TW201616844A - Network connection system for solving connection limitations of network address translation and method thereof - Google Patents

Network connection system for solving connection limitations of network address translation and method thereof Download PDF

Info

Publication number
TW201616844A
TW201616844A TW103137815A TW103137815A TW201616844A TW 201616844 A TW201616844 A TW 201616844A TW 103137815 A TW103137815 A TW 103137815A TW 103137815 A TW103137815 A TW 103137815A TW 201616844 A TW201616844 A TW 201616844A
Authority
TW
Taiwan
Prior art keywords
network
connection
nat
network device
party
Prior art date
Application number
TW103137815A
Other languages
Chinese (zh)
Other versions
TWI561043B (en
Inventor
Ming-Ko Wang
Original Assignee
Papago Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Papago Inc filed Critical Papago Inc
Priority to TW103137815A priority Critical patent/TW201616844A/en
Publication of TW201616844A publication Critical patent/TW201616844A/en
Application granted granted Critical
Publication of TWI561043B publication Critical patent/TWI561043B/zh

Links

Abstract

The present invention discloses a network connection system for solving connection limitations of network address translation (NAT) and a method thereof. The system is constituted by a plurality of private domains and a public domain with a simple traversal of user datagram protocol over NAT (STUN) server, such that a peer-to-peer (P2P) connection can be performed between the private domains through the STUN server. Furthermore, even for two private domains which are unable to use P2P to establish a connection, it is allowable to establish the connection indirectly by using an adjacent third-party private domain that is in a direct P2P connection with network devices of the two private domains. Therefore, under a condition of saving hardware equipment cost, the present invention can establish a P2P-like connection that is the best alternative connection technology with the closest P2P connection efficiency.

Description

解決網路位址轉譯器之連線限制的網路連線系統及其方法 Network connection system and method for solving network address translator connection limitation

本發明係關於一種解決網路位址轉譯器(network address translation,NAT)之連線限制的網路連線系統及其方法;更詳而言之,特別係指一種可建立最接近點對點網際網路技術(peer-to-peer,P2P)連線效益的最佳替代連線技術之網路連線系統及其方法。 The present invention relates to a network connection system and a method for solving the connection restriction of a network address translation (NAT); more particularly, it relates to a network that can establish the closest point-to-point network. The network connection system and method for the best alternative connection technology of peer-to-peer (P2P) connection efficiency.

在先前技術中,通過直接交換來共享電腦資源和服務的點對點網際網路技術(peer-to-peer,以下簡稱P2P)已被廣泛使用,其使用在各種內容傳遞(content delivery)的應用中,例如:收看即時轉播(live streaming)、視訊點播(video on demand)、即時通訊,或是允許使用者發佈其所擁有的多媒體內容、建立個人頻道等,是一種提供多個網路裝置間的直接網路連線技術,以取得最高網路傳輸速度,且無需額外的伺服器(server)建構成本。 In the prior art, peer-to-peer (P2P) technology, which shares computer resources and services through direct exchange, has been widely used, and is used in various content delivery applications. For example, watching live streaming, video on demand, instant messaging, or allowing users to publish multimedia content they own, creating personal channels, etc., is a direct way to provide multiple network devices. Network connection technology to achieve the highest network transmission speed without the need for an additional server.

然而,P2P於實際應用上仍會面臨部份問題,主要是由於網際網路(Internet)的快速發展與網路用戶的增加下,造成目前網際網路協定(Internet Protocol,以下簡稱IP)位址即將不敷使用,為了避免前述情況,人們大多會在私有網域 和公眾網域的邊界處部署網路位址轉譯器(network address translation,以下簡稱NAT),來解決網路位址不足的問題;而所謂NAT是定義於RFC 1631的一個Internet標準,主要是對私有網域的網路裝置所發出的封包,進行IP位址轉換的動作,以便讓私有網域中多台網路裝置能夠共用一個公眾網域IP位址連接上網際網路,意即當私有網域發出的私有網域IP資料封包到達NAT時,NAT負責將私有網域IP位址轉換成公眾網域IP位址;當有外部發來的封包到達NAT設備後,NAT透過查閱自身保存的映射表(mapping table)裡的資訊,將公眾網域IP位址轉換成私有網域IP位址,再轉發到私有網域中對應的網路裝置。 However, P2P still faces some problems in practical applications, mainly due to the rapid development of the Internet and the increase of Internet users, resulting in the current Internet Protocol (IP) address. Will not be used, in order to avoid the above situation, most people will be in the private domain Network address translation (NAT) is deployed at the boundary of the public domain to solve the problem of insufficient network address. The so-called NAT is an Internet standard defined in RFC 1631. The packet sent by the network device of the private domain performs IP address translation, so that multiple network devices in the private network domain can share a public domain IP address to connect to the Internet, that is, private When the private domain IP data packet sent by the domain arrives at the NAT, the NAT is responsible for converting the private domain IP address into the public domain IP address. When an externally sent packet arrives at the NAT device, the NAT searches for the saved by itself. The information in the mapping table converts the public domain IP address into a private domain IP address and forwards it to the corresponding network device in the private domain.

