WO2006097031A1 - Procede de transmission de message dans le reseau du protocole internet mobile - Google Patents
Procede de transmission de message dans le reseau du protocole internet mobile Download PDFInfo
- Publication number
- WO2006097031A1 WO2006097031A1 PCT/CN2006/000238 CN2006000238W WO2006097031A1 WO 2006097031 A1 WO2006097031 A1 WO 2006097031A1 CN 2006000238 W CN2006000238 W CN 2006000238W WO 2006097031 A1 WO2006097031 A1 WO 2006097031A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- firewall
- message
- packet
- mobile node
- home agent
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
- H04W80/045—Network layer protocols, e.g. mobile IP [Internet Protocol] involving different protocol versions, e.g. MIPv4 and MIPv6
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/06—Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
Definitions
- the present invention relates to Mobile Internet Protocol (MIP) technology, and more particularly to a message delivery method in a mobile internet protocol network.
- MIP Mobile Internet Protocol
- the MIPv6 network it mainly includes network entities such as mobile nodes, communication peers, and home agents.
- the mobile node refers to a mobile terminal device;
- the communication peer refers to a node that communicates with the mobile node, which may be mobile or fixed;
- the home agent is running on the mobile node's home network link.
- the router which intercepts the message sent to the mobile node from the home link, and forwards the intercepted message to the mobile node.
- each mobile node has a permanent IP address called a home address, and the home address does not change with the location of the mobile node; in addition, when the mobile node is in the foreign network, it also has a care-of address. That is, the temporary address used by the mobile node to identify the location where it is located, and the care-of address changes as the location of the mobile node changes.
- the home address is bound to the care-of address currently used by the mobile node, and when the care-of address changes, the home address and the current care-of address are re-established. Binding relationship.
- the binding between the above home address and the care-of address is achieved by a binding update process specified by the protocol. Referring to Figure 2, the existing binding update process includes The following steps are based on:
- Step 201 The mobile node sends a binding update message (BU) to the home agent to bind the home address with the current care-of address.
- BU binding update message
- Serial number (seq#): The home agent uses the serial number to identify the order of the BU, and the mobile node pairs the issued BU with the received binding update confirmation message (BA) according to the serial number.
- Lifetime Indicates the effective time of the BU, which is the difference between the current time and the expiration time of the BU. If the time to live is 0, the home agent will delete the binding corresponding to the BU.
- Alternate - of Address option Indicates the care-of address to be updated. Although the source address of the BU is usually the care-of address to be updated, since the source address is not protected by the IPsec protocol, it is prone to tampering due to the attack. Therefore, the MIPv6 protocol is forwarded through the update of the local office.
- the address option carries the care-of address in the BU to be protected by the IPsec protocol.
- Step 202 The home agent returns a BA message to the mobile node, indicating the acceptance of the BU corresponding to the BA by the home agent.
- the BA message in this step carries the following cells:
- Status Indicates the processing of the BU corresponding to the BA by the home agent. For example, a status of 0 indicates that the home agent accepted the binding update requested by the BU corresponding to the BA.
- Lifetime The home agent notifies the mobile node of the validity time of the current binding through Lifetime in the BA.
- Binding Refresh Advice option The home agent uses this option to indicate to the mobile node when the BU needs to be sent again to refresh the binding.
- the time value carried in the binding update suggestion option is usually less than Lifetime. Value.
- the mobile node interacts with the home agent to complete the hometown.
- a binding update between the address and the current care-of address is Moreover, when the home agent accepts the binding update proposed by the mobile node, the home agent records the correspondence between the home address of the mobile node and the current care-of address.
- the mobile node and the communication peer exchange the packets through the bidirectional tunnel mode or the route optimization mode.
- the two-way tunnel refers to a packet tunnel established between the communication node and the mobile node through the home agent.
- the bidirectional tunnel mode ensures that the mobile node can always be accessed.
- Route optimization refers to the process of directly interacting between a mobile node and a communication peer that supports MIPv6.
- the route optimization mode eliminates the transmission delay associated with bidirectional tunneling and provides sufficient performance for time-critical traffic services such as Voice over Internet Protocol (VoIP).
