WO2009129707A1 - 局域网之间发送、接收信息的方法和装置以及通信的系统 - Google Patents

局域网之间发送、接收信息的方法和装置以及通信的系统 Download PDF

Info

Publication number
WO2009129707A1
WO2009129707A1 PCT/CN2009/070756 CN2009070756W WO2009129707A1 WO 2009129707 A1 WO2009129707 A1 WO 2009129707A1 CN 2009070756 W CN2009070756 W CN 2009070756W WO 2009129707 A1 WO2009129707 A1 WO 2009129707A1
Authority
WO
WIPO (PCT)
Prior art keywords
local area
source
address
area network
terminal
Prior art date
Application number
PCT/CN2009/070756
Other languages
English (en)
French (fr)
Inventor
刘利锋
黄敏
万适
Original Assignee
成都市华为赛门铁克科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都市华为赛门铁克科技有限公司 filed Critical 成都市华为赛门铁克科技有限公司
Publication of WO2009129707A1 publication Critical patent/WO2009129707A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for transmitting and receiving information between local area networks and a system for communicating.
  • IPv4 address resources that the network can allocate are scarce.
  • a method of assigning a private address to the terminal is used to implement communication between terminals in the local area network.
  • a private address cannot be routed on the public network.
  • a terminal configured with a private address on the LAN needs to communicate with a terminal on the public network, the device needs to perform address translation through a Network Address Translator (NAT) device.
  • NAT Network Address Translator
  • the NAT device is generally deployed on the edge of a local area network and a public network.
  • the NAT device maintains a private address resource pool in a local area network and has a set of public network addresses.
  • the NAT device allocates a public network address to the local area network terminal from the public network address it owns, and replaces the private address part of the communication data packet of the local area network terminal with The public network address, so that the communication data packet can be routed on the public network.
  • the NAT device accesses the public network terminal to the local area network through the tunnel, and the NAT device allocates a private address to the public network terminal, and the communication packet is The central public network address portion is replaced with the private address, and the communication data packet can be routed using a private address after reaching the local area network.
  • the inventors have found that at least the following problems exist in the prior art:
  • the terminal addresses located in different local area networks are private addresses
  • the NAT device needs to communicate the communication data.
  • the private address in the packet is replaced with the public network address, that is, the NAT device needs to replace the source address and the destination address of the communication data packet with the public network address, which may cause the communication data packet to be unable to determine the source address and The destination address cannot be routed.
  • Embodiments of the present invention provide a method and apparatus for transmitting and receiving information between local area networks and a communication system, which enable terminals located in different local area networks to communicate over a public network.
  • a method for transmitting information between local area networks comprising: receiving a communication message sent by a source terminal to a destination terminal, where the source terminal and the destination terminal are respectively located in a source local area network and a target local area network, and the source address of the communication terminal
  • the private address assigned to the source terminal in the source local area network, the destination address is the source local area network private address allocated by the destination terminal in the source local area network; the destination address in the communication message is virtual privately established between the source local area network and the target local area network In the network tunnel.
  • a method for receiving information between local area networks includes: receiving, from a virtual private network tunnel established between a source local area network and a target local area network, a communication message sent by the source terminal to the destination terminal, where the source terminal and the destination terminal are respectively located at the source In the local area network and the target local area network, the source address of the communication message is a private address allocated by the source terminal in the source local area network, and the destination address is a private address allocated by the destination terminal in the target local area network; the source in the communication message is The address is replaced with the target local area network private address allocated by the source terminal in the target local area network; the communication message is sent to the target local area network.
  • a device for transmitting information between local area networks including:
  • a tunnel creation unit configured to establish a virtual private network tunnel between the source local area network and the target local area network
  • a communication packet receiving unit configured to receive a communication message sent by the source terminal to the destination terminal, where the source terminal and the destination terminal are respectively located at the source In the local area network and the target local area network, the source address of the communication message is a private address allocated by the source terminal in the source local area network, and the destination address is the destination terminal in the source local area network.
  • a destination address replacing unit configured to replace the destination address in the communication packet with a private address allocated by the destination terminal in the target local area network
  • the communication message sending unit is configured to send the communication message processed by the destination address replacing unit to the virtual private network tunnel established by the tunnel creating unit.
  • a device for receiving information between local area networks including:
  • a tunnel creation unit configured to establish a virtual private network tunnel between the source local area network and the target local area network
  • a communication packet receiving unit configured to be in a virtual private network tunnel between the source local area network and the target local area network established by the tunnel creation unit, And receiving, by the source terminal, the communication message sent by the source terminal to the destination terminal, where the source terminal and the destination terminal are respectively located in the source local area network and the target local area network, and the source address of the communication message is a private address allocated by the source terminal in the source local area network, and the destination is The address is a private address assigned by the destination terminal in the target local area network;
  • a source address replacement unit configured to replace the source address in the communication packet with a target local area network private address allocated by the source terminal in the target local area network
  • the communication message sending unit is configured to send the communication message processed by the source address replacing unit to the target local area network.
  • a system for communication between local area networks comprising: a source network address translation gateway and a target network address translation gateway; a virtual private network tunnel is established between the source network address translation gateway and the target network address translation gateway;
  • the source network address translation gateway is located at the edge of the source local area network and the public network, and is configured to receive, from the source local area network, a communication message sent by the source terminal to the destination terminal, and the destination address of the communication message is from the destination terminal in the source local area network.
  • the private LAN address assigned in the middle is replaced with the private address allocated by the destination terminal in the target local area network, and the communication message is sent to the virtual private network tunnel;
  • the destination network address translation gateway is located at the edge of the target local area network and the public network, and is configured to receive, from the virtual private network tunnel, a communication packet sent by the source terminal to the destination terminal, and source the source address of the communication packet from the source
  • the private address assigned by the terminal in the source LAN is replaced with the source terminal in the target local area.
  • the target local area network private address is allocated in the network, and the communication message is sent to the target local area network.
  • the method and device for transmitting and receiving information between the local area networks and the communication system provided by the embodiments of the present invention are
  • the destination terminal allocates the private address of the source local area network, and allocates the private address of the target local area network to the source terminal in the target local area network, so the communication sent by the source terminal to the destination terminal can be normally transmitted in the source local area network and the target local area network;
  • a virtual private network tunnel is established between the source local area network and the target local area network. Therefore, the communication can be transmitted on the public network through the virtual private network tunnel, and the prior art is provided to send communication packets to the public network.
  • a NAT device is used to perform public address translation on the private address in the communication packet, the source address and the destination address are lost, and the communication cannot be performed normally.
  • the information provided by the embodiment of the present invention is transmitted and received between the local area networks.
  • Method and apparatus and communication system capable of enabling terminals located in different local area networks Communicate with the public network via the private address.