而就NAT之類型而言,其大致可分為完全圓錐型(Full Cone)NAT、受限圓錐型(Restricted Cone)NAT、埠受限圓錐型(Port Restricted Cone)NAT與對稱式(Symmetric)NAT四種型態。所述完全圓錐型NAT的特性是當其內部用戶端與其外部用戶端建立連線後,任何外部用戶端皆可依據內部用戶端的NAT對應位址/埠號與此內部用戶端進行通訊;所述受限圓錐型NAT的特性是當其內部用戶端與其外部用戶端建立連線後,僅限於與此內部用戶端建立連線的外部位址可依據內部用戶端的對應位址/埠號與此內部用戶端進行通訊;所述埠受限圓錐型NAT的特性是當其內部用戶端與其外部用戶端建立連線後,僅限於與此內部用戶端建立連線的外部位址/埠號可依據內部用戶端的NAT對應位址/埠號與此內部用戶端進行通訊;而所述對稱式NAT的特性則是其內部用戶端發送至不同 目的地端的應用都會被指派一個對應的NAT對應位址/埠號,並且僅對應的目的端的位址/埠號能與所指派的NAT對應位址/埠號通訊。據此,可知前述四種NAT型態各有不同的連線限制,其中又以對稱式(Symmetric)NAT限制最為嚴格。有鑒於此,在大量內部的用戶端使用私有網域IP位址(或虛擬IP位址)的環境中,當位於NAT外部的用戶端(即公眾網域IP位址)想要與位於NAT內部的用戶端以P2P的網路技術相互建立資料傳輸連線時,位於NAT外部的用戶端所送出的請求訊息會被NAT阻擋,因而位於NAT內部的用戶端無法得知有連線建立的請求而造成連線失敗。 As far as the type of NAT is concerned, it can be roughly divided into a Full Cone NAT, a Restricted Cone NAT, a Port Restricted Cone NAT, and a Symmetric NAT. Four types. The characteristic of the fully conical NAT is that when the internal user end establishes a connection with its external user end, any external user end can communicate with the internal user end according to the NAT corresponding address/an nickname of the internal user end; The characteristic of the restricted cone NAT is that when the internal user terminal establishes a connection with its external user terminal, only the external address that is connected to the internal user terminal can be based on the corresponding address/an nickname of the internal user terminal and the internal address. The user end communicates; the characteristic of the restricted conical NAT is that when the internal user end establishes a connection with its external user end, only the external address/an nickname that establishes a connection with the internal user end can be based on the internal The NAT corresponding address/an nickname of the client communicates with the internal client; and the characteristic of the symmetric NAT is that the internal client sends it to different The application at the destination end is assigned a corresponding NAT corresponding address/apostrophe, and only the address/apostrophe of the corresponding destination can communicate with the assigned NAT corresponding address/apostrophe. Accordingly, it can be seen that the above four NAT types have different connection restrictions, and the Symmetric NAT is the most restrictive. In view of this, in a environment where a large number of internal clients use a private domain IP address (or virtual IP address), when a client located outside the NAT (ie, a public domain IP address) wants to be located inside the NAT, When the user terminal establishes a data transmission connection with the P2P network technology, the request message sent by the client located outside the NAT is blocked by the NAT, so that the user inside the NAT cannot know the request for connection establishment. Caused the connection to fail.

為能有效解決前述的問題,NAT的使用者資料包協定簡單穿透(Simple Traversal of User Datagram Protocol through NAT,以下簡稱STUN)、使用轉傳的NAT穿透(Traversal Using Relay NAT,以下簡稱TURN)、互動連接建立(Interactive Connectivity Establishment,以下簡稱ICE)等網路協定陸續被提出。首先就STUN而言,網際網路技術意見書(Request For Comments,RFC)3489所記載的STUN網路協定提出一套方法,以使得位於NAT內部的用戶端可以得知NAT所分配的位址/埠號與NAT的型態,並且藉由將這些資訊提供給位於NAT外部的用戶端,則雙方可因此建立連線,然而,STUN在對稱式NAT(symmetric NAT)型態下是無法成功運作的;續就TURN而言,TURN網路協定是在公眾網域(public domain)中佈建一台TURN伺服器,其中此TURN伺服器會分配的一個位址/埠號來代表位於NAT內部的用戶端,並且使用一映射表來記錄位於 NAT內部的用戶端用來對外溝通的位址/埠號和所分配之位址/埠號的對映關係,之後,進入與流出NAT的資料皆會透過TURN伺服器轉送以達到穿透NAT的目的,儘管TURN可以用於對稱式NAT的穿透,然而由於NAT內部的所有用戶端的資料流都需要經過TURN伺服器,因此TURN伺服器會成為一個效能上的瓶頸;續就ICE而言,ICE網路協定則是提出了一套混合式的NAT穿透方法以利用STUN與TURN的功能來解決問題,其中當用戶端之間需要穿透NAT建立連線時,用戶端會先去搜集本身的候選網路位址(candidate address)資訊,然後藉由彼此交換候選網路位址資訊後,用戶端針對對方的候選網路位址進行連線測試,最後決定一條最佳的連線來進行資料傳輸。 In order to solve the above problems effectively, the Simple Traversal of User Datagram Protocol through NAT (hereinafter referred to as STUN) and the Traversal Using Relay NAT (hereinafter referred to as TURN) Network protocols such as Interactive Connectivity Establishment (hereinafter referred to as ICE) have been proposed. First, in the case of STUN, the STUN network protocol described in the Request for Comments (RFC) 3489 proposes a method to enable the client located inside the NAT to know the address assigned by the NAT/ The nickname and NAT type, and by providing this information to the client located outside the NAT, the two parties can establish a connection. However, STUN cannot operate successfully in the symmetric NAT (symmetric NAT) mode. In the case of TURN, the TURN network protocol is to deploy a TURN server in the public domain, where the TURN server will assign an address/apostrophe to represent the user inside the NAT. End, and use a mapping table to record the location The internal address of the NAT is used to communicate with the address/an nickname of the external communication and the assigned address/nickname. After that, the data entering and leaving the NAT will be forwarded through the TURN server to achieve NAT penetration. Purpose, although TURN can be used for the penetration of symmetric NAT, TURN server will become a performance bottleneck because the data flow of all clients in NAT needs to pass the TURN server. For ICE, ICE The network protocol proposes a hybrid NAT penetration method to solve the problem by using the functions of STUN and TURN. When the user needs to establish a connection through NAT, the user will first collect the original. The candidate network address information is exchanged, and then the candidate network address information is exchanged with each other, and the user terminal performs a connection test on the candidate network address of the other party, and finally determines an optimal connection for data. transmission.

