public network address information which is sent by the server and corresponds to the first CPE and is subjected to NAT.
Specifically, the method may further include: the type of NAT device connected to the first CPE and sent by the server is received.
It should be noted that the server may also be implemented in the form of a process of the second CPE, so that the server determines that there is NAT-enabled public network address information corresponding to the first CPE, i.e. the second CPE determines that there is NAT-enabled public network address information corresponding to the first CPE.
Specifically, the public network address information includes: public network address and UDP port number.
NAT traversal at one end is described in detail below with respect to the methods shown in fig. 5 and 6.
When the first CPE is connected with NAT equipment and the second CPE is not connected with the CPE, the first CPE interacts with a server to determine that the type of the NAT equipment is basic NAT; the method for NAT traversal at one end comprises the following steps:
step 01, a first CPE configures a VXLAN message in a conventional encapsulation mode; determining public network address information (comprising public network address and port number 4789) of the second CPE, configuring a source address as a local private network address and a port number (the port number is obtained by calculating a HASH algorithm), and configuring a destination address as the public network address and the port number 4789 of the second CPE;
Step 03, configuring the VXLAN message by the second CPE by adopting a conventional encapsulation mode; the public network address information (comprising the public network address and the port number 4789 after NAT corresponding to the first CPE) after NAT corresponding to the first CPE is determined, the source address is configured to be the local public network address and the port number calculated by using a HASH algorithm, and the destination address is configured to be the public network address and the port number 4789 after NAT corresponding to the first CPE;
and step 04, conventional message forwarding is carried out between the first CPE and the second CPE through the VXLAN tunnel obtained based on the configuration.
Here, before the step 01, the method further includes:
the first CPE interacts with the server (specifically, sends a first test message and receives a first result message) to determine the type of the first NAT equipment and sends the first test message to the server;
the server determines public network address information after NAT corresponding to the first CPE based on the first test message; and the server sends the public network address information of the second CPE to the first CPE.
The embodiment of the invention provides a flow diagram of another NAT traversal method; the method is applied to a server, and the function of the server can be realized through one process of the second CPE; the method comprises the following steps:
And sending public network address information of the second CPE to the first CPE.
Specifically, the method further comprises:
receiving a first test message sent by a first CPE, and sending a first result message to the first CPE based on the first test message; the first result message is used for the first CPE to determine the type of NAT equipment connected with the first CPE;
receiving the type of the NAT equipment sent by the first CPE;
and sending the type of the NAT equipment connected with the first CPE to the second CPE.
It should be noted that the server may also be implemented as a process of the second CPE, so that the server determines the type of NAT device, i.e. the second CPE determines the type of NAT device.
Specifically, in the case that the type of the NAT device connected by the first CPE is a basic NAT, the method further includes:
and receiving a second test message sent by the first CPE, and determining public network address information after NAT corresponding to the first CPE based on the second test message.
Specifically, in the case that the type of the NAT device connected by the first CPE is a basic NAT, the method further includes:
and sending the public network address information after NAT corresponding to the first CPE to the second CPE.
It should be noted that, the server may also be implemented in a process of the second CPE, so that the server may send the NAT-processed public network address information corresponding to the first CPE to the second CPE, which may be understood that the corresponding process sends the NAT-processed public network address information corresponding to the first CPE to a process executing other operations.
Specifically, the public network address information includes: public network address and UDP port number.
Here, each type of NAT in the NAT traversal method will be described.
NAT can be largely divided into two categories: basic NAT, NAPT (Network Address Port Translation); wherein,,
the basic NAT is generally suitable for static binding of a public network address and an intranet host under a situation that a NAT device has a plurality of public network internet protocol (IP, internet Protocol) addresses (hereinafter referred to as public network addresses), and this type of NAT device is fewer.
The NAPT is a commonly used NAT type that can map an internal address to a separate IP address in the external network, with a port number selected by the NAT device added to the address. According to different mapping modes, NAPT can be classified into symmetric NAT and conical NAT, where the conical NAT includes: full cone NAT, address limited cone NAT, and port limited cone NAT.
Specifically, NAPT is the most commonly used NAT category in public networks, and is divided into the following four categories:
1. symmetric NAT (Symmetric NAT)
The symmetric NAT maps all requests from the same intranet address and port to the same destination address and port to the same public network address and port. If the same intranet host uses the same intranet address and port to send a message to another destination address, different mappings are used. Unlike port-limited NAT, which maps all requests to the same public network IP address and port, symmetric NAT maps differently for different requests.
2. Full cone NAT (Full Cone NAT)
The full cone NAT maps all requests from one internal IP address and port to the same external IP address and port. And any external host can realize communication with the internal host by sending a message to the mapped external address. This is a relatively loose strategy, and as long as the mapping relationship between the IP address and port of the internal network and the IP address and port of the public network is established, all hosts on the Internet can access hosts behind the NAT device.
