CN1588915A - IP tunnel method for data transfer in flexible IP network technology system - Google Patents
IP tunnel method for data transfer in flexible IP network technology system Download PDFInfo
- Publication number
- CN1588915A CN1588915A CNA2004100731380A CN200410073138A CN1588915A CN 1588915 A CN1588915 A CN 1588915A CN A2004100731380 A CNA2004100731380 A CN A2004100731380A CN 200410073138 A CN200410073138 A CN 200410073138A CN 1588915 A CN1588915 A CN 1588915A
- Authority
- CN
- China
- Prior art keywords
- management entity
- tunnel
- mobile node
- access
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
This invention relates to IP tunnel method for data intermediate trasition in flexible IP network technology. Firstly an access management entity sets up a data port, the basic domain management entity and expanding domain management entity are connected with the port then to exchange data connection information. The basic or the expanding set up a two-layer tunnel, namely, the package of tunnel end includes an outer package packet head for the first step transmission and an inner package packet head for the second step direct route, finally, the access sets up an one-layer tunnel based on IP, an all-round.
Description
Technical field:
The invention belongs to the IP network technology, the IP tunneling in the flexible IP network technology system especially, how the access-in management entity in specifically a kind of flexible IP network technology system transmits the IP tunneling of data fast.The said flexible IP network technology system of the present invention is meant by the ground field management entity, the extending domain management entity, the access-in management entity, mobile node constitutes, make mobile node in the local area network (LAN) can be in the Global Internet scope arbitrarily roaming, and guarantee that mobile node can realize interactive access with its basic network territory at any time.
Background technology:
Solve in the mobile IP technology of similar problem with flexible IP network technology system, adopt IP tunneling to transmit after the net load encapsulation of an IP-based packet as another IP packet, the path of data transmission process is called the tunnel.
A lot of services in internet and/or wide area network scope at present, for example: mobile IP, VPN, timely message etc., adopted tunneling technique or data relaying retransmission technique, and this type of technology all can produce the data forwarding bottleneck in realization, thereby cause efficient lower.
The way that adopts server to carry out the forwarding of data relaying is: data all will check, analyze each packet in transmitting, and determine the relay purposes address, and efficient is low, server becomes system bottleneck easily, increased the delay that data transmit.
Also there are the following problems to adopt the method for general tunneling technique:
As shown in Figure 1,, finish data by the tunnel relaying and transmit, will set up direct end-to-end tunnel, realize the relaying in tunnel in different inter-entity if having in the system of three entities; That is, require to set up tunnel D end to end between entity A and entity B, set up tunnel E end to end equally between entity B and entity C, the original data stream of mobile node arrives entity C through tunnel D, tunnel E, arrives destination host at last.Data will also will be carried out data buffering and handle through twice encapsulation and twice decapsulation in transmission on the intermediate entities B, wasted a large amount of CPU and storage resources, make entity B become the bottleneck of whole system.
Summary of the invention
The IP tunnel method that the purpose of this invention is to provide data relay in a kind of flexible IP network technology system solves the transmission efficiency that how to improve data, the problem of improving systematic function.
The thinking that addresses the above problem is: the access-in management entity only carries out decapsulation to the data that ground field management entity and extending domain management entity or mobile node are sent, directly routing forwarding is handled then, need not complicated decapsulation, application layer buffered, encapsulation process again, reduce the complexity of processing data packets.
The technical scheme that addresses the above problem is: the IP tunnel method of data relay is as follows in the flexible IP network technology system that is provided:
1) the access-in management entity is at first set up FPDP;
2) ground field management entity, extending domain management entity connect with the FPDP of access-in management entity respectively;
3) swap data link information;
4) ground field management entity or extending domain management entity are set up double layer tunnel, and said double layer tunnel is meant that the encapsulation of tunnel end has comprised for realizing the skin encapsulation packet header that the first step transmits and being the internal layer encapsulation packet header that direct route of second step is used;
5) the access-in management entity is set up the IP-based tunnel of individual layer, and as IP in IP tunnel or IP inUDP tunnel, this tunnel is an omnidirectional tunnel, can finish simultaneously with the bi-directional data of opposite end, two tunnels and transmit.
