WO2006121278A1 - Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local - Google Patents
Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local Download PDFInfo
- Publication number
- WO2006121278A1 WO2006121278A1 PCT/KR2006/001729 KR2006001729W WO2006121278A1 WO 2006121278 A1 WO2006121278 A1 WO 2006121278A1 KR 2006001729 W KR2006001729 W KR 2006001729W WO 2006121278 A1 WO2006121278 A1 WO 2006121278A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network
- tunneling
- connection information
- server
- agent
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
- H04L12/2818—Controlling appliance services of a home automation network by calling their functionalities from a device located outside both the home and the home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L2012/2847—Home automation networks characterised by the type of home appliance used
- H04L2012/2849—Audio/video appliances
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2212/00—Encapsulation of packets
Definitions
- the present invention relates to method and apparatus for relaying remote access from a public network to a local network such as a home network.
- the UPnP Universal Plug and Play
- every home network requires a device for assigning addresses to elements or nodes connected to the network.
- the device is assigned a public IP address and thus additionally acts as a gateway to a public network to enable devices on the home network to communicate with external networks (e.g., the Internet).
- Such a device is called an Internet gateway device (IGD) .
- IGD Internet gateway device
- the IGD can be a stand-alone device or embedded within another apparatus such as a PC or refrigerator.
- each of devices on the home network is generally assigned a private IP address available only on the home network instead of a public IP address.
- the user of the home network can request query or control for a device on the home network using a device on the home network.
- the user may also want to request remote query or control for a device on the home network.
- a terminal which has a public IP address should communicate with a home network device which has a private IP address via the Internet; therefore an address conversion between public IP addresses and private IP addresses is required for exchanging messages. Such a conversion is called the IP tunneling.
- the virtual private network (VPN) client-server system is one method for tunneling.
- a VPN client is executed on a remote device which requests a remote access to a device on the home network and the target device or a gateway device of the home network is equipped with a VPN server, between which the address conversion is performed.
- the remote terminal can communicate with a device on the local network via the public network as if the remote device were directly connected to the local network, as shown in FIG. 1.
- the remote terminal accesses the home network via the Internet as shown in FIG. 1.
- data packets may be lost or a significant amount of data transmission delay may occur on the Internet.
- the probability of data loss and data transmission delay increase in proportion to the length of the path across which data packets travel. Therefore, the data loss and data transmission delay may become critical when the home network is accessed from a remote site which is distant from the home network.
- a method for relaying remote access to a local network selects one tunneling agent from among a plurality of tunneling agents and provides connection information for the tunneling agent if a request for connection information for remote access is received and converts a tunneling message created for remote access and received via a first network to a tunneling message for a second network, and relays the tunneling message to a gateway device of the local network, connected to the second network.
- Another method for relaying remote access to a local network establishes a first tunnel for VPN on a public network and a second tunnel for VPN on a proprietary network built by an ISP which provides Internet service for the local network and relays messages exchanged between a device connected to the public network and a device connected to the local network with tunneling via the first tunnel and the second tunnel .
- a method for supporting remote access to a local network stores connection information for a server connected to a first or a second network and provides the stored connection information if there is a request from a remote device, the server storing connection information for a plurality of tunneling agents.
- a method for remote access to a local network obtains connection information for a tunneling agent by connecting to a server connected to a first network using connection information for the server, connects to the tunneling agent using the obtained connection information, and connects to a gateway device of the local network via a proprietary network built by an ISP which provides Internet service for the local network through the tunneling agent.
- the first network is the Internet and the second network is a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network.
- ISP Internet service provider
- the tunneling agent which is closet in location to the device attempting remote access to the local network or has the shortest message path from the device is selected from among the plurality of tunneling agents.
- connection information for the server is stored in the gateway device of the local network and provided for a device attempting remote access to the local network.
- connection information for the server is stored in a device attempting remote access to the local network or a program running thereon.
- FIG. 1 illustrates a typical network structure on which the data path for a remote access to a home network is marked
- FIG. 2 illustrates a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon;
- FIG. 3 illustrates an address conversion process for tunneling performed during the relay of a remote access in accordance with one embodiment of the present invention. 5. Best Mode for Carrying Out the Invention
- FIG. 2 shows a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon.