3. Address-limiting conical NAT (Address Restricted Cone NAT)
The address limiting cone NAT also maps all requests from the same internal IP address and port to the same public network IP address and port. However, unlike a full cone NAT, the public network host address can send a message to the intranet host if and only if the internal host has previously sent a message to the public network host address.
4. Port-limiting conical NAT (Port Restricted Cone NAT)
The port-restricted cone NAT is similar to the address-restricted cone NAT, but is more stringent. The port limiting conical NAT increases the limitation of the port number, and the public network host address and the port number can communicate with the intranet host only when the intranet host has previously sent a message to the public network host address and the port number.
The VXLAN protocol is to encapsulate an Ethernet message into a UDP message for tunneling, a source UDP port is provided by a VTEP, and a port value is calculated by a hash algorithm (an inner Ethernet header hash is used); the destination UDP port is a known port, and is generally set to 4789 for the interactive nature of the network.
Fig. 7 is a schematic structural diagram of a NAT traversal system according to an embodiment of the present invention; as shown in fig. 7, the system includes: CPEA, NAT device connected with CPEA, CPEB, NAT detection server (server)
The method according to the embodiment of the present invention described above will be described below with reference to the structure shown in fig. 7, using different types of NAT devices.
In the first embodiment, after performing message interaction with the NAT probe server, the type of the NAT device connected by the CPEA is determined to be the basic NAT. The NAT traversal method comprises the following steps:
step 111, confirming the message interaction between CPEA and CPEB NAT detection servers as basic NAT;
112, CPEA configures VXLAN in a conventional encapsulation mode, wherein the source address is a local private network address and a port number obtained by calculating by using a HASH algorithm, and the destination address is a public network address of CPEB and the port number 4789;
step 113, CPEB configures VXLAN and adopts a conventional encapsulation mode, the source address is a local public network address and a port number obtained by calculating by using a HASH algorithm, and the destination address is a public network address corresponding to CPEA after NAT and the port number 4789;
and step 114, conventional message forwarding is carried out between the CPEA and the CPEB through the VXLAN tunnel.
In the second embodiment, after performing the message interaction with the NAT probe server, it is determined that the type of the NAT device connected by the CPEA is a symmetric NAT. The NAT traversal method comprises the following steps:
step 211, the CPEA sends a first VXLAN extension message to a public network address and a port number 4789 of the CPEB, and requests the CPEB to send related information;
Here, fig. 8 is a schematic diagram of a first VXLAN extension packet according to an embodiment of the present invention; as shown in fig. 8, the destination port of the first VXLAN extension packet is 4789.
212, the CPEB sends a response message according to a source port (4789) and a destination IP/port number which are completely symmetrical to the received NAT message, and notifies a source UDP port number DDD (DDD is obtained by the VXLAN protocol of the CPEB according to the inner layer IP head hash) of a formal VXLAN service message which needs to be sent by the subsequent CPEB in a DATA part;
here, fig. 9 is a schematic diagram of a response message for a first VXLAN extension message according to an embodiment of the present invention; as shown in fig. 9, the source port of the response packet is 4789, and the destination port is BBB.
Step 213, CPEA uses 4789 as source port, DDD as destination port to send second VXLAN extension message, used for punching holes in NAT equipment;
here, fig. 10 is a schematic diagram of a second VXLAN extension packet according to an embodiment of the present invention; as shown in fig. 10, the source port of the second VXLAN extension packet is 4789, and the destination port is DDD.
And step 214, the CPEB sends the formal VXLAN service message by taking the source port after the second received extension message passes through the NAT as a destination port and taking the DDD as a source port.
Fig. 11 is a schematic diagram of a VXLAN service packet according to an embodiment of the present invention; as shown in fig. 11, the destination port after NAT of the response packet is 4789, and the source port is DDD.
In the above embodiment, the NAT type is detected by combining with other protocols. Specifically, in combination with other protocols, the client-side gateway CPEA is used for carrying out message interaction through a server for NAT detection by the CPEA side, so as to detect whether the client-side gateway CPEA needs to traverse NAT, and if so, what NAT type needs to be traversed; the method can adopt a public network free server or be used by a controller.
After the type detection of the NAT equipment is finished, if the NAT needs to be traversed, the CPEA transmits an extension message to the CPEB by expanding a VXLAN protocol message to obtain a source UDP port number DDD of a formal data service message to be transmitted by the CPEB side; the CPEA side sends an extension message to the CPEB through a source UDP port 4789 and a destination UDP port DDD, and holes are drilled on NAT equipment; the CPEB may send a formal VXLAN data service packet to the CPEA with the destination port 4789 and the source port DDD.
In the third embodiment, after the message interaction with the NAT probe server, the type of the NAT device connected by the CPEA is determined to be a full cone NAT.
Here, the full cone NAT, homologous to the same port IP packet NAT mapping, i.e. mapping all requests from the same internal IP address and port to the same public IP address and port; therefore, the same method as in the above embodiment may be used for the treatment.