Two Peer-Port addresses in this tunnel are respectively ground field management entity and extending domain management entity (or mobile node); This tunnel port is directly removed outer field header packet information after receiving the tunneling data of sending any opposite end, and inner individual layer encapsulated data packet is normally carried out routing forwarding; The access-in management entity was not handled the particular content of tunneling data bag when the tunnel was transmitted, but according to the direct routing forwarding in the packet header of packet encapsulation, thereby had improved the efficient of data forwarding.
In order on the access-in management entity, to realize the omnidirectional tunnel, to carry the routing iinformation of partner address on ground field management entity and the extending domain management entity (or mobile node), be convenient to the access-in management entity and carry out routing forwarding, be equivalent to carry out two-layer encapsulation, but, can not cause tangible effectiveness affects to ground field management entity and extending domain management entity (or mobile node) owing to be once to finish.
The present invention can improve the efficient of intermediate entities processing transactions amount, and minimizing takies system resource, reduces the delay of data transmission and the efficient of forwarding data.
Method provided by the invention can realize on various network device and operating system, be not limited only on flexible IP network technology system system and the flexible IP network technology system access-in management entity, simultaneously, final realization can realize with the form of software systems or hardware device.
Description of drawings:
Fig. 1 is existing general ip tunnel junction composition.
Fig. 2 is the IP tunnel structure chart of data double-way transfer of the present invention.
Fig. 3 is the end-point addresses table of flexible IP network technology system bidirectional tunnel of the present invention, describes the end points corresponding address port of bidirectional tunnel.
Fig. 4 is the data packet format that the present invention enters access-in management entity tunnel.
Fig. 5 is the data packet format that the present invention leaves access-in management entity tunnel.
Embodiment:
Fig. 2 has provided the embodiment of the present invention in flexible IP network technology system access-in management entity.Among the figure: the ground field management entity is the identity of proxy mobile node, and finishes data forwarding; Extending domain management entity (or mobile node) is promoter or the recipient that data transmit; The access-in management entity is responsible for inserting the request of mobile node, finishes the quick forwarding of data; Basic network territory NAT is responsible for finishing the address transition of privately owned address, basic network territory; Extended network territory NAT is responsible for finishing the address transition of privately owned address, extended network territory.Ground field management entity and extending domain management entity (or mobile node) all are the end points of finally realizing the tunnel, can finish the bilayer encapsulation of data.Concrete grammar is as follows:
(1) at first needs to realize the equipment or the main frame of data double-way transfer IP tunnel, it in the present case flexible IP network technology system access-in management entity, create a data port, and wait for two end points that the tunnel connects: ground field management entity, extending domain management entity (or mobile node) initiatively carry out data with the access-in management entity and are connected;
(2) these two endpoint of a tunnels of ground field management entity and extending domain management entity (or mobile node) are set up data transfer port at self respectively, and initiate the data connection request to the FPDP of access-in management entity, this connection request sends to flexible IP network technology system access-in management entity after through corresponding NAT; The address that the access-in management entity obtains is exactly the NAT address of ground field management entity and extending domain management entity (or mobile node) address or their correspondences;
(3) flexible IP network technology system access-in management entity is the two tunnel endpoint addresses information notice other end that obtains, promptly give the ground field management entity address notification of extending domain management entity (or mobile node), give extending domain management entity (or mobile node) address notification of ground field management entity simultaneously;
(4) obtain both sides' connection request, and after finishing the mutual notice of address message, the access-in management entity is set up the tunnel, its local port was for receiving the port of data connection request just now, and the address at two ends is the mapping address on the NAT gateway of the address of ground field management entity and extending domain management entity (or mobile node) or its place network egress;
(5) when mobile node sends data to basic network territory main frame from the extended network territory, extending domain management entity or mobile node encapsulate original TCP/IP data, this encapsulation has comprised for realizing the outer basic encapsulation packet header that the first step transmits and being the internal layer route packet header that direct route of second step is used, wherein internal layer route packet header is for balance and raises the efficiency, and replaces the access-in management entity to finish;
(6) data after extending domain management entity (or mobile node) encapsulation arrive flexible IP network technology system access-in management entity, the access-in management entity need not to carry out the buffering of application layer, directly remove outer encapsulation packet header, destination address according to internal layer directly carries out routing forwarding to the ground field management entity, so its speed and efficient all improve a lot.
