TWI260880B - Peer-to-Peer communication method capable of penetrating fire wall - Google Patents

Abstract

The present invention provides a peer-to-peer (P2P) communication method capable of penetrating fire wall. This communication protocol is applicable on internet, and comprises: a login/alive session; a port predictive session; a time-synchronized session; and a media alive session; in which the login/alive session, the port predictive session, and the time-synchronized session are assisted by a location server of a real IP network to perform virtual peer to virtual peer direct communication. The media alive session performs direct data packet exchange between two virtual IP network points, completely without the need of the assistance through a proxy server. Therefore, a large amount of data can be directly exchanged between two virtual points over a long period of time.

Description

, 1260880 V. INSTRUCTION DESCRIPTION (1) A technical field of the invention belongs to the present invention relates to a communication method for directly transmitting a packet on the Internet, in particular to a traversable firewall and between virtual networks Point-to-point (Peer t〇Peer, p2p) direct communication method. [Prior Art] With the network bottleneck (Client-Server) to Peer, P2P), the major bottleneck of communication under the wall or virtual IP environment can not effectively solve the problem of preventing the Internet from being blocked by the Internet. A user located in the firewall will not receive the request from the proxy server (but at the two ends of the media connection, because the data server is not a private and illegal address; At present, the development of virtual development and fixed network has gradually turned the traditional master-slave network connection architecture to peer-to-peer (Peer architecture), but because a large number of users are located in the fire, the firewall and virtual IP environment become peer-to-peer in the past two The VoIP protocol Η·32 3 and the direct communication between the SIP firewall and the virtual IP. In the communication protocol, the network address translation (NAT) fire-proof packet 'that is, the outside world cannot directly transmit the user's assumptions' To use the SIP protocol to make a network call to the firewall 'the user inside the firewall' causes the entire program to fail; and the Sip protocol can be passed to the Proxy Server. The establishment of the SIp command or message, (Media Session) and the amount of voice packets and the required bandwidth are quite large, so a good solution through proxy. Plus the virtual IP address URL 'real IP address can not be actively connected Line virtual J p The way to communicate between IP addresses is to use a proxy

IEH, 1260880

V. Description of the invention (2) The server (Proxy Server) is used to transmit the shortcomings of the seals and restrictions; the other way is to combine the #2's in this way but there is bandwidth and add some software to handle, but this; The server and the NAT router do not provide a plug-in proxy server. These two plug-in and sometimes NAT routing address problems, but can not be applied to the virtual copper ^ can solve the virtual IP message. The point-to-point between the virtual networks is directly related to the patents published on July 1, 1993. The patents are published on the basis of the patents, and the two companies are used to solve the above problems. 1 2 1 0 1 proposed "virtual network,: 7: Ji Yun's search for the spears agreement I, has been pin # #诚诚ϋ! broadcast. General procedures, test NAT procedures and data directly interoperate with aW system firewall and The problem brought by virtual IP. The product is one, the private order to solve the more rigorous fire prevention, such as Pcclln (core = 35: ίο! / '. Successful implementation, =f T field, the market share of zyxel-like products is very high, and because of the network virus raging in the past year, many software firewalls have been adopted, and even built-in software firewalls on W^dow-XP These factors make the success rate of the previous case specific implementation limited. In view of this, the present invention is directed to the above problem, and proposes a point-to-point communication method that can traverse a firewall. [Summary] The main purpose of the invention is to provide The point that can pass through the firewall, the I, the method, the virtual network Direct interaction between point to point packet

1260880 V. INSTRUCTIONS (3) Passing, and then achieving the communication sound of communication. The point communication method of the present invention, the network telecommunications bureau and the like, the four programs, the time synchronization sequence, the communication pre-network positioning service By having the media connected to the firewall or not having to communicate directly through the communication, it is easy to understand the effect. The user has an instant, direct and traversable audio and video package. M p square, μ u+ can be widely used in the field of network n 0 point pair. ~ 彳冢 phone and reveal the communication protocol is implemented on the Internet 'different · · · login six tables green β ^ its system ^ ^ ugly eight / connection order, communication 埠 prediction furnace private order and media connection procedures, which The login and test program and the time synchronization program need to be assisted by the real-time network server and detect the NAT router parameter program. The program is executed by the host side of the two t'NATs. With the assistance of the data packet mutual rain agent (P r ο X y) server, you can go to 丄, . g is coming to the point

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT With the accompanying drawings, the purpose, technical content, features and achievements of the invention are achieved.

