WO2011035528A1 - Method, system and relay server for network address translation (nat) traversal by way of relay - Google Patents

Method, system and relay server for network address translation (nat) traversal by way of relay Download PDF

Info

Publication number
WO2011035528A1
WO2011035528A1 PCT/CN2010/000813 CN2010000813W WO2011035528A1 WO 2011035528 A1 WO2011035528 A1 WO 2011035528A1 CN 2010000813 W CN2010000813 W CN 2010000813W WO 2011035528 A1 WO2011035528 A1 WO 2011035528A1
Authority
WO
WIPO (PCT)
Prior art keywords
relay
address
host
nat
server
Prior art date
Application number
PCT/CN2010/000813
Other languages
French (fr)
Chinese (zh)
Inventor
黄权
夏勇
胡艳
Original Assignee
日电(中国)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日电(中国)有限公司 filed Critical 日电(中国)有限公司
Publication of WO2011035528A1 publication Critical patent/WO2011035528A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2589NAT traversal over a relay server, e.g. traversal using relay for network address translation [TURN]

Definitions

  • the present invention relates to computer networks, and more particularly relates to a relay through a network address translation mode (network address tr said anslation, g Jie NAT) traversal method, system and device that works to relay month (relay server) 0 BACKGROUND technology
  • NAT books network address translation
  • NAT-based systems perform NAT in order to enable multiple hosts on a private network to access the Internet using a common Internet Protocol (IP) address.
  • IP Internet Protocol
  • a host on a private network cannot directly access its Internet using its local address in the internal private network. Packets sent and received by these hosts must be processed by NAT performed by the NAT device in the private network. In this article, these hosts are called "behind the NAT device".
  • the NAT device may include a NAT-capable router, a gateway, a firewall, and the like. Those skilled in the art can select any suitable device as a NAT as needed. For example, assume that a host in a private network uses the internal private network address space 192.168.0.1/24.
  • the private IP address of the NAT router in the private network is 192.168.0.1, and the public IP address is 83.14.137.3.
  • IP-port pair IP-port pair
  • It includes the public 'address 83.14.137.3 of the NAT router and one port number of the NAT router.
  • Source IP-port pair and NAT router The mapping between IP-port pairs is stored in the NAT router.
  • NAT undermines the model of IP end-to-end connectivity on the Internet as originally envisaged, introducing complex factors in the communication between the hosts and affecting performance. It hides the structure of the internal network: From the perspective of external entities, all traffic seems to originate from the NAT device.
  • NAT devices do not have end-to-end connectivity and therefore cannot participate in certain Internet protocols. For example, services that require a Transfer Control Protocol (TCP) connection from an external network, or a stateless protocol such as the User Datagram Protocol (UDP) may not be possible.
  • TCP Transfer Control Protocol
  • UDP User Datagram Protocol
  • NATs In a total of four NATs, namely full cone NAT, restricted cone NAT, port-restricted cone NAT, and symmetric NAT.
  • Symmetric NAT is the most restrictive NAT.
  • Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port.
  • IP-2, Port-2 the address of a host outside the private network by using an internal IP address and port pair (IP_li, Port-li).
  • IP_li IP address and port pair
  • the private network's NAT device intercepts the request and maps the request to a unique external source IP address and port pair (IP_le, Port_le) and records this mapping and policy.
  • the NAT device When a packet is received later, the NAT device will check the packet against its record. The packet will be forwarded to (IP_li, Port-li) only if the source address of the packet is (IP-2, Port-2) and the destination address is (IP_le, Port-le). In other cases, the packet will not be forwarded to
  • TURN protocol One purpose of designing the TURN protocol is to enable NAT, especially symmetric NAT or hosts behind the firewall, to receive incoming data over TCP or UDP.
  • the basic idea is to use the TURN server in the public address space to relay incoming packets for hosts behind the NAT device.
  • TURN's work process involves two phases.
  • the first phase is the name binding phase. This phase binds the host behind the NAT to a public IP address and port.
  • the second phase is the communication phase. In the second phase, the external host initiates communication. These two phases are shown in Figures 1 and 2, respectively.
  • the TURN server 63 listens on the public service address (IP_s, Port_s).
  • step S601 the host behind the NAT, i.e., the first host 61, sends its TUR message to the TURN server 63 using its address (IP_li, Port_li): Packet Relay Request.
  • step S602 the source address of the message is changed to (IP-le, Port-le) by the NAT device 62.
  • the NAT device 62 forms a mapping between (IP-li, Port-li) and (IP-le, Port-le) and formulates such a policy for the mapping: Allowing from (IP) — s, Port_s) Messages sent to (IP_le, Port_le) are forwarded to (IP_li, Port_li) and the entries containing the mappings and policies are logged to the mapping and policy database they maintain.
  • step S603 the NAT device 62 forwards the relay request message to the TURN server.
  • step S604 the TUR server 63 that has received the relay request message performs relay request processing.
  • the relay request processing here includes assigning a specific relay address (IP_lr, Port lr) to the first host 61, and recording (IP_lr, Mapping between Port-le).
  • step S605 the TUR server 63 responds to the relay request of the first host 61 by transmitting a response message to (IP_s, Port_s) by (IP_s, Port_s), in the valid data portion of the response message. Contains the assigned relay address (IP_lr, Port-lr).
  • step S606 when the response message reaches the address of the NAT device 62 (IP_le, At port_le), NAT device 62 checks the response message against its mapping and policy database. In this case, the message passes the check. The NAT device 62 then changes the destination address of the response message from (IP-le, Port-le) to (IP-li, Port-li). Or, if the message fails the check, it is discarded.
  • step S607 the NAT device 62 delivers the response message to the address (IP-li, Port-li) of the first host 61.
  • step S608 the first host 61 obtains the address (IP_lr, Port_lr) assigned by the TURN server 63 from the response message, and constructs a binding update message.
  • the valid data portion of the binding update message includes information on the binding between the host name of the first host 61 itself and the assigned address.
  • the first host 61 transmits the binding update message to the name server 64 via the NAT device 62.
  • the name server 64 thereby obtains information about the binding between the host name of the first host 61 and the assigned address, and stores it in the database maintained by itself.
  • Figure 2 shows the communication phase.
  • another host the second host 65
  • the second host 65 is not in the private network where the first host 61 is located, and may be behind another NAT device (e.g., in another private network) or not behind the NAT device (e.g., in the public network).
  • Figure 2 shows the case where the second host 65 is not behind the NAT device.
  • step S701 the second host 65 queries the name server 64 for the relay address of the first host 61.
  • the name server 64 searches for a relay address bound to the first host 61 in its database in step S702, and returns a relay address (IP- corresponding to the first host 61) to the second host 65 in step S703. Lr, Port—lr) reply message.
  • the second host 65 obtains (IP_lr, Port lr) from the reply message of the name server 64 in step S704, and by using the source address (IP_2, Port_2) to (IP-lr, Port-lr) in step S705.
  • a request is sent to issue a communication request message to the first host 61.