  • FIG. 1 is a flowchart of a method for transmitting information between local area networks according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for receiving information between local area networks according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of an apparatus for transmitting information between local area networks according to an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of an apparatus for receiving information between local area networks according to an embodiment of the present invention
  • a method for transmitting information between local area networks includes: Step 101: Receive a communication message sent by a source terminal to a destination terminal, where the source terminal and the destination terminal are respectively located in a source local area network and a target.
  • the source address of the communication message is a private address allocated by the source terminal in the source local area network
  • the destination address is the source local area allocated by the destination terminal in the source local area network. Private address of the network;
  • Step 102 Replace the destination address in the communication packet with the private address allocated by the destination terminal in the target local area network.
  • Step 103 Send the communication packet to a virtual private network tunnel established between the source local area network and the target local area network.
  • the method for receiving information between local area networks includes: Step 201: Receive a communication sent by a source terminal to a destination terminal in a virtual private network tunnel established between a source local area network and a target local area network.
  • the source terminal and the destination terminal are respectively located in the source local area network and the target local area network, and the source address of the communication message is a private address allocated by the source terminal in the source local area network, and the destination address is allocated to the destination terminal in the target local area network.
  • Step 202 Replace the source address in the communication packet with a target local area network private address allocated by the source terminal in the target local area network.
  • Step 203 Send the communication packet to a target local area network.
  • FIG. 3 it is a schematic diagram of a network architecture used by a method for transmitting and receiving information between local area networks provided by the implementation of the present invention.
  • LAN A is the source LAN
  • LAN B is the target LAN.
  • Both LAN A and LAN B use the 192.168.0.0/16 private network segment to assign private IP addresses to terminals in their respective networks.
  • the A terminal in Figure 3 is the source terminal, and the A terminal is located in the local area network A, and its private address is 192.168.1.10; the B terminal is the destination terminal, and the B terminal is located in the local area network B, and its private address is 192.168.1.20.
  • FIG. 3 As shown in FIG.
  • a NAT gateway, an A gateway and a B gateway are respectively disposed at the edge of the local area network A and the public network, and at the edge of the local area network B and the public network, wherein the public network address of the A gateway is 202.102. 10.8.
  • the public network address of the B gateway is 59.64.168.12.
  • the method for transmitting and receiving information between the local area networks of the embodiment of the present invention, the step of transmitting the communication by the A terminal to the B terminal includes:
  • a virtual private network (VPN) tunnel is established, that is, a VPN tunnel is established between the local area network A and the local area network B, and the VPN tunnel is used to transmit communication between the A gateway and the B gateway.
  • VPN virtual private network
  • the VPN tunnel established between the A gateway and the B gateway may be a Security Architecture for IP network VPN (IPSec VPN) tunnel, and the steps of establishing the IPSec VPN tunnel include :
  • the network administrator configures an IPSec security policy (SP) on the A gateway and the B gateway respectively, and the communication data between the A gateway and the B gateway can enter the VPN tunnel through the security policy;
  • SP IPSec security policy
  • both gateways invoke the secure connection and key management protocol (ISAKMP) to negotiate the security association (SA) of the Intenet Key Exchange (IKE) protocol.
  • SA secure connection and key management protocol
  • IKE Intenet Key Exchange
  • the A gateway and the B gateway negotiate the security association of the IPSec communication according to the security association of the IKE;
  • the IPSec VPN tunnel between the A gateway and the B gateway is established.
  • the method for establishing an IPSec VPN tunnel between the A gateway and the B gateway is only an example listed in this embodiment, and is not limited to this in actual use.
  • the A gateway and the B gateway can also establish a VPN tunnel by other technical means.
  • the VPN tunnel needs to meet the following requirements:
  • the VPN tunnel established between the A gateway and the B gateway is secure, that is, the A gateway and the B gateway must authenticate each other to determine that the other party is indeed the NAT gateway of the LAN to be communicated;
  • the VPN tunnel established between the A gateway and the B gateway ensures the privacy and integrity of the information during transmission.
  • the VPN tunnel After the VPN tunnel is established, the VPN tunnel can be uniquely identified by using "202.102.10.8-59.64.168.12".
  • the A gateway and the B gateway allocate the local network private address to the terminal in the peer local area network to be communicated, and the steps include:
  • the A gateway needs to notify the B gateway of the private address assigned by the A terminal in the local area network A.
  • the B gateway needs to notify the A gateway of the private address allocated by the B terminal in the local area network B.
  • the step of the A gateway notifying the B gateway of the private address assigned by the A terminal in the local area network A includes: A.
  • the administrator of the gateway manually inputs the private address assigned by the A terminal in the local area network A through the gateway management interface, and selects and the B gateway Establish a good VPN (ie: select the VPN tunnel identified as "202.102.10.8-59.64.168.12"), and send the private address assigned by the A terminal in LAN A to the B gateway through the VPN tunnel; the B gateway will The step of notifying the A gateway of the private address assigned by the B terminal in the local area B is the same as the step of the A gateway notifying the B gateway of the private address assigned by the A terminal in the local area network A, and details are not described herein again;
  • the B gateway will store and store the private address assigned by the A terminal in the local area network A, allocate the private address of the A terminal in the local area network B, and establish a private address assigned by the A terminal in the local area network A, and the A terminal is in the local area network.
  • the private address in the local area network A and establish the corresponding relationship between the private address allocated by the B terminal in the local area network B, the private address allocated by the B terminal in the local area network A, and the VPN tunnel of the A gateway and the B gateway.
  • the B gateway After receiving the private address assigned by the A terminal sent by the A gateway in the local area network A, the B gateway first records the VPN tunnel identifier between the A gateway and the B gateway.
  • the VPN tunnel between the A gateway and the B gateway is uniquely determined by the identifier; then, the B gateway allocates a private address of the local area B to the A terminal, in this embodiment, in order to avoid The address conflict occurs during routing.
  • the private address of the local area network B allocated by the B gateway to the A terminal is a private address that is not allocated by the local area network B, that is, no private terminal is used by the terminal in the local area network B.
  • the A terminal is established in the local area network. Private address assigned in A, A The binding relationship between the private address assigned by the terminal in the local area network B and the VPN tunnel of the A gateway and the B gateway, as shown in Table 1:
  • the private address of the local area network B allocated by the B gateway to the A terminal is 192.168.2.100.
  • the A gateway can assign a private address in the local area network A to the B terminal, and establish a private address allocated by the B terminal in the local area network B, a private address allocated by the B terminal in the local area network A, and between the VPN tunnels - - binding relationship, as shown in Table 2:
  • the private address of the local area network A allocated by the A gateway to the B terminal is 192.168.3.300.
  • the method for transmitting and receiving information between the local area networks provided by the embodiment of the present invention transmits the communication message between the A terminal and the B terminal. The steps include:
  • the A gateway receives the communication message sent by the A terminal.
  • the source address of the communication message is the private address 192.168.1.10 allocated by the A terminal in the local area network A, and the destination address is the private address 192.168 allocated by the B terminal in the local area A to the A terminal. .3.200;
  • the A gateway searches the private address assigned by the B terminal in the local area B and the VPN tunnel between the A gateway and the B gateway according to the received communication message, and finds that the private address assigned by the B terminal in the local area B is 192.168.1.20, the VPN tunnel between the A gateway and the B gateway is 202.102.10.8-59.64.168.12;
  • the A gateway replaces the destination address in the communication >3 ⁇ 4 text with the private address 192.168.1.20 allocated by the B terminal in the local area network B, and sends the replaced communication message to the A gateway and the B gateway.