In the fourth embodiment, after the message interaction with the NAT probe server, it is determined that the type of the NAT device connected by the CPEA is an address limiting cone NAT.
Here, the address limiting cone NAT maps the same homologous co-port IP packet NAT (i.e., all requests from the same internal IP address and port map to the same public IP address and port); however, unlike a full cone NAT, a public network host can send a message to an intranet host if and only if the internal host has previously sent a message to the public network host address. Therefore, the same method as in the above embodiment may be used for the treatment.
In the fifth embodiment, after the message interaction with the NAT probe server, it is determined that the type of the NAT device connected by the CPEA is a port-limited cone-type NAT.
Here, the port-limited cone NAT, which is also the same source as the port-like IP message NAT mapping (i.e., mapping all requests from the same internal IP address and port to the same public network IP address and port), however, adds the limitation of the port number to the port-limited cone NAT, and the public network host can communicate with the internal host if and only if the internal host has previously sent a message to the public network host address. Therefore, the same method as in the above embodiment may be used for the treatment.
The type of probing NAT device is further described below.
The NAT detection server receives a first test message sent by CPEA; the first test message includes address information (IP address and port) of the CPEA, and the NAT probe server determines that the following steps are performed after the first test message is received.
The first step: detecting whether CPE is located behind NAT equipment;
the client of CPEA establishes UDP socket, send data packet (namely the above-mentioned first test message) to the (IP-1, port-1) of the server with UDP socket established, require the server to return address information (IP and Port) of CPE, the client begins to receive the data packet immediately after sending the request, can presume socket Timeout (300 ms), prevent the infinite blocking; this process was repeated several times. If the response from the server is not acceptable every time it times out, it means that the CPEA cannot perform UDP communication, and it may be that the firewall or NAT device blocks UDP communication.
When the client of the CPEA can receive the response of the server, comparing (IP, port) returned by the server with (LocalIP, localPort) of the CPE socket, and if the (IP, port) and (LocalIP, localPort) of the CPEA are identical, determining that the CPEA is not behind the NAT device; if the CPEA is different from the NAT device, the CPEA is determined to be behind the NAT device, and the type of the NAT device needs to be further detected.
And a second step of: detecting whether the NAT equipment is a full cone NAT;
the client of CPEA establishes UDP socket, sends data packet to the (IP-1, port-1) of server with UDP socket established, require server to respond to the client with another pair (IP-2, port-2), the server responds to the request and returns a data packet, the client begins to receive data packet immediately after sending the request, can presume socket Timeout (300 ms), prevent infinite blocking, repeat this process several times. If the response UDP packet returned by the server from (IP-2, port-2) can be accepted, the NAT is a full cone NAT; if the response of the server cannot be received after each timeout, the CPEA connected NAT device is not a full cone NAT, the specific type is required to be detected in the next step, and the next step is carried out.
And a third step of: detecting whether the NAT equipment is a symmetric NAT;
the client of CPEA establishes UDP socket, send the data packet to (IP-1, port-1) of the server with UDP socket that is established, require server return IP and Port of the client, the client begins to receive the data packet immediately after sending the request, can presume socket Timeout (300 ms), prevent the infinite blocking; repeating this process until a response is received;
Sending a packet to the server (IP-2, port-2) with another socket in the same way requires the server to return IP and Port.
Comparing the (IP, port) returned by the two processes from the server, if the (IP, port) returned by the two processes are different, describing the process as symmetrical NAT, otherwise, restricting the conical NAT, and specifically, judging whether the process is Port restricting the conical NAT to enter the next detection;
fourth step: detecting that the NAT equipment is an address limiting conical NAT or a port limiting conical NAT;
the client of CPEA establishes UDP socket, send data packet to the (IP-1, port-1) of the server with UDP socket established, require server to respond with IP-1 and a Port different from Port-1 send a UDP data packet, the client begins to receive the data packet immediately after sending the request, presume socket Timeout (300 ms), prevent the infinite blocking; this process was repeated several times. If the response of the server is not acceptable every time the response is overtime, the description is a port limit cone type NAT, and if the response of the server can be received, the description is an address limit cone type NAT.
The data packet sent by the client of the CEPA, that is, the first test packet, and correspondingly, the data packet sent by the server is a feedback first result packet.
The server to which the NAT traversal method in the embodiment of the invention is applied can adopt a public network free server or be doubled by a public network controller, namely, the public network free server or the public network controller is subjected to function expansion to realize the scheme.
It should be noted that, the above method for detecting the type of the NAT device is just an embodiment, and in the embodiment of the present invention, other methods may be adopted to detect, and after the type of the NAT device connected is determined after detection, the result is sent to the server, and then sent to the CPE at the opposite end through the server. For example: after the CPEA determines the type of the connected NAT device through interaction with the server, the CPEA sends the result to the server, and the server can send the result to the CPEB.