  • the TURN server 63 receives the communication request message on (IP-lr, Port-lr), checks the mapping of its previous record, and finds that the message is for (IP_le, Port_le). The TURN server 63 then wraps the source address (IP-2, Port-2) of the communication request into the communication request (i.e., included in the valid data portion of the communication request message), and utilizes its service address in step S707. (IP- s, Port-s) forwards the request to the new communication (IP_le, Port_le),
  • step S708 the NAT device 62 receives the communication request forwarded from the TURN server 63 at the address (IP_le, Port_le), and by looking at the mapping and policy database, finds that the request should be forwarded to (IP_li) , Port_li). The NAT device 62 then changes the destination address of the communication request to (IP-li, Port-li) and forwards it to (IP-li, Port_li) in step S709.
  • step S710 the first host 61 receives the communication request, and retrieves the content of the original request message and the original source address (IP_2, Port-2) of the message from the valid data portion of the communication request.
  • the first host 61 creates a response message for the request, wrapping the actual destination address (IP-2, Port-2) of the response into the valid data portion of the response message.
  • step S711 the first host 61 transmits the response message to the service address (IP_s, Port_s) of the TUR server 63.
  • the NAT device 62 captures the response message in step S712, changes its source address to (IP-le, Port-le), and then forwards it to the TURN server 63 in step S713.
  • the TURN server 63 receives the response message at its service address (IP_s, Port_s) in step S714, extracts the actual destination (IP-2, Port-2) and the actual response message, and in step S715 The actual response message is delivered to the address of the second host 65 (IP-2, Port-2).
  • the second host 65 thus receives a response from the first host 61 to its communication request, and can continue to communicate with the first host 61 via the TURN server 63 in this manner.
  • the TURN server 63 assigns an address, i.e., an IP-port pair, to each client that issues a relay request.
  • the TURN server 63 must also maintain the assigned address (i.e., (IP-lr, Port-lr) in Figures 1 and 2) and the client's NAT address (i.e., (IP-le, Port-le) in Figures 1 and 2).
  • the port number of the TURN server 63 is a limited resource. This may limit the performance of the TURN server 63.
  • NAT poses a significant problem for network connectivity. Since there may be many hosts behind the NAT device, the TURN solution faces serious scalability issues. Therefore, it is desirable to provide a method, system, and corresponding relay server that utilizes a relay mode to traverse NAT, wherein the relay server is stateless and does not need to allocate and manage addresses for its clients. In addition, it is desirable to provide a method, system, and corresponding relay server that utilizes a relay mode to traverse NAT, which can solve the scalability problem faced by the prior art TURN solution. Summary of the invention
  • Another object of the present invention is to provide a method, system and corresponding relay server for traversing NAT by means of a relay, which can solve the scalability problem faced by the prior art TURN scheme.
  • a method for network address translation NAT traversal by means of a relay including: the first host sends a relay request message to a service address of the relay server by using a NAT address by using a NAT device; Following the server returning a relay response message to the first host, the relay response message includes an address list including a relay address and the NAT address.
  • a system for performing network address translation NAT traversal by means of a relay including: a first host, the first host sending a relay request message to a service address of the relay server;
  • the NAT device intercepts the relay request message, and forwards the relay request message to the service address by using a NAT address; and a relay server, and the relay server sends the first host to the first host via the NAT device Returning a relay response message, the relay response message including an address list including a relay address and the NAT address.
  • a relay server comprising: a messaging unit that receives a relay request message sent from a network address translation NAT address on a service address, and transmits the relay request message Returning to the relay request processing unit, and returning, by the service address, a relay response message constructed by the relay request processing unit to the NAT address; and a relay request processing unit configured to construct the relay response message,
  • the relay response message includes A list of addresses, the address list including a relay address and the NAT address.
  • FIG. 1 is a diagram showing an operation procedure of a name binding phase of a NAT traversal method using a TURN server according to the related art
  • FIG. 2 is a diagram showing an operation procedure of a communication phase of a NAT traversal method using a TURN server according to the related art
  • FIG. 3 is a schematic block diagram showing a system for traversing a NAT using a relay server according to a first embodiment of the present invention
  • FIG. 4 is a diagram showing an operation procedure of the system shown in FIG. 3 in the name binding phase of the NAT traversal method according to the first embodiment of the present invention
  • Figure 5 is a diagram showing an operation procedure of the system shown in Figure 3 in the communication phase of the NAT traversal method according to the first embodiment of the present invention
  • FIG. 6 is a schematic block diagram showing a system for traversing a NAT using a relay server according to a second embodiment of the present invention
  • Figure 7 is a diagram showing the operational procedure of the relay node reporting and selection phase of the system of Figure 6 in the NAT traversal method according to the second embodiment of the present invention. detailed description
  • the present invention utilizes the principles of source routing techniques widely used in overlay networks and ad-hoc networks to solve NAT problems, especially symmetric NAT.
  • Source routing technology enables the sender of a packet to specify, in part or in whole, the route that the packet passes through the network.
  • the path is determined by routers in the network based on the destination of the packet.
  • the sender/source wraps the routing information into packets.
  • the routing information contains the necessary path information from the source address to the destination address.
  • Each packet received on the path The node extracts the next hop address from the packet and then forwards it to the next hop.
  • Each node on the path repeats the process until the packet reaches its destination.
  • host A wants to send data to host B, and host A knows in advance that it can send data to host B via host C. That is, host A knows in advance the coverage path from host B to destination host B: Host A -> Host C -> Host B.
  • host A constructs such a packet: the address of host B is added as the overlay header before the application layer valid data (e.g., voice data) of the packet.
  • the overlay header is also part of the application layer's valid data.
  • the address of host B can include the address and port of host B.
  • the address of host B may also include a protocol.
  • the address of host B can be of the form: 202.1.1.1, 80, TCP.
  • the header of the TCP/IP layer includes the IP address and port of the host A as the source address, the IP address and port of the host C as the destination. address.
  • Host A then sends the packet to Host C.
  • the host C receives the packet, extracts the address information portion in the TCP/IP header, and the address of the host B in the valid data portion of the application layer, and then removes the address of the host B from the packet, and will only contain the original valid data.
  • a packet (for example, voice data) is sent to the address of Host B.
  • the present invention takes advantage of the idea of this source routing technique to solve the problem of NAT, especially symmetric NAT. Embodiments of the present invention are described below with reference to the accompanying drawings.
  • an "address” when referring to "address”, unless otherwise stated, it generally refers to a transport address formed by a combination of an IP address and a port number.
  • an "address” can include a combination of an IP address, a port number, and a protocol. For the sake of brevity, only a combination of both IP address and port number is used.
  • a combination of an IP address and a port number is expressed in the form of (IP, Port).
  • the source address, the destination address, and the payload (payload) portion of the corresponding message are expressed in the form of "src: (xxx, xxx) dst: (yyy, yyy) data: zzzzz". Special content.
  • the source address or destination address of a certain message when referring to the source address or destination address of a certain message, it actually refers to the source address or the destination address recorded in the TCP/IP layer header of the packet carrying the message.
  • the valid data portion of a message when referring to the valid data portion of a message, it actually refers to the application layer payload of the packet carrying the message after the TCP/IP layer header is removed.