基於上述網路協定,一些NAT穿透方法被提出以使位於NAT外部的用戶端能夠穿透NAT而與位於NAT內部的用戶端建立連線,例如,RFC 5128所提出的打孔(hole punching)方法就是先在公眾網域下佈建一台會合伺服器(Rendezvous Server),而在NAT底下的所有用戶端都事先與此伺服器建立控制訊息連線。舉例來說,當用戶端A要與用戶端B建立直接的NAT穿透連線時,用戶端A會先送出一個請求建立連線訊息給會合伺服器,會合伺服器收到此請求建立連線訊息後,會合伺服器會將用戶端B的NAT對應位址/埠號傳送給用戶端A,以及將用戶端A的NAT對應位址/埠號傳送給用戶端B,當用戶端A收到用戶端B的位址資訊時,用戶端A會送出一個測試封包到用戶端B的NAT對應位址/埠號,此時此測試封 包會被用戶端B的NAT阻擋,但同時用戶端A的NAT映射表會被更改而允許用戶端B的NAT對應位址/埠號可傳送資料給用戶端A,接著用戶端B亦送出測試封包給用戶端A的NAT對應位址/埠號,此時,用戶端B的NAT映射表會被更改而允許用戶端A的NAT對應位址/埠號可傳送資料給用戶端B。據此,雙向的NAT穿透連線可順利地被建立,當然儘管打孔(hole punching)方法可解決部分NAT穿透問題,然而在雙方NAT的類型分別為埠受限圓錐型NAT與對稱式NAT,或者雙方NAT的類型皆為對稱式NAT的例子中,如上所述由於對稱式NAT會根據不同的目的地端指派不同的NAT對應位址/埠號,因此打孔方法將無法被使用,以致使用者多以能完成連線為目的的TURN伺服器作為替代方案,不免增加了硬體設備與頻寬成本,且資料傳輸效能也會因此而受限。 Based on the above network protocol, some NAT penetration methods are proposed to enable a client located outside the NAT to penetrate the NAT to establish a connection with a client located inside the NAT, for example, hole punching proposed by RFC 5128. The method is to first build a rendezvous server (Rendezvous Server) under the public domain, and all the clients under the NAT establish a control message connection with the server in advance. For example, when client A wants to establish a direct NAT connection with client B, client A will first send a request to establish a connection message to the rendezvous server, and the rendezvous server will receive the request to establish a connection. After the message, the rendezvous server will transmit the NAT corresponding address/apostrophe of the client B to the client A, and transmit the NAT corresponding address/apostrophe of the client A to the client B, when the client A receives When the address information of the client B is sent, the client A sends a test packet to the NAT corresponding address/apostrophe of the client B, and the test is sealed at this time. The packet will be blocked by the NAT of the client B, but at the same time, the NAT mapping table of the client A will be changed to allow the NAT corresponding address/an nickname of the client B to transmit the data to the client A, and then the client B also sends the test. The packet is given to the NAT corresponding address/an apostrophe of the client A. At this time, the NAT mapping table of the client B is changed, and the NAT corresponding address/an nickname of the client A is allowed to transmit the data to the client B. According to this, the two-way NAT penetration connection can be successfully established. Of course, although the hole punching method can solve part of the NAT penetration problem, the types of NAT in both sides are 埠 restricted cone NAT and symmetric. In the example of NAT, or the type of NAT of both parties being symmetric NAT, as described above, since the symmetric NAT assigns different NAT corresponding addresses/apostrophes according to different destinations, the punching method cannot be used. As a result, users can use the TURN server as an alternative to complete the connection, which inevitably increases the hardware and bandwidth cost, and the data transmission performance is limited.

故,如何能在無法直接利用P2P點對點網際網路技術直接連線下,以降低硬體、頻寬資源的成本消耗為前提,建立最接近P2P連線效益的最佳替代連線方式,係為許多網路服務業者刻正努力研發並亟欲達成的一重要目標。 Therefore, how to directly use P2P peer-to-peer Internet technology to directly connect to reduce the cost of hardware and bandwidth resources, and establish the best alternative connection method for P2P connection efficiency. Many Internet service providers are working hard to develop and pursue an important goal.

本發明所欲解決的問題係提供一種解決網路位址轉譯器(network address translation,NAT)之連線限制,建立最接近點對點網際網路技術(peer-to-peer,P2P)連線效益之最佳替代連線技術的網路連線系統及其方法。 The problem to be solved by the present invention is to provide a solution to the network address translation (NAT) connection limitation and establish the closest peer-to-peer (P2P) connection efficiency. The best alternative connection technology for network connection systems and methods.

為解決上述系統問題,本發明係揭露一種解決網路位址轉譯器(network address translation,NAT)之連線限制的 網路連線系統,其包括一位於公眾網域的NAT使用者資料包協定簡單穿透(Simple Traversal of User Datagram Protocol over NAT,STUN)伺服器及數個私有網域,各該私有網域係包括有一網路裝置及與該網路裝置電性連結之一網路位址轉譯器,各該網路位址轉譯器係與該STUN伺服器電性連結,使各該網路裝置與網路裝置之間係藉由該STUN伺服器而利用點對點網際網路技術直接建立連線,或者藉由該STUN伺服器透過第三方私有網域的網路裝置而間接建立類點對點網際網路技術連線機制,其中該第三方私有網域之網路裝置係可分別與第一方私有網域的網路裝置及第二方私有網域的網路裝置利用點對點網際網路技術直接建立連線。 In order to solve the above system problem, the present invention discloses a solution for limiting the connection of a network address translation (NAT). The network connection system includes a Simple Traversal of User Datagram Protocol over NAT (STUN) server and a plurality of private domains, each of which is located in a public domain. The device includes a network device and a network address translator electrically connected to the network device, wherein the network address translator is electrically connected to the STUN server, so that the network device and the network The connection between the devices is directly established by the STUN server using the peer-to-peer Internet technology, or the STUN server is indirectly established through the network device of the third-party private domain to establish a peer-to-peer Internet connection. The mechanism, wherein the network device of the third-party private domain can directly establish a connection with the network device of the first-party private domain and the network device of the second-party private domain by using a peer-to-peer Internet technology.