Fig. 12 is a schematic diagram of an extended VXLAN message structure according to an embodiment of the present invention; as shown in fig. 12, the VXLAN extension packet includes: an original message part and a VXLAN encapsulation message;
wherein, the original message part comprises: an internal ethernet header (Inner Ethernet header), an internal IP header (Inner IP header), a Payload (Payload).
VXLAN encapsulation portion comprising: an external ethernet header (Outer Ethernet header), an external IP header (Outer IP header), an external user datagram protocol header (Outer UDP header), a VXLAN header (VXLAN header).
The VXLAN header includes: VXLAN Flags (VXLAN Flags, 8 bits), a Reserved field (Reserved, 24bits each), virtual network identification (VNI, 24bits each), another Reserved (8 bits);
the Outer UDP header comprises: source Port (16 bits), destination Port (DestPort 16 bits), UDP Length (UDP Length 16 bits), UDP Checksum (UDP Checksum 16 bits).
Fig. 13 is a schematic structural diagram of a NAT traversal device on the first CPE side according to an embodiment of the present invention; as shown in fig. 13, the NAT traversal apparatus, applied to a first CPE, includes: the device comprises a first determining module, a first receiving module and a first transmitting module; wherein,,
the first determining module is configured to determine public network address information of a second CPE when determining that the type of NAT equipment connected to the first CPE is NAPT, and send a first virtual expansion local area network VXLAN expansion message to the second CPE based on the public network address information of the second CPE;
the first receiving module is configured to receive a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
the first sending module is configured to send a second VXLAN extension packet with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
The first receiving module is further configured to receive a VXLAN service packet sent by the second CPE.
Specifically, the public network address information includes: public network address and UDP port number.
The NAPT comprises at least one of:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
Specifically, the first determining module is configured to receive public network address information of the second CPE sent by the server.
Specifically, the first sending module is further configured to send a first test message to a server; the first test message is used for requesting the server to send a first result message;
the first receiving module is further configured to receive a first result packet sent by the server, and determine a type of NAT device connected to the first receiving module based on the first result packet;
the first sending module is further configured to send the determined type of the NAT device connected to the server.
Specifically, any one of the first VXLAN extension message, the second VXLAN extension message, and the VXLAN service message includes: external ethernet header, external IP header, external UDP header, VXLAN header, internal ethernet header, internal IP header, payload.
Fig. 14 is a schematic structural diagram of a NAT traversal device on the second CPE side according to an embodiment of the present invention; as shown in fig. 14, the apparatus is applied to a second CPE, and the apparatus includes: the device comprises a second determining module, a second receiving module and a second sending module; wherein,,
the second determining module is configured to receive a first VXLAN extension message sent by the first CPE when determining that the type of NAT equipment connected to the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE;
the second sending module is configured to send a response message based on a source address and a destination address that are symmetrical to the received NAT-back first VXLAN extension message; the response message carries a source UDP port number of the VXLAN service message;
the second receiving module is configured to receive a second VXLAN extension packet sent by the first CPE and using the source UDP port number as a destination port;
and the second sending module is further configured to send a VXLAN service packet with a source port corresponding to the second VXLAN extension packet after NAT as a destination port.
Specifically, the public network address information includes: public network address and UDP port number.
The NAPT comprises at least one of:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
Fig. 15 is a schematic structural diagram of another NAT traversal apparatus on the first CPE side according to an embodiment of the present invention; as shown in fig. 15, the apparatus is applied to a first CPE, and the apparatus includes: a first configuration module and a first communication module; wherein,,
the first configuration module is configured to configure VXLAN messages in a conventional encapsulation mode when determining that the type of NAT equipment connected to the first CPE is a basic NAT; determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; configuring a source address based on private network address information of the first CPE itself;
the first communication module is configured to send a VXLAN service packet to the second CPE based on the configured source address and the destination address according to the conventional encapsulation mode.
Specifically, the first communication module is further configured to send a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
And sending the determined type of the NAT equipment connected with the server.
Specifically, the first communication module is further configured to send a second test message to the server; the second test message is used for determining public network address information after NAT corresponding to the first CPE by the server.
Specifically, the first communication module is further configured to receive public network address information of the second CPE sent by the server.
The public network address information comprises: public network address and UDP port number.
Fig. 16 is a schematic structural diagram of another NAT traversal apparatus on the second CPE side according to an embodiment of the present invention; as shown in fig. 16, the apparatus is applied to a second CPE, and the apparatus includes: the second configuration module and the second communication module; wherein,,
the second configuration module is configured to configure the VXLAN message in a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is a basic NAT; determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE; configuring a source address based on private network address information of the second CPE itself;
and the second communication module is used for sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
Specifically, the second communication module is further configured to receive NAT-processed public network address information corresponding to the first CPE sent by the server.
Specifically, the public network address information includes: public network address and UDP port number.
The embodiment of the invention also provides a NAT traversal device, which is applied to the server and comprises: and the sending module is used for sending the public network address information of the second CPE to the first CPE.