- the network includes a tunneling managing server 10 and a tunneling agent 11 for performing the tunneling of messages.
- the tunneling agent 11 is one of a plurality of tunneling agents connected to the backbone network of the ISP which provides the Internet service for the home network.
- the tunneling managing server 10 is also built up by the ISP.
- the tunneling managing server 10 a server built by the ISP, is connected to a public network but the tunneling managing server 10 can also be connected to the backbone network of the ISP.
- the backbone network of the ISP is a proprietary network (e.g., a nationwide individual network) , on which the packet transmission delay is very small and QoS (quality of service) which does not yield data loss is provided, which is a general property of common ISP backbone networks.
- a VPN client is executed on a remote terminal 2 and a VPN server is executed on an internet gateway device (IGD) 1 of the home network to which a plurality of devices are connected.
- IGD internet gateway device
- the address information of the tunneling managing server 10 e.g., the IP address thereof
- the IP address of the tunneling managing server 10 may be set in the remote terminal 2 or the VPN client running thereon.
- a user first invokes the VPN client on the remote terminal 2.
- the VPN client transmits information provided by the user to the tunneling managing server 10 with requesting tunneling information (SOl) .
- the information provided by the user comprises a unique ID assigned to the home network or a user of the home network and a password. If necessary, the information may further comprise location information indicative of the current remote site.
- Address information for accessing the tunneling managing server 10 is set in the VPN client. If the VPN client does not have the address information, the VPN client obtains the address information from the IGD 1 after connecting to the IGD 1.
- the tunneling managing server 10 determines the tunneling information after authentification if necessary based on the information provided by the VPN client (S02) and provides the tunneling information for the VPN client (S03) .
- the provided tunneling information includes address information of the tunneling agent to which the VPN client will connect (e.g., the IP address of the tunneling agent) .
- the tunneling managing server 10 selects one tunneling agent from among the plurality of tunneling agents connected to the backbone network of the ISP to which the tunneling managing server 10 belongs and provides the address information of the selected tunneling agent. The selection is based on the shortest path across the public network GN (e.g., the Internet) from the VPN client which requests the tunneling information. This guarantees that messages travel across the backbone network of the ISP as much as possible rather than the public network.
- GN e.g., the Internet
- the tunneling agent which is closest, in location, to the VPN client which requests the tunneling information is selected as the tunneling agent having the shortest path across the public network GN.
- the tunneling managing server 10 has location information about every tunneling agent connected to the backbone network of the ISP to which it belongs. To determine the tunneling agent closest in location, the tunneling managing server 10 utilizes either the location information which is received by the VPN client from the user and then transmitted by the VPN client or the information stored in an IGD (not illustrated here) for relaying data packets to the tunneling managing server 10.
- the IP address of the sender of the data packet transmitted from the VPN client may be utilized.
- an IP address assignment scheme which assigns IP addresses according to location is required and the tunneling managing server 10 stores information on the IP address assignment scheme.
- a tunneling agent which the message for requesting the tunneling information reaches via the minimum number of links on the public network is selected based on information about various data routes of major remote access zones across the public network GN if the information about the various data routes is available in advance.
- the VPN client running on the remote terminal 2 connects to the tunneling agent 11, which is specified to be closest, in location, to the VPN client by the tunneling information (S04) , thereby establishing a first VPN tunnel. If the first VPN tunnel is established, the tunneling agent 11 executes a VPN client (S05) and requests a connection to the VPN server running on the IGD 1 (S06) .
- the information required to specify the IGD 1, which may be either the IP address or the domain name thereof, can be provided by the user via the VPN client running on the remote terminal 2 after the first VPN tunnel is established.
- the VPN client running on the tunneling agent 11 connects to the VPN server running on the IGD 1, thereby establishing a second VPN tunnel.
- the second VPN tunnel is established on the backbone network BN built by the ISP.
- the second VPN tunnel can take advantage of the high quality services (e.g., small delay time, no loss of data packets, etc) available on the backbone network BN.