為解決上述方法問題,本發明係揭露一種適用前述系統之解決NAT之連線限制的網路連線方法,該方法係依循下列步驟:步驟1:各該網路裝置透過一網路位址轉譯器使用者資料包協定簡單穿透(Simple Traversal of User Datagram Protocol over NAT,STUN)伺服器查找各自的公眾網際網路位址;步驟2:判斷各該網路裝置與網路裝置之間是否能藉由該STUN伺服器利用點對點網際網路技術(peer-to-peer,P2P)直接建立連線,若是,則各該網路裝置與網路裝置之間進行資料傳輸,若否,則尋找可與第一方私有網域的網路裝置及第二方私有網域的網路裝置直接建立連線的第三方 私有網域的網路裝置;步驟3:第三方私有網域的網路裝置尋找成功後,則利用第三方私有網域的網路裝置透過STUN伺服器間接建立第一方私有網域的網路裝置與第二方私有網域的網路裝置之間最接近P2P連線效益的類P2P連線機制,並進行資料傳輸。 In order to solve the above method problem, the present invention discloses a network connection method for solving the connection limitation of the NAT by using the foregoing system. The method follows the following steps: Step 1: Each network device is translated through a network address The Simple Traversal of User Datagram Protocol over NAT (STUN) server finds the respective public internet address; Step 2: Determine whether each network device and the network device can The STUN server directly establishes a connection using a peer-to-peer (P2P) technology. If so, data is transmitted between the network device and the network device. If not, the search is possible. a third party directly connected to the network device of the first party private domain and the network device of the second party private domain The network device of the private domain; Step 3: After the network device of the third-party private domain searches for success, the network device of the third-party private domain is used to indirectly establish the network of the first-party private domain through the STUN server. The P2P connection mechanism that is closest to the P2P connection benefit between the device and the network device of the second-party private domain, and performs data transmission.

更進一步的是,本發明所揭露的STUN伺服器係提供各該網路裝置之公眾網際網路協定位址與其網路位址轉譯器之型態,使各該網路位址轉譯器係為高連線限制型態的埠受限圓錐型(Port Restricted Cone)NAT,或者是低連線限制型態的受限圓錐型(Restricted Cone)NAT、完全圓錐型(Full Cone)NAT,其中,當第一方私有網域之網路位址轉譯器為高連線限制型態時,第二方私有網域之網路位址轉譯器則為低連線限制型態;此外,前述類點對點網際網路技術連線機制中,第三方私有網域之網路裝置係鄰近第一方私有網域之網路裝置或第二方私有網域之網路裝置。 Further, the STUN server disclosed in the present invention provides a public internet protocol address and a network address translator of each network device, so that each network address translator is High-restricted-type port Restricted Cone NAT, or restricted-constrained NAT (Constricted Cone) NAT, Full Cone NAT, where When the network address translator of the first-party private domain is a high-wire restricted type, the network address translator of the second-party private domain is a low-wire restricted type; in addition, the aforementioned peer-to-peer network In the network technology connection mechanism, the network device of the third-party private network domain is a network device adjacent to the network device of the first-party private network domain or the second-party private network domain.

本發明之特點係在於本發明除了可將各該私有網域與私有網域中的網路裝置之間藉由該STUN伺服器而利用點對點網際網路技術直接建立連線,藉以提高網路資源的傳輸速度之外,對於未能利用點對點網際網路技術直接建立連線的兩私有網域與私有網域中的網路裝置,則透過鄰近且可與前述兩私有網域與私有網域中的網路裝置直接建立P2P連線的第三方私有網域之網路裝置,以間接建立連線之方式,使得第一方私有網域之網路裝置與第二方私有網域之網路裝置以第三方 私有網域之網路裝置為媒介,因而建立最接近P2P連線效益之最佳替代連線技術的類P2P點對點網際網路技術連線機制;據此,所述第三方私有網域之網路裝置係扮演TURN(Traversal Using Relay NAT)伺服器之角色,令使用者不必為了達成連線目的而額外增加硬體設備,大幅解省成本,其中該TURN(Traversal Using Relay NAT)伺服器之運作模式係為網路技術領域具通常知識者所熟知,在此即不贅述。因此,使用者可在一網路攝影機、一網路電話、一網路磁碟機、一網路印表機或設有網路介面之電腦之間,建立P2P連線以及建立最接近P2P連線效益之最佳替代P2P連線技術的類P2P點對點網際網路技術連線機制。 The present invention is characterized in that the present invention can directly establish a connection between the private network domain and the network device in the private network domain by using the STUN server by using the peer-to-peer Internet technology, thereby improving network resources. In addition to the transmission speed, the two private domains and the private network domain devices that are directly connected by using peer-to-peer Internet technology are connected to the private network and the private domain. The network device directly establishes a network device of the third-party private domain of the P2P connection, indirectly establishing a connection manner, so that the network device of the first-party private domain and the network device of the second-party private domain Third party The network device of the private domain is the medium, thus establishing a P2P peer-to-peer Internet technology connection mechanism that is the best alternative connection technology to the P2P connection benefit; accordingly, the third-party private domain network The device plays the role of the TURN (Traversal Using Relay NAT) server, so that the user does not have to add additional hardware devices for the purpose of connection, which greatly saves the cost. The operation mode of the TURN (Traversal Using Relay NAT) server It is well known to those of ordinary skill in the field of network technology and will not be described here. Therefore, the user can establish a P2P connection and establish the closest P2P connection between a network camera, a network phone, a network disk drive, a network printer or a computer with a network interface. The best alternative to line efficiency is the P2P peer-to-peer Internet technology connection mechanism that replaces P2P connection technology.

A‧‧‧公眾網域 A‧‧‧public domain

B‧‧‧私有網域 B‧‧‧Private domain

C‧‧‧私有網域 C‧‧‧Private domain

D‧‧‧私有網域 D‧‧‧Private domain

B1‧‧‧網路裝置 B1‧‧‧ network device

B2‧‧‧網路位址轉譯器 B2‧‧‧Network Address Translator

C1‧‧‧網路裝置 C1‧‧‧ network device

C2‧‧‧網路位址轉譯器 C2‧‧‧Network Address Translator

D1‧‧‧網路裝置 D1‧‧‧ network device

D2‧‧‧網路位址轉譯器 D2‧‧‧Network Address Translator

X‧‧‧STUN伺服器 X‧‧‧STUN server

S1~S221‧‧‧步驟 S1~S221‧‧‧Steps

第1圖繪示本發明所述解決NAT之連線限制的網路連線系統示意圖(一);第2圖繪示本發明所述解決NAT之連線限制的網路連線系統示意圖(二);以及第3圖繪示本發明所述解決NAT之連線限制的網路連線方法流程示意圖。 1 is a schematic diagram of a network connection system for solving a connection limitation of a NAT according to the present invention; FIG. 2 is a schematic diagram of a network connection system for solving a connection limitation of a NAT according to the present invention (2) And FIG. 3 is a schematic flow chart of the network connection method for solving the connection limitation of the NAT according to the present invention.

首先,請參閱第1圖,第1圖繪示本發明所述P2P點對點網際網路技術系統示意圖;由第1圖可知,本發明所述解決NAT之連線限制的網路連線系統,其主要包括:一STUN伺服器X,其係設置於一公眾網域A中; 數個私有網域,第1圖中以三個私有網域舉例說明,分別私有網域B、私有網域C及私有網域D;其中,就以私有網域B來說明,該私有網域B係包括有一網路裝置B1及與該網路裝置B1電性連結之一網路位址轉譯器B2,該網路位址轉譯器B2係與該STUN伺服器X電性連結,同理,該私有網域C係包含有網路裝置C1及網路位址轉譯器C2,該私有網域D係包含有網路裝置D1及網路位址轉譯器D2,二者與該STUN伺服器X之連結關係如同私有網域B,特此不另贅述;據此,該網路位址轉譯器B2、該網路位址轉譯器C2及該網路位址轉譯器D2係分別向該STUN伺服器X傳遞測試訊號,使該STUN伺服器X分別提供該網路裝置B1、該網路裝置C1、及該網路裝置D1之公眾網際網路協定位址與其網路位址轉譯器之型態,使網路裝置B1、該網路裝置C1、及該網路裝置D1彼此能透過該STUN伺服器X建立連線,在不考慮該網路位址轉譯器B2、該網路位址轉譯器C2及該網路位址轉譯器D2為高連線限制或低連線限制之網路位址轉譯器(NAT)的條件下,該網路裝置B1、網路裝置C1及網路裝置D1之間係可藉由該STUN伺服器X而利用點對點網際網路技術(P2P)直接建立連線,以取得最高網路傳輸速度。 First, referring to FIG. 1 , FIG. 1 is a schematic diagram of a P2P point-to-point internet technology system according to the present invention; as can be seen from FIG. 1 , the network connection system for solving the connection limitation of NAT according to the present invention is Mainly includes: a STUN server X, which is set in a public domain A; Several private domains, in the first figure, three private domain examples are illustrated, respectively, private domain B, private domain C, and private domain D; wherein, private domain B is used to describe the private domain. The B system includes a network device B1 and a network address translator B2 electrically connected to the network device B1. The network address translator B2 is electrically connected to the STUN server X. The private domain C includes a network device C1 and a network address translator C2. The private network D includes a network device D1 and a network address translator D2, and the STUN server X. The connection relationship is like private domain B, and is not described here; accordingly, the network address translator B2, the network address translator C2, and the network address translator D2 are respectively directed to the STUN server. X passes the test signal, so that the STUN server X provides the type of the public network protocol address of the network device B1, the network device C1, and the network device D1, and the network address translator thereof, respectively. The network device B1, the network device C1, and the network device D1 can be connected to each other through the STUN server X, regardless of The network address translator B2, the network address translator C2, and the network address translator D2 are under the condition of a high-line limit or a low-wire limit network address translator (NAT). The network device B1, the network device C1, and the network device D1 can directly establish a connection by using the STUN server X using point-to-point internet technology (P2P) to obtain the highest network transmission speed.

續,請參閱第2圖並配合參閱第1圖,第2圖繪示本發明所述解決NAT之連線限制的網路連線系統示意圖(二);由第2圖可知,本發明所述解決NAT之連線限制的網路連線系統,若考慮該網路位址轉譯器B2、該網路位址轉譯器C2及該網路位址轉譯器D2為高連線限制或低連線限制型態的 條件下(第2圖中係以網路位址轉譯器B2為高連線限制型態的埠受限圓錐型(Port Restricted Cone)NAT,網路位址轉譯器D2為低連線限制型態的受限圓錐型(Restricted Cone)NAT或完全圓錐型(Full Cone)NAT),則有可能發生該網路裝置B1與該網路位置C1可P2P連線、該網路位置C1與該網路位置D1可P2P連線、以及該網路裝置B1與該網路裝置D1不能直接連線的情況,而為了讓該網路裝置B1與該網路裝置D1也能建立連線傳輸資料,此時可利用鄰近私有網域B之網路裝置B1且與該網路裝置B1可建立連線的網路裝置C1做為該網路裝置D1與該網路裝置B1間接連線的媒介,使得該網路裝置C1係扮演TURN(Traversal Using Relay NAT)伺服器之角色,藉以形成類點對點網際網路技術(P2P)(如L線所示),令使用者不必為了達成連線目的而額外增加硬體設備,大幅解省成本。 Continuing to refer to FIG. 2 and refer to FIG. 1 , FIG. 2 is a schematic diagram of a network connection system for solving the connection limitation of NAT according to the present invention. FIG. 2 is a schematic view of the present invention. The network connection system for resolving the connection limit of NAT, if the network address translator B2, the network address translator C2, and the network address translator D2 are considered to be high-connected or low-connected Restricted type Under the condition (in Figure 2, the network address translator B2 is a high-line restricted type of Port Restricted Cone NAT, and the network address translator D2 is a low-wire restricted type. Restricted Cone NAT or Full Cone NAT, it is possible that the network device B1 and the network location C1 can be P2P connected, the network location C1 and the network The location D1 can be connected to the P2P, and the network device B1 and the network device D1 cannot be directly connected. In order to allow the network device B1 and the network device D1 to establish connection and transmission data, The network device C1 that can be connected to the network device B1 of the private domain B and connected to the network device B1 can be used as a medium for indirectly connecting the network device D1 and the network device B1, so that the network The device C1 acts as a TURN (Traversal Using Relay NAT) server to form a peer-to-peer Internet technology (P2P) (as shown by the L line), so that the user does not have to add hardware for the purpose of connection. Equipment, significant cost savings.