Specifically, the device further comprises: the receiving module is used for receiving a first test message sent by the first CPE;
the sending module is further configured to send a first result packet to the first CPE based on the first test packet; the first result message is used for the first CPE to determine the type of NAT equipment connected with the first CPE;
the receiving module is further configured to receive a type of the NAT device sent by the first CPE
The sending module is further configured to send, to the second CPE, a type of NAT device connected to the first CPE.
Specifically, the device further comprises: the determining module is configured to receive a second test packet sent by the first CPE when the type of the NAT device connected to the first CPE is a basic NAT, and determine public network address information after NAT corresponding to the first CPE based on the second test packet.
Specifically, the sending module is further configured to send, to the second CPE, public network address information after NAT corresponding to the first CPE, if the type of NAT device connected to the first CPE is a basic NAT.
Specifically, the public network address information includes: public network address and UDP port number.
Fig. 17 is a schematic structural diagram of an electronic device according to an embodiment of the present invention; as shown in fig. 17, the apparatus 170 includes: a processor 1701 and a memory 1702 for storing a computer program capable of running on the processor; wherein,,
in an embodiment, when the electronic device is applied to the first CPE, the processor 1701 is configured to execute, when executing the computer program: under the condition that the type of NAT equipment connected with the first CPE is NAPT, public network address information of a second CPE is determined, and a first VXLAN extension message is sent to the second CPE based on the public network address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
transmitting a second VXLAN extension message with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
And receiving the VXLAN service message sent by the second CPE.
Specifically, the method shown in fig. 3 is specifically executed by the electronic device, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 3, and the specific implementation process of the electronic device is detailed in the method embodiment, which is not described herein again.
In another embodiment, when the electronic device is applied to a second CPE, the processor 1701 is configured to execute, when executing the computer program: receiving a first VXLAN extension message sent by a first CPE under the condition that the type of NAT equipment connected with the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE;
transmitting a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
Specifically, the electronic device executes the method shown in fig. 4, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 4, and the detailed implementation process of the electronic device is detailed in the method embodiment, which is not described herein again.
In yet another embodiment, when the electronic device is applied to the first CPE, the processor 1701 is further configured to execute, when the computer program is executed:
under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring VXLAN message to adopt a conventional encapsulation mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on private network address information of the first CPE itself;
and sending a VXLAN service message to the second CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
Specifically, the electronic device executes the method shown in fig. 5, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 5, and the detailed implementation process of the electronic device is detailed in the method embodiment, which is not described herein again.
In a further embodiment, when the electronic device is applied to the second CPE, the processor 1701 is further configured to execute, when executing the computer program: under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring the VXLAN message to adopt a conventional encapsulation mode;
determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE;
Configuring a source address based on private network address information of the second CPE itself;
and sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
Specifically, the electronic device executes the method shown in fig. 6, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 6, and the detailed implementation process of the electronic device is detailed in the method embodiment, which is not described herein again.
In yet another embodiment, the electronic device is applied to a server, and the processor 1701 is further configured to execute, when the computer program is executed: and sending public network address information of the second CPE to the first CPE.
In practical applications, the apparatus 170 may further include: at least one network interface 1703. The various components in the electronic device 170 are coupled together by a bus system 1704. It is appreciated that the bus system 1704 is used to implement a connected communication between these components. The bus system 1704 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration, the various buses are labeled as bus system 1704 in fig. 17. The number of the processors 1701 may be at least one. The network interface 1703 is used for wired or wireless communication between the electronic device 170 and other devices.
The memory 1702 in embodiments of the present invention is used to store various types of data to support the operation of the electronic device 170.
The method disclosed in the above embodiment of the present invention may be applied to the processor 1701 or implemented by the processor 1701. The processor 1701 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the methods described above may be performed by integrated logic circuitry in hardware or instructions in software in the processor 1701. The Processor 1701 may be a general purpose Processor, a DiGital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 1701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiment of the invention can be directly embodied in the hardware of the decoding processor or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium including memory 1702 and processor 1701 reads information from memory 1702, in combination with hardware, to perform the steps of the methods described above.
In an exemplary embodiment, the electronic device 170 may be implemented by one or more application specific integrated circuits (ASIC, application Specific Integrated Circuit), DSPs, programmable logic devices (PLD, programmable Logic Device), complex programmable logic devices (CPLD, complex Programmable Logic Device), field-programmable gate arrays (FPGA, field-ProgrammableGate Array), general purpose processors, controllers, microcontrollers (MCU, micro Controller Unit), microprocessors (Microprocessor), or other electronic components for performing the aforementioned methods.
The embodiment of the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs: under the condition that the type of NAT equipment connected with the first CPE is NAPT, public network address information of a second CPE is determined, and a first VXLAN extension message is sent to the second CPE based on the public network address information of the second CPE;
receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
transmitting a second VXLAN extension message with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
And receiving the VXLAN service message sent by the second CPE.