- the tunneling 5 agent 11 creates address mapping information required between the VPN server for the first VPN tunnel and the VPN client for the second VPN tunnel .
- the address mapping information is created based on socket information for establishing each of the tunnels.
- FIG. 3 shows the steps required for exchanging messages between the remote terminal 2 (e.g., PDA) having a public IP address and a media server Ia having a private IP address available only on the home network HN.
- the remote terminal 2 e.g., PDA
- a media server Ia having a private IP address available only on the home network HN.
- domain names such as private .m_server and public. IGD are used for brevity
- the domain names can be regarded as IP addresses, private. xxx and public. xxx denote a private IP address and a public IP address, respectively.
- the remote terminal 2 When transmitting data 31c to the media server Ia, the remote terminal 2 sets the destination and source (Dest/Src) of the data 31c to private .m_server and public. PDA 31b, respectively. Because the media server Ia cannot be identified by its private address, private .m_server, on the public
- the tunneling message 31 arrives at the tunneling agent 11 via the public network GN.
- the VPN server running on the tunneling agent 11 hands over the received tunneling message
- the VPN client changes the source of the received message 31b + 31c to the address assigned to it, i.e., public . Tnl_agent , and appends an IP address header 3Ix for setting the destination of the message 31b + 31c to the IGD 1 on which the corresponding VPN server executes to the front thereof.
- the IP address header 31a transmitted from the VPN client running on the remote terminal 2 is converted to the IP address header 3Ix to be transmitted to the IGD 1 (S31) .
- the created address mapping information is utilized during the address conversion process.
- the tunneling message initially transmitted by the remote terminal 2 is converted to a tunneling message for the backbone network built by the ISP by the address conversion process and received by the IGD 1 via the backbone network.
- the IGD 1 removes the IP address header 3 Ix from the received message so that the sub-address header 31b for specifying the real destination on the home network appears first and thereby the data 31c of the original tunneling message is finally received by the media server Ia.
- the media serer Ia responsive to the received message, creates a response message 32 by appending a header 32a having the source contained in the received message, public .tnl_agent, as the destination and its private IP address as the source to the front of data and transmits the response message 32 to the home network.
- the transmitted response message 32 is received by the IGD 1 because the destination thereof is a public IP address. Because the source thereof is not a public IP address, the IGD 1 creates a new IP address header 33 and appends the created new IP address header to the front of the received message 32. In the new IP address header 33, the destination of the received response message 32 is copied to the destination and the public IP address of the IGD 1, public.
- the constructed tunneling message 32+33 reaches the tunneling agent 11 via the backbone network of the ISP.
- the tunneling agent 11 changes the sub-address having the IP address thereof as the destination to the public IP address of the remote terminal 2, public. PDA, and converts the IP address header 33 into another IP address header 34 destined for the remote terminal 2 (S32) .
- the data 32b transmitted by the media server Ia is finally received by the remote terminal 2 via the public network.
- the tunneling agent 11 which is closest in location to the remote terminal 2 or has the shortest path from the remote terminal 2 over the public network, so that the shortest possible path is formed on the public network and most of the path is formed on the backbone network of the ISP for relaying the messages.