  • VPN tunnel In the VPN tunnel;
  • the B gateway receives the communication message from the VPN tunnel
  • the B gateway searches for the private address of the local area network B allocated to the A terminal from Table 1, and finds that the private address assigned by the A terminal in the local area B is 192.168.2.100;
  • the source address of the communication message (the private address assigned by the A terminal in the local area network A) is replaced with the private address 192.168.2.100 allocated by the A terminal in the local area network B, and the replaced communication message is sent to LAN B.
  • the method for transmitting and receiving information between local area networks because the private address of the local area network A is allocated to the B terminal in the local area network A, and the private address of the local area B is allocated to the A terminal in the local area B, so
  • the communication message sent by the terminal A to the B terminal can be normally transmitted in the local area network A and the local area network B. Since the VPN tunnel is established between the local area network A and the local area network B, the communication message can pass through the virtual private network. The tunnel is transmitted on the public network. This solution solves the problem of the public network address translation of the private address in the communication packet when the communication packet is sent to the public network. This causes the source address and destination address to be lost.
  • the method for transmitting and receiving information between the local area networks can correspond to the method for transmitting and receiving information between the local area networks, and the embodiment of the present invention further provides a local area network.
  • an apparatus for transmitting information between local area networks includes: a tunnel creation unit 401, configured to establish a VPN tunnel between a source local area network and a target local area network; and a communication packet receiving unit 402, configured to And receiving, by the source terminal, the communication message sent by the source terminal to the destination terminal, where the source terminal and the destination terminal are respectively located in the source local area network and the target local area network, and the source address of the communication message is a private address allocated by the source terminal in the source local area network, and the destination is The address is the source LAN private address of the destination terminal in the source LAN;
  • a destination address replacing unit 403 configured to replace the destination address in the communication packet with the destination address The private address assigned by the terminal in the target LAN;
  • the communication message sending unit 404 is configured to send the communication message processed by the destination address replacing unit 403 to the VPN tunnel established by the tunnel creating unit 401.
  • the device for transmitting information between the local area networks may further include:
  • the address searching unit 405 is configured to search, according to the destination address in the communication message, the destination address replacing unit 403 with the destination, and replace the destination address in the communication text with the destination terminal that is found by the address searching unit 405. Private address.
  • the device for transmitting information between the local area networks may further include:
  • the tunnel searching unit 406 is configured to search, from the tunnel creating unit 401, the VPN tunnel established between the source local area network and the target local area network bound to the destination address according to the destination address in the communication packet.
  • the communication message sending unit 404 sends the communication message processed by the destination address replacing unit 403 to the virtual dedicated channel found by the tunnel searching unit 406.
  • the device for transmitting information between the local area networks may be located on the source LAN and the NAT gateway at the edge of the public network, that is, may be located on the A gateway as shown in FIG.
  • an apparatus for receiving information between local area networks includes: a tunnel creation unit 501, configured to establish a VPN tunnel between a source local area network and a target local area network; and a communication packet receiving unit 502, configured to: Receiving, by the tunnel creation unit 501, the VPN tunnel between the source local area network and the target local area network, the communication message sent by the source terminal to the destination terminal, where the source terminal and the destination terminal are respectively located in the source local area network and the target local area network.
  • the source address of the communication message is a private address allocated by the source terminal in the source local area network
  • the destination address is a private address allocated by the destination terminal in the target local area network;
  • the source address replacing unit 503 is configured to replace the source address in the communication text with a target local area network private address allocated by the source terminal in the target local area network;
  • the communication message sending unit 504 is configured to send the communication message processed by the source address replacing unit 503 Send to the target LAN.
  • the device for receiving information between the local area networks may further include:
  • the address searching unit 505 is configured to find a target local area network private address allocated by the source terminal bound to the source address in the target local area network according to the source address in the communication text.
  • the source address replacing unit 503 replaces the source address in the communication packet with the target local area network private address allocated by the source terminal in the target local area network, which is found by the address lookup unit 505.
  • the device for receiving information between the local area networks may be located on the source LAN and the NAT gateway at the edge of the public network, that is, may be located on the B gateway as shown in FIG.
  • the device for transmitting and receiving information between the local area networks allocates a private address of the source local area network for the destination terminal in the source local area network, and allocates a private address of the target local area network to the source terminal in the target local area network, so the source terminal
  • the communication message sent to the destination terminal can be normally transmitted in the source local area network and the target local area network; since the virtual private network tunnel is established between the source local area network and the target local area network, the communication can be passed through the virtual private network.
  • the network tunnel is transmitted in the public network, which solves the problem that the prior art uses the NAT device to perform public address translation on the private address in the communication message when the communication packet is sent to the public network, thereby causing the source address and the destination address.
  • the sending and receiving information between the local area networks further provides a system for communication between local area networks.
  • the system includes: a source network address. Conversion gateway 601 and target network address translation gateway 602;
  • a virtual private network tunnel is established between the source network address translation gateway 601 and the target network address translation gateway 602;
  • the source network address translation gateway 601 is located at the edge of the source local area network and the public network, and is configured to receive, from the source local area network, a communication message sent by the source terminal to the destination terminal, and the destination address of the communication packet is from the destination terminal.
  • the source LAN private address allocated in the local area network is replaced with the private address allocated by the destination terminal in the target local area network, and the communication message is sent to the virtual private network tunnel;
  • the target network address translation gateway 602 is located at the target local area network and The edge of the public network, used to Receiving, by the source private network tunnel, the communication packet sent by the source terminal to the destination terminal, replacing the source address of the communication source with the private address allocated by the source terminal in the source local area network, and the source terminal is allocated in the target local area network.
  • the target LAN private address and send the communication " ⁇ " to the target LAN.
  • the system for communicating between local area networks because the destination terminal is assigned a private address of the source local area network in the source local area network, and the target local area network is assigned a private address of the target local area network in the target local area network, the source terminal is to the destination terminal.
  • the transmitted communication message can be normally transmitted in the source local area network and the target local area network; since a virtual private network tunnel is established between the source local area network and the target local area network, the communication packet can pass through the virtual private network tunnel on the public network.
  • the NAT device when the communication message is sent to the public network, the NAT device needs to use the NAT device to perform public address translation on the private address in the communication packet, thereby causing the source address and the destination address to be lost and fail to communicate normally.
  • the problem is that the system for communication between local area networks provided by the embodiments of the present invention enables terminals located in different local area networks to communicate through the public network using private addresses.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Description