  • Fig. 3 shows a block diagram of a system 1 for NAT traversal according to a first embodiment of the present invention.
  • the system 1 includes a first host 11, a NAT device 12, a relay server 13, a name server 14, and a second host 15.
  • the first host 11 is in the private network
  • the NAT device 12 is the NAT device of the private network
  • the relay server 13, the name server 14, and the second host 15 are all outside the private network. It is assumed here that the relay server 13, the name server 14, and the second host 15 are all in the public network.
  • the first host 11 includes a messaging unit 101, a storage unit 102, a name binding unit 103, and a communication processing unit 104.
  • the messaging unit 101 is configured to receive a message from another device, pass it to the name binding unit 103 or the communication processing unit 104 or the like according to the type of the received message, etc., and send the name binding unit to the desired destination.
  • the 103 and communication processing unit 104 indicates the transmitted message.
  • the name binding unit 103 can perform the processing at the first host 11 during the name binding phase of the method of the present invention.
  • Communication processing unit 104 may perform the processing at first host 11 during the communication phase of the method of the present invention.
  • the storage unit 102 can store information that may be needed to be used and stored in the operation of the first host 11. For example, the storage unit 102 can store The local address of the first host 11, and the address list received by the first host 11 from the relay server 13, and the like.
  • the NAT device 12 includes a messaging unit 201, a storage unit 202, and a NAT processing unit 203.
  • the messaging unit 201 is configured to receive messages from other devices, deliver the received messages to the NAT processing unit 203, and send a message to the desired destination that the NAT processing unit 203 indicates to transmit.
  • the NAT processing unit 203 can perform NAT processing.
  • the storage unit 202 can store information that may be needed to be used and stored in the operation of the NAT device 12. For example, storage unit 202 can store internal addresses used by NAT device 12 in the private network, external addresses that can be assigned to hosts in the private network, and mappings and related policies between internal and external addresses, and the like.
  • the relay server 13 includes a messaging unit 301, a storage unit 302, a relay request processing unit 303, and a relay processing unit 304.
  • the messaging unit 301 is configured to receive a message from another device, transfer it to the relay request processing unit 303 or the relay processing unit 304 according to the type of the received message, and the like, and send a relay request processing to the desired destination.
  • Unit 303 and relay processing unit 304 indicate the transmitted message.
  • the relay request processing unit 303 can perform the processing at the relay server 13 during the name binding phase of the method of the present invention.
  • Relay processing unit 304 may perform the processing at relay server 13 during the communication phase of the method of the present invention.
  • the storage unit 302 can store information that may be needed to be used and stored in the operation of the relay server 13. For example, storage unit 302 can store a service address and a relay address.
  • the name server 14 includes a messaging unit 401, a storage unit 402, a binding update processing unit 403, and a query processing unit 404.
  • the messaging unit 401 is configured to receive a message from another device, pass it to the binding update processing unit 403 or the query processing unit 404 or the like according to the type of the received message, and the like, and send a binding update to the desired destination.
  • Processing unit 403 and query processing unit 404 indicate the transmitted message.
  • Binding update processing unit 403 can perform the processing at name server 14 during the name binding phase of the method of the present invention.
  • the query processing unit 404 can perform the processing at the name server 14 during the communication phase of the method of the present invention.
  • the storage unit 402 can store information that may need to be used and stored in the operation of the name server 14. For example, the storage unit 402 can store binding information reported by the host.
  • the second host 15 includes a messaging unit 501, a storage unit 502, and a communication processing unit 503.
  • the messaging unit 501 is configured to receive messages from other devices, according to the received cancellation
  • the type of interest or the like is passed to the communication processing unit 503 or the like, and the message transmitted by the communication processing unit 503 is instructed to the desired destination.
  • Communication processing unit 503 can perform the processing at second host 15 during the communication phase of the method of the present invention.
  • the storage unit 502 can store information that may be needed to be used and stored in the operation of the second host 15. For example, the storage unit 502 can store address information usable by the second host 15.
  • Figure 4 illustrates the operation of the name binding phase of the NAT traversal method in accordance with the present invention.
  • the relay server 13 can use two addresses to receive and send messages. That is, the relay server 13 can listen for incoming messages at these two addresses, and can use any of the two messages to send outgoing messages.
  • These two addresses include the service address (IP_s, Port_s) and the relay address (IP_r, Port-r).
  • the service address (IP_s, Port_s) is used for the host in the private network behind the NAT device, and the relay address (IP_r, Port is used for the host outside the private network. Note that in the present invention, the service address And the relay address can be the same.
  • a host in the private network such as the first host 11, expects the relay server 13 to provide a relay service for the host outside the private network to initiate communication with the first host 11.
  • the first host 11 is behind the NAT device 12. That is to say, the packets received by the first host 11 need to be processed by the NAT device 12 for NAT.
  • step S101 the name binding unit 103 of the first host 11 constructs a relay request message and transmits it out through the messaging unit 101.
  • the destination address of the relay request message is the service address of the relay server 13, and the source address is the local address or internal address (IP_li, Port-li) of the first host 11 in the private network.
  • step S102 the messaging unit 201 of the NAT device 12 intercepts the relay request message and passes it to the NAT processing unit 203.
  • NAT NAT processing unit 203 by performing the processing, the source address of the relay request message to a public address or the external address (IP le, Port_le) 0 This address may also be referred to as a NAT address.
  • the NAT processing unit 203 forms a mapping between (IP-li, Port-li) and (IP-le, Port-le), and formulates such a policy for the mapping: Allowing from (IP_s, Port_s)
  • the message sent to (IP-le, Port-le) is forwarded to (IP_li, Port_li) o That is, if the source address of the packet of the incoming message received by the NAT device 12 later is CIP_s, and the destination address of the Port_s is (IP_le, Port_le;), then The message can be forwarded to the internal address (IP_li, Port-li) of the first host 11.
  • the NAT processing unit 203 records the entries containing the mappings and policies in, for example, a mapping and policy database in the storage unit 202.
  • step S103 the NAT device 12 forwards the source address modified relay request message to the relay server 13.
  • step S104 the relay server 13 receives the relay request message forwarded from the NAT device 12 through the messaging unit 301.
  • the relay request message is delivered to the relay request processing unit 303.
  • the relay request processing unit 303 learns the source address (IP_le, Port_le) (NAT address) of the relay request message.
  • the relay request processing unit 303 constructs a relay response message: the valid data portion of the relay response message includes an address list [(IP - r, Port - r), (IP - le, Port - le)].
  • the address list may also be referred to as routing information, including a relay address (IP_r, Port-r) and a NAT address (IP_le, Port_le) o different from the prior art, the relay address (IP-r , Port — r) may not be specifically allocated for the first host 11 . That is, the relay server 13 may be a plurality or all of the received relay request message using a common repeater address (IP- I ⁇ , Port_r) 0 Further, the prior art different, the relay server 13 There is also no need to store any mappings.
  • IP_r When it receives a communication request message at the relay address (IP_r, Port-r) later, it only needs to send it to the specific address according to the address carried by the message itself using its service address (IP_s, Port_s).
  • IP_s the address carried by the message itself using its service address (IP_s, Port_s).