- VoIP Voice over Internet Protocol
- the mobile node and the communication peer use the bidirectional tunnel mode and the route optimization mode to implement packet exchange as follows:
- the packet between the mobile node and the home agent is marked with the internal IP header and the external IP header, and the two IP headers contain the source address and the destination address.
- the source address of the external IP header of the mobile node to the home agent is the current care-of address of the mobile node, and the destination address is the address of the home agent; the internal IP header
- the source address is the home address of the mobile node, and the destination address is the address of the communication peer.
- the peer end, thereby realizing the message transmission from the mobile node to the communication peer.
- the packet sent by the communication peer contains only one IP header, where the source address is the address of the communication peer, the destination address is the home address of the mobile node, and the home agent intercepts the 4 After the text, the IP header is encapsulated outside the original IP header.
- the source address of the encapsulated IP header is the address of the home agent, and the destination address is the current care-of address of the mobile node. Then, after the home agent encapsulates the packet, Routing to the mobile node, thereby enabling the communication of the communication peer to the mobile node. At this point, the packet interaction between the mobile node and the communication peer in the bidirectional tunnel mode is completed. In the route optimization mode, before the packet is exchanged, the mobile node needs to register the binding relationship between the home address and the current care-of address on the communication peer end, and then the packet from the communication peer end to the mobile node is used as the address of the communication peer end. The source address and the current care-of address of the mobile node are used as the destination address; and the current care-of address is used as the source address and the address of the communication peer is used in the packet from the mobile node to the communication peer.
- the communication peer When the communication peer sends a message to the mobile node, the communication peer first searches in the binding relationship saved by itself, and finds the current care-of address of the mobile node; then, the communication peer directly sends the message to the mobile node. At the current care-of address, the message arrives at the mobile node. When the mobile node sends a message to the communication terminal, the message from the mobile node is directly sent to the communication peer. So far, the message interaction between the mobile node and the communication peer in the route optimization mode is implemented.
- a firewall is a collection of components that are located between multiple networks and implement inter-network access control.
- a network that includes a firewall all network traffic between the internal network and the external network must pass through the firewall. Only traffic that conforms to the security policy can pass through the firewall, and the firewall itself has strong anti-attack immunity.
- the port number indicated in the (UDP) section determines the connection type of the packet. If the connection is secure and allowed to pass, the firewall allows the packet to traverse. Otherwise, the packet is directly discarded.
- the message can reach the destination; and those messages that do not meet the firewall traversal condition are directly discarded by the firewall.
- IPsec network security
- the packets between the mobile node and the home agent encapsulated by the network security (IPsec) protocol include an IP address, an encapsulated secure payload protocol (ESP), TCP/UDP, and data (Data).
- ESP encapsulated secure payload protocol
- TCP/UDP TCP/UDP
- Data data
- the ESP, TCP/UDP, and Data sections are encrypted by the IPsec protocol.
- the IPsec packet is not allowed to pass. Therefore, the existence of a firewall that does not support IPsec blocks the normal between the mobile node and the home agent.
- the shortcomings of the data transmission method of the existing MIPv6 network are: When there is a firewall between the home agent and the mobile node that does not support the IPsec protocol, the BU message sent by the mobile node to the home agent will be directly lost. Abandoned, the home agent is unable to receive the binding of the home address and the care-of address because the BU message is not received. In the case that the binding update fails, the packet interaction between the mobile node and the communication peer cannot be implemented, regardless of whether the bidirectional tunnel mode or the route optimization mode is adopted.
- the transmission path of the message is: mobile node-home agent-communication peer, or communication peer-home agent-mobile node, because there is no support for IPsec between the home agent and the mobile node
- the firewall of the protocol cannot perform normal packet interaction.
- the object of the present invention is to provide a message transmission method in a mobile internet protocol network.
- a firewall that does not support the IPsec protocol exists between the mobile node and the home agent, the mobile node and the communication peer can perform the message. Interaction.
- the present invention provides a message transmission method in a MIP network, characterized in that the method comprises the following steps:
- the mobile node sends a first firewall detection packet encapsulated only by the network security IPsec protocol to the home agent and sends another second firewall detection packet encapsulated by the IPsec protocol and the user datagram protocol UDP;
- the mobile node determines, according to the received firewall detection response message from the home agent, whether there is a firewall blocking the IPsec message between the mobile node and the home agent, and if yes, continues to perform binding update and packet interaction.