局域网之间发送、 接收信息的方法和装置以及通信的系统 本申请要求于 2008 年 4 月 21 日提交中国专利局、 申请号为 200810093694. 2 , 发明名称为"局域网之间发送、 接收信息的方法和装置以及 通信的系统"的中国专利申请的优先权, 其全部内容通过引用结合在本申请 中。
技术领域
本发明涉及通信领域, 尤其涉及一种局域网之间发送、 接收信息的方法 和装置以及通信的系统。
背景技术
由于 IPv4地址空间有限以及 IP地址分配不合理, 使得网絡可以分配的 IPv4地址资源匮乏。 为了节省 IPv4地址资源, 緩解 IP地址资源紧张的局面, 在局域网中, 釆用为终端分配私有地址的方法, 实现局域网内终端之间的通 信。
私有地址不能在公网中路由, 当局域网内配置了私有地址的终端需要和 公网的终端通信时,需要通过网絡地址转换( Network Address Translator, NAT ) 设备进行地址转换。 所述 NAT设备一般部署在局域网和公网的边缘, 该 NAT 设备维护一个局域网中私有地址资源池, 并拥有一组公网地址。
当局域网内的终端需要访问公网上的终端时, 所述 NAT设备从其拥有的 公网地址中为该局域网终端分配一个公网地址, 并将该局域网终端的通信数 据包中私有地址部分替换为所述公网地址, 从而使所述通信数据包可以在公 网上路由。 当公网上的终端需要访问所述局域网内具有私有地址的终端时, NAT设备通过隧道将该公网终端接入局域网,所述 NAT设备为该公网终端分 配一个私有地址, 并将通信数据包中公网地址部分替换为所述私有地址, 所 述通信数据包在到达局域网后, 可以使用私有地址路由。
在实现上述本发明的过程中, 发明人发现现有技术中至少存在如下问题: 当两个以上位于不同局域网的终端通过公网进行通信时, 由于所述位于不同 局域网的终端地址均为私有地址,为了使所述数据包能够在公网上路由, NAT 设备需要将所述通信数据包中的私有地址替换为公网地址, 即: NAT设备需 要将所述通信数据包的源地址和目的地址均替换为公网地址, 这样可能会造 成所述通信数据包由于无法确定源地址和目的地址而无法路由的问题。
发明内容
本发明的实施例提供一种局域网之间发送、 接收信息的方法和装置以及 通信的系统, 能够使位于不同局域网的终端可以通过公网进行通信。
为达到上述目的, 本发明的实施例釆用如下技术方案:
一种局域网之间发送信息的方法, 包括: 接收源终端向目的终端发送的 通信 4艮文, 所述源终端和目的终端分别位于源局域网和目标局域网中, 所述 通信 4艮文的源地址为源终端在源局域网中分配的私有地址, 目的地址为目的 终端在源局域网中分配的源局域网私有地址; 将所述通信 ^艮文中的目的地址 到源局域网和目标局域网之间建立的虚拟专用网隧道中。
一种局域网之间接收信息的方法, 包括: 从源局域网和目标局域网之间 建立的虚拟专用网隧道中, 接收源终端向目的终端发送的通信报文, 所述源 终端和目的终端分别位于源局域网和目标局域网中, 所述通信 ^艮文的源地址 为源终端在源局域网中分配的私有地址, 目的地址为目的终端在目标局域网 中分配的私有地址; 将所述通信报文中的源地址替换为源终端在目标局域网 中分配的目标局域网私有地址; 将所述通信 "^文发送到目标局域网中。
一种局域网之间发送信息的装置, 包括:
隧道创建单元, 用于建立源局域网和目标局域网之间的虚拟专用网隧道; 通信报文接收单元, 用于接收源终端向目的终端发送的通信报文, 所述 源终端和目的终端分别位于源局域网和目标局域网中, 所述通信 4艮文的源地 址为源终端在源局域网中分配的私有地址, 目的地址为目的终端在源局域网 中的源局域网私有地址;
目的地址替换单元, 用于将所述通信报文中的目的地址替换为所述目的 终端在目标局域网中分配的私有地址;
通信报文发送单元, 用于将目的地址替换单元处理后的通信报文发送到 所述隧道创建单元建立的虚拟专用网隧道中。
一种局域网之间接收信息的装置, 包括:
隧道创建单元, 用于建立源局域网和目标局域网之间的虚拟专用网隧道; 通信报文接收单元, 用于从所述隧道创建单元建立的源局域网和目标局 域网之间的虚拟专用网隧道中, 接收源终端向目的终端发送的通信报文, 所 述源终端和目的终端分别位于源局域网和目标局域网中, 所述通信 4艮文的源 地址为源终端在源局域网中分配的私有地址, 目的地址为目的终端在目标局 域网中分配的私有地址;
源地址替换单元, 用于将所述通信报文中的源地址替换为源终端在目标 局域网中分配的目标局域网私有地址;
通信报文发送单元, 用于将源地址替换单元处理后的通信报文发送到目 标局域网中。
一种局域网之间通信的系统, 包括: 源网絡地址转换网关和目标网絡地 址转换网关; 所述源网絡地址转换网关和目标网絡地址转换网关之间建立有 虚拟专用网隧道;
所述源网絡地址转换网关, 位于源局域网和公网的边缘, 用于从源局域 网中接收源终端向目的终端发送的通信报文, 将所述通信报文的目的地址由 目的终端在源局域网中分配的源局域网私有地址替换为目的终端在目标局域 网中分配的私有地址, 并将该通信 "^文发送到所述虚拟专用网隧道中;
所述目标网絡地址转换网关, 位于目标局域网和公网的边缘, 用于从所 述虚拟专用网隧道中接收源终端向目的终端发送的通信报文, 将所述通信报 文的源地址由源终端在源局域网中分配的私有地址替换为源终端在目标局域 网中分配的目标局域网私有地址, 并将该通信 "^文发送到目标局域网中。 本发明实施例提供的局域网之间发送、 接收信息的方法和装置以及通信 的系统, 由于在源局域网中为目的终端分配了源局域网私有地址, 在目标局 域网中为源终端分配了目标局域网私有地址, 所以所述源终端向目的终端发 送的通信"^艮文可以在源局域网和目标局域网中正常传输; 由于所述源局域网 和目标局域网之间建立有虚拟专用网隧道, 所以所述通信 4艮文可以通过所述 虚拟专用网隧道在公网中传输, 解决了现有技术将通信报文发向公网时, 需 要使用 NAT设备对该通信报文中的私有地址进行公网地址转换, 造成源地址 和目的地址丟失而无法正常通信的问题, 本发明的实施例提供的局域网之间 发送、 接收信息的方法和装置以及通信的系统, 能够使位于不同局域网的终 端使用私有地址通过公网进行通信。
附图说明
图 1为本发明实施例提供的局域网之间发送信息的方法流程图; 图 2为本发明实施例提供的局域网之间接收信息的方法流程图; 图 3 为本发明实施提供的局域网之间发送、 接收信息的方法使用的网絡 架构示意图;
图 4为本发明实施例提供的局域网之间发送信息的装置结构示意图; 图 5为本发明实施例提供的局域网之间接收信息的装置结构示意图; 图 6为本发明实施例提供的局域网之间通信的系统结构示意图。
具体实施方式
下面结合附图对本发明实施例提供的局域网之间发送、 接收信息的方法 和装置以及通信的系统进行详细描述。
如图 1所示, 本发明实施例提供的局域网之间发送信息的方法, 包括: 步骤 101 ,接收源终端向目的终端发送的通信报文, 所述源终端和目的终 端分别位于源局域网和目标局域网中, 所述通信 4艮文的源地址为源终端在源 局域网中分配的私有地址, 目的地址为目的终端在源局域网中分配的源局域 网私有地址;
步骤 102,将所述通信报文中的目的地址替换为所述目的终端在目标局域 网中分配的私有地址;
步骤 103,将所述通信报文发送到源局域网和目标局域网之间建立的虚拟 专用网隧道中。
如图 2所示, 本发明实施例提供的局域网之间接收信息的方法, 包括: 步骤 201 , 从源局域网和目标局域网之间建立的虚拟专用网隧道中,接收 源终端向目的终端发送的通信报文, 所述源终端和目的终端分别位于源局域 网和目标局域网中, 所述通信 4艮文的源地址为源终端在源局域网中分配的私 有地址, 目的地址为目的终端在目标局域网中分配的私有地址;
步骤 202,将所述通信报文中的源地址替换为源终端在目标局域网中分配 的目标局域网私有地址;
步骤 203, 将所述通信报文发送到目标局域网中。
为了使本领域技术人员能够更加深刻地理解本发明实施例提供的局域网 之间发送、 接收信息的方法, 下面结合具体的实施例进行说明。
如图 3 所示, 为本发明实施提供的局域网之间发送、 接收信息的方法使 用的网絡架构示意图。 图 3中的局域网 A为源局域网, 局域网 B为目标局域 网, 局域网 A和局域网 B均使用 192.168.0.0/16私有网段为各自网内的终端 分配私有 IP地址。 图 3中的 A终端为源终端, 该 A终端位于局域网 A中, 其私有地址为 192.168.1.10; B终端为目的终端, 该 B终端位于局域网 B中, 其私有地址为 192.168.1.20。 如图 3所示, 在所述局域网 A和公网的边缘, 以 及局域网 B和公网的边缘分别设置有一个 NAT网关—— A网关和 B网关,其 中, A网关的公网地址为 202.102.10.8, B网关的公网地址为 59.64.168.12。
通过本发明实施例的局域网之间发送、 接收信息的方法, 实现所述 A终 端向 B终端传输通信 "^文的步骤包括:
首先,在 A终端向 B终端发送通信报文之前, 需要在 A网关和 B网关之 间建立虚拟专用网 (VPN )隧道, 即: 在局域网 A和局域网 B之间建立 VPN 隧道, 该 VPN隧道用于在 A网关和 B网关之间传输通信 4艮文。
在本实施例中 , 所述 A网关和 B网关之间建立的 VPN隧道可以为 IP层 协议安全结构 VPN ( Security Architecture for IP network VPN, 简称: IPSec VPN ) 隧道, 该 IPSec VPN隧道的建立步骤包括:
1、 网絡管理员分别在 A网关和 B网关上配置 IPSec安全策略(SP ), 所 述 A网关和 B网关之间的通信数据可以通过所述安全策略进入 VPN隧道;
2、 当 A网关和 B网关之间传输的第一个数据到达时, 网关双方调用安全 连接和密钥管理协议(ISAKMP ), 协商 Intenet密钥交换(IKE )协议的安全 关联(SA ), 该安全关联中包括了加密数据所使用的各种算法和密钥;
3、 A网关和 B网关根据 IKE的安全关联, 协商 IPSec通信的安全关联;
4、 当 A网关和 B网关协商并记录通信的安全关联成功后, A网关和 B 网关之间的 IPSec VPN隧道建立完成。
上述在 A网关和 B网关之间建立 IPSec VPN隧道的方法仅为本实施例列 举的一个例子, 在实际的使用中并不仅限于此。 A网关和 B网关还可以通过 其他技术手段建立 VPN隧道, 但是, 所述 VPN隧道需满足以下要求:
第一, A网关和 B网关之间建立的 VPN隧道是安全的 , 即: A网关和 B 网关必须相互认证, 确定对方确实是所要通信的局域网的 NAT网关;
第二, A网关和 B网关之间建立的 VPN隧道要保证信息在传输过程中的 私密性和完整性。
所述 VPN隧道建立以后, 可以使用 "202.102.10.8-59.64.168.12" 唯一标 识出该 VPN隧道。
然后, A网关和 B网关为将要进行通信的对端局域网中的终端分配本局 域网私有地址, 其步骤包括:
A网关需要将 A终端在局域网 A中分配的私有地址通知 B网关, B网关 需要将 B终端在局域网 B中分配的私有地址通知 A网关; 在本实施例中, 所 述 A网关将 A终端在局域网 A中分配的私有地址通知 B网关的步骤包括: A 网关的管理员通过网关管理接口, 手动输入 A终端在局域网 A中分配的私有 地址, 并且选择和 B 网关之间建立好的 VPN ( 即: 选择标识为 "202.102.10.8-59.64.168.12" 的 VPN隧道 ), 通过该 VPN隧道将 A终端在局 域网 A中分配的私有地址发送至 B网关; 所述 B网关将 B终端在局域网 B 中分配的私有地址通知 A网关的步骤与所述 A网关将 A终端在局域网 A中分 配的私有地址通知 B网关的步骤相同, 此处不再赘述;
B网关将接收到的 A终端在局域网 A中分配的私有地址并保存, 为该 A 终端分配其在局域网 B中的私有地址, 并建立 A终端在局域网 A中分配的私 有地址、 A终端在局域网 B中分配的私有地址以及 A网关和 B网关的 VPN 隧道之间的——对应关系; 同理, A网关将接收到的 B终端在局域网 B中分 配的地址并保存, 为该 B终端分配其在局域网 A中的私有地址, 并建立 B终 端在局域网 B中分配的私有地址、 B终端在局域网 A中分配的私有地址以及 A网关和 B网关的 VPN隧道之间的——对应关系。
由于上述两个过程的步骤及原理相同, 在本实施例中, 仅以 B 网关将接 收到的 A终端在局域网 A中分配的私有地址并保存,为该 A终端分配其在局 域网 B中的私有地址, 并建立 A终端在局域网 A中分配的私有地址、 A终端 在局域网 B中分配的私有地址以及 A网关和 B网关的 VPN隧道之间的—— 对应关系为例, 进行详细说明。 其具体步骤如下:
B网关在接收到 A网关发送的 A终端在局域网 A中分配的私有地址以后 , 首先 , 记录 A 网 关和 B 网 关之间 的 VPN 隧道标识
202.102.10.8-59.64.168.12, 通过该标识唯一确定一条 A网关和 B网关之间的 VPN隧道; 然后, B网关为所述 A终端分配一个局域网 B的私有地址, 在本 实施例中, 为了避免路由时出现地址冲突的问题, 所述 B网关为 A终端分配 的局域网 B的私有地址为局域网 B未分配的私有地址, 即: 局域网 B中没有 终端使用该私有地址; 最后, 建立 A终端在局域网 A中分配的私有地址、 A 终端在局域网 B中分配的私有地址以及 A网关和 B网关的 VPN隧道之间的 ——绑定关系, 如表 1所示:
Figure imgf000010_0001
表 1
其中, B网关为所述 A终端分配的局域网 B私有地址为 192.168.2.100。 同理, A网关可以为 B终端分配一个其在局域网 A中的私有地址, 并建 立 B终端在局域网 B中分配的私有地址、 B终端在局域网 A中分配的私有地 址以及 VPN隧道之间的——绑定关系, 如表 2所示:
Figure imgf000010_0002
表 2
其中, A网关为所述 B终端分配的局域网 A私有地址为 192.168.3.300。 最后,通过本发明实施例提供的局域网之间发送、接收信息的方法,在 A 终端和 B终端之间传输通信报文。 其步骤包括:
A网关接收 A终端发送的通信报文, 该通信报文的源地址为 A终端在局 域网 A中分配的私有地址 192.168.1.10, 目的地址为 A网关为 B终端在局域 网 A中分配的私有地址 192.168.3.200;
A网关根据接收到的通信报文, 从表 2中查找 B终端在局域网 B中分配 的私有地址,以及 A网关和 B网关之间的 VPN隧道,发现 B终端在局域网 B 中分配的私有地址为 192.168.1.20 , A 网关和 B 网关之间的 VPN 隧道为 202.102.10.8-59.64.168.12;
A网关将所述通信>¾文中的目的地址替换为 B终端在局域网 B中分配的 私有地址 192.168.1.20,并将替换以后的通信报文发送到 A网关和 B网关之间 的 VPN隧道中;
B网关从所述 VPN隧道中接收所述通信 4艮文;
B网关根据接收到的通信报文, 从表 1中查找其为 A终端分配的局域网 B 的私有地址, 发现为该 A 终端在局域网 B 中分配的私有地址为 192.168.2.100;
将所述通信报文的源地址( A终端在局域网 A中分配的私有地址)替换 为 B网关为 A终端在局域网 B中分配的私有地址 192.168.2.100, 并把替换后 的通信报文发送到局域网 B中。
本发明实施例提供的局域网之间发送、接收信息的方法, 由于在局域网 A 中为 B终端分配了局域网 A的私有地址,在局域网 B中为 A终端分配了局域 网 B的私有地址, 所以所述 A终端向 B终端发送的通信 4艮文可以在局域网 A 和局域网 B中正常传输; 由于所述局域网 A和局域网 B之间建立有 VPN隧 道, 所以所述通信报文可以通过所述虚拟专用网隧道在公网中传输, 解决了 现有技术将通信报文在发向公网时, 需要使用 NAT设备对该通信报文中的私 有地址进行公网地址转换, 从而造成源地址和目的地址丟失而无法正常通信 的问题, 本发明的实施例提供的局域网之间发送、 接收信息的方法, 能够使 与上述局域网之间发送、 接收信息的方法相对应地, 本发明实施例还提 供一种局域网之间发送、 接收信息的装置。
如图 4所示, 本发明实施例提供的局域网之间发送信息的装置, 包括: 隧道创建单元 401 , 用于建立源局域网和目标局域网之间的 VPN隧道; 通信报文接收单元 402, 用于接收源终端向目的终端发送的通信报文, 所 述源终端和目的终端分别位于源局域网和目标局域网中, 所述通信 4艮文的源 地址为源终端在源局域网中分配的私有地址, 目的地址为目的终端在源局域 网中的源局域网私有地址;
目的地址替换单元 403 ,用于将所述通信报文中的目的地址替换为所述目 的终端在目标局域网中分配的私有地址;
通信报文发送单元 404,用于将目的地址替换单元 403处理后的通信报文 发送到所述隧道创建单元 401建立的 VPN隧道中。
进一步地, 所述的局域网之间发送信息的装置, 还可以包括:
地址查找单元 405 , 用于根据所述通信 文中的目的地址, 查找与该目的 所述目的地址替换单元 403 ,将所述通信 文中的目的地址替换为所述地 址查找单元 405查找到的目的终端的私有地址。
进一步地, 所述的局域网之间发送信息的装置, 还可以包括:
隧道查找单元 406, 用于根据所述通信报文中的目的地址,从隧道创建单 元 401中查找与该目的地址绑定的源局域网和目标局域网之间建立的 VPN隧 道;
所述通信报文发送单元 404,将目的地址替换单元 403处理后的通信报文, 发送到所述隧道查找单元 406查找到的虚拟专用通道中。
本发明实施例提供的局域网之间发送信息的装置可以位于源局域网和公 网边缘的 NAT网关上, 即: 可以位于如图 3所示的 A网关上。
如图 5所示, 本发明实施例提供的局域网之间接收信息的装置, 包括: 隧道创建单元 501 , 用于建立源局域网和目标局域网之间的 VPN隧道; 通信报文接收单元 502,用于从所述隧道创建单元 501建立的源局域网和 目标局域网之间的 VPN隧道中, 接收源终端向目的终端发送的通信报文, 所 述源终端和目的终端分别位于源局域网和目标局域网中, 所述通信 4艮文的源 地址为源终端在源局域网中分配的私有地址, 目的地址为目的终端在目标局 域网中分配的私有地址;
源地址替换单元 503,用于将所述通信 文中的源地址替换为源终端在目 标局域网中分配的目标局域网私有地址;
通信报文发送单元 504,用于将源地址替换单元 503处理后的通信报文发 送到目标局域网中。
进一步地, 所述的局域网之间接收信息的装置, 还可以包括:
地址查找单元 505 , 用于才艮据所述通信 "^文中的源地址, 查找与该源地址 绑定的源终端在目标局域网中分配的目标局域网私有地址;
所述源地址替换单元 503 ,将所述通信报文中的源地址替换为所述地址查 找单元 505查找到的源终端在目标局域网中分配的目标局域网私有地址。
本发明实施例提供的局域网之间接收信息的装置可以位于源局域网和公 网边缘的 NAT网关上, 即: 可以位于如图 3所示的 B网关上。
本发明实施例提供的局域网之间发送、 接收信息的装置, 由于在源局域 网中为目的终端分配了源局域网私有地址, 在目标局域网中为源终端分配了 目标局域网私有地址, 所以所述源终端向目的终端发送的通信 4艮文可以在源 局域网和目标局域网中正常传输; 由于所述源局域网和目标局域网之间建立 有虚拟专用网隧道, 所以所述通信 4艮文可以通过所述虚拟专用网隧道在公网 中传输, 解决了现有技术将通信报文在发向公网时, 需要使用 NAT设备对该 通信 4艮文中的私有地址进行公网地址转换, 从而造成源地址和目的地址丟失 而无法正常通信的问题, 本发明的实施例提供的局域网之间发送、 接收信息 本发明实施例还提供一种局域网之间通信的系统, 如图 6所示, 该系统 包括: 源网絡地址转换网关 601和目标网絡地址转换网关 602;
所述源网絡地址转换网关 601和目标网絡地址转换网关 602之间建立有 虚拟专用网隧道;
所述源网絡地址转换网关 601 , 位于源局域网和公网的边缘, 用于从源局 域网中接收源终端向目的终端发送的通信报文, 将所述通信报文的目的地址 由目的终端在源局域网中分配的源局域网私有地址替换为目的终端在目标局 域网中分配的私有地址, 并将该通信报文发送到所述虚拟专用网隧道中; 所述目标网絡地址转换网关 602 ,位于目标局域网和公网的边缘, 用于从 所述虚拟专用网隧道中接收源终端向目的终端发送的通信报文, 将所述通信 才艮文的源地址由源终端在源局域网中分配的私有地址替换为源终端在目标局 域网中分配的目标局域网私有地址, 并将该通信 "^文发送到目标局域网中。
本发明实施例提供的局域网之间通信的系统, 由于在源局域网中为目的 终端分配了源局域网私有地址, 在目标局域网中为源终端分配了目标局域网 私有地址, 所以所述源终端向目的终端发送的通信报文可以在源局域网和目 标局域网中正常传输; 由于所述源局域网和目标局域网之间建立有虚拟专用 网隧道, 所以所述通信报文可以通过所述虚拟专用网隧道在公网中传输, 解 决了现有技术将通信报文在发向公网时, 需要使用 NAT设备对该通信报文中 的私有地址进行公网地址转换, 从而造成源地址和目的地址丟失而无法正常 通信的问题, 本发明的实施例提供的局域网之间通信的系统, 能够使位于不 同局域网的终端使用私有地址通过公网进行通信。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤 是可以通过程序来指令相关的硬件完成, 所述的程序可以存储于一计算机可 读存储介质中, 如 ROM/RAM、 磁碟或光盘等。
以上所述的具体实施例, 对本发明的目的、 技术方案和有益效果进行了 进一步详细说明, 所应理解的是, 以上所述仅为本发明的较佳实施例而已, 并非用于限定本发明的保护范围, 凡在本发明的精神和原则之内, 所作的任 何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。

Claims

权利 要求 书
1、 一种局域网之间发送信息的方法, 其特征在于, 包括:
接收源终端向目的终端发送的通信报文, 所述源终端和目的终端分别位于 源局域网和目标局域网中, 所述通信 4艮文的源地址为源终端在源局域网中分配 的私有地址, 目的地址为目的终端在源局域网中分配的源局域网私有地址; 将所述通信报文中的目的地址替换为所述目的终端在目标局域网中分配的 私有地址;
将所述通信报文发送到源局域网和目标局域网之间建立的虚拟专用网隧道 中。
2、 根据权利要求 1所述的局域网之间发送信息的方法, 其特征在于, 所述 目的终端在源局域网中分配的源局域网私有地址为源局域网未分配的私有地 址。
3、 根据权利要求 1所述的局域网之间发送信息的方法, 其特征在于, 所述 接收源终端向目的终端发送的通信报文之后, 所述将所述通信报文中的目的地 根据所述通信报文中的目的地址, 查找与该目的地址绑定的目的终端在目 标局域网中分配的私有地址。
4、 根据权利要求 1所述的局域网之间发送信息的方法, 其特征在于, 所述 接收源终端向目的终端发送的通信报文之后, 所述将所述通信报文发送到源局 域网和目标局域网之间建立的虚拟专用网隧道中之前, 还包括:
根据所述通信报文中的目的地址, 查找与该目的地址绑定的源局域网和目 标局域网之间建立的虚拟专用网隧道。
5、 一种局域网之间接收信息的方法, 其特征在于, 包括:
从源局域网和目标局域网之间建立的虚拟专用网隧道中, 接收源终端向目 的终端发送的通信 4艮文, 所述源终端和目的终端分别位于源局域网和目标局域 网中, 所述通信 ^艮文的源地址为源终端在源局域网中分配的私有地址, 目的地 址为目的终端在目标局域网中分配的私有地址;
将所述通信报文中的源地址替换为源终端在目标局域网中分配的目标局域 网私有地址;
将所述通信 ^^文发送到目标局域网中。
6、 根据权利要求 5所述的局域网之间接收信息的方法, 其特征在于, 所述 源终端在目标局域网中分配的目标局域网私有地址为目标局域网未分配的私有 地址。
7、 根据权利要求 5所述的局域网之间接收信息的方法, 其特征在于, 所述 从源局域网和目标局域网之间建立的虚拟专用网隧道中, 接收源终端向目的终 端发送的通信报文之后, 所述将所述通信报文中的源地址替换为源终端在目标 局域网中分配的目标局域网私有地址之前, 还包括:
根据所述通信报文中的源地址, 查找与该源地址绑定的源终端在目标局域 网中分配的目标局域网私有地址。
8、 一种局域网之间发送信息的装置, 其特征在于, 包括:
隧道创建单元, 用于建立源局域网和目标局域网之间的虚拟专用网隧道; 通信报文接收单元, 用于接收源终端向目的终端发送的通信报文, 所述源 终端和目的终端分别位于源局域网和目标局域网中, 所述通信 ^艮文的源地址为 源终端在源局域网中分配的私有地址, 目的地址为目的终端在源局域网中的源 局域网私有地址;
目的地址替换单元, 用于将所述通信报文中的目的地址替换为所述目的终 端在目标局域网中分配的私有地址;
通信报文发送单元, 用于将目的地址替换单元处理后的通信报文发送到所 述隧道创建单元建立的虚拟专用网隧道中。
9、 根据权利要求 8所述的局域网之间发送信息的装置, 其特征在于, 还包 括:
地址查找单元, 用于 居所述通信" ^艮文中的目的地址, 查找与该目的地址 所述目的地址替换单元将所述通信报文中的目的地址替换为所述地址查找 单元查找到的目的终端的私有地址。
10、 根据权利要求 8所述的局域网之间发送信息的装置, 其特征在于, 还 包括: 隧道查找单元, 用于根据所述通信报文中的目的地址, 从隧道创建单元 中查找与该目的地址绑定的源局域网和目标局域网之间建立的虚拟专用网隧 道;
所述通信报文发送单元, 将目的地址替换单元处理后的通信报文, 发送到 所述隧道查找单元查找到的虚拟专用通道中。
11、 根据权利要求 8至 10中任一权利要求所述的局域网之间发送信息的装 置, 其特征在于, 所述局域网之间发送信息的装置位于源局域网和公网边缘的 源网絡地址转换网关上。
12、 一种局域网之间接收信息的装置, 其特征在于, 包括:
隧道创建单元, 用于建立源局域网和目标局域网之间的虚拟专用网隧道; 通信报文接收单元, 用于从所述隧道创建单元建立的源局域网和目标局域 网之间的虚拟专用网隧道中, 接收源终端向目的终端发送的通信报文, 所述源 终端和目的终端分别位于源局域网和目标局域网中, 所述通信 ^艮文的源地址为 源终端在源局域网中分配的私有地址, 目的地址为目的终端在目标局域网中分 配的私有地址;
源地址替换单元, 用于将所述通信报文中的源地址替换为源终端在目标局 域网中分配的目标局域网私有地址;
通信报文发送单元, 用于将源地址替换单元处理后的通信报文发送到目标 局域网中。
13、 根据权利要求 12所述的局域网之间接收信息的装置, 其特征在于, 还 包括:
地址查找单元, 用于根据所述通信报文中的源地址, 查找与该源地址绑定 的源终端在目标局域网中分配的目标局域网私有地址;
所述源地址替换单元将所述通信报文中的源地址替换为, 所述地址查找单
14、 根据权利要求 12或 13所述的局域网之间接收信息的装置, 其特征在 于, 所述局域网之间接收信息的装置位于目标局域网和公网边缘的目标网絡地 址转换网关上。
15、 一种局域网之间通信的系统, 其特征在于, 包括: 源网絡地址转换网 关和目标网絡地址转换网关;
所述源网絡地址转换网关和目标网絡地址转换网关之间建立有虚拟专用网 隧道;
所述源网絡地址转换网关, 位于源局域网和公网的边缘, 用于从源局域网 中接收源终端向目的终端发送的通信报文, 将所述通信报文的目的地址由目的 终端在源局域网中分配的源局域网私有地址替换为目的终端在目标局域网中分 配的私有地址, 并将该通信 文发送到所述虚拟专用网隧道中;
所述目标网絡地址转换网关, 位于目标局域网和公网的边缘, 用于从所述 虚拟专用网隧道中接收源终端向目的终端发送的通信报文, 将所述通信报文的 源地址由源终端在源局域网中分配的私有地址替换为源终端在目标局域网中分 配的目标局域网私有地址, 并将该通信 4艮文发送到目标局域网中。
PCT/CN2009/070756 2008-04-21 2009-03-12 局域网之间发送、接收信息的方法和装置以及通信的系统 WO2009129707A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810093694.2 2008-04-21
CN2008100936942A CN101567831B (zh) 2008-04-21 2008-04-21 局域网之间发送、接收信息的方法和装置以及通信的系统

Publications (1)

Publication Number Publication Date
WO2009129707A1 true WO2009129707A1 (zh) 2009-10-29

Family

ID=41216418

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070756 WO2009129707A1 (zh) 2008-04-21 2009-03-12 局域网之间发送、接收信息的方法和装置以及通信的系统

Country Status (2)

Country Link
CN (1) CN101567831B (zh)
WO (1) WO2009129707A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113329033A (zh) * 2021-06-23 2021-08-31 广东利元亨智能装备股份有限公司 局域网之间建立通信连接的方法、用户端设备及网关设备
CN114615080A (zh) * 2022-03-30 2022-06-10 阿里巴巴(中国)有限公司 工业设备的远程通信方法、装置以及设备

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9025603B2 (en) * 2011-03-08 2015-05-05 Qualcomm Incorporated Addressing scheme for hybrid communication networks
JP5682782B2 (ja) 2011-07-11 2015-03-11 村田機械株式会社 中継サーバ及び中継通信システム
CN103457850B (zh) * 2012-05-29 2018-03-20 中兴通讯股份有限公司 站点的通信方法、rtr及隧道路由器
CN107306198B (zh) * 2016-04-20 2019-12-06 华为技术有限公司 报文转发方法、设备和系统
CN107872542B (zh) * 2016-09-27 2021-05-04 阿里巴巴集团控股有限公司 一种数据传输的方法及网络设备
CN108366078A (zh) * 2018-04-24 2018-08-03 深圳市网心科技有限公司 处于不同nat节点下的设备的穿透方法和穿透系统
JP7172126B2 (ja) * 2018-05-14 2022-11-16 オムロン株式会社 モータ制御装置
CN108769292B (zh) * 2018-06-29 2021-04-13 北京百悟科技有限公司 报文数据处理方法及装置
CN111786873B (zh) * 2020-07-13 2021-11-26 浙江捷创方舟数字技术有限公司 支持plc冗余的远程控制方法、系统及网关
CN112104662B (zh) * 2020-09-27 2022-10-14 平安普惠企业管理有限公司 远端数据读写方法、装置、设备及计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6047325A (en) * 1997-10-24 2000-04-04 Jain; Lalit Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks
CN1525711A (zh) * 2003-01-21 2004-09-01 ���ǵ�����ʽ���� 用于在不同的专用网的网络设备之间支持通信的网关
US20050066035A1 (en) * 2003-09-19 2005-03-24 Williams Aidan Michael Method and apparatus for connecting privately addressed networks
CN1852213A (zh) * 2005-11-14 2006-10-25 华为技术有限公司 一种跨多自治系统混合网络虚拟专用网的实现方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6047325A (en) * 1997-10-24 2000-04-04 Jain; Lalit Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks
CN1525711A (zh) * 2003-01-21 2004-09-01 ���ǵ�����ʽ���� 用于在不同的专用网的网络设备之间支持通信的网关
US20050066035A1 (en) * 2003-09-19 2005-03-24 Williams Aidan Michael Method and apparatus for connecting privately addressed networks
CN1852213A (zh) * 2005-11-14 2006-10-25 华为技术有限公司 一种跨多自治系统混合网络虚拟专用网的实现方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113329033A (zh) * 2021-06-23 2021-08-31 广东利元亨智能装备股份有限公司 局域网之间建立通信连接的方法、用户端设备及网关设备
CN114615080A (zh) * 2022-03-30 2022-06-10 阿里巴巴(中国)有限公司 工业设备的远程通信方法、装置以及设备
CN114615080B (zh) * 2022-03-30 2023-12-05 阿里巴巴(中国)有限公司 工业设备的远程通信方法、装置以及设备

Also Published As

Publication number Publication date
CN101567831B (zh) 2011-11-16
CN101567831A (zh) 2009-10-28

Similar Documents

Publication Publication Date Title
WO2009129707A1 (zh) 局域网之间发送、接收信息的方法和装置以及通信的系统
US8295285B2 (en) Method and apparatus for communication of data packets between local networks
JP4727126B2 (ja) 近距離無線コンピューティング装置用のセキュア・ネットワーク・アクセスの提供
AU2016201620B2 (en) Dynamic vpn address allocation
US9807603B2 (en) Method and system for WiBro network interworking in wireless terminal
JP4766976B2 (ja) ノード間接続方法及び装置
WO2010127610A1 (zh) 一种虚拟专用网节点信息的处理方法、设备及系统
WO2008148357A1 (fr) Système et procédé de communication, passerelle de station de base domestique et serveur de station de base domestique
JP5816293B2 (ja) パブリックネットワークにおけるプライベート装置の識別
JP2011501623A (ja) 仮想ipアドレスを割り当てるための中央ステーションのための種々の方法および装置
WO2012013133A1 (zh) 一种网络通信的方法和设备
JP2003273935A (ja) 相異なるプライベートネットワークに存在するネットワーク機器間の直接接続を提供するネットワーク接続装置及びその方法
WO2011144154A1 (zh) 在nat穿越中分配外网互联网协议ip地址的方法及设备、系统
WO2006114037A1 (fr) Systeme de communication dote d’un module de commande de session en peripherie et procede de transmission de paquet de signalisation
WO2011035528A1 (zh) 用于通过中继方式进行nat穿越的方法、系统和中继服务器
WO2012088882A1 (zh) 一种数据传输方法、系统及接入网关
US8705471B2 (en) Method and system for implementing ID/locator mapping
JP2012044668A (ja) Udpブロードキャストのトンネリングのための様々な方法および装置
WO2011044807A1 (zh) 一种匿名通信的注册、通信方法及数据报文的收发系统
JP4191180B2 (ja) 通信支援装置、システム、通信方法及びコンピュータプログラム
EP2485450A1 (en) Method and system for realizing information interaction in next generation network
CN104518937B (zh) 虚拟局域网vlan多设备间通信的方法及装置
WO2013181991A1 (zh) 报文处理方法、系统及路由设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09734684

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 090211

122 Ep: pct application non-entry in european phase

Ref document number: 09734684

Country of ref document: EP

Kind code of ref document: A1