  • the destination is OK, as described in more detail below.
  • step S105 the relay request processing unit 303 transmits a relay response message to the address (IP_le, Port_le) by the message transmitting and receiving unit 301 using the service address (IP_s, Port_s).
  • step S106 the NAT device 12 receives the relay response message.
  • the NAT processing unit 203 checks the relay response message against the mapping and policy database stored in the storage unit 202. In this case, since the source address of the relay response message is (IP_s, Port_s) and the destination address is (IP_le, Port-le), the message passes the check. Thus, the NAT processing unit 203 changes the destination address of the relay response message from (IP_le, Port_le) to (IP_li, Port-li). Or, if the message fails to pass the check, it is discarded (or forwarded to another matching address).
  • the messaging unit 201 forwards the relay response message whose destination address has been modified to the first host 11.
  • step S108 the messaging unit 101 of the first host 11 delivers the received relay response message to the name binding unit 103.
  • the name binding unit 103 extracts the address list [(IP - r, Port - r), (IP - le, Port - le)] from the valid data portion of the relay response message.
  • the name binding unit 103 then constructs a binding update message, including binding information indicating the first host 11 (e.g., the host name of the first host 11) and the address in the valid data portion of the binding update message.
  • the binding of the list [(IP_r, Port_r), (IP le, Port-le)].
  • step S109 the messaging unit 101 of the first host 11 transmits a binding update message to the address (IP_ns, Port_ns) of the name server 14 in accordance with the instruction of the name binding unit 103.
  • the internal address used by the first host 11 to communicate with the name server 14 is generally different from the internal address used when communicating with the relay server 13.
  • (IP_li' and Port_ ⁇ ') are used to indicate the internal address used when the first host 11 communicates with the name server 14.
  • IP addresses it is common for IP addresses to be the same and port numbers to be different. That is to say, IP-li' and IP-li can be the same, and Port-li is usually different from Port_li.
  • the same device typically uses a different transport address (at least a different port number) when communicating with different devices. This also applies to the internal address (IP-li", Portli") used by the first host to communicate with the relay selection server 16, as described below, and when the second host communicates with the name server and via the relay server.
  • IP-li Portli
  • Portli Portli
  • step S110 similar to step S102, the messaging unit 201 of the NAT device 12 intercepts the binding update message and passes it to the NAT processing unit 203.
  • the NAT processing unit 203 changes the source address of the binding update message to a public address or an external address (IP_le', Port_le') by performing NAT processing.
  • IP_le', Port_le' the external address (IP_le', Port_le') to which (IP_li', Port_li') is mapped is different from (IP_li, Port-li )
  • the external address (IP_le, Port-le) to which it is mapped is mapped.
  • IP-le' and IP-le can be the same, and Port-le' and Port_le are usually different.
  • the NAT processing unit 203 forms (IP-li, Port-li') and Mapping between (IP_le', Port-le'), and formulating a policy for this mapping: Allow messages sent from (IP_ns, Port-ns) to (IP-le, Port-le,) to be forwarded to (IP_li', Port_li') 0
  • the NAT processing unit 203 records an entry containing the mapping and policy in, for example, a mapping and policy database in the storage unit 202.
  • step S111 the NAT device 12 transmits the modified binding update message of the source address to its desired destination-name server 14.
  • step S112 the messaging unit 401 of the name server 14 receives the binding update message and passes it to the binding update processing unit 403.
  • the binding update processing unit 403 extracts information indicating the binding of the host name of the first host 11 and the address list [(IP_r, Port_r), (IP_le, Port_le)] from the valid data portion of the binding update message. And storing the information in, for example, a binding database in the storage unit 402.
  • Figure 5 shows the operation of the communication phase of the NAT traversal method in accordance with the present invention.
  • the second host 15 wishes to initiate communication with the first host 11.
  • the second host 15 is not in the private network where the first host 11 is located.
  • the second host 15 may be in the public network or in another private network. That is, the second host 15 may not be behind the NAT device or behind another NAT device. For the sake of brevity, it is assumed here that the second host 15 is not behind the NAT device.
  • step S201 the communication processing unit 503 of the second host 15 constructs a binding query message, which specifies the host name of the first host 11, and wishes to query the address of the first host 11.
  • the messaging unit 501 sends the binding query message to the name server 14.
  • step S202 the messaging unit 401 of the name server 14 receives the binding query message and passes it to the query processing unit 404.
  • the query processing unit 404 searches the binding database in the storage unit 402 with the host name of the first host 11 to find the address list corresponding to the host name of the first host 11 [(IP_r, Port_r), ( IP—le, Port—le)].
  • the query processing unit 404 constructs a binding reply message in which the valid data portion of the message includes an address list [(IP_r, Port_r), (IP_le, Port_le)] corresponding to the host name of the first host 11.
  • step S203 the messaging unit 401 of the name server 14 transmits the binding reply message to the second host 15.
  • step S204 the messaging unit 501 of the second host 15 receives the binding reply.
  • the message is passed to the communication processing unit 503.
  • the communication processing unit 503 extracts an address list
  • the message, the valid data part of the communication request message includes the original data content in the communication request message normally sent by the second host 15, and the NAT address in the extracted address list (IP_le, Port_le;) .
  • step S205 under the instruction of the communication processing unit 503, the messaging unit 501 uses the source address (IP-2, Port-2) to forward the relay address in the extracted address list (IP_r, Port-r).
  • IP-2, Port-2 the source address
  • IP_r, Port-r the relay address in the extracted address list
  • step S206 the messaging unit 301 of the relay server 13 receives the communication request message on the relay address (IP_r, Port-r) and passes it to the relay processing unit 304 accordingly.
  • the relay processing unit 304 extracts as the routing information from the communication request message (IP_le, the Port_le relay processing unit 304 then constructs a new communication request based on the communication request message, SP, and removes the original communication request message included in the IP_le, Port_le;), and includes the original source address of the communication request message, that is, the address of the second host 15 (IP_2, Port-2).
  • step S207 under the instruction of the relay processing unit 304, the message transceiving unit 301 with its service address (IP- s, Port- s) of the new communication request is forwarded to the message (IP_le, Port_le seen bound name
  • IP- s, Port- s service address
  • Port_le Port_le seen bound name
  • the routing information returned by the relay server to the first host is such that the second host can specify the path of the message in the sent communication request message by means of source routing.
  • the relay server can thus be based on the content contained in the message. Forwards to the appropriate NAT address without itself maintaining any mapping information.
  • step S208 the messaging unit 201 of the NAT device 12 receives the new communication request message at the address (IP_le, Port-le) and passes it to the NAT processing unit 203.
  • the NAT processing unit 203 checks the message against the mapping and policy database in the storage unit 202. In this case, since the source address of the message is (IP_s, Port_s) and the destination address is (IP_le, Port_le), the message passes the check. Thus, the NAT processing unit 203 changes the destination address of the message from (IP_le, Port_le) to (IP_li, Port_li).
  • step S209 the messaging unit 201 forwards the modified communication request message of the destination address to the internal address (IP_li, Port-li) of the first host 11.
  • step S210 the messaging unit 101 of the first host 11 receives the slave NAT setting.