(7) in like manner, when basic network territory main frame when the basic network territory sends data to mobile node, the ground field management entity carries out twice encapsulation to original TCP/IP data, that is: for realizing the outer basic encapsulation packet header that the first step transmits and being the internal layer route packet header that direct route of second step is used;
(8) data after the encapsulation of ground field management entity arrive flexible IP network technology system access-in management entity, the access-in management entity still need not to carry out the data buffering and the processing of application layer, directly remove outer encapsulation packet header, destination address according to internal layer directly carries out routing forwarding to extending domain management entity (or mobile node), has guaranteed speed and efficient equally.
Flexible IP network technology system access-in management entity uses the present invention to realize two-way unpacking fast and directly route transfer, all data transmit all and can finish through the access-in management entity, and the access-in management entity is directly transmitted by the routing function of bottom after receiving data.
The present invention relates to two-way unpack fast and directly route transfer tunneling technique require the tunnel the address, corresponding port as shown in Figure 3.
Two ends arrive the access-in management entity and leave data packet format such as Fig. 4, shown in Figure 5 of access-in management entity.Wherein: the source address in outer encapsulation packet header is ground field management entity or the mapped port address of extending domain management entity on NAT, and destination address is the port and the address of access-in management entity; The source address in internal layer route packet header is the port and the address of access-in management entity, and destination address is the mapped port address on the other side NAT.
Concrete data content does not need to encrypt on three port tunnel M, can encrypt on the concrete data of inside, the tunnel device of access-in management entity only carries out transparent transmission, non-decrypting original text, therefore do not need to carry out further encryption and decryption operation, but keep the original fail safe of data.
The said flexible IP network technology system access-in management of the present invention entity is that have can be at the network equipment of internet routed ip address, it between flexible IP network technology system ground field management entity and extending domain management entity, the trunking that registration message and packet are transmitted.Flexible IP network technology system access-in management entity provides access service during from extended network domain browsing basic network territory at mobile node, flexible IP network technology system ground field management entity and extending domain management entity are carried out two-way authentication, allow mobile node and basic network territory to connect, the request in the long-range access basic network of response mobile node territory.
Said some other relevant technical terms of the present invention is:
1. ground field management entity: the network equipment that has a port to link to each other with the basic network territory at mobile node place, for the mobile node that roaming takes place provides purview certification and identity agency.
2. extending domain management entity: the network equipment on the extended network territory of mobile node is that mobile node is transmitted authentication message and packet.
3. access-in management entity: having can be at the network equipment of the IP address of internet route, and it authenticates and transmit the trunking of mobile node packet to the mobile node identity between ground field management entity and extending domain management entity.
4. basic network territory: mobile node is roamed the network at preceding place.
5. extended network territory: the network that mobile node roaming back is arrived.
6.IP tunnel: being meant that an IP-based packet is encapsulated in the net load of another IP packet transmits, and the path of process is called the tunnel.
7. tunneling technique: refer to comprise data encapsulation, the overall process in wrapping in is conciliate in transmission.
8. mobile node: can with the position of entering the Internet from a link switchover to another link, and still keep all ongoing communications, and only use the equipment of original fixed ip address.
9. network address translation (nat): Network Address Translation provides a kind of plain mode that connects the Internet, and provides safeguard protection by the means of hiding internal network address for the user.When internal network user (being positioned at the inboard of NAT server) connects the Internet, NAT becomes an outside public ip address (being stored in the address pool of NAT) with user's internal network IP address transition, when external network data was returned, the address that NAT then oppositely replaces to destination address initial internal user allowed the internal network user accept well.Because the external like this IP address that has hidden internal network, therefore, external user can't directly be initiated to the connection of inner usefulness, thereby has protected internal user.
10.ARP:Address Resolution Protocol is an address resolution protocol, is a kind of agreement that the IP address spaces is become physical address.
Claims (5)
1, the IP tunnel method of data relay in a kind of flexible IP network technology system
1) the access-in management entity is at first set up FPDP;
2) ground field management entity, extending domain management entity connect with the FPDP of access-in management entity respectively;
3) swap data link information;
4) ground field management entity or extending domain management entity are set up double layer tunnel, and said double layer tunnel is meant that the encapsulation of tunnel end has comprised for realizing the skin encapsulation packet header that the first step transmits and being the internal layer encapsulation packet header that direct route of second step is used;
5) the access-in management entity is set up the IP-based tunnel of individual layer, and this tunnel is an omnidirectional tunnel.
2, in accordance with the method for claim 1, it is characterized in that described IP access-in management entity is that have can be at the network equipment of the IP address of internet route, it authenticates and transmits the trunking of mobile node packet to the mobile node identity between ground field management entity and extending domain management entity.