- the process uses the UDP protocol to encapsulate the exchanged packets. Otherwise, the binding update and packet interaction process are continued.
- the method for determining whether there is a firewall blocking the IPsec message between the mobile node and the home agent is as follows: If the mobile node determines that the received firewall detection response message is the first firewall detection response message, it is determined that there is no firewall blocking the IPsec message between the mobile node and the home agent; if it is determined to be received The firewall detects that the response packet is the second firewall detection response packet, and determines that there is a firewall blocking the IPsec packet between the mobile node and the home agent.
- the method further includes: when the home agent returns a first firewall detection response message to the mobile node, the firewall detection response message carries the same as the first or second firewall detection logo.
- the determining method for receiving the first firewall detection response message in the step B1 is: the mobile node parses the received firewall detection response message, and extracts the identifier carried in the firewall detection response message, and The first firewall detects that the identifiers carried in the packets are compared. If they are consistent, it is determined that the first firewall response is received. Otherwise, it is determined that the second firewall detection response packet is received.
- the maximum number of retransmissions is set in advance, and the step B further includes:
- the mobile node determines whether the number of times the first firewall detection packet and the second firewall detection packet are sent exceeds the maximum number of retransmissions. If the packet is exceeded, the packet is terminated. The transfer process; if not exceeded, the number of retransmissions is incremented by one, and the step A is returned.
- the second firewall detection packet includes: a UDP part, configured to carry a UDP port number of the packet;
- the second firewall detection response packet includes: a UDP part, which is used to carry the UDP port number of the packet.
- the method for encapsulating packets using the UDP protocol is as follows:
- the information represented by the TCP/UDP part of the Transmission Control Protocol in the message is stored in the UDP part and inserted into the message.
- the mobile node and the communication peer can still perform the interaction of the text.
- the present invention has the following beneficial effects: 1.
- the mobile node sends a FD (Firewall Detection) packet encapsulated by the UDP protocol and an FD packet encapsulated by the UDP protocol to the home agent, and
- the received firewall detection reply (FDR, Firewall Detection Reply) message it is determined whether there is a firewall blocking the IPsec message between the mobile node and the home agent, and in the case where the firewall exists, the UDP protocol is used for all subsequent
- the packet is encapsulated to ensure that the message transmission in the MIP network is not interrupted by the presence of the firewall.
- the present invention only uses the UDP protocol to encapsulate the packet when the firewall is blocked between the mobile node and the home agent, instead of encapsulating the UDP protocol for all the packets, that is, the UDP can be dynamically configured. Encapsulation reduces network load and reduces network resource consumption.
- Figure 1 is a schematic diagram of a MIPv6 network structure
- 2 is a flow chart of binding update signaling of a message transmission method in an existing MIP network
- FIG. 3 is a flowchart of a message transmission method in a MIP network according to the present invention. Mode for carrying out the invention
- the present invention is a packet transmission method in a MIP network, and the basic idea is: Before performing the binding update, the mobile node sends two FD packets to the home agent, one of which is encrypted by the IPsec protocol, and the other is encrypted. The FD packet is encrypted by the IPsec protocol and encapsulated by the UDP protocol. The mobile node determines, according to the received FDR packet, whether there is a firewall blocking the IPsec packet between the mobile node and the home agent. If yes, the subsequent binding update is performed. Packets are exchanged and all packets are encapsulated using the UDP protocol; otherwise, subsequent binding updates and packet interactions are performed.
- the format of the IPsec packet encapsulated by UDP is as shown in Table 2.
- the UDP part stores the information represented by the TCP/UP part when it is not encrypted. It can be seen that the firewall that does not support IPsec can obtain the TCP/UDP port number of the packet from the UDP part when receiving the packet encapsulated by the UDP protocol, so that the security of the packet can be identified. Therefore, packets encapsulated by the UDP protocol cannot pass through the firewall that does not support IPsec due to the encryption of the TCP UDP part.
- the present invention detects the existence of the firewall by using a UDP-packaged FD packet and an FD packet not encapsulated by the UDP protocol before the MIP network packet is transmitted.
- the message transmission method in the MIP network of the present invention includes the following steps:
- Step 301 The mobile node sends the first FD packet and the second FD packet to the home agent, where the first FD packet is encapsulated by the IPsec protocol, and the second FD packet is encapsulated by the IPsec protocol and the UDP protocol.
- the second FD packet encapsulated by the UDP can traverse the firewall to reach the home agent, and the first FD packet not encapsulated by the UDP protocol is thrown away.
- the first and second FD packets in the step carry the cookie identifier. Only FDs and FDRs with the same cookie identifier can correspond to each other.
- the second FD packet encapsulated by the UDP protocol in this step is: inserting a UDP part in the FD packet not encapsulated by the UDP protocol, the UDP part carrying the UDP port number of the packet, so as to block The firewall of the IPsec packet can be identified and allowed to traverse.
- Steps 302 to 304 The mobile node determines whether it receives the FDR packet, and if yes, performs step 305; otherwise, determines whether the maximum number of retransmissions is exceeded, and if yes, ends the packet transmission process, if not, Add 1 to the number of retransmissions and return to step 301.
- the home agent Each time the home agent receives an FD packet, it returns an FDR packet to the mobile node, and returns a second FDR packet encapsulated in UDP when receiving the second FD packet encapsulated in UDP.
- a FDR packet that is not encapsulated in UDP is returned.
- the cookie identifier carried in the FDR packet is the same as the cookie identifier in the corresponding FD packet.
- the mobile node will receive FDR packets; however, when the network If the two FD packets sent in step 301 are lost, the home agent will not return FDR packets to the mobile node.
- the method of resending the FD packet can be used to effectively detect the firewall.
- the network administrator presets the maximum number of times. Only when the number of retransmissions of the FD packet is less than or equal to the maximum number of retransmissions, the number of retransmissions is incremented by one, and then the process returns to step 301 to send the FD packet again.
- Steps 305 to 307. The mobile node determines whether the first FDR packet corresponding to the first FD encapsulated by the IPsec protocol is received, and if yes, performs subsequent binding update and packet interaction; otherwise, performs binding.
- the update interacts with the message and encapsulates all the packets using the UDP protocol.
- the method for the mobile node to determine whether to receive the first FDR packet corresponding to the first FD encapsulated by the IPsec protocol is: the mobile node parses the received FDR, and extracts the cookie flag carried therein And if it is consistent, it is determined that the first FDR report corresponding to the first FD encapsulated only by the IPsec protocol is received, if it is consistent with the cookie identifier included in the first FD packet encapsulated by the unused UDP protocol.
- the binding update process and the packet interaction process in the MIP network are continued.
- the difference between the existing binding update process and the packet exchange process is as follows: To ensure that each IPsec packet can traverse the firewall, all IPsec packets are encapsulated in UDP protocol, that is, in each packet. The information represented by the TCP/UDP part when it is not encrypted is stored in the UDP part and inserted into the message.
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AT06705659T ATE497334T1 (de) | 2005-03-15 | 2006-02-20 | Verfahren und vorrichtung zur nachrichtenübertragung in einem mobile-ip-netz |
DE602006019827T DE602006019827D1 (de) | 2005-03-15 | 2006-02-20 | Verfahren und vorrichtung zur nachrichtenübertragung in einem mobile-ip-netz |
EP06705659A EP1853031B1 (en) | 2005-03-15 | 2006-02-20 | Method and apparatus for transmitting messages in a mobile internet protocol network |
US11/855,696 US8015603B2 (en) | 2005-03-15 | 2007-09-14 | Method and mobile node for packet transmission in mobile internet protocol network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200510055313.8 | 2005-03-15 | ||
CNB2005100553138A CN100414929C (zh) | 2005-03-15 | 2005-03-15 | 一种移动互联网协议网络中的报文传送方法 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/855,696 Continuation US8015603B2 (en) | 2005-03-15 | 2007-09-14 | Method and mobile node for packet transmission in mobile internet protocol network |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006097031A1 true WO2006097031A1 (fr) | 2006-09-21 |
Family
ID=36991275
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2006/000238 WO2006097031A1 (fr) | 2005-03-15 | 2006-02-20 | Procede de transmission de message dans le reseau du protocole internet mobile |
Country Status (6)
Country | Link |
---|---|
US (1) | US8015603B2 (zh) |
EP (1) | EP1853031B1 (zh) |
CN (1) | CN100414929C (zh) |
AT (1) | ATE497334T1 (zh) |
DE (1) | DE602006019827D1 (zh) |
WO (1) | WO2006097031A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102149086A (zh) * | 2010-02-10 | 2011-08-10 | 华为技术有限公司 | 一种移动ip节点的地址更新方法及ip节点设备 |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1964327B1 (en) * | 2005-12-23 | 2009-06-24 | TELEFONAKTIEBOLAGET LM ERICSSON (publ) | Method and apparatus for route optimization in a telecommunication network |
CN101399754B (zh) * | 2007-09-28 | 2011-04-20 | 华为技术有限公司 | 一种移动ip穿越防火墙的方法及设备 |
CN101150511B (zh) * | 2007-10-26 | 2011-09-07 | 杭州华三通信技术有限公司 | 网络节点发送协议报文的方法及装置 |
CN101534289B (zh) * | 2008-03-14 | 2012-05-23 | 华为技术有限公司 | 防火墙穿越方法、节点设备和系统 |
CN102932767B (zh) * | 2011-08-11 | 2017-02-01 | 中兴通讯股份有限公司 | 一种信息传输方法、分组数据网关及策略和计费规则功能 |
US9100324B2 (en) | 2011-10-18 | 2015-08-04 | Secure Crossing Research & Development, Inc. | Network protocol analyzer apparatus and method |
TWI535246B (zh) * | 2015-03-05 | 2016-05-21 | 智邦科技股份有限公司 | 封包傳輸方法 |
US11539668B2 (en) * | 2020-06-03 | 2022-12-27 | Juniper Networks, Inc. | Selective transport layer security encryption |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2317792A (en) * | 1996-09-18 | 1998-04-01 | Secure Computing Corp | Virtual Private Network for encrypted firewall |
US20020174335A1 (en) * | 2001-03-30 | 2002-11-21 | Junbiao Zhang | IP-based AAA scheme for wireless LAN virtual operators |
EP1424828A2 (en) * | 2002-11-28 | 2004-06-02 | NTT DoCoMo, Inc. | Communication control apparatus, firewall apparatus, and data communication method |
Family Cites Families (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5898830A (en) * | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
US5983350A (en) * | 1996-09-18 | 1999-11-09 | Secure Computing Corporation | Secure firewall supporting different levels of authentication based on address or encryption status |
FI105753B (fi) * | 1997-12-31 | 2000-09-29 | Ssh Comm Security Oy | Pakettien autentisointimenetelmä verkko-osoitemuutosten ja protokollamuunnosten läsnäollessa |
US7032242B1 (en) * | 1998-03-05 | 2006-04-18 | 3Com Corporation | Method and system for distributed network address translation with network security features |
US6957346B1 (en) * | 1999-06-15 | 2005-10-18 | Ssh Communications Security Ltd. | Method and arrangement for providing security through network address translations using tunneling and compensations |
US7051365B1 (en) * | 1999-06-30 | 2006-05-23 | At&T Corp. | Method and apparatus for a distributed firewall |
US7023863B1 (en) * | 1999-10-29 | 2006-04-04 | 3Com Corporation | Apparatus and method for processing encrypted packets in a computer network device |
US7058973B1 (en) * | 2000-03-03 | 2006-06-06 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
US6668282B1 (en) * | 2000-08-02 | 2003-12-23 | International Business Machines Corporation | System and method to monitor and determine if an active IPSec tunnel has become disabled |
AU2002239249A1 (en) * | 2000-11-13 | 2002-06-03 | Ecutel, Inc | System and method for secure network mobility |
US20020083344A1 (en) * | 2000-12-21 | 2002-06-27 | Vairavan Kannan P. | Integrated intelligent inter/intra networking device |
US7246175B1 (en) * | 2001-12-07 | 2007-07-17 | Cisco Technology, Inc. | IPv6 over MPLS IPv4 core |
US7079520B2 (en) * | 2001-12-28 | 2006-07-18 | Cisco Technology, Inc. | Methods and apparatus for implementing NAT traversal in mobile IP |
US20030135616A1 (en) * | 2002-01-11 | 2003-07-17 | Carrico Sandra Lynn | IPSec Through L2TP |
US7181612B1 (en) * | 2002-01-17 | 2007-02-20 | Cisco Technology, Inc. | Facilitating IPsec communications through devices that employ address translation in a telecommunications network |
US7979528B2 (en) * | 2002-03-27 | 2011-07-12 | Radvision Ltd. | System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols |
US7188365B2 (en) * | 2002-04-04 | 2007-03-06 | At&T Corp. | Method and system for securely scanning network traffic |
US7095738B1 (en) * | 2002-05-07 | 2006-08-22 | Cisco Technology, Inc. | System and method for deriving IPv6 scope identifiers and for mapping the identifiers into IPv6 addresses |
US7143188B2 (en) * | 2002-06-13 | 2006-11-28 | Nvidia Corporation | Method and apparatus for network address translation integration with internet protocol security |
US7310356B2 (en) * | 2002-06-24 | 2007-12-18 | Paradyne Corporation | Automatic discovery of network core type |
US7346770B2 (en) * | 2002-10-31 | 2008-03-18 | Microsoft Corporation | Method and apparatus for traversing a translation device with a security protocol |
US7283542B2 (en) * | 2002-11-15 | 2007-10-16 | Nortel Networks Limited | Network address translator and secure transfer device for interfacing networks |
US7305481B2 (en) * | 2003-01-07 | 2007-12-04 | Hexago Inc. | Connecting IPv6 devices through IPv4 network and network address translator (NAT) using tunnel setup protocol |
US20040148428A1 (en) * | 2003-01-28 | 2004-07-29 | George Tsirtsis | Methods and apparatus for supporting an internet protocol (IP) version independent mobility management system |
US6865184B2 (en) * | 2003-03-10 | 2005-03-08 | Cisco Technology, Inc. | Arrangement for traversing an IPv4 network by IPv6 mobile nodes |
US7260840B2 (en) * | 2003-06-06 | 2007-08-21 | Microsoft Corporation | Multi-layer based method for implementing network firewalls |
JP2004364141A (ja) * | 2003-06-06 | 2004-12-24 | Hitachi Communication Technologies Ltd | Ipアドレス変換装置およびパケット転送装置 |
US7559082B2 (en) * | 2003-06-25 | 2009-07-07 | Microsoft Corporation | Method of assisting an application to traverse a firewall |
US7421734B2 (en) * | 2003-10-03 | 2008-09-02 | Verizon Services Corp. | Network firewall test methods and apparatus |
US7685434B2 (en) * | 2004-03-02 | 2010-03-23 | Advanced Micro Devices, Inc. | Two parallel engines for high speed transmit IPsec processing |
US20050268331A1 (en) * | 2004-05-25 | 2005-12-01 | Franck Le | Extension to the firewall configuration protocols and features |
US7647492B2 (en) * | 2004-09-15 | 2010-01-12 | Check Point Software Technologies Inc. | Architecture for routing and IPSec integration |
JP2006087039A (ja) * | 2004-09-17 | 2006-03-30 | Fujitsu Ltd | モバイルip通信端末装置およびモバイルip通信方法 |
US20060294584A1 (en) * | 2005-06-22 | 2006-12-28 | Netdevices, Inc. | Auto-Configuration of Network Services Required to Support Operation of Dependent Network Services |
EP1886457B1 (en) * | 2005-06-03 | 2010-08-25 | Telefonaktiebolaget LM Ericsson (publ) | MOBILE IPv6 ROUTE OPTIMIZATION IN DIFFERENT ADDRESS SPACES |
US7810149B2 (en) * | 2005-08-29 | 2010-10-05 | Junaid Islam | Architecture for mobile IPv6 applications over IPv4 |
US8281385B2 (en) * | 2005-09-29 | 2012-10-02 | Rockwell Automation Technologies, Inc. | Internet friendly proxy server extending legacy software connectivity |
CN1901449B (zh) * | 2006-07-19 | 2010-05-12 | 华为技术有限公司 | 一种网络接入的方法和网络通信系统 |
US20090016246A1 (en) * | 2007-07-12 | 2009-01-15 | Motorola, Inc. | Method and apparatus for data transmission in an unlicensed mobile access network |
-
2005
- 2005-03-15 CN CNB2005100553138A patent/CN100414929C/zh not_active Expired - Fee Related
-
2006
- 2006-02-20 WO PCT/CN2006/000238 patent/WO2006097031A1/zh not_active Application Discontinuation
- 2006-02-20 EP EP06705659A patent/EP1853031B1/en not_active Not-in-force
- 2006-02-20 DE DE602006019827T patent/DE602006019827D1/de active Active
- 2006-02-20 AT AT06705659T patent/ATE497334T1/de not_active IP Right Cessation
-
2007
- 2007-09-14 US US11/855,696 patent/US8015603B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2317792A (en) * | 1996-09-18 | 1998-04-01 | Secure Computing Corp | Virtual Private Network for encrypted firewall |
US20020174335A1 (en) * | 2001-03-30 | 2002-11-21 | Junbiao Zhang | IP-based AAA scheme for wireless LAN virtual operators |
EP1424828A2 (en) * | 2002-11-28 | 2004-06-02 | NTT DoCoMo, Inc. | Communication control apparatus, firewall apparatus, and data communication method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102149086A (zh) * | 2010-02-10 | 2011-08-10 | 华为技术有限公司 | 一种移动ip节点的地址更新方法及ip节点设备 |
Also Published As
Publication number | Publication date |
---|---|
ATE497334T1 (de) | 2011-02-15 |
EP1853031A1 (en) | 2007-11-07 |
CN100414929C (zh) | 2008-08-27 |
EP1853031B1 (en) | 2011-01-26 |
CN1835474A (zh) | 2006-09-20 |
US20080069009A1 (en) | 2008-03-20 |
EP1853031A4 (en) | 2008-07-09 |
US8015603B2 (en) | 2011-09-06 |
DE602006019827D1 (de) | 2011-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10462229B2 (en) | Method and apparatus for initiating and maintaining sessions between endpoints | |
WO2006097031A1 (fr) | Procede de transmission de message dans le reseau du protocole internet mobile | |
US11751192B2 (en) | Tethering policy for cellular networks | |
EP2144416B1 (en) | Mobile network managing apparatus and mobile information managing apparatus for controlling access requests | |
JP4715521B2 (ja) | 通信システム,及び呼制御サーバ | |
KR20140030307A (ko) | 정보 중심 네트워크를 위한 일반화된 듀얼 모드 데이터 포워딩 플레인 | |
Amadeo et al. | Design and analysis of a transport-level solution for content-centric VANETs | |
CN104184646A (zh) | Vpn网络数据交互方法和系统及其网络数据交互设备 | |
JP4911222B2 (ja) | 通信システム、通信システムにおける通信方法、及び中継装置 | |
WO2009109128A1 (zh) | 一种完全头部信息报文配置的方法和装置 | |
CN101123575A (zh) | 一种支持混合ip的多主机接入方法、系统及设备 | |
Davison et al. | A split stack approach to mobility-providing performance-enhancing proxies | |
CN102377829B (zh) | 基于hip的通信方法、系统及设备 | |
KR101410510B1 (ko) | Sctp를 이용한 데이터 전송 방법 및 장치 | |
WO2015013883A1 (zh) | 一种数据传输方法及设备 | |
WO2012059010A1 (zh) | 一种hap切换的方法和系统 | |
WO2022056794A1 (zh) | 一种通信方法及装置 | |
KR100691286B1 (ko) | 유비쿼터스 환경에서의 끊김없는 이동성 지원 장치 및 그방법 | |
Badami et al. | Port address translation based route optimization for mobile IP | |
Kimura et al. | Mobility-aware application protocols | |
WO2011014145A1 (en) | Maintaining persistent connection with user level transmission control protocol | |
Khairnar | MOBILE-IP FOR 2.5 G and 3.0 G. ENVIRONMENTS | |
KR20060117808A (ko) | 모바일 인터넷 프로토콜 기반의 네트워크에서 반사 공격방지 방법 | |
Mark et al. | AN EXPOSITION ON WIRELESS/IP INTERWORKING | |
JP2009523334A (ja) | 汎用の移動性及び無線認識トランスポートのためのエンドツーエンドアーキテクチャ |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 11855696 Country of ref document: US Ref document number: 2006705659 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: RU |
|
WWP | Wipo information: published in national office |
Ref document number: 2006705659 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 11855696 Country of ref document: US |