  • the communication request message forwarded by the device 12 is passed to the communication processing unit 104.
  • the communication processing unit 104 extracts the valid data content of the original communication request message and the original source address (IP-2, Port-2) from the valid data portion of the communication request message.
  • the communication processing unit 104 then creates a communication response message for the communication request message, and includes, in addition to the valid data content originally included in the communication response message normally sent by the first host 11, in the valid data portion of the communication response message.
  • the actual destination address of the communication response message IP-2, Port_2) 0
  • step S211 the first host 11 transmits the communication response message to the service address (IP_s, Port_s) of the relay server 13 via the messaging unit 101.
  • step S212 the messaging unit 201 of the NAT device 12 intercepts the communication response message and passes it to the NAT processing unit 203.
  • the NAT processing unit 203 directly changes the source address of the communication response message to (IP-le, Port-le).
  • step S213 the NAT device 12 forwards the modified communication response message of the source address to the relay server 13.
  • step S214 the messaging unit 301 of the relay server 13 receives the communication response message on the service address (IP_s, Port_s) and passes it to the relay processing unit 304.
  • the relay processing unit 304 extracts the actual content of the actual destination (IP-2, Port-2) and the response message from the valid data portion of the communication response message, and constructs the actual content including the actual content in the valid data portion. Communication response message.
  • step S215 under the instruction of the relay processing unit 304, the messaging unit 301 transmits the actual communication response message to the address of the second host 15 (IP-2) using the relay address (IP_r, Port-1). , Port_2
  • the second host 15 then receives the communication response message sent from the first host 11.
  • the communication between the first host 11 and the second host 15 can be continued by the relay server 13 in accordance with the above process.
  • the second host 15 can acquire and Address column bound by the first host 11 Table, but the invention is not limited thereto.
  • the second host 15 can also obtain a list of addresses corresponding to the first host 11 by other means.
  • the first host 11 can inform the second host 15 of its corresponding address list by means of email or the like.
  • the second host 12 knows the address list by some suitable means, it can initiate communication with the first host 11 via the relay server 13. .
  • the relay server according to the present invention does not need to allocate a relay address for each received relay request and record the assigned relay address and relay request source address (NAT address).
  • NAT address relay address and relay request source address
  • NAT poses a significant problem for network connectivity. Since there may be many hosts behind the NAT device, the TURN solution faces serious scalability issues.
  • each overlay node that is not behind the NAT can act as a TURN server.
  • each host in the public network can act as a relay server.
  • the present invention alleviates the burden on the relay node because of the stateless design.
  • Each node in the public network can report to the relay selection server.
  • the reported information may include the service address of the node (i.e., (IP_s, Port_s) as described above), the capabilities of the node, the service provider (ISP) to which the node belongs, the location of the node, and the like.
  • the relay selection server When the host behind the NAT issues a query to the relay selection server, and wants to find one or more relay nodes to act as its relay server, the relay selection server will be based on the information about the relay node that it stores, and issue Query the primary tL information (location, ISP, etc.) to select one or more relay nodes. Then, the node following the NAT updates its binding to the name server by a name binding similar to that in the first embodiment. The other host can then initiate communication with the node behind the NAT with the selected relay node as a relay.
  • a second embodiment of the present invention will be described in detail below with reference to Figs. 6 and 7. The second embodiment shows the case where the present invention is applied, for example, in a source-routed P2P network.
  • FIG. 6 shows a block diagram of a system 1' for NAT traversal in accordance with a second embodiment of the present invention.
  • a system according to a second embodiment of the present invention includes a first host 1, a NAT device 12, one or more relay nodes (one of the relay nodes 13-a is shown in FIG. 6), a name server 14, and a Two hosts 15 and a relay selection server 16, and so on.
  • the NAT device 12, the name server 14, and the second host 15 are the same as in the first embodiment. The description will not be repeated here.
  • the relay node 13-a and other relay nodes 13-b and the like not shown are located in the public network, and have the structure as shown in FIG. This structure is different from the relay server 13 of the first embodiment in that it further includes an information reporting unit 305.
  • the information reporting unit 305 is configured to report the service address, capability, ISP, location, and the like of the own node to the relay selection server 16.
  • the first host 1 is different from the first host 11 of the first embodiment in that it further includes a relay determining unit 105 for requesting the relay selection server 16 to select one or more nodes as its relay node.
  • the relay selection server 16 includes a messaging unit 601, a storage unit 602, a report processing unit 603, and a relay selection unit 604.
  • the messaging unit 601 is configured to receive a message from another device, transfer it to the report processing unit 603 or the relay selection unit 604 or the like according to the type of the received message, and the like, and transmit the report processing unit 603 to the desired destination.
  • relay selection unit 604 indicates the transmitted message.
  • the report processing unit 603 can be configured to receive reports sent by the relay node and store information about the nodes in the storage unit 602.
  • the relay selection unit 604 can select a relay node for it according to, for example, the request of the first host 1 ⁇ .
  • the storage unit 602 can store information that may be needed to be used and stored in the operation of the relay selection server 16. For example, storage unit 602 can store information reported by various relay nodes.
  • Figure 7 shows an example of the operation of the method of the present invention at the node reporting and selection stage.
  • step S301 the messaging unit 301 of the relay node 13-a transmits a report message constructed by the information reporting unit 305 to the relay selection server 16.
  • the valid data portion of the report message includes information such as the service address, capability, ISP, location, etc. of the relay node 13-a.
  • step S302 the message transceiving unit 601 of the relay selection server 16 receives the report message transmitted from the relay node 13-a, extracts the information recorded in the valid data portion thereof, and the node database in the storage unit 602. An entry is created for the relay node 13-a, which includes the above information of the relay node 13-a.
  • step S303 and step S304 the relay node 13-b reports its service address, capability, ISP, location, etc. to the relay selection server 16, and the relay selection server 16 records the information in the storage unit 602. In the node database.
  • relay nodes Although only the two relay nodes report to the relay selection server 16 are shown in the figure, it should be understood that other relay nodes may also report their information to the relay selection server 16 through similar steps.
  • step S305 the messaging unit 101 of the first host 1 transmits a relay selection request message constructed by the relay determining unit 105 to the relay selection server 16, and the valid data portion of the relay selection request message includes, for example, the first Host 1 ⁇ ISP, location, etc.
  • the NAT device 12 performs processing similar to that in the above-described steps S102 and S110 in the relay selection request message in step S306, and changes the source address from (IP_li", Port_li") to (IP- in step S307).
  • the relay selection request message of le", Port_le" is forwarded to the relay selection server 16.
  • the messaging unit 601 of the relay selection server 16 receives the relay selection request message and passes it to the relay selection unit 604.
  • the relay selection unit 604 is the first host according to the ISP, location, and the like of the first host 1 ⁇ included in the relay selection request message, and the capability, ISP, location, and the like of the node stored in the node database in the storage unit 602. 1 Select one or more appropriate relay nodes to act as relay servers for which relay services are provided.
  • the relay selection unit 604 constructs a relay selection response message including the service address of the selected relay node and other information that may be needed in the valid data portion of the message, and the like.