- the backbone network of the ISP guarantees QoS, the remote user does not have to wait for a long time before a response to a request message is received.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
L'invention concerne un procédé et un appareil de relais d'accès à distance à partir d'un réseau public vers un réseau local, notamment un réseau à domicile. Dans un procédé de cette invention, un premier tunnel pour VPN (réseau privé virtuel) est configuré sur un réseau public, notamment Internet, de telle sorte que son trajet soit raccourci autant que possible et un second tunnel pour VPN est également configuré sur un réseau fédérateur individuel obtenu par ISP (fournisseur de services Internet) qui prête un service Internet pour un réseau à domicile. Par la suite, les messages entre un périphérique sur le réseau public et un autre réseau périphérique sur le réseau à domicile sont en relais par tunnelisation sur le premier et le second tunnel.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US67986705P | 2005-05-10 | 2005-05-10 | |
US60/679,867 | 2005-05-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006121278A1 true WO2006121278A1 (fr) | 2006-11-16 |
Family
ID=37396746
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2006/001729 WO2006121278A1 (fr) | 2005-05-10 | 2006-05-09 | Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2006121278A1 (fr) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008088259A1 (fr) * | 2007-01-18 | 2008-07-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Procédé et appareil pour l'accès distant à un réseau domestique |
WO2008090519A2 (fr) * | 2007-01-23 | 2008-07-31 | Nokia Corporation | Mécanisme de configuration dans des environnements d'accès à distance hébergés |
WO2008133555A1 (fr) * | 2007-04-27 | 2008-11-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Rallonge prête à l'emploi universelle |
US20100124228A1 (en) * | 2008-11-17 | 2010-05-20 | Qualcomm Incorporated | Remote access to local network |
EP2273722A1 (fr) * | 2008-03-31 | 2011-01-12 | Samsung Electronics Co., Ltd. | Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant |
JP2013192221A (ja) * | 2008-11-17 | 2013-09-26 | Qualcomm Inc | セキュリティゲートウェイを介したローカルネットワークへのリモートアクセス |
FR3031258A1 (fr) * | 2014-12-31 | 2016-07-01 | Bull Sas | Methode de communication entre un gestionnaire d'action distant et un boitier de communication |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040037296A1 (en) * | 2002-08-21 | 2004-02-26 | Kim Mi Hui | Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP |
-
2006
- 2006-05-09 WO PCT/KR2006/001729 patent/WO2006121278A1/fr active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040037296A1 (en) * | 2002-08-21 | 2004-02-26 | Kim Mi Hui | Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP |
Non-Patent Citations (2)
Title |
---|
SHIRAISHI Y. ET AL.: "Port randomized VPN by mobile codes", CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE. CCNC. FIRST IEEE, 5 January 2004 (2004-01-05) - 8 January 2004 (2004-01-08), pages 671 - 673, XP010696985 * |
YANADA T. ET AL.: "Mobile multimedia amtropolitan area network", WIRELESS COMMUNICATIONS AND NETWORKING, vol. 3, 16 March 2003 (2003-03-16) - 20 June 2003 (2003-06-20), pages 2047 - 2052, XP010640083 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008088259A1 (fr) * | 2007-01-18 | 2008-07-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Procédé et appareil pour l'accès distant à un réseau domestique |
CN101627601B (zh) * | 2007-01-18 | 2013-03-13 | 艾利森电话股份有限公司 | 用于对家庭网络远程访问的方法和装置 |
WO2008090519A2 (fr) * | 2007-01-23 | 2008-07-31 | Nokia Corporation | Mécanisme de configuration dans des environnements d'accès à distance hébergés |
WO2008090519A3 (fr) * | 2007-01-23 | 2008-11-27 | Nokia Corp | Mécanisme de configuration dans des environnements d'accès à distance hébergés |
WO2008133555A1 (fr) * | 2007-04-27 | 2008-11-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Rallonge prête à l'emploi universelle |
JP2010525483A (ja) * | 2007-04-27 | 2010-07-22 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | ユニバーサル・プラグアンドプレイ拡張部 |
EP2273722A1 (fr) * | 2008-03-31 | 2011-01-12 | Samsung Electronics Co., Ltd. | Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant |
EP2273722A4 (fr) * | 2008-03-31 | 2014-01-22 | Samsung Electronics Co Ltd | Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant |
WO2010057120A2 (fr) * | 2008-11-17 | 2010-05-20 | Qualcomm Incorporated | Accès distant à un réseau local |
CN102217243A (zh) * | 2008-11-17 | 2011-10-12 | 高通股份有限公司 | 远程接入本地网络 |
WO2010057120A3 (fr) * | 2008-11-17 | 2010-08-12 | Qualcomm Incorporated | Accès distant à un réseau local |
JP2013192221A (ja) * | 2008-11-17 | 2013-09-26 | Qualcomm Inc | セキュリティゲートウェイを介したローカルネットワークへのリモートアクセス |
US20100124228A1 (en) * | 2008-11-17 | 2010-05-20 | Qualcomm Incorporated | Remote access to local network |
KR101358846B1 (ko) | 2008-11-17 | 2014-02-06 | 퀄컴 인코포레이티드 | 로컬 네트워크에 대한 원격 액세스 |
US8996716B2 (en) | 2008-11-17 | 2015-03-31 | Qualcomm Incorporated | Remote access to local network via security gateway |
CN102217243B (zh) * | 2008-11-17 | 2015-05-20 | 高通股份有限公司 | 远程接入本地网络的方法和装置 |
US9345065B2 (en) | 2008-11-17 | 2016-05-17 | Qualcomm Incorporated | Remote access to local network |
US10142294B2 (en) | 2008-11-17 | 2018-11-27 | Qualcomm Incorporated | Remote access to local network |
FR3031258A1 (fr) * | 2014-12-31 | 2016-07-01 | Bull Sas | Methode de communication entre un gestionnaire d'action distant et un boitier de communication |
WO2016107997A1 (fr) * | 2014-12-31 | 2016-07-07 | Bull Sas | Methode de communication entre un gestionnaire d'action distant et un boitier de communication |
US11329841B2 (en) | 2014-12-31 | 2022-05-10 | Bull Sas | Method of communication between a remote action manager and a communication box |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2273722B1 (fr) | Dispositif upnp permettant d'empêcher un conflit d'adresses réseau en cas d'accès à distance et procédé correspondant | |
EP2148518B1 (fr) | Procédé de communication de paquets au moyen d'un identificateur de noeud et d'un releveur de coordonnées associé | |
JP4598859B2 (ja) | 中継ネットワークシステム及び端末アダプタ装置 | |
JP5368459B2 (ja) | ユーザ装置における三重動作サービスのサポート | |
KR101510103B1 (ko) | Nat 디바이스로 구성된 네트워크에서의 원격 접속 방법 | |
TW200847715A (en) | Method and system of providing IP-based packet communications in a utility network | |
WO2006121278A1 (fr) | Procede et appareil de relais d'acces a distance a partir d'un reseau public vers un reseau local | |
JP2006229985A (ja) | イーサネット・ベースのネットワーク内の擬似ワイヤ・ピア・アドレスの自動検出 | |
US20070165603A1 (en) | Access network system, subscriber station device, and network terminal device | |
JP2007104440A (ja) | パケット伝送システム、トンネリング装置およびパケット伝送方法 | |
EP1419587B1 (fr) | Connexion d'acces pour ligne de puissance dynamique | |
JP3970857B2 (ja) | 通信システム、ゲートウェイ装置 | |
WO2003103210A2 (fr) | Sauvegarde d'informations de routage dans un reseau optique passif | |
JP4344336B2 (ja) | マルチホーミング認証通信システム、マルチホーミング認証通信方法、および管理サーバ | |
KR100581087B1 (ko) | 인터넷 엣지 라우터에서의 인터넷 프로토콜 주소확장 방법 | |
JP2011217174A (ja) | 通信システム、パケット転送方法、ネットワーク交換装置、及びプログラム | |
JP6424740B2 (ja) | パケット中継装置およびパケット中継方法 | |
KR100662941B1 (ko) | 공중망과 사설망간의 데이터 중계시에 네트워크 주소를변환하는 방법 | |
JP4911570B2 (ja) | 電力線ネットワークの優先通信方法およびシステム | |
KR101002811B1 (ko) | Ip 멀티캐스팅 패킷 터널링 제공 방법 및 장치 | |
JP2009206876A (ja) | サービス公開システム、通信中継装置、およびサービス公開装置 | |
KR20070061036A (ko) | 홈네트워크 간 미디어 공유 장치 및 그 방법 | |
JP2006042044A (ja) | トンネリング方法および装置、ならびにそのプログラムと記録媒体 | |
JP4093265B2 (ja) | 通信システム | |
WO2012046728A1 (fr) | Appareil de transfert de paquet, procédé de transfert de paquet et programme associé |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06732911 Country of ref document: EP Kind code of ref document: A1 |