3, in accordance with the method for claim 1, it is characterized in that described IP tunnel be meant an IP-based packet be encapsulated in transmit in the net load of another IP packet the path of process.
4, in accordance with the method for claim 1, it is characterized in that described ground field management entity is meant the network equipment that a port links to each other with the basic network territory at mobile node place, for the mobile node that roaming takes place provides purview certification and identity agency.
5, in accordance with the method for claim 1, it is characterized in that described extending domain management entity is meant the network equipment on the extended network territory of mobile node, for mobile node is transmitted authentication message and packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100731380A CN1248468C (en) | 2004-09-30 | 2004-09-30 | IP tunnel method for data transfer in flexible IP network technology system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100731380A CN1248468C (en) | 2004-09-30 | 2004-09-30 | IP tunnel method for data transfer in flexible IP network technology system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1588915A true CN1588915A (en) | 2005-03-02 |
| CN1248468C CN1248468C (en) | 2006-03-29 |
Family
ID=34604719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100731380A Expired - Fee Related CN1248468C (en) | 2004-09-30 | 2004-09-30 | IP tunnel method for data transfer in flexible IP network technology system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1248468C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101218814B (en) * | 2005-07-07 | 2011-05-25 | 思科技术公司 | Methods and apparatus for optimizing mobile VPN communications |
-
2004
- 2004-09-30 CN CNB2004100731380A patent/CN1248468C/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101218814B (en) * | 2005-07-07 | 2011-05-25 | 思科技术公司 | Methods and apparatus for optimizing mobile VPN communications |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1248468C (en) | 2006-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102025591B (en) | Method and system for implementing virtual private network | |
| US9781052B2 (en) | Virtual machine and application movement over local area networks and a wide area network | |
| JP3494610B2 (en) | IP router device with TCP termination function and medium | |
| CN102025589B (en) | Method and system for realizing virtual private network | |
| WO2021073565A1 (en) | Service providing method and system | |
| WO2013145167A1 (en) | Lan multiplexer apparatus | |
| CN100484083C (en) | Addressing converting method and mixed addressing converting router for realizing the same | |
| CN102255982A (en) | Internet protocol version 4 (IPv4)/IPv6 translation gateway and translation method | |
| CN101499965B (en) | Method for network packet routing forwarding and address converting based on IPSec security association | |
| CN102938736A (en) | Method and device for realizing IPv6 (Internet Protocol Version 6) network traversing of IPv4 message | |
| CN102546362A (en) | Message processing method, message processing system and customer premises equipment | |
| CN1248468C (en) | IP tunnel method for data transfer in flexible IP network technology system | |
| CN1805436A (en) | Method of establishing dynamic 4-in-6 tunnels | |
| CN1567873A (en) | A method of data transmission on VPN | |
| CN1770766A (en) | Two layer message transmitting method | |
| CN1260928C (en) | Method for realizing NATD pass through using cut-in management entity in flexible IP network technology system | |
| CN1571396A (en) | An implementing method for switching ZONET in IPv6 network | |
| CN1260923C (en) | Method for realizing establisment of random tunnel | |
| CN1863171A (en) | Method for implementing signalling across network address translation apparatus in mobile IP network | |
| CN1248462C (en) | Method for realizing local network / broad network self adaption in flexible IP network technology system | |
| CN1260924C (en) | Method for realizing double layer tunnel in flexible IP network technology system | |
| Robert et al. | Third generation wireless network: the integration of GSM and Mobile IP | |
| CN1571401A (en) | A method for switching IPv6 island in IPv6 network | |
| Chauhan et al. | Network optimization of IPv6 networks using tunnel header compression | |
| CN1286300C (en) | Communication method of transmitting and moving Internet protocol association with network address |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: XI'AN IWNCOMM CO., LTD. Free format text: FORMER NAME: XIDIAN JIETONG WIRELESS NETWORK COMMUNICATION CO LTD, XI'AN |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 710075 4F.C building, No. 12, No. two, hi tech Road, Shaanxi, Xi'an Patentee after: Anxi Dianjietong Wireless Network Communications Co.,Ltd. Address before: 710075 4F.C building, No. 12, No. two, hi tech Road, Shaanxi, Xi'an Patentee before: Xi'an Xidian Jietong Wireless Network Communication Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060329 Termination date: 20180930 |