  • step S309 the messaging unit 601 of the relay selection server 16 transmits the relay selection response message to (IP_le", Port-le").
  • the relay selection response message arrives at the first host 11'.
  • the first host 1 then knows the service address of one or more relay nodes for which relay services can be provided.
  • the first host 1 ⁇ can then proceed to this via steps S101 to SU2 shown in FIG.
  • the relay nodes send a relay request message and refer to the name server according to the obtained relay response.
  • the second host 15 can similarly pass through steps S201 to S215 shown in FIG. 5 to relay the selection server 16 as one of the one or more relay nodes selected by the first host 1 as a relay to initiate and Communication of the first host 1 ⁇ .
  • each host in the public network can act as a relay server.
  • the relay selection server may select one or more relay sections for the requesting node according to the respective conditions of the requesting node and the relay node.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

A method, a system and a relay server for network address translation (NAT) traversal by way of relay are provided. A method for processing network address translation NAT by way of relay includes: utilizing a NAT address, a first host computer sends a relay request message to the server address of a relay server through a NAT device; and the relay server returns to the first host computer a relay response message, which includes an address list containing a relay address and said NAT address.

Description

用于通过中继方式进行 NAT穿越的方法、 系统和中继服务器 技术领域  Method, system and relay server for NAT traversal by relay method
本发明涉及计算机网络, 更具体而言涉及用于通过中继方式进行网络 地址转换 (network address tr说anslation, g卩 NAT) 穿越的方法、 系统和中继 月艮务器 (relay server) 0 背景技术 The present invention relates to computer networks, and more particularly relates to a relay through a network address translation mode (network address tr said anslation, g Jie NAT) traversal method, system and device that works to relay month (relay server) 0 BACKGROUND technology
在计算机网络中, 网络地址转换 (NAT书) 是这样一个过程, δΡ, 在使 流量传输经过流量路由设备时, 修改数据报分组 (packet) 头部中的网络 地址信息, 以便将给定的地址空间重新映射到另一个地址空间。 设计 NAT 是为了缓和 IPv4地址耗尽的问题。 对于家庭和小型商务因特网连接, NAT 己经成为了路由器中的一种标准的、 不可或缺的特征。  In computer networks, network address translation (NAT books) is a process that, when transmitting traffic through a traffic routing device, modifies the network address information in the packet header to give the given address. Space is remapped to another address space. NAT is designed to alleviate the problem of exhausting IPv4 addresses. For home and small business Internet connections, NAT has become a standard and indispensable feature in routers.
大多数使用 NAT的系统执行 NAT的目的是为了使得私网上的多个主 机能够利用一个公共因特网协议 (IP) 地址来访问因特网。 私网上的主机 不能直接利用其在该内部私网中的本地地址来访问因特网。 这些主机发送 和接收的分组必须经过该私网中的 NAT设备执行的 NAT处理。 在本文 中, 这些主机被称为 "在 NAT设备后面" (behind the NAT device) 。 另 外, 在本发明中, NAT设备可包括具备 NAT能力的路由器、 网关、 防火 墙等等。 本领域的技术人员可以根据需要选择任何适当的设备来作为 NAT 例如, 假设某个私网中的主机使用内部私网地址空间 192.168.0.1/24。 该私网中的 NAT路由器的内部私网 IP地址为 192.168.0.1, 并且使用公网 IP地址 83.14.137.3。 当该 NAT路由器后面的某个主机想要向公共网络发 送分组时, 该分组被 NAT路由器截取, 其源地址 (IP-端口对) 被改成外 部地址, 该外部地址也可称为 NAT地址, 其包括 NAT路由器的公共 '地址 83.14.137.3和 NAT路由器的一个端口号。 源 IP-端口对和 NAT路由器的 IP-端口对之间的映射被保存在 NAT路由器中。 当来自公网的分组到达 NAT路由器时, NAT路由器根据其所保存的映射来把目的地 IP-端口对改 成内部地址空间的 IP-端口对, 并将分组转发到相应的私网主机。 Most NAT-based systems perform NAT in order to enable multiple hosts on a private network to access the Internet using a common Internet Protocol (IP) address. A host on a private network cannot directly access its Internet using its local address in the internal private network. Packets sent and received by these hosts must be processed by NAT performed by the NAT device in the private network. In this article, these hosts are called "behind the NAT device". In addition, in the present invention, the NAT device may include a NAT-capable router, a gateway, a firewall, and the like. Those skilled in the art can select any suitable device as a NAT as needed. For example, assume that a host in a private network uses the internal private network address space 192.168.0.1/24. The private IP address of the NAT router in the private network is 192.168.0.1, and the public IP address is 83.14.137.3. When a host behind the NAT router wants to send a packet to the public network, the packet is intercepted by the NAT router, and its source address (IP-port pair) is changed to an external address, which may also be referred to as a NAT address. It includes the public 'address 83.14.137.3 of the NAT router and one port number of the NAT router. Source IP-port pair and NAT router The mapping between IP-port pairs is stored in the NAT router. When a packet from the public network arrives at the NAT router, the NAT router changes the destination IP-port pair to the IP-port pair of the internal address space according to its saved mapping, and forwards the packet to the corresponding private network host.
然而, NAT破坏了原本设想的因特网上 IP端到端连通的模型, 在主 机之间的通信之中引入了复杂的因素, 并且影响了性能。 它隐藏了内部网 络的结构: 在外部实体看来, 所有流量都好像是源自 NAT设备的。  However, NAT undermines the model of IP end-to-end connectivity on the Internet as originally envisaged, introducing complex factors in the communication between the hosts and affecting performance. It hides the structure of the internal network: From the perspective of external entities, all traffic seems to originate from the NAT device.
因此, NAT设备后面的主机不具有端到端连通性, 因而无法参与某些 因特网协议。 例如, 要求从外部网络发起传输控制协议 (Transfer Control Protocol, 即 TCP) 连接的服务, 或者诸如那些使用用户数据报协议 (User Datagram Protocol, g卩 UDP) 的无状态协议, 可能无法进行。  Therefore, hosts behind NAT devices do not have end-to-end connectivity and therefore cannot participate in certain Internet protocols. For example, services that require a Transfer Control Protocol (TCP) connection from an external network, or a stateless protocol such as the User Datagram Protocol (UDP) may not be possible.