I [Embodiment] The first figure is a sound diagram of the present invention for communicating on a virtual network point-to-point. As shown in the figure, the first virtual network 10 and the second virtual network 1 2 belong to different virtual networks. The first network address translation (NAT) road 77 14 is the first virtual network 1 and the real public network (Publ ic network) 16 conversion communication bridge 'second ΝΑ T router 1 $ is the first

, 1260880 V. Description of the invention (4) A communication bridge between the virtual network 丨2 and the public network ,6, and the host interfaces A and B of the first virtual network 10 and the second virtual network 12 Two-point packets can be directly transmitted to each other via the public network 16. This communication method can be widely used in the fields of Internet telephony, video telephony, point-to-point communication systems, and network telecom offices. Please refer to the first figure, the first virtual IP, as shown in point A / hereinafter referred to as A) represents the communication point located in the first virtual network 1 ,, the first virtual IP, as shown in the figure The point B shown (hereinafter referred to as b) represents a communication point located in the second virtual network 12, and the first NAT router 丨4 and the second NAT router 18 are respectively the first virtual network 1 0 A router that communicates with the external public network 16 with the second virtual network 12, a location server (Location Server) 20 is located in the public network 丨6, and is a feed for assisting the establishment of communication between the two points A and B. Server. The direct interaction between the A in the first virtual network and the B in the second virtual voice channel is subject to multiple steps, which are divided into: login/connection procedure, communication/prediction program, time synchronization. The program and the media connection program are four parts, and the steps shown in the first figure are used to explain the steps of the present invention in detail. First, the login/connection procedure (L〇gin/Alive Session): Since the A and B systems are protected by a firewall or NAT, a transmission control protocol (Transmissi〇n Control Protocol) must first be established through the fixed-bit server 20. TCP) connection, please refer to step 1 to step 2 of the first figure for details. w Step 1 · Host A uses TCP to establish and maintain connection to the positioning server 2

1260880 Five-line step line Description of invention (5) Steps must be closed. Terminal B uses Tcp to establish and maintain connection to the positioning server 20. / 1 n ; _ must be limited to the connection time of σ and 18 at intervals. Therefore, the TCP connection is called the connection and the second is updated to keep the connection. The suspension of this connection is updated with an update. , 1 ί (AliVe Timeout Length, ATL). Time, and indeed test the idle/off ATL value of the NAT router (firewall), and P maintains the connection value. This update algorithm automatically estimates the test period i f eight initial # initial value is set to 5 minutes, this setting will be in each state. Here, the value is incremented or decremented until it reaches a stable ATL time, to obtain the most ideal ATL value' and can be updated every time and bandwidth. In this login/wiring procedure, reliable I ϋ is a major issue, so the TCP connection is better than the User - User Datagram Protocol (UDP) connection. Port pre(jictive Session): s In this program, the location server receives a request from a client, and f some services to the client. First, the location server will reply to it. Know the IP address and communication port number packet, and allow the parent user located in the virtual network to transmit information through the location server, and only the communication port number = IP address will be transmitted between the users, so that the virtual network is located The client I in the client transmits the TCp connection through the TCp connection established by the login/connection procedure. #Please refer to the communication 埠 prediction program shown in steps 3 to 2 of the first figure.

1260880

V. INSTRUCTIONS (6) Step 3: The host A sends a test packet to the positioning server 20 using UDP. The positioning feeder 20 obtains the source ip address and the signal parameter (IPA, X) from the test packet and returns it to the host terminal a. ==5. The host side a sends another set of test packets to the positioning server 20 again using UDP. Step 6: Position the server 2 to retrieve the source ι address and the communication 埠 parameter (IPA, x + dx) from the test packet to the host A. Step 7: The host side 8 transmits the address and communication parameters (IPA, x, dx) to the location server 2 through the Tcp connection established in step 1. Step 8: The positioning server 2 transmits these parameters (ΙρΑ, χ, dx) to the host terminal b through the TCP connection established in step 2. Step 9 · Host B sends a set of test packets to the location server 20 using UDP. Step 1 0: The positioning server 2 obtains the source I p address and the communication parameter (IPA, y) from the test packet and returns it to the host b. Step 1 1 · Host B sends another set of test packets to the location server 20 using UDP. Step 1 2: The positioning server 2 returns the source I p address and the communication parameter (IPA, y + dy) from the test packet to the host B again. Time-Synchronized Session: This time synchronization program is used to overcome the behavior of the Internet Control Massage Protocol (ICMP) packet activity within the NAT. Two virtual clients located in two different NAT routers must be in the first

Page 10 1260880 V. INSTRUCTIONS (7) The day-to-day spoofing synchronously transmits the outbound session, so the two virtual clients are synchronized using this time synchronization program. For details, refer to the time synchronization procedure shown in step 至3 to step 丨8 of the first figure. In the first figure, the interval between step 13 and step 16 is a packet traveling between the two virtual users. The round trip time, which is a value T that can be easily estimated at the host B of the virtual user; and the time interval between step =) 7 to step 为 8 is unknown, but it can be predicted to be back and forth. Traveling half the time of the trip, therefore, the host side of the virtual user is delayed by 〇·5Τ after step 17 to synchronize with the host a, and the outgoing program is transmitted in the subsequent step 2〇. Step 1 3: The host B transmits the address and communication parameters (IPB, y, dy) to the location server 20 through the TCP connection established in step 2. Step 14: The positioning server 20 transmits these parameters (IPB, y, dy) to the host terminal a through the TCP connection established by the 郸1. Step 1 5: The host A transmits the acknowledge packet - (acknowledge packet) to the location server 20 through the TCP connection established in step 2. Step 1 6: The positioning server 20 transmits the acknowledgement packet to the host B through the τ C P connection established in step 1. Step 1 7: The host B transmits the re-acknowledge packet to the positioning server through the τ C P connection established in step 2. Step 1 8: Locating the server 2 0 - transmitting the reconfirmed packet to the host A through the Tcp connection established in step 1. For a detailed description of each packet of the point-to-point communication method of the present invention, please refer to the second figure shown in the second figure. UDP packet utilization (SA, sp)

Page 11 1260880 V. Invention Description (8) "Data" (DA, DP) describes each packet, where SA, SP, "Data", DA, DP represent the source ip bit of the UDI^ packet, respectively. Address, source number, transmission data, destination number, and destination IP address. In the communication 埠 prediction program, the equation is used to calculate the communication 埠, where, in the 11th + 1th prediction communication number, is the nth true & In the above step 3, the new UDP packet is transmitted to the positioning server 20, and the destination IP address and the communication port number are (〗 〖p 3,6 〇〇〇), and the IP address and communication are transmitted. The number is ( (IPA, spai), and the data is transmitted. 7. “TEST” stands for a service request. The positioning server 2 replies with a source IP address and a communication port number (I p 1,X) to the terminal A, and repeats steps 3 and 4 until the NAT router i 4 is obtained. The allocation rule of the source number of 1 8 is as follows. From step 3 to step 6, the juice is located in the first NAT router 1 4 current source 进 and advanced source again ' (y, dy) value can be calculated in steps 9 to 12, the value is used At the current source 埠 number of the second NAT router 18, the dy value is the advanced source size of the second NAT router 18. 4. Media connection procedure: In the media connection procedure, steps 丨9 to 21 shown in the first diagram and the second diagram are used to traverse the NAT/firewall to achieve the relationship between the two virtual clients. Point-to-point direct communication. The format of the UDP packet is to describe each packet by means of (SA, sp) Data (DA, DP), and 'sa, SP, " Data', DA, DP respectively represent the source Ip address of the UDP packet, Source number, transmission data, destination number and destination IP address.

Page 12 1260880 V. Invention Description (9) Refer to the first and second diagrams. The detailed steps of this media connection procedure are as follows: Step 19-a: Host A establishes a new port and transmits A corresponding UDP packet is sent to the second router 18. The UDP packet format is u DP [IPA, 30&3, 〇87 &,1?2, 丫+ 2(17], and the value of 30&3 is the host side. The source number is automatically assigned to the packet. Step 1 9 - b: The source IP address IPA of the packet and the source port number spa 3 are modified by the first router 1 4 to change the packet format to u DP [ I P1, X + 2 d X, Data, IP2, y + 2dy], and then transmitted to the second router 18, the source of this packet is unknown, but can be expected to have a value of x + 2dx. Step 19-c: due to step 19 And step 20 must be synchronized, such a UDP packet with the format UDP [IP1, x + 2dx, Data, IP2, y + 2dy] can traverse the second router 1 of the NAT/firewall; in addition, the packet can be corrected Format UDP[IP1, x + 2dx, Data, IPB, spb3] and transfer it to host B, so that the host can play between B The direct communication is established. Step 20-a: After the delay time of 〇·5T after step 18, the host b establishes a new port and transmits a corresponding UDP packet to the first router 14'. The UDP packet format is UDp[IpB, spb3, Data, IP1, x + 2dx ]' and the spa3 value is the source number that the host side b automatically assigns to the packet. Step, 20-b: The source IP address of the packet IpB and the source number叩... is modified by the second router 18 to change its packet format to UDP[IP2, y + 2dy, Data: IP1, x + 2dx], and then to the first router 14, the source number of the packet is unknown. However, it is expected to have a y + 2dy value. Step 20-c: Since steps 19 and 2 do not need to occur synchronously, the second router

Page 13 1260880 V. Invention Description Go) 18 will open, so that the format UDP[IP1, x + 2dx, Data, IP2, y + 2dy] established in step 19 is encapsulated; the destination 埠 number value of step 20 is expected to be y + 2, so that the UDP packet with [jDpfjpL y + 2dy, Data, IP1, x + 2dxj format I can also traverse the first router 14 of the NAT/firewall. Step 2: If the host side b successfully receives the UDP packet created in step 19. The format is UDP[IP1, x + 2dx, Data, IPB, spb3], and the format UDP[IPB, spb3 The packet of Data, IP1, x + 2dx] will be passed back to the first router 14.

Step 2 b: The response data will be corrected by the second router ι8 to have UDP

[IP2, y + 2dy, Data, IP1, x + 2dx] format UDP packet, and backhaul | to the first router 1 4. Step 2: c: This UDP packet will traverse the first router i 4, in addition, the packet format will be corrected to UDP [IP2, y + 2dy, Data, IPA, spa3], I 舆 back to host B, In order to achieve direct communication between the host end B. Therefore, in the media connection program, the user can directly address the information (4) Ϊ Ϊ ί 3 3 will directly traverse the MT firewall, and the Internet traffic 1 can be effectively dispersed. According to the present invention, the method of communication is not only ^ ^ Γ ^ ^ rr , I communication method, which is not only the point-to-point of the wall

On page 14 of the interactive communication, the sound/view image is “passed through the firewall and the function of the k _ _ % ί ί ί ί ί , 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可 亦可丨To solve the existing Internet telephony standard helmet, soil, total ^ #上贝Α Τ to solve / show I ', drought..., to apply to the virtual network environment 1260880 V. Invention description (π) The embodiment is only for explaining the technical idea and the features of the present invention, and the purpose of the present invention is to enable those skilled in the art to understand the contents of the present invention and to implement the invention, and the scope of the patent of the present invention cannot be limited thereto. Equivalent variations or modifications made by the spirit of the invention should still be included within the scope of the invention.

Page 15 1260880 Simple description of the diagram [Simple description of the diagram] The first diagram is a schematic diagram of the direct interconnection between the virtual network and the point-to-point in the virtual network. The second figure is a schematic diagram of detailed packet transmission of the present invention for direct inter-point communication between virtual networks. [Main component symbol description] 10 First virtual network 12 Second virtual network 14 First NAT router 16 Real Internet 18 Second NAT router 20 Location server

Page 16

Claims (1)

1260880 VI. Patent Application Scope 1. A point-to-point communication method that can traverse a firewall, which is to enable at least two host terminals located in a firewall or a network address translator (NAT), and the first host end and the second host end can mutually For communication, the peer-to-peer communication method includes the following procedures: (A) login/connection procedure, the two host terminals are respectively connected to a positioning server; (B) the communication prediction program includes: (B 1 The first host transmits the source communication information of the first router in the location through the positioning server, and transmits the source communication information to the second through the TCP server through the TCP connection. The host side; and (B 2) the second host end obtains the source communication information of the second router in the location through the positioning server; (C) the time synchronization program, including: (C 1 ) The TCP connection transmits the source communication information of the second host to the first host through the positioning server; (C2) the first host transmits the acknowledgement packet through the TCP connection. The server transmits the second host to the second host; and (C3) the second host transmits the reconfirmed packet to the first host through the TCP connection; and (D) the media connection program, including: D1) the first host establishes a new port, and transmits a corresponding packet, and the corresponding packet is transmitted to the second router through the second router after modifying the source communication information by the first router. Host side; Page 17 1260880 6. The patent application scope (D 2 ) is synchronized with the step (D 1 ), the second host establishes a new port, and transmits a corresponding packet, and the corresponding packet passes through the second router. After modifying the source communication information, the first router can be transmitted to the first host to achieve direct communication between the first host and the second host. 2. A peer-to-peer communication method traversing a firewall as described in claim 1 wherein the two hosts establish and maintain a connection to the location server using a Transmission Control Protocol (TCP). 3. A peer-to-peer communication method capable of traversing a firewall as described in claim 2, wherein the TCP connection must be updated at intervals to maintain connectivity, and an update algorithm is used to test the NAT or the firewall. The idle/closed time to ensure that TCP maintains the connection value. 4. The point-to-point rn method of traversing a firewall as described in claim 1 of the patent application, wherein the source communication of the first host in the step (B 1 ) further includes: • the first host Sending a test packet to the positioning server, the positioning server obtains source communication information (IPA, X) from the test packet and returns it to the first host; and the first host again redirects to the positioning The server sends another set of test packets, and the positioning server obtains the source communication information (IPA, x + dx) from the test packet and replies to the first host. 5. The peer-to-peer communication method of traversing a firewall as described in claim 4, wherein the first host sends a test packet to the location server by using a User Datagram Protocol (UDP). Page 18 1260880 VI. Application for Patent Scope 6. The point-to-point communication method of the traversable firewall as described in claim 1 of the patent application, wherein the source communication of the second host is obtained in the step (B 2 ) The information further includes: the second host sends a set of test packets to the positioning server, and the positioning server obtains the source communication information (I PA, y) from the test packet and returns the reply to the second host And the second host again sends another set of test packets to the positioning server, and the positioning server obtains the source communication information (IPA, y + dy) from the test packet and replies to the second host. 7. The peer-to-peer communication method of traversing a firewall according to claim 6, wherein the second host sends a test packet to the location server by using a User Datagram Protocol (UDP). 8. The peer-to-peer method for traversing a firewall as described in claim 1, wherein the time synchronization program is configured to synchronize the first host with the second host. 9. The peer-to-peer communication method capable of traversing a firewall according to claim 1, wherein the corresponding packet transmitted by the first host is a UDP packet, and the UDP packet format is UDP [IPA, Spa3, Data, IP2). , y + 2dy], where the spa3 value is the source number that the first host automatically assigns to the packet. 10. A peer-to-peer communication method capable of traversing a firewall as described in claim 9 wherein the first router modifies the format of the packet to UDP [IP1, x + 2dx, Data, IP2, y + 2dy], Then transferred to the second router 0 Page 19 1260880 VI. Application for patent scope 1 If the scope of application for patents is 10, the peer-to-peer communication method that can pass through the firewall, wherein the first router can correct the packet [IP1, x + 2dx, Data 'IPB, spb3] and re-transmit it to the '' machine side. 2. The first brother of the master 1 2. The peer-to-peer communication method that can traverse the firewall as described in claim 11 of the patent scope, wherein the corresponding packet transmitted by the second host is a UDp packet, and the UDP packet format is UDP [ IPB, spb3, Data/'IP1, x + 2dx], where the spa3 value is the source port number automatically assigned to the packet by the second host. 1 3. The peer-to-peer communication method that can traverse the firewall as described in item 12 of the patent application scope, wherein the brother-and-pass route changes the packet format to u D p [ I p 2 y + 2dy, Data, IP1, x + 2dx], then transferred to the first router. 1 4. A point-to-point communication method capable of traversing a firewall as described in claim 13 of the patent scope, wherein the second host successfully receives the UDP of the format UDP [IP1, x + 2dx, Data, IPB, spb3] Packet, the UDP packet with the format 'UDP[IPB, spb3, Data, IP1, x + 2dx] will be transmitted back to the first router and passed to the first host, and the UDP packet format will be corrected to UDP[IP2, y + 2dy, Data, IPA, spa3] and pass it back to the second host. 1 5. A point-to-point communication method capable of traversing a firewall as described in claim 1 wherein, in order to synchronize the step (D1) with the step (D 2 ), after completing the step (C 3 ), After a delay time, the second host can establish the new port. 1 6. Point-to-point through the firewall as described in item 15 of the patent application scope Page 20 1260880 Page 21