前述網路裝置B1、網路裝置C1及網路裝置D1可分別為一網路攝影機、一網路電話、一網路磁碟機、一網路印表機或設有網路介面之電腦。 The network device B1, the network device C1 and the network device D1 can be a network camera, a network phone, a network disk drive, a network printer or a computer with a network interface.

末,請參閱第3圖並配合參閱第1圖及第2圖,第3圖繪示本發明所述解決NAT之連線限制的網路連線方法流程示意圖;由第3圖可知,本發明所述解決NAT之連線限制的網路連線方法,係依循下列步驟:步驟1(S1):各網路裝置透過STUN伺服器查找各自的公眾網際網路協定位址,並進行步驟2(S2);步驟2(S2):判斷各個網路裝置是否能透過STUN伺服器建立P2P連線;若是,則進行步驟21(S21),各該網路 裝置與網路裝置之間可進行資料傳輸,若否,則進行步驟22(S22),尋找可與第一方私有網域的網路裝置及第二方私有網域的網路裝置直接建立連線的第三方私有網域的網路裝置;步驟3:接續前述步驟22(S22),當第三方私有網域的網路裝置尋找成功後,則進入步驟221(S221),利用第三方私有網域的網路裝置透過STUN伺服器間接建立第一方私有網域的網路裝置與第二方私有網域的網路裝置之間最接近P2P連線效益的類P2P連線機制,最後進入步驟222(S222),進行資料傳輸。 Finally, please refer to FIG. 3 and refer to FIG. 1 and FIG. 2 . FIG. 3 is a schematic flow chart of a network connection method for solving the connection limitation of NAT according to the present invention. FIG. 3 shows the present invention. The network connection method for resolving the connection limitation of the NAT follows the following steps: Step 1 (S1): Each network device searches for the respective public internet protocol address through the STUN server, and performs step 2 ( S2); Step 2 (S2): determine whether each network device can establish a P2P connection through the STUN server; if yes, proceed to step 21 (S21), each of the networks Data transmission can be performed between the device and the network device. If not, proceed to step 22 (S22) to find a direct connection with the network device of the first party private domain and the network device of the second party private domain. The network device of the third-party private domain of the line; Step 3: following the foregoing step 22 (S22), when the network device of the third-party private domain searches for success, the process proceeds to step 221 (S221), and the third-party private network is utilized. The network device of the domain indirectly establishes a P2P connection mechanism that is closest to the P2P connection benefit between the network device of the first party private domain and the network device of the second party private domain through the STUN server, and finally enters the step. 222 (S222), performing data transmission.

因此,本發明只要配設有網路的硬體設備,皆可利用本發明建立P2P連線以及建立最接近P2P連線效益之最佳替代P2P連線技術的類P2P點對點網際網路技術連線機制,使未能建立P2P連線的兩網路裝置,以第三方網路裝置為媒介,取代額外TURN(Traversal Using Relay NAT)伺服器之架設,達到節省硬體成本之效益,且能快速傳送資料之目的。 Therefore, the present invention can be used as a hardware device equipped with a network, and can use the present invention to establish a P2P connection and establish a P2P peer-to-peer Internet technology connection that is the best alternative to the P2P connection technology. The mechanism enables the two network devices that fail to establish a P2P connection to use the third-party network device as a medium to replace the TURN (Traversal Using Relay NAT) server, which saves hardware cost and can be quickly transmitted. The purpose of the information.

綜上所述,乃僅記載本發明為呈現解決問題所採用的技術手段之實施方式或實施例而已,並非用來限定本發明專利實施之範圍。即凡與本發明專利申請範圍文義相符,或依本發明專利範圍所做的均等變化與修飾,皆為本發明專利範圍所涵蓋。 In the above, it is merely described that the present invention is an embodiment or an embodiment of the technical means for solving the problem, and is not intended to limit the scope of implementation of the present invention. That is, the equivalent changes and modifications made in accordance with the scope of the patent application of the present invention or the scope of the invention are covered by the scope of the invention.

B‧‧‧私有網域 B‧‧‧Private domain

B1‧‧‧網路裝置 B1‧‧‧ network device

B2‧‧‧網路位址轉譯器 B2‧‧‧Network Address Translator

C1‧‧‧網路裝置 C1‧‧‧ network device

C2‧‧‧網路位址轉譯器 C2‧‧‧Network Address Translator

D1‧‧‧網路裝置 D1‧‧‧ network device

D2‧‧‧網路位址轉譯器 D2‧‧‧Network Address Translator

Claims (14)