A computer readable storage medium provided by an embodiment of the present invention has a computer program stored thereon, and as another implementation manner, the computer program is executed by a processor to perform: receiving a first VXLAN extension message sent by a first CPE under the condition that the type of NAT equipment connected with the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE;
transmitting a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
A computer readable storage medium provided by an embodiment of the present invention has a computer program stored thereon, and as a further implementation manner, the computer program is executed by a processor to perform: under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring VXLAN message to adopt a conventional encapsulation mode;
Determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE;
configuring a source address based on private network address information of the first CPE itself;
and sending a VXLAN service message to the second CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
A computer readable storage medium provided by an embodiment of the present invention has a computer program stored thereon, and as a further implementation manner, the computer program is executed by a processor to perform: under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring the VXLAN message to adopt a conventional encapsulation mode;
determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE;
configuring a source address based on private network address information of the second CPE itself;
and sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
A computer readable storage medium provided by an embodiment of the present invention has a computer program stored thereon, and as a further implementation manner, the computer program is executed by a processor to perform: and sending public network address information of the second CPE to the first CPE.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present invention may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (21)
1. A network address translation, NAT, traversal method applied to a first customer premise equipment, CPE; characterized in that the method comprises:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
transmitting the determined type of the NAT equipment connected with the server;
under the condition that the type of NAT equipment connected with the first CPE is network address port translation NAPT, public network address information of a second CPE is determined, the second CPE is not connected with the NAT equipment, and the public network address information comprises a public network address and a user datagram protocol UDP port number; sending a first virtual expansion local area network (VXLAN) expansion message to a second CPE based on public network address information of the second CPE;
Receiving a response message sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
transmitting a second VXLAN extension message with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
and receiving the VXLAN service message sent by the second CPE.
2. The method of claim 1, wherein the NAPT comprises at least one of:
symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
3. The method of claim 1, wherein the determining public network address information of the second CPE comprises:
and receiving public network address information of the second CPE sent by the server.
4. The method of claim 1, wherein any one of the first VXLAN extension message, the second VXLAN extension message, and the VXLAN service message comprises: external ethernet header, external internet protocol IP header, external UDP header, VXLAN header, internal ethernet header, internal IP header, payload.
5. A NAT traversal method for use with a second CPE, the method comprising:
Under the condition that the type of NAT equipment connected with the first CPE is NAPT, receiving a first VXLAN extension message sent by the first CPE; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number; the type of the NAT equipment connected with the first CPE is the type of the NAT equipment connected with the first CPE, which is determined by the first CPE based on a first result message sent by a server; the first result message is sent by the first CPE based on a first test message request sent to the server;
transmitting a response message based on a source address and a destination address which are symmetrical to the received first VXLAN extension message after NAT; the response message carries a source UDP port number of the VXLAN service message;
receiving a second VXLAN extension message which is sent by the first CPE and takes the source UDP port number as a target port;
and sending the VXLAN service message by taking the source port corresponding to the second VXLAN extension message after NAT as a destination port.
6. The method of claim 5, wherein the NAPT comprises at least one of:
Symmetric NAT, full cone NAT, address limited cone NAT, port limited cone NAT.
7. A NAT traversal method applied to a first customer premise equipment CPE; characterized in that the method comprises:
sending a first test message to a server; the first test message is used for requesting the server to send a first result message;
receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message;
transmitting the determined type of the NAT equipment connected with the server;
under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring VXLAN message to adopt a conventional encapsulation mode;
determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
configuring a source address based on private network address information of the first CPE itself;
and sending a VXLAN service message to the second CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
8. The method of claim 7, wherein the method further comprises:
sending a second test message to the server; the second test message is used for determining public network address information after NAT corresponding to the first CPE by the server.
9. The method of claim 7, wherein the determining public network address information of the second CPE comprises:
and receiving public network address information of the second CPE sent by the server.
10. A NAT traversal method applied to a second CPE; characterized in that the method comprises:
under the condition that the type of NAT equipment connected with the first CPE is determined to be basic NAT, configuring the VXLAN message to adopt a conventional encapsulation mode; the type of the NAT equipment connected with the first CPE is the type of the NAT equipment connected with the first CPE, which is determined by the first CPE based on a first result message sent by a server; the first result message is sent by the first CPE based on a first test message request sent to the server;
determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
Configuring a source address based on private network address information of the second CPE itself;
and sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
11. The method according to claim 10, wherein the method further comprises:
receiving public network address information which is sent by a server and corresponds to the first CPE and is subjected to NAT;
the type of NAT device connected to the first CPE and sent by the server is received.
12. A NAT traversal method for use with a server, the method comprising:
sending public network address information of a second CPE to a first CPE, wherein the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
the method further comprises the steps of:
receiving a first test message sent by a first CPE, and sending a first result message to the first CPE based on the first test message; the first result message is used for the first CPE to determine the type of NAT equipment connected with the first CPE;
receiving the type of the NAT equipment sent by the first CPE;
and sending the type of the NAT equipment connected with the first CPE to the second CPE.
13. The method of claim 12, wherein in the case where the type of NAT device connected by the first CPE is a basic NAT, the method further comprises:
and receiving a second test message sent by the first CPE, and determining public network address information after NAT corresponding to the first CPE based on the second test message.
14. The method of claim 13, wherein if the type of NAT device connected by the first CPE is a basic NAT, the method further comprises:
and sending the public network address information after NAT corresponding to the first CPE to the second CPE.
15. A NAT traversal apparatus for use with a first CPE, the apparatus comprising: the device comprises a first determining module, a first receiving module and a first transmitting module; wherein,,
the first sending module is used for sending a first test message to the server; the first test message is used for requesting the server to send a first result message;
the first receiving module is used for receiving a first result message sent by the server, and determining the type of NAT equipment connected with the first receiving module based on the first result message;
the first sending module is further configured to send the determined type of the NAT device connected to the first sending module to the server;
The first determining module is configured to determine public network address information of a second CPE when determining that the type of NAT equipment connected to the first CPE is NAPT, and send a first virtual expansion local area network VXLAN expansion message to the second CPE based on the public network address information of the second CPE; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
the first receiving module is further configured to receive a response packet sent by the second CPE; the response message carries a source UDP port number of the VXLAN service message;
the first sending module is further configured to send a second VXLAN extension packet with the source UDP port number as a destination port to the second CPE; the second VXLAN extension message is used to make a hole in the NAT;
the first receiving module is further configured to receive a VXLAN service packet sent by the second CPE.
16. A NAT traversal apparatus for use with a second CPE, the apparatus comprising: the device comprises a second determining module, a second receiving module and a second sending module; wherein,,
the second determining module is configured to receive a first VXLAN extension message sent by the first CPE when determining that the type of NAT equipment connected to the first CPE is NAPT; the destination address corresponding to the first VXLAN extension message is public network address information of a second CPE; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number; the type of the NAT equipment connected with the first CPE is the type of the NAT equipment connected with the first CPE, which is determined by the first CPE based on a first result message sent by a server; the first result message is sent by the first CPE based on a first test message request sent to the server;
The second sending module is configured to send a response message based on a source address and a destination address that are symmetrical to the received NAT-back first VXLAN extension message; the response message carries a source UDP port number of the VXLAN service message;
the second receiving module is configured to receive a second VXLAN extension packet sent by the first CPE and using the source UDP port number as a destination port;
and the second sending module is further configured to send a VXLAN service packet with a source port corresponding to the second VXLAN extension packet after NAT as a destination port.
17. A NAT traversal apparatus for use with a first CPE, the apparatus comprising: a first configuration module and a first communication module; wherein,,
the first communication module is used for sending a first test message to the server; the first test message is used for requesting the server to send a first result message; receiving a first result message sent by the server, and determining the type of NAT equipment connected with the server based on the first result message; transmitting the determined type of the NAT equipment connected with the server;
the first configuration module is configured to configure VXLAN messages in a conventional encapsulation mode when determining that the type of NAT equipment connected to the first CPE is a basic NAT; determining public network address information of a second CPE, and configuring a destination address based on the public network address information of the second CPE; configuring a source address based on private network address information of the first CPE itself; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
The first communication module is further configured to send a VXLAN service packet to the second CPE based on the configured source address and the destination address in the normal encapsulation mode.
18. A NAT traversal apparatus for use with a second CPE, the apparatus comprising: the second configuration module and the second communication module; wherein,,
the second configuration module is configured to configure the VXLAN message in a conventional encapsulation mode when determining that the type of the NAT device connected to the first CPE is a basic NAT; the type of the NAT equipment connected with the first CPE is the type of the NAT equipment connected with the first CPE, which is determined by the first CPE based on a first result message sent by a server; the first result message is sent by the first CPE based on a first test message request sent to the server;
determining public network address information after NAT corresponding to the first CPE, and configuring a destination address based on the public network address information after NAT corresponding to the first CPE; configuring a source address based on private network address information of the second CPE itself; the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
And the second communication module is used for sending a VXLAN service message to the first CPE according to the conventional encapsulation mode based on the configured source address and the destination address.
19. A NAT traversal apparatus for use with a server, the apparatus comprising: the system comprises a sending module, a receiving module and a receiving module, wherein the sending module is used for sending public network address information of a second CPE to a first CPE, the second CPE is not connected with NAT equipment, and the public network address information comprises a public network address and a UDP port number;
the apparatus further comprises: the receiving module is used for receiving a first test message sent by the first CPE;
the sending module is further configured to send a first result packet to the first CPE based on the first test packet; the first result message is used for the first CPE to determine the type of NAT equipment connected with the first CPE;
the receiving module is further configured to receive a type of the NAT device sent by the first CPE;
the sending module is further configured to send, to the second CPE, a type of NAT device connected to the first CPE.
20. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 4 when the program is executed by the processor; or,
The processor implementing the steps of the method of claim 5 or 6 when executing the program; or,
the processor implementing the steps of the method of any one of claims 7 to 9 when executing the program; or,
the processor implementing the steps of the method of claim 10 or 11 when executing the program; or,
the processor, when executing the program, implements the steps of the method of any of claims 12 to 14.
21. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor realizes the steps of the method according to any of claims 1 to 4; or,
the processor implementing the steps of the method of claim 5 or 6 when executing the program; or,
the processor implementing the steps of the method of any one of claims 7 to 9 when executing the program; or,
the processor implementing the steps of the method of claim 10 or 11 when executing the program; or,
the processor, when executing the program, implements the steps of the method of any of claims 12 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010003317.6A CN113067911B (en) | 2020-01-02 | 2020-01-02 | NAT traversal method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010003317.6A CN113067911B (en) | 2020-01-02 | 2020-01-02 | NAT traversal method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113067911A CN113067911A (en) | 2021-07-02 |
| CN113067911B true CN113067911B (en) | 2023-06-30 |
Family
ID=76558376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010003317.6A Active CN113067911B (en) | 2020-01-02 | 2020-01-02 | NAT traversal method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113067911B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109547316A (en) * | 2018-12-29 | 2019-03-29 | 瑞斯康达科技发展股份有限公司 | Method, the system, storage medium of VXLAN message cross-over NAT equipment |
| CN109831547A (en) * | 2019-03-14 | 2019-05-31 | 腾讯科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488904B (en) * | 2009-02-27 | 2011-08-03 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
| CN104363312B (en) * | 2014-11-14 | 2018-07-13 | 浙江宇视科技有限公司 | One kind being concisely and efficiently NAT and burrows method and apparatus |
| CN106331198B (en) * | 2015-06-29 | 2020-04-21 | 中兴通讯股份有限公司 | NAT (network Address translation) penetration method and device |
| CN105933198B (en) * | 2016-04-21 | 2020-01-14 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
| CN108667945B (en) * | 2017-03-30 | 2020-10-23 | 华为技术有限公司 | Message transmission method and device |
| CN107580081A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of NAT penetrating methods and device |
| CN110266828A (en) * | 2019-06-11 | 2019-09-20 | 华为技术有限公司 | A kind of method, apparatus and network system for establishing end to end network connection |
-
2020
- 2020-01-02 CN CN202010003317.6A patent/CN113067911B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109547316A (en) * | 2018-12-29 | 2019-03-29 | 瑞斯康达科技发展股份有限公司 | Method, the system, storage medium of VXLAN message cross-over NAT equipment |
| CN109831547A (en) * | 2019-03-14 | 2019-05-31 | 腾讯科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113067911A (en) | 2021-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9819511B2 (en) | Bidirectional forwarding detection over a virtual extensible local area network | |
| US7111065B2 (en) | Method and apparatus for managing tunneled communications in an enterprise network | |
| US10284461B2 (en) | Method and related apparatus for probing packet forwarding path | |
| US8472420B2 (en) | Gateway device | |
| US20160212008A1 (en) | Bidirectional Forwarding Detection Over Network Virtualization Using Generic Routing Encapsulation | |
| CN113595891B (en) | Data communication method and device and electronic equipment | |
| CN107071079B (en) | Method and system for private network terminal to acquire public network IP | |
| CN106507414B (en) | Message forwarding method and device | |
| CN111835764B (en) | ARP anti-spoofing method, tunnel endpoint and electronic equipment | |
| CN114465931A (en) | Network detection method, device, electronic equipment and storage medium | |
| KR20230026424A (en) | IPv6 network communication method, apparatus and system | |
| US10819617B1 (en) | Loop-back packet for determining operational capabilities of border relay device | |
| US11817970B2 (en) | Method, device, and system for determining generic routing encapsulation GRE tunnel identifier | |
| US8443094B2 (en) | Computer system comprising a communication device | |
| CN109428884A (en) | Communications protection device, control method and program | |
| CN113067911B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| CN113067910B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| US20230155933A1 (en) | BIER OAM Detection Method, Device, and System | |
| CN107547691B (en) | Address resolution protocol message proxy method and device | |
| WO2006060908A1 (en) | Method for running an x.25-based application on a second protocol-based network | |
| CN115643297A (en) | Link establishment method and device, nonvolatile storage medium and computer equipment | |
| CN113746715A (en) | Communication method and device | |
| CN114598675A (en) | Control method, device, equipment and medium for realizing host blocking based on ARP | |
| CN113067908B (en) | NAT (network Address translation) traversing method and device, electronic equipment and storage medium | |
| CN107547668A (en) | Message processing method and device, Dynamic Host Configuration Protocol server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |