WO2006121278A1 - Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local - Google Patents

Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local Download PDF

Info

Publication number
WO2006121278A1
WO2006121278A1 PCT/KR2006/001729 KR2006001729W WO2006121278A1 WO 2006121278 A1 WO2006121278 A1 WO 2006121278A1 KR 2006001729 W KR2006001729 W KR 2006001729W WO 2006121278 A1 WO2006121278 A1 WO 2006121278A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
tunneling
connection information
server
agent
Prior art date
Application number
PCT/KR2006/001729
Other languages
English (en)
Inventor
Kyung Ju Lee
Yu Kyoung Song
Original Assignee
Lg Electronics Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lg Electronics Inc. filed Critical Lg Electronics Inc.
Publication of WO2006121278A1 publication Critical patent/WO2006121278A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/2818Controlling appliance services of a home automation network by calling their functionalities from a device located outside both the home and the home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/2847Home automation networks characterised by the type of home appliance used
    • H04L2012/2849Audio/video appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets

Definitions

  • the present invention relates to method and apparatus for relaying remote access from a public network to a local network such as a home network.
  • the UPnP Universal Plug and Play
  • every home network requires a device for assigning addresses to elements or nodes connected to the network.
  • the device is assigned a public IP address and thus additionally acts as a gateway to a public network to enable devices on the home network to communicate with external networks (e.g., the Internet).
  • Such a device is called an Internet gateway device (IGD) .
  • IGD Internet gateway device
  • the IGD can be a stand-alone device or embedded within another apparatus such as a PC or refrigerator.
  • each of devices on the home network is generally assigned a private IP address available only on the home network instead of a public IP address.
  • the user of the home network can request query or control for a device on the home network using a device on the home network.
  • the user may also want to request remote query or control for a device on the home network.
  • a terminal which has a public IP address should communicate with a home network device which has a private IP address via the Internet; therefore an address conversion between public IP addresses and private IP addresses is required for exchanging messages. Such a conversion is called the IP tunneling.
  • the virtual private network (VPN) client-server system is one method for tunneling.
  • a VPN client is executed on a remote device which requests a remote access to a device on the home network and the target device or a gateway device of the home network is equipped with a VPN server, between which the address conversion is performed.
  • the remote terminal can communicate with a device on the local network via the public network as if the remote device were directly connected to the local network, as shown in FIG. 1.
  • the remote terminal accesses the home network via the Internet as shown in FIG. 1.
  • data packets may be lost or a significant amount of data transmission delay may occur on the Internet.
  • the probability of data loss and data transmission delay increase in proportion to the length of the path across which data packets travel. Therefore, the data loss and data transmission delay may become critical when the home network is accessed from a remote site which is distant from the home network.
  • a method for relaying remote access to a local network selects one tunneling agent from among a plurality of tunneling agents and provides connection information for the tunneling agent if a request for connection information for remote access is received and converts a tunneling message created for remote access and received via a first network to a tunneling message for a second network, and relays the tunneling message to a gateway device of the local network, connected to the second network.
  • Another method for relaying remote access to a local network establishes a first tunnel for VPN on a public network and a second tunnel for VPN on a proprietary network built by an ISP which provides Internet service for the local network and relays messages exchanged between a device connected to the public network and a device connected to the local network with tunneling via the first tunnel and the second tunnel .
  • a method for supporting remote access to a local network stores connection information for a server connected to a first or a second network and provides the stored connection information if there is a request from a remote device, the server storing connection information for a plurality of tunneling agents.
  • a method for remote access to a local network obtains connection information for a tunneling agent by connecting to a server connected to a first network using connection information for the server, connects to the tunneling agent using the obtained connection information, and connects to a gateway device of the local network via a proprietary network built by an ISP which provides Internet service for the local network through the tunneling agent.
  • the first network is the Internet and the second network is a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network.
  • ISP Internet service provider
  • the tunneling agent which is closet in location to the device attempting remote access to the local network or has the shortest message path from the device is selected from among the plurality of tunneling agents.
  • connection information for the server is stored in the gateway device of the local network and provided for a device attempting remote access to the local network.
  • connection information for the server is stored in a device attempting remote access to the local network or a program running thereon.
  • FIG. 1 illustrates a typical network structure on which the data path for a remote access to a home network is marked
  • FIG. 2 illustrates a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon;
  • FIG. 3 illustrates an address conversion process for tunneling performed during the relay of a remote access in accordance with one embodiment of the present invention. 5. Best Mode for Carrying Out the Invention
  • FIG. 2 shows a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon.
  • the network includes a tunneling managing server 10 and a tunneling agent 11 for performing the tunneling of messages.
  • the tunneling agent 11 is one of a plurality of tunneling agents connected to the backbone network of the ISP which provides the Internet service for the home network.
  • the tunneling managing server 10 is also built up by the ISP.
  • the tunneling managing server 10 a server built by the ISP, is connected to a public network but the tunneling managing server 10 can also be connected to the backbone network of the ISP.
  • the backbone network of the ISP is a proprietary network (e.g., a nationwide individual network) , on which the packet transmission delay is very small and QoS (quality of service) which does not yield data loss is provided, which is a general property of common ISP backbone networks.
  • a VPN client is executed on a remote terminal 2 and a VPN server is executed on an internet gateway device (IGD) 1 of the home network to which a plurality of devices are connected.
  • IGD internet gateway device
  • the address information of the tunneling managing server 10 e.g., the IP address thereof
  • the IP address of the tunneling managing server 10 may be set in the remote terminal 2 or the VPN client running thereon.
  • a user first invokes the VPN client on the remote terminal 2.
  • the VPN client transmits information provided by the user to the tunneling managing server 10 with requesting tunneling information (SOl) .
  • the information provided by the user comprises a unique ID assigned to the home network or a user of the home network and a password. If necessary, the information may further comprise location information indicative of the current remote site.
  • Address information for accessing the tunneling managing server 10 is set in the VPN client. If the VPN client does not have the address information, the VPN client obtains the address information from the IGD 1 after connecting to the IGD 1.
  • the tunneling managing server 10 determines the tunneling information after authentification if necessary based on the information provided by the VPN client (S02) and provides the tunneling information for the VPN client (S03) .
  • the provided tunneling information includes address information of the tunneling agent to which the VPN client will connect (e.g., the IP address of the tunneling agent) .
  • the tunneling managing server 10 selects one tunneling agent from among the plurality of tunneling agents connected to the backbone network of the ISP to which the tunneling managing server 10 belongs and provides the address information of the selected tunneling agent. The selection is based on the shortest path across the public network GN (e.g., the Internet) from the VPN client which requests the tunneling information. This guarantees that messages travel across the backbone network of the ISP as much as possible rather than the public network.
  • GN e.g., the Internet
  • the tunneling agent which is closest, in location, to the VPN client which requests the tunneling information is selected as the tunneling agent having the shortest path across the public network GN.
  • the tunneling managing server 10 has location information about every tunneling agent connected to the backbone network of the ISP to which it belongs. To determine the tunneling agent closest in location, the tunneling managing server 10 utilizes either the location information which is received by the VPN client from the user and then transmitted by the VPN client or the information stored in an IGD (not illustrated here) for relaying data packets to the tunneling managing server 10.
  • the IP address of the sender of the data packet transmitted from the VPN client may be utilized.
  • an IP address assignment scheme which assigns IP addresses according to location is required and the tunneling managing server 10 stores information on the IP address assignment scheme.
  • a tunneling agent which the message for requesting the tunneling information reaches via the minimum number of links on the public network is selected based on information about various data routes of major remote access zones across the public network GN if the information about the various data routes is available in advance.
  • the VPN client running on the remote terminal 2 connects to the tunneling agent 11, which is specified to be closest, in location, to the VPN client by the tunneling information (S04) , thereby establishing a first VPN tunnel. If the first VPN tunnel is established, the tunneling agent 11 executes a VPN client (S05) and requests a connection to the VPN server running on the IGD 1 (S06) .
  • the information required to specify the IGD 1, which may be either the IP address or the domain name thereof, can be provided by the user via the VPN client running on the remote terminal 2 after the first VPN tunnel is established.
  • the VPN client running on the tunneling agent 11 connects to the VPN server running on the IGD 1, thereby establishing a second VPN tunnel.
  • the second VPN tunnel is established on the backbone network BN built by the ISP.
  • the second VPN tunnel can take advantage of the high quality services (e.g., small delay time, no loss of data packets, etc) available on the backbone network BN.
  • the tunneling 5 agent 11 creates address mapping information required between the VPN server for the first VPN tunnel and the VPN client for the second VPN tunnel .
  • the address mapping information is created based on socket information for establishing each of the tunnels.
  • FIG. 3 shows the steps required for exchanging messages between the remote terminal 2 (e.g., PDA) having a public IP address and a media server Ia having a private IP address available only on the home network HN.
  • the remote terminal 2 e.g., PDA
  • a media server Ia having a private IP address available only on the home network HN.
  • domain names such as private .m_server and public. IGD are used for brevity
  • the domain names can be regarded as IP addresses, private. xxx and public. xxx denote a private IP address and a public IP address, respectively.
  • the remote terminal 2 When transmitting data 31c to the media server Ia, the remote terminal 2 sets the destination and source (Dest/Src) of the data 31c to private .m_server and public. PDA 31b, respectively. Because the media server Ia cannot be identified by its private address, private .m_server, on the public
  • the tunneling message 31 arrives at the tunneling agent 11 via the public network GN.
  • the VPN server running on the tunneling agent 11 hands over the received tunneling message
  • the VPN client changes the source of the received message 31b + 31c to the address assigned to it, i.e., public . Tnl_agent , and appends an IP address header 3Ix for setting the destination of the message 31b + 31c to the IGD 1 on which the corresponding VPN server executes to the front thereof.
  • the IP address header 31a transmitted from the VPN client running on the remote terminal 2 is converted to the IP address header 3Ix to be transmitted to the IGD 1 (S31) .
  • the created address mapping information is utilized during the address conversion process.
  • the tunneling message initially transmitted by the remote terminal 2 is converted to a tunneling message for the backbone network built by the ISP by the address conversion process and received by the IGD 1 via the backbone network.
  • the IGD 1 removes the IP address header 3 Ix from the received message so that the sub-address header 31b for specifying the real destination on the home network appears first and thereby the data 31c of the original tunneling message is finally received by the media server Ia.
  • the media serer Ia responsive to the received message, creates a response message 32 by appending a header 32a having the source contained in the received message, public .tnl_agent, as the destination and its private IP address as the source to the front of data and transmits the response message 32 to the home network.
  • the transmitted response message 32 is received by the IGD 1 because the destination thereof is a public IP address. Because the source thereof is not a public IP address, the IGD 1 creates a new IP address header 33 and appends the created new IP address header to the front of the received message 32. In the new IP address header 33, the destination of the received response message 32 is copied to the destination and the public IP address of the IGD 1, public.
  • the constructed tunneling message 32+33 reaches the tunneling agent 11 via the backbone network of the ISP.
  • the tunneling agent 11 changes the sub-address having the IP address thereof as the destination to the public IP address of the remote terminal 2, public. PDA, and converts the IP address header 33 into another IP address header 34 destined for the remote terminal 2 (S32) .
  • the data 32b transmitted by the media server Ia is finally received by the remote terminal 2 via the public network.
  • the tunneling agent 11 which is closest in location to the remote terminal 2 or has the shortest path from the remote terminal 2 over the public network, so that the shortest possible path is formed on the public network and most of the path is formed on the backbone network of the ISP for relaying the messages.
  • the backbone network of the ISP guarantees QoS, the remote user does not have to wait for a long time before a response to a request message is received.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé et un appareil de relais d'accès à distance à partir d'un réseau public vers un réseau local, notamment un réseau à domicile. Dans un procédé de cette invention, un premier tunnel pour VPN (réseau privé virtuel) est configuré sur un réseau public, notamment Internet, de telle sorte que son trajet soit raccourci autant que possible et un second tunnel pour VPN est également configuré sur un réseau fédérateur individuel obtenu par ISP (fournisseur de services Internet) qui prête un service Internet pour un réseau à domicile. Par la suite, les messages entre un périphérique sur le réseau public et un autre réseau périphérique sur le réseau à domicile sont en relais par tunnelisation sur le premier et le second tunnel.
PCT/KR2006/001729 2005-05-10 2006-05-09 Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local WO2006121278A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US67986705P 2005-05-10 2005-05-10
US60/679,867 2005-05-10

Publications (1)

Publication Number Publication Date
WO2006121278A1 true WO2006121278A1 (fr) 2006-11-16

Family

ID=37396746

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/001729 WO2006121278A1 (fr) 2005-05-10 2006-05-09 Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local

Country Status (1)

Country Link
WO (1) WO2006121278A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008088259A1 (fr) * 2007-01-18 2008-07-24 Telefonaktiebolaget Lm Ericsson (Publ) Procédé et appareil pour l'accès distant à un réseau domestique
WO2008090519A2 (fr) * 2007-01-23 2008-07-31 Nokia Corporation Mécanisme de configuration dans des environnements d'accès à distance hébergés
WO2008133555A1 (fr) * 2007-04-27 2008-11-06 Telefonaktiebolaget Lm Ericsson (Publ) Rallonge prête à l'emploi universelle
US20100124228A1 (en) * 2008-11-17 2010-05-20 Qualcomm Incorporated Remote access to local network
EP2273722A1 (fr) * 2008-03-31 2011-01-12 Samsung Electronics Co., Ltd. Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant
JP2013192221A (ja) * 2008-11-17 2013-09-26 Qualcomm Inc セキュリティゲートウェイを介したローカルネットワークへのリモートアクセス
FR3031258A1 (fr) * 2014-12-31 2016-07-01 Bull Sas Methode de communication entre un gestionnaire d'action distant et un boitier de communication

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040037296A1 (en) * 2002-08-21 2004-02-26 Kim Mi Hui Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040037296A1 (en) * 2002-08-21 2004-02-26 Kim Mi Hui Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SHIRAISHI Y. ET AL.: "Port randomized VPN by mobile codes", CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE. CCNC. FIRST IEEE, 5 January 2004 (2004-01-05) - 8 January 2004 (2004-01-08), pages 671 - 673, XP010696985 *
YANADA T. ET AL.: "Mobile multimedia amtropolitan area network", WIRELESS COMMUNICATIONS AND NETWORKING, vol. 3, 16 March 2003 (2003-03-16) - 20 June 2003 (2003-06-20), pages 2047 - 2052, XP010640083 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008088259A1 (fr) * 2007-01-18 2008-07-24 Telefonaktiebolaget Lm Ericsson (Publ) Procédé et appareil pour l'accès distant à un réseau domestique
CN101627601B (zh) * 2007-01-18 2013-03-13 艾利森电话股份有限公司 用于对家庭网络远程访问的方法和装置
WO2008090519A2 (fr) * 2007-01-23 2008-07-31 Nokia Corporation Mécanisme de configuration dans des environnements d'accès à distance hébergés
WO2008090519A3 (fr) * 2007-01-23 2008-11-27 Nokia Corp Mécanisme de configuration dans des environnements d'accès à distance hébergés
WO2008133555A1 (fr) * 2007-04-27 2008-11-06 Telefonaktiebolaget Lm Ericsson (Publ) Rallonge prête à l'emploi universelle
JP2010525483A (ja) * 2007-04-27 2010-07-22 テレフオンアクチーボラゲット エル エム エリクソン(パブル) ユニバーサル・プラグアンドプレイ拡張部
EP2273722A1 (fr) * 2008-03-31 2011-01-12 Samsung Electronics Co., Ltd. Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant
EP2273722A4 (fr) * 2008-03-31 2014-01-22 Samsung Electronics Co Ltd Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant
WO2010057120A2 (fr) * 2008-11-17 2010-05-20 Qualcomm Incorporated Accès distant à un réseau local
CN102217243A (zh) * 2008-11-17 2011-10-12 高通股份有限公司 远程接入本地网络
WO2010057120A3 (fr) * 2008-11-17 2010-08-12 Qualcomm Incorporated Accès distant à un réseau local
JP2013192221A (ja) * 2008-11-17 2013-09-26 Qualcomm Inc セキュリティゲートウェイを介したローカルネットワークへのリモートアクセス
US20100124228A1 (en) * 2008-11-17 2010-05-20 Qualcomm Incorporated Remote access to local network
KR101358846B1 (ko) 2008-11-17 2014-02-06 퀄컴 인코포레이티드 로컬 네트워크에 대한 원격 액세스
US8996716B2 (en) 2008-11-17 2015-03-31 Qualcomm Incorporated Remote access to local network via security gateway
CN102217243B (zh) * 2008-11-17 2015-05-20 高通股份有限公司 远程接入本地网络的方法和装置
US9345065B2 (en) 2008-11-17 2016-05-17 Qualcomm Incorporated Remote access to local network
US10142294B2 (en) 2008-11-17 2018-11-27 Qualcomm Incorporated Remote access to local network
FR3031258A1 (fr) * 2014-12-31 2016-07-01 Bull Sas Methode de communication entre un gestionnaire d'action distant et un boitier de communication
WO2016107997A1 (fr) * 2014-12-31 2016-07-07 Bull Sas Methode de communication entre un gestionnaire d'action distant et un boitier de communication
US11329841B2 (en) 2014-12-31 2022-05-10 Bull Sas Method of communication between a remote action manager and a communication box