一種解決網路位址轉譯器(network address translation,NAT)之連線限制的網路連線系統,其包括:一位於公眾網域之網路位址轉譯器使用者資料包協定簡單穿透(Simple Traversal of User Datagram Protocol over NAT,STUN)伺服器;及數個私有網域,各該私有網域係包括有一網路裝置及與該網路裝置電性連結之一網路位址轉譯器,各該網路位址轉譯器係與該STUN伺服器電性連結,使各該網路裝置與網路裝置之間係藉由該STUN伺服器而利用點對點網際網路技術(peer-to-peer,P2P)直接建立連線,或者藉由該STUN伺服器透過第三方私有網域的網路裝置而間接建立類點對點網際網路技術連線機制,其中該第三方私有網域之網路裝置係可分別與第一方私有網域的網路裝置及第二方私有網域的網路裝置利用P2P直接建立連線。 A network connection system for solving the connection restriction of a network address translation (NAT), comprising: a network address translator user data package protocol in a public domain a simple Traversal of User Datagram Protocol over NAT (STUN) server; and a plurality of private domains, each of the private domain includes a network device and a network address translator electrically connected to the network device. Each of the network address translators is electrically coupled to the STUN server, so that the network device and the network device utilize peer-to-peer technology (peer-to-peer) by the STUN server. , P2P) directly establishes a connection, or indirectly establishes a peer-to-peer Internet technology connection mechanism by using the STUN server through a network device of a third-party private domain, wherein the network device of the third-party private domain The connection between the network device of the first party private domain and the network device of the second party private domain may be directly established by using P2P. 如請求項1所述之解決網路位址轉譯器之連線限制的網路連線系統,所述第三方私有網域之網路裝置,其對應的網路位址轉譯器係做為使用轉傳NAT穿透(Traversal Using Relay NAT,TURN)伺服器使用。 The network connection system for resolving the connection restriction of the network address translator according to claim 1, wherein the network device of the third-party private domain is used as a corresponding network address translator Transit NAT (Tursal Using Relay NAT, TURN) server. 如請求項1所述之解決網路位址轉譯器之連線限制的網路連線系統,該STUN伺服器係提供各該網路裝置之公眾網際網路協定位址與其網路位址轉譯器之型態。 The network connection system for resolving the connection restriction of the network address translator according to claim 1, wherein the STUN server provides the public internet protocol address and network address translation of each network device. Type of device. 如請求項3所述解決網路位址轉譯器之連線限制的網路連線系統,其中各該網路位址轉譯器係為埠受限圓錐型(Port Restricted Cone)NAT、完全圓錐型(Full Cone)NAT或受限圓錐型(Restricted Cone)NAT型態的網路位址轉譯器。 The network connection system for resolving the connection restriction of the network address translator as claimed in claim 3, wherein each of the network address translators is a restricted cone type (Port) Restricted Cone) NAT, Full Cone NAT or Restricted Cone NAT type network address translator. 如請求項1所述之解決網路位址轉譯器之連線限制的網路連線系統,所述類點對點網際網路技術連線機制中,第一方私有網域或第二方私有網域之網路位址轉譯器係為高連線限制之埠受限圓錐型(Port Restricted Cone)NAT型態,或者係為低連線限制的完全圓錐型(Full Cone)NAT或受限圓錐型(Restricted Cone)NAT型態;若第一方私有網域之網路位址轉譯器為高連線限制型態時,第二方私有網域之網路位址轉譯器則為低連線限制型態。 The network connection system for solving the connection restriction of the network address translator according to claim 1, wherein the first-party private network or the second-party private network is in the point-to-point internet technology connection mechanism. The network address translator of the domain is a Port Restricted Cone NAT type with a high connection limit, or a Full Cone NAT or a restricted cone type with a low connection limit. (Restricted Cone) NAT type; if the network address translator of the first party private domain is a high-wire limit type, the network address translator of the second-party private domain is a low-line limit Type. 如請求項5所述之解決網路位址轉譯器之連線限制的網路連線系統,所述類點對點網際網路技術連線機制中,第三方私有網域之網路裝置係鄰近第一方私有網域之網路裝置或第二方私有網域之網路裝置。 The network connection system for solving the connection restriction of the network address translator according to claim 5, wherein the network device of the third-party private network is adjacent to the network connection mechanism of the point-to-point Internet technology A network device of a private domain of one party or a network device of a private domain of a second party. 如請求項1或2或3或4或5或6所述之解決網路位址轉譯器之連線限制的網路連線系統,其中各該網路裝置係一網路攝影機、一網路電話、一網路磁碟機、一網路印表機或設有網路介面之電腦。 The network connection system for solving the connection limitation of the network address translator according to claim 1 or 2 or 3 or 4 or 5 or 6, wherein each of the network devices is a network camera and a network Telephone, a network drive, a network printer or a computer with a web interface. 一種解決網路位址轉譯器(network address translation,NAT)之連線限制的網路連線方法,係用以將數個私有網域之間彼此建立連線,各該私有網域係包括有一網路裝置及與該網路裝置電性連結之一網路位址轉譯器,而該方法係依循下列步驟:各該網路裝置透過一網路位址轉譯器使用者資料包協 定簡單穿透(Simple Traversal of User Datagram Protocol over NAT,STUN)伺服器查找各自的公眾網際網路位址;判斷各該網路裝置與網路裝置之間是否能藉由該STUN伺服器利用點對點網際網路技術(peer-to-peer,P2P)直接建立連線,若是,則各該網路裝置與網路裝置之間進行資料傳輸,若否,則尋找可與第一方私有網域的網路裝置及第二方私有網域的網路裝置直接建立連線的第三方私有網域的網路裝置;及第三方私有網域的網路裝置尋找成功後,則利用第三方私有網域的網路裝置透過STUN伺服器間接建立第一方私有網域的網路裝置與第二方私有網域的網路裝置之間最接近P2P連線效益的類P2P連線機制,並進行資料傳輸。 A network connection method for solving the connection restriction of a network address translation (NAT) is used to establish a connection between a plurality of private network domains, each of which includes a private network domain a network device and a network address translator electrically coupled to the network device, and the method follows the following steps: each of the network devices transmits a user data package through a network address translator The Simple Traversal of User Datagram Protocol over NAT (STUN) server finds the respective public internet address; determines whether the network device and the network device can use the point-to-point with the STUN server. Internet-based technology (peer-to-peer, P2P) directly establishes a connection, and if so, data transmission between the network device and the network device, and if not, searches for a private domain with the first party The network device of the network device and the private network of the second party directly establishes a network device of the third-party private domain connected to the third party; and after the network device of the third-party private domain searches for success, the third-party private domain is utilized. The network device indirectly establishes a P2P connection mechanism that is closest to the P2P connection benefit between the network device of the first party private domain and the network device of the second party private domain through the STUN server, and performs data transmission. . 如請求項8所述之解決網路位址轉譯器之連線限制的網路連線方法,所述第三方私有網域之網路裝置,其對應的網路位址轉譯器係做為使用轉傳NAT穿透(Traversal Using Relay NAT,TURN)伺服器使用。 The network connection method for resolving the connection restriction of the network address translator according to claim 8, wherein the network device of the third-party private domain is used as a corresponding network address translator Transit NAT (Tursal Using Relay NAT, TURN) server. 如請求項9所述解決網路位址轉譯器之連線限制的網路連線方法,該STUN伺服器係提供各該網路裝置之網路位址轉譯器型態。 The network connection method for resolving the connection restriction of the network address translator as set forth in claim 9, wherein the STUN server provides a network address translator type of each of the network devices. 如請求項10所述之解決網路位址轉譯器之連線限制的網路連線方法,其中各該網路位址轉譯器係為埠受限圓錐型(Port Restricted Cone)NAT、完全圓錐型(Full Cone)NAT或受限圓錐型(Restricted Cone)NAT型態的網路位址轉譯器。 The network connection method for resolving the connection limitation of the network address translator according to claim 10, wherein each of the network address translators is a Port Restricted Cone NAT, a complete cone Network address translator for Full Cone NAT or Restricted Cone NAT type. 如請求項11所述之解決網路位址轉譯器之連線限制的網路 連線方法,所述類點對點網際網路技術連線機制中,第一方私有網域或第二方私有網域之網路位址轉譯器係為高連線限制之埠受限圓錐型(Port Restricted Cone)NAT型態,或者係為低連線限制的完全圓錐型(Full Cone)NAT型態或受限圓錐型(Restricted Cone)NAT;若第一方私有網域之網路位址轉譯器為高連線限制型態時,第二方私有網域之網路位址轉譯器則為低連線限制型態。 A network for addressing the connection limit of a network address translator as described in claim 11 The connection method, in the point-to-point internet technology connection mechanism, the network address translator of the first party private domain or the second party private domain is a limited conic type with high connection limit ( Port Restricted Cone) NAT type, or Full Cone NAT type or Restricted Cone NAT with low connection limit; if the first party private domain network address translation When the device is in the high-wire limit mode, the network address translator of the second-party private domain is a low-wire limit type. 如請求項12所述之解決網路位址轉譯器之連線限制的網路連線方法,所述類點對點網際網路技術連線機制中,第三方私有網域之網路裝置係鄰近第一方私有網域之網路裝置或第二方私有網域之網路裝置。 The network connection method for solving the connection limitation of the network address translator according to claim 12, wherein the network device of the third-party private network is adjacent to the network connection mechanism of the peer-to-peer network. A network device of a private domain of one party or a network device of a private domain of a second party. 如請求項8或9或10或11或12或13所述之解決網路位址轉譯器之連線限制的網路連線方法,其中各該網路裝置係一網路攝影機、一網路電話、一網路磁碟機、一網路印表機或設有網路介面之電腦。 The network connection method for solving the connection limitation of the network address translator according to claim 8 or 9 or 10 or 11 or 12 or 13, wherein each of the network devices is a network camera and a network Telephone, a network drive, a network printer or a computer with a web interface.
TW103137815A 2014-10-31 2014-10-31 Network connection system for solving connection limitations of network address translation and method thereof TW201616844A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103137815A TW201616844A (en) 2014-10-31 2014-10-31 Network connection system for solving connection limitations of network address translation and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103137815A TW201616844A (en) 2014-10-31 2014-10-31 Network connection system for solving connection limitations of network address translation and method thereof

Publications (2)

Publication Number Publication Date
TW201616844A true TW201616844A (en) 2016-05-01
TWI561043B TWI561043B (en) 2016-12-01

Family

ID=56508708

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103137815A TW201616844A (en) 2014-10-31 2014-10-31 Network connection system for solving connection limitations of network address translation and method thereof

Country Status (1)

Country Link
TW (1) TW201616844A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063921A (en) * 2017-12-26 2018-05-22 天津天地人和企业管理咨询有限公司 A kind of optimization application process of embedded network monitoring equipment in P2P

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355490B (en) * 2007-07-25 2012-05-23 华为技术有限公司 Method, system and node equipment for routing information
WO2012092670A1 (en) * 2011-01-06 2012-07-12 Research In Motion Limited System and method for enabling a peer-to-peer (p2p) connection

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063921A (en) * 2017-12-26 2018-05-22 天津天地人和企业管理咨询有限公司 A kind of optimization application process of embedded network monitoring equipment in P2P

Also Published As

Publication number Publication date
TWI561043B (en) 2016-12-01

Similar Documents

Publication Publication Date Title
CN110301126B (en) Conference server
US7684397B2 (en) Symmetric network address translation system using STUN technique and method for implementing the same
US8082324B2 (en) Method of establishing a tunnel between network terminal devices passing through firewall
JP5185435B2 (en) NAT traversal method based on combining UPnP and STUN
TWI434595B (en) Connection establishing management methods for use in a network system and systems thereof
US8611354B2 (en) Method and apparatus for relaying packets
US20130308628A1 (en) Nat traversal for voip
CN105376299B (en) Network communication method, equipment and network attached storage equipment
US9699237B2 (en) Managed media relay selection for real-time communications
TWI484804B (en) Data management methods for use in a network system and systems thereof
TW201002018A (en) Method for predicting port number of NAT apparatus based on two STUN server inquiry results
US10110711B2 (en) Split network address translation
Tseng et al. Can: A context-aware NAT traversal scheme
US20050100047A1 (en) Method of reducing media relay of a network address translation apparatus
EP2234365A1 (en) Method and system for distributing the local transport address and media gateway and media gateway controller
TW201616844A (en) Network connection system for solving connection limitations of network address translation and method thereof
US9369523B2 (en) Method for exchanging network messages in distributed manner
TWI559719B (en) Point-to-point connection through the symmetric network address translation of the network communication system
KR101082851B1 (en) System and method for p2p connection based on udp
Wang et al. A P2P-Grid Model for Traversing NAT in SIP Communication
KR20030050905A (en) Home Network Communication Method using Network Address Translation
TW201210287A (en) Network Address Translation device and communication method

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees