A kind of method of moving node passing through NAT registration
Technical field
The present invention relates to a kind of method of flexible IP network technology system passing through NAT registration.Specifically, the present invention relates to a kind of mobile node cross over the internet or and during the wide area network roaming, how in the network environment of NAT is arranged, normally carry out process registration to the ground field management entity.
Background technology
It all is public ip address that mobile IP technology requires the IP address of home proxy entity and mobile node, or the private IP address in can two local area network (LAN)s of route.Among the mobile IP, home proxy entity and foreign agent entity must use can route the IP address, after the mobile node roaming, the register requirement of mobile node can be transmitted to home proxy entity by foreign agent entity, thereby set up the IPinIP tunnel, make mobile node can normally visit tame net resource.Because the shortage of IP address resource, what the user used when the framework network all is the privately owned address of non-routable usually.When subscriber to access Internet, though the privately owned address of Network Access Point has been translated into publicly-owned address, mobile IP system still can not be applied to such network environment.When mobile node is attempted to move the IP session from privately owned address creation, as registration, when creating the tunnel, the NAT system will stop this to move the successful establishment of IP session.
Summary of the invention
The object of the present invention is to provide a kind of method of moving node passing through NAT registration, its solved in the background technology mobile node cross over the internet or and during the wide area network roaming, mobile IP system can not be applied to the technical problem of this network environment.
Technical solution of the present invention is:
A kind of method of moving node passing through NAT registration, its special character is: this method may further comprise the steps
1). on wide area network, connect an access-in management entity 3;
2). mobile node 6 is set up in the basic network territory and the communication tunnel of 1 of ground field management entity
2-1). mobile node 6 is at the basic network domain information of basic network territory registration oneself;
2-2). ground field management entity 1 and access-in management entity 3 connect, and know the network access information of ground field management entity 1;
2-3). mobile node 6 sends register requirement from private network to access-in management entity 3, and after registration was passed through, access-in management entity 3 was the network insertion dot information of mobile node 6 and ground field management entity 1 notice mobile node 6 and ground field management entity 1 both sides;
2-4). mobile node 6 and ground field management entity 1 are after having obtained the network insertion dot information, and mobile node 6 and ground field management entity 1 are set up communication tunnel between the two;
3). registration is also created data
3-1). after mobile node 6 roamed into the extended network territory, mobile node 6 sent login request message (108) to access-in management entity 3, and NAPT is performed; Access-in management entity 3 processing register request message are created the binding of mobile node 6, create data socket then, wait for that the data of ground field management entity 1 and mobile node 6 are connected; Access-in management entity 3 is transmitted to the register requirement of mobile node 6 the ground field management entity 1 of this mobile node 6;
3-2). after ground field management entity 1 is received the register requirement of mobile node 6, mobile node 6 is carried out authentication (112), and set up the binding (114) of this mobile node 6, checking mobile node 6 users' key, identity and authentication extension information; The authentication of described mobile node 6 sends registration reply message (116) by back ground field management entity 1 to access-in management entity 3;
3-3). after access-in management entity 3 is received correct registration reply, with the port notice ground field management entity 1 of the data socket created, this be a step 118, waits for the data connection of ground field management entity 1, give mobile node 6 with this registration reply forwards simultaneously, this is step (120);
3-4). after ground field management entity 1 is received the data socket port of access-in management entity 3, send connection request message (122) to this data socket port, request is set up and is connected with the data of access-in management entity 3; After access-in management entity 3 is received described data connection request message, preserve the network access information aa (124) of ground field management entity 1 data request information, connect response message (126) to ground field management entity 1 response data, access-in management entity 3 is created the network access information aa notice mobile node 6 of the port message of data socket and the ground field management entity of being preserved 1 to it then, and this is step (128);
3-5). mobile node 6 has obtained the FPDP information of access-in management entity 3, sends data connection request message (130) to access-in management entity 3, and request is set up and is connected with the data of access-in management entity 3; Access-in management entity 3 is handled the data connection request message of mobile node 6, and preserves the network access information bb (132) of mobile node 6 data request information, connects response message (134) to mobile node 6 response data then; After mobile node 6 receives that data connect response message, excite mobile node 6 to send login request message (136) to access-in management entity 3, access-in management entity 3 is received after this register requirement and to be transmitted the register requirement (140) of mobile node 6 then to ground field management entity 1 to the network access information bb (138) of ground field management entity 1 notice mobile node 6;
4). start the tunnel
4-1). after ground field management entity 1 is received the register requirement of mobile node 6, return registration reply (142) to access-in management entity 3; After access-in management entity 3 is received this response message, excite access-in management entity 3 to start the tunnel, transmit registration reply (146) to mobile node 6 then;
4-2). after mobile node 6 is received described registration reply, begin to start tunnel (148), and notice ground field management entity 1 tunnel starts successfully (150);
4-3). after ground field management entity 1 receives that mobile node 6 starts the tunnel success message, also begin to start the tunnel (152) of oneself, and return the successful respond (154) that registration is all finished to mobile node 6.
Above-mentioned access-in management entity 3 can be to be used for that log-on message between mobile node 6 and the ground field management entity 1 is transmitted and to gather ground field management entity 1 and mobile node 6 network insertion dot informations in mobile node 6 registration processes, these information be transmitted to the access-in management entity 3 of mobile agent entity.
Above-mentioned mobile node 6 sends register requirement to access-in management entity 3 and can comprise:
Mobile node 6 sends register requirement from private network to access-in management entity 3, and NAT is performed; Access-in management entity 3 is transmitted to the register requirement of mobile node 6 the ground field management entity 1 of this mobile node 6, after the identity of ground field management entity 1 checking mobile node 6, registration reply is returned to access-in management entity 3, be transmitted to mobile node 6 by access-in management entity 3; After the registration of mobile node 6 was passed through, access-in management entity 3 was the network insertion dot information both advised of mobile node 6 and ground field management entity 1.
Above-mentioned ground field management entity 1 and access-in management entity 3 connect and can comprise:
Ground field management entity 1 sends connection request message (102) to access-in management entity 3, and NAPT is performed; Access-in management entity 3 is handled the connection request of ground field management entity 1, writes down the network access information (104) of ground field management entity 1, and sends the response message (106) that request connects to ground field management entity 1.
Above-mentioned mobile node 6 can adopt the identity and the authentication information of ground field management entity 1 this mobile node 6 of record at the basic network domain information of basic network territory registration oneself.
Above-mentioned network address translation NAT can connect the Internet and provide the protecting network address transition by the means of hiding internal network address for the user.
When above-mentioned tunnel can adopt packed packet to transmit on public internet network the logical path of process.
Above-mentioned mobile node 6 can adopt can with 4 the position of entering the Internet from a link switchover to another link and the equipment that still can keep all ongoing communications and only use original fixed ip address.
Advantage of the present invention is as follows:
The present invention can create from mobile node to the flexible IP session the ground field management entity by private IP address.That is, adopt the present invention, can in wide area network, use flexible IP technological system.When mobile node roams into the network environment that has adopted NAT device, still can and its ground field management entity between set up flexible IP dialogue.More particularly, flexible IP dialogue can be set up when Care-of Address and ground field management entity address all are privately owned address rather than total address.Under the situation of IP address resource wretched insufficiency, behind passing through NAT, flexible IP network technology system still can be used in this environment.The present invention is not only applicable to the environmental requirement that user's IP address is a public network address, also be applicable to the private IP address after the NAT conversion, thereby expanded the scope of application of flexible IP network technology system system greatly, provide bigger facility for the user uses the mobile network.
Description of drawings
Fig. 1 is each functional entity and a network topology structure schematic diagram in the flexible IP network technology system;
Fig. 2 is for registration in the flexible IP network technology system in the wide area network and set up the flow chart of double layer tunnel control.
Drawing reference numeral explanation: 1-ground field management entity; 2-fire compartment wall, the i.e. fire compartment wall in basic network territory; 3-access-in management entity; 4-Internet, i.e. internet; 5-fire compartment wall, the i.e. fire compartment wall in extended network territory; The 6-mobile node; 102-ground field management entity sends connection request message to the access-in management entity; The network access information of 104-record ground field management entity; 106-sends the response message that request connects to the ground field management entity; 108-sends login request message to the access-in management entity; 110-access-in management entity set-up data socket is saved in binding table; 112-carries out authentication to mobile node; 114-sets up the binding of this mobile node; 116-ground field management entity sends registration reply message to the access-in management entity; 118-is with the port notice ground field management entity of the data socket created; 120-gives mobile node with the registration reply forwards; 122-sends connection request message to the data socket port; 124-preserves the network access information aa of ground field management entity data request information; 126-connects response message to ground field management entity response data; 128-access-in management entity is created the network access information aa notice mobile node of the port message of data socket and the ground field management entity of being preserved to it; 130-sends data connection request message to the access-in management entity; 132-preserves the network access information bb of mobile node data request information; 134-connects response message to the mobile node response data; 136-sends login request message to the access-in management entity; 138-is to the network access information bb of ground field management entity notice mobile node; 140-transmits the register requirement of mobile node to the ground field management entity; 142-returns registration reply to the access-in management entity; 144-access-in management entity starts the tunnel; 146-transmits registration reply to mobile node; 148-begins to start the tunnel; 150-notice ground field management entity tunnel starts successfully; 152-ground field management entity begins to start the tunnel of oneself; 154-returns the successful respond that registration is all finished to mobile node.
Embodiment
The flexible IP network technology system that the present invention adopts is meant: by the ground field management entity, the extending domain management entity, the access-in management entity, mobile node constitutes, make mobile node in the local area network (LAN) can be in the Global Internet scope arbitrarily roaming, and guarantee that mobile node can realize interactive access with its basic network territory at any time.
The present invention has connected an access-in management entity on wide area network, be used for the forwarding of log-on message between mobile node and the ground field management entity, and in the process of mobile node registration, gather the network insertion dot information of ground field management entity and mobile node, these information are transmitted to the mobile agent entity; Ground field management entity and access-in management entity at first connect, and NAT is performed, and the access-in management entity is known the network access information of ground field management entity; Mobile node sends register requirement from private network and gives the access-in management entity, and NAT is performed; The access-in management entity is transmitted to the ground field management entity of mobile node with this request, after the identity of ground field management entity checking mobile node is passed through, returns registration reply.Equally, the ground field management entity sends to the access-in management entity to registration reply earlier, is transmitted to mobile node by the access-in management entity again; After registration is passed through, the access-in management entity can be sensible to both sides the network insertion dot information of mobile node and ground field management entity, after correctly having obtained effective information, can set up the tunnel between mobile node and ground field management entity, the foundation of communicating by letter of mobile node and ground field management entity finishes.
Referring to Fig. 1, Fig. 2, specific implementation method of the present invention is as follows:
1. on wide area network, connect an access-in management entity 3.This access-in management entity 3 is responsible for the forwarding of log-on message between mobile node 6 and the ground field management entity 1, and in the process of mobile node 6 registration, gather the network insertion dot information of ground field management entity 1 and mobile node 6, these information are transmitted to mobile management entity.
2. mobile node 6 is set up in the basic network territory and the communication tunnel of 1 of ground field management entity.
2-1. mobile node 6 is registered the basic network domain information of oneself in the basic network territory: the identity and the authentication information of ground field management entity 1 record mobile node 6.
2-2. ground field management entity 1 and access-in management entity 3 connect: ground field management entity 1 and access-in management entity 3 connect, and access-in management entity 3 is known the network access information of ground field management entity 1.Ground field management entity 1 sends connection request message 102 to access-in management entity 3, NAPT is performed, access-in management entity 3 is handled the connection request of ground field management entity 1: write down the network access information 104 of ground field management entity 1, and send the response message 106 that request connects to ground field management entity 1.
2-3. mobile node 6 sends register requirement to access-in management entity 3:
1). mobile node 6 sends register requirement from private network to access-in management entity 3, and NAT is performed;
2). access-in management entity 3 is transmitted to the register requirement of mobile node 6 the ground field management entity 1 of this mobile node 6;
3). after the identity of ground field management entity 1 checking mobile node 6, registration reply is returned to access-in management entity 3, be transmitted to mobile node 6 by access-in management entity 3;
4). after the registration of mobile node 6 was passed through, access-in management entity 3 was the network insertion dot information both advised of mobile node 6 and ground field management entity 1.
2-4. mobile node 6 and ground field management entity 1 are after having obtained the network insertion dot information, mobile node 6 and ground field management entity 1 are set up communication tunnel between the two.
3. register and create data:
3-1 is after mobile node 6 roams into the extended network territory, and mobile node 6 sends login request message 108 to access-in management entity 3; NAPT is performed, and access-in management entity 3 processing register request message are created the binding of mobile node 6, create data socket then, waits for that the data of ground field management entity 1 and mobile node 6 are connected; Access-in management entity 3 is transmitted to the register requirement of mobile node 6 the ground field management entity 1 of this mobile node 6.
3-2. after ground field management entity 1 was received the register requirement of mobile node 6,1 pair of mobile node of ground field management entity 6 carried out authentication 112; Set up the binding 114 of this mobile node 6, checking mobile node 6 users' key, identity and authentication extension information, authentication sends registration reply message 116 by back ground field management entity 1 to access-in management entity 3.
After 3-3. access-in management entity 3 is received correct registration reply, with the port notice ground field management entity 1 of the data socket created, this be a step 118, waits for the data connection of ground field management entity 1, give mobile node 6 with this registration reply forwards simultaneously, this is a step 120.
3-4. after ground field management entity 1 is received the data socket port of access-in management entity 3, send connection request message 122 to this data socket port, request is set up and is connected with the data of access-in management entity 3.Access-in management entity 3 is at first preserved the network access information aa 124 of ground field management entity 1 data request information after receiving this data connection request message, with notice mobile node 6; Then, connect response message 126 to ground field management entity 1 response data.At this moment, access-in management entity 3 is created the network access information aa notice mobile node 6 of the port message of data socket and the ground field management entity of being preserved 1 to it, and this is a step 128.
3-5. mobile node 6 has obtained the FPDP information of access-in management entity 3, sends data connection request message 130 to access-in management entity 3, request is set up and is connected with the data of access-in management entity 3.
Access-in management entity 3 is handled the data connection request message of mobile node 6, and preserves the network access information bb 132 of mobile node 6 data request information, with notice ground field management entity 1; Connect response message 134 to mobile node 6 response data then.
After mobile node 6 receives that data connect response message, excite mobile node 6 to send login request message 136 to access-in management entity 3.
Access-in management entity 3 is received after this register requirement and to be transmitted the register requirement 140 of mobile node 6 then to ground field management entity 1 to the network access information bb 138 of ground field management entity 1 notice mobile node 6.
4. startup tunnel
4-1. after ground field management entity 1 is received the register requirement of mobile node 6, return registration reply 142 to access-in management entity 3.After access-in management entity 3 is received this response message, excite access-in management entity 3 to start the tunnel, transmit registration reply 146 to mobile node 6 then.
4-2. after mobile node 6 is received this registration reply, begin to start tunnel 148, and notice ground field management entity 1 tunnel starts successfully 150.
4-3. after ground field management entity 1 receives that mobile node 6 starts the tunnel success message, also begin to start the tunnel 152 of oneself, and return the successful respond 154 that registration is all finished to mobile node 6.
Mobile node 6 registration processes complete successfully, and the foundation of communicating by letter of mobile node 6 and ground field management entity 1 finishes.
Relevant technical terms explanation involved in the present invention:
The ground field management entity: the network equipment that has a port to link to each other with the basic network territory at mobile node place, for the mobile node that roaming takes place provides purview certification and identity agency.
The extending domain management entity: the network equipment on the extended network territory of mobile node, for mobile node is transmitted authentication message and packet.
The access-in management entity: having can be at the network equipment of the IP address of internet route, and it authenticates and transmit the trunking of mobile node packet to the mobile node identity between ground field management entity and extending domain management entity.
The basic network territory: mobile node is roamed the network at preceding place.
Extended network territory: the network that mobile node roaming back is arrived.
IP tunnel: be meant that an IP-based packet is encapsulated in the path of process when transmitting in the net load of another IP packet.
Tunneling technique: refer to comprise data encapsulation, the overall process in wrapping in is conciliate in transmission.
Mobile node: can with the position of entering the Internet from a link switchover to another link, and still keep all ongoing communications, and only use the equipment of original fixed ip address.