Similar Documents

Publication Publication Date Title
EP2273722B1 (fr) Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant
EP2148518B1 (fr) Procédé de communication de paquets au moyen d'un identificateur de noeud et d'un releveur de coordonnées associé
JP4598859B2 (ja) 中継ネットワークシステム及び端末アダプタ装置
JP5368459B2 (ja) ユーザ装置における三重動作サービスのサポート
KR101510103B1 (ko) Nat 디바이스로 구성된 네트워크에서의 원격 접속 방법
TW200847715A (en) Method and system of providing IP-based packet communications in a utility network
WO2006121278A1 (fr) Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local
JP2006229985A (ja) イーサネット・ベースのネットワーク内の擬似ワイヤ・ピア・アドレスの自動検出
US20070165603A1 (en) Access network system, subscriber station device, and network terminal device
JP2007104440A (ja) パケット伝送システム、トンネリング装置およびパケット伝送方法
EP1419587B1 (fr) Connexion d'acces pour ligne de puissance dynamique
JP3970857B2 (ja) 通信システム、ゲートウェイ装置
WO2003103210A2 (fr) Sauvegarde d'informations de routage dans un reseau optique passif
JP4344336B2 (ja) マルチホーミング認証通信システム、マルチホーミング認証通信方法、および管理サーバ
KR100581087B1 (ko) 인터넷 엣지 라우터에서의 인터넷 프로토콜 주소확장 방법
JP2011217174A (ja) 通信システム、パケット転送方法、ネットワーク交換装置、及びプログラム
JP6424740B2 (ja) パケット中継装置およびパケット中継方法
KR100662941B1 (ko) 공중망과 사설망간의 데이터 중계시에 네트워크 주소를변환하는 방법
JP4911570B2 (ja) 電力線ネットワークの優先通信方法およびシステム
KR101002811B1 (ko) Ip 멀티캐스팅 패킷 터널링 제공 방법 및 장치
JP2009206876A (ja) サービス公開システム、通信中継装置、およびサービス公開装置
KR20070061036A (ko) 홈네트워크 간 미디어 공유 장치 및 그 방법
JP2006042044A (ja) トンネリング方法および装置、ならびにそのプログラムと記録媒体
JP4093265B2 (ja) 通信システム
WO2012046728A1 (fr) Appareil de transfert de paquet, procédé de transfert de paquet et programme associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06732911

Country of ref document: EP

Kind code of ref document: A1