在总共四种 NAT, 即完全锥形 NAT ( full cone NAT) , 受限锥形 NAT ( restricted cone NAT ) 、 端口受限锥形 NAT ( port-restricted cone NAT) 和对称 NAT (symmetric NAT) 中, 对称 NAT是最严格的 NAT。 从同一个内部 IP地址和端口到一个特定的目的地 IP地址和端口的每个请 求被映射到一个唯一的外部源 IP地址和端口。 具体而言, 例如假设私网的 某个主机利用内部 IP地址和端口对 (IP_li, Port— li)向私网外的某个主机的 地址 (IP— 2, Port— 2)发送通信请求。 私网的 NAT设备截取该请求, 并将该请 求映射到唯一的外部源 IP地址和端口对 (IP— le, Port_le), 并记录这种映射 和策略。 当以后接收到某个分组时, NAT设备将对照其记录检査该分组。 只有当该分组的源地址是 (IP— 2, Port— 2)、 目的地地址是 (IP_le, Port— le)时, 该分组才会被转发到 (IP— li, Port—li)。 在其他情况下, 该分组都不会被转发 至 |J(IP— li, Port— li) (被转发到其他匹配的地址, 或者被丢弃) 。 换言之, 如 果同一个内部主机发送带有相同源地址和端口的分组, 但该分组是发送到 一个不同的目的地的, 那么就会使用一个不同的映射。 因此, 只有从内部 主机接收到了分组的外部主机才能够发回分组。 这种 NAT使得前面所述 的问题更加严重。  In a total of four NATs, namely full cone NAT, restricted cone NAT, port-restricted cone NAT, and symmetric NAT. Symmetric NAT is the most restrictive NAT. Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port. Specifically, for example, assume that a host on the private network sends a communication request to the address (IP-2, Port-2) of a host outside the private network by using an internal IP address and port pair (IP_li, Port-li). The private network's NAT device intercepts the request and maps the request to a unique external source IP address and port pair (IP_le, Port_le) and records this mapping and policy. When a packet is received later, the NAT device will check the packet against its record. The packet will be forwarded to (IP_li, Port-li) only if the source address of the packet is (IP-2, Port-2) and the destination address is (IP_le, Port-le). In other cases, the packet will not be forwarded to |J(IP— li, Port— li) (be forwarded to other matching addresses, or discarded). In other words, if the same internal host sends a packet with the same source address and port, but the packet is sent to a different destination, then a different mapping is used. Therefore, only external hosts that have received packets from the internal host can send back the packet. This type of NAT makes the problems described above even more serious.
基本上, 对于 NAT问题, 存在多种解决方案, 例如 NAT会话穿越效 用 ( Session Traversal Utilities for NAT, 即 STUN ) 、 应用层网关 ( application layer gateway, 艮卩 ALG ) 、 通过中继方式穿越 NAT ( Traversal Using Relay NAT, 即 TURN ) 。 但只有 TURN解决了对称 NAT的问题。 Basically, for NAT problems, there are various solutions, such as Session Traversal Utilities for NAT (STUN), Application Layer Gateway (艮卩ALG), and NAT through relay. (Troveral Using Relay NAT, TURN). But only TURN solves the problem of symmetric NAT.
设计 TURN协议的一个目的是为了使得 NAT尤其是对称 NAT或防火 墙后面的主机能够通过 TCP或 UDP接收到传入数据。 其基本思想是使用 公共地址空间中的 TURN服务器来为 NAT设备后面的主机中继传入分 组。  One purpose of designing the TURN protocol is to enable NAT, especially symmetric NAT or hosts behind the firewall, to receive incoming data over TCP or UDP. The basic idea is to use the TURN server in the public address space to relay incoming packets for hosts behind the NAT device.
一般来说, TURN的工作过程涉及两个阶段。 第一阶段是名称绑定阶 段。 这一阶段将 NAT后面的主机绑定到公共的 IP地址和端口。 第二阶段 是通信阶段。 在第二阶段中, 外部主机发起通信。 这两个阶段分别在图 1 和图 2中示出。  In general, TURN's work process involves two phases. The first phase is the name binding phase. This phase binds the host behind the NAT to a public IP address and port. The second phase is the communication phase. In the second phase, the external host initiates communication. These two phases are shown in Figures 1 and 2, respectively.
如图 1 所示, TURN服务器 63在公共的服务地址 (IP_s, Port— s)上监 听。  As shown in Figure 1, the TURN server 63 listens on the public service address (IP_s, Port_s).
在步骤 S601中, NAT后面的主机, 即第一主机 61使用其地址 (IP_li, Port_li)向 TURN服务器 63发送 TUR 消息: 分组中继请求。  In step S601, the host behind the NAT, i.e., the first host 61, sends its TUR message to the TURN server 63 using its address (IP_li, Port_li): Packet Relay Request.
在步骤 S602 中, 该消息的源地址被 NAT 设备 62 改成 (IP— le, Port— le)。 并且, 在对称 NAT的情况下, NAT设备 62形成 (IP— li, Port— li) 和 (IP— le, Port— le)之间的映射, 并且为该映射制定这样的策略: 允许从 (IP— s, Port_s)发送到 (IP— le, Port— le)的消息被转发到 (IP_li, Port_li), 并将包 含所述映射和策略的条目记录到其所维护的映射和策略数据库中。  In step S602, the source address of the message is changed to (IP-le, Port-le) by the NAT device 62. Also, in the case of symmetric NAT, the NAT device 62 forms a mapping between (IP-li, Port-li) and (IP-le, Port-le) and formulates such a policy for the mapping: Allowing from (IP) — s, Port_s) Messages sent to (IP_le, Port_le) are forwarded to (IP_li, Port_li) and the entries containing the mappings and policies are logged to the mapping and policy database they maintain.
在步骤 S603中, NAT设备 62将该中继请求消息转发到 TURN服务器 In step S603, the NAT device 62 forwards the relay request message to the TURN server.
63。 63.
在步骤 S604中, 接收到该中继请求消息的 TUR 服务器 63执行中继 请求处理。 这里的中继请求处理包括为第一主机 61 分配一个特定的中继 地址 (IP_lr, Port lr), 并且记录 (IP_lr,
Figure imgf000004_0001
Port— le)之间的映 射。 In step S604, the TUR server 63 that has received the relay request message performs relay request processing. The relay request processing here includes assigning a specific relay address (IP_lr, Port lr) to the first host 61, and recording (IP_lr,
Figure imgf000004_0001
Mapping between Port-le).
在步骤 S605 中, TUR 服务器 63 通过利用 (IP_s, Port_s)向(IP— le, Port— le)发送响应消息来对第一主机 61 的中继请求作出响应, 在该响应消 息的有效数据部分中包含所分配的中继地址 (IP— lr, Port— lr)。  In step S605, the TUR server 63 responds to the relay request of the first host 61 by transmitting a response message to (IP_s, Port_s) by (IP_s, Port_s), in the valid data portion of the response message. Contains the assigned relay address (IP_lr, Port-lr).
在步骤 S606 中, 当该响应消息到达 NAT设备 62 的地址 (IP_le, Port_le)时, NAT设备 62对照其映射和策略数据库来检查该响应消息。 在 这个情况下, 该消息通过检查。 于是 NAT设备 62将响应消息的目的地地 址从 (IP— le, Port— le)改成 (IP— li, Port— li)。 或者, 如果该消息未能通过检 查, 则被丢弃。 In step S606, when the response message reaches the address of the NAT device 62 (IP_le, At port_le), NAT device 62 checks the response message against its mapping and policy database. In this case, the message passes the check. The NAT device 62 then changes the destination address of the response message from (IP-le, Port-le) to (IP-li, Port-li). Or, if the message fails the check, it is discarded.
在步骤 S607中, NAT设备 62将该响应消息递送到第一主机 61的地 址 (IP— li, Port— li)。  In step S607, the NAT device 62 delivers the response message to the address (IP-li, Port-li) of the first host 61.
在步骤 S608中, 第一主机 61从该响应消息中得到 TURN服务器 63 为其分配的地址 (IP— lr,Port— lr), 并且构造绑定更新消息。 该绑定更新消息 的有效数据部分中包括第一主机 61 自身的主机名与所分配的地址之间的 绑定的信息。  In step S608, the first host 61 obtains the address (IP_lr, Port_lr) assigned by the TURN server 63 from the response message, and constructs a binding update message. The valid data portion of the binding update message includes information on the binding between the host name of the first host 61 itself and the assigned address.
在步骤 S609至 S611中, 第一主机 61通过 NAT设备 62将该绑定更 新消息发送到名称服务器 64。 名称服务器 64从而获得关于第一主机 61的 主机名与所分配的地址之间的绑定的信息, 并将其存储在自身维护的数据 库中。  In steps S609 to S611, the first host 61 transmits the binding update message to the name server 64 via the NAT device 62. The name server 64 thereby obtains information about the binding between the host name of the first host 61 and the assigned address, and stores it in the database maintained by itself.
图 2示出了通信阶段。 如图 2所示, 另一个主机, 即第二主机 65, 希 望发起与第一主机 61 的通信。 第二主机 65不在第一主机 61所在的私网 中, 并且可能在另一个 NAT设备后面 (例如, 在另一个私网中) , 也可 能不在 NAT设备后面 (例如, 在公网中) 。 作为示例, 图 2示出了第二 主机 65不在 NAT设备后面的情况。  Figure 2 shows the communication phase. As shown in FIG. 2, another host, the second host 65, wishes to initiate communication with the first host 61. The second host 65 is not in the private network where the first host 61 is located, and may be behind another NAT device (e.g., in another private network) or not behind the NAT device (e.g., in the public network). As an example, Figure 2 shows the case where the second host 65 is not behind the NAT device.
在步骤 S701中, 第二主机 65向名称服务器 64査询第一主机 61的中 继地址。  In step S701, the second host 65 queries the name server 64 for the relay address of the first host 61.
名称服务器 64在步骤 S702中在其数据库中查找与第一主机 61绑定 的中继地址, 并在步骤 S703中向第二主机 65返回指示与第一主机 61相 对应的中继地址 (IP— lr, Port— lr)的答复消息。  The name server 64 searches for a relay address bound to the first host 61 in its database in step S702, and returns a relay address (IP- corresponding to the first host 61) to the second host 65 in step S703. Lr, Port—lr) reply message.
第二主机 65在步骤 S704中从名称服务器 64的答复消息中得到 (IP— lr, Port lr), 并且在步骤 S705中通过用源地址 (IP_2, Port_2)向 (IP— lr, Port— lr) 发送请求来向第一主机 61发出通信请求消息。  The second host 65 obtains (IP_lr, Port lr) from the reply message of the name server 64 in step S704, and by using the source address (IP_2, Port_2) to (IP-lr, Port-lr) in step S705. A request is sent to issue a communication request message to the first host 61.
在步骤 S706中, TURN服务器 63在 (IP—lr, Port— lr)上接收到该通信请 求消息, 检査其先前记录的映射, 发现该消息是针对 (IP— le, Port_le)的。 TURN服务器 63随后将该通信请求的源地址 (IP— 2, Port— 2)包裹到该通信请 求中 (即包括在该通信请求消息的有效数据部分中) , 并且在步骤 S707 中利用其服务地址 (IP— s, Port—s)将新的通信请求转发到 (IP_le, Port_le In step S706, the TURN server 63 receives the communication request message on (IP-lr, Port-lr), checks the mapping of its previous record, and finds that the message is for (IP_le, Port_le). The TURN server 63 then wraps the source address (IP-2, Port-2) of the communication request into the communication request (i.e., included in the valid data portion of the communication request message), and utilizes its service address in step S707. (IP- s, Port-s) forwards the request to the new communication (IP_le, Port_le
在步骤 S708 中, NAT设备 62 在地址 (IP— le, Port— le)上接收到从 TURN服务器 63转发来的通信请求, 并且通过査看映射和策略数据库, 发 现该请求应当被转发到 (IP_li, Port_li)。 NAT设备 62于是将该通信请求的 目的地地址变成 (IP— li, Port— li), 并在步骤 S709 中将其转发到 (IP— li, Port_li  In step S708, the NAT device 62 receives the communication request forwarded from the TURN server 63 at the address (IP_le, Port_le), and by looking at the mapping and policy database, finds that the request should be forwarded to (IP_li) , Port_li). The NAT device 62 then changes the destination address of the communication request to (IP-li, Port-li) and forwards it to (IP-li, Port_li) in step S709.
在步骤 S710中, 第一主机 61接收到该通信请求, 从该通信请求的有 效数据部分中取得原始请求消息的内容以及消息的原始源地址 (IP_2, Port— 2)。 第一主机 61 为该请求创建响应消息, 将响应的实际目的地地址 (IP— 2, Port— 2)包裹到响应消息的有效数据部分中。 在步骤 S711中, 第一主 机 61向 TUR 服务器 63的服务地址 (IP— s, Port— s)发送该响应消息。  In step S710, the first host 61 receives the communication request, and retrieves the content of the original request message and the original source address (IP_2, Port-2) of the message from the valid data portion of the communication request. The first host 61 creates a response message for the request, wrapping the actual destination address (IP-2, Port-2) of the response into the valid data portion of the response message. In step S711, the first host 61 transmits the response message to the service address (IP_s, Port_s) of the TUR server 63.
NAT设备 62在步骤 S712中捕捉该响应消息, 将其源地址变成 (IP— le, Port— le), 然后在步骤 S713中将其转发到 TURN服务器 63。  The NAT device 62 captures the response message in step S712, changes its source address to (IP-le, Port-le), and then forwards it to the TURN server 63 in step S713.
TURN服务器 63在步骤 S714中在其服务地址 (IP— s, Port— s)上接收到响 应消息, 提取出实际目的地 (IP— 2, Port— 2)和实际响应消息, 并在步骤 S715 中将实际响应消息递送到第二主机 65 的地址 (IP— 2, Port— 2)。 第二主机 65 从而接收到第一主机 61 对其通信请求的响应, 并且可通过这种方式以 TURN服务器 63为中继与第一主机 61继续通信。  The TURN server 63 receives the response message at its service address (IP_s, Port_s) in step S714, extracts the actual destination (IP-2, Port-2) and the actual response message, and in step S715 The actual response message is delivered to the address of the second host 65 (IP-2, Port-2). The second host 65 thus receives a response from the first host 61 to its communication request, and can continue to communicate with the first host 61 via the TURN server 63 in this manner.
在如上所述的 TURN方案中, TURN服务器 63为每个发出中继请求 的客户端分配地址, 即 IP-端口对。 TURN服务器 63还必须维护所分配的 地址 (即图 1和 2中的 (IP— lr, Port— lr)) 和客户端的 NAT地址 (即图 1和 2中的 (IP— le, Port— le))之间的映射。 地址管理和映射维护给 TURN服务器 63增加了额外的工作。 另外, TURN服务器 63 的端口号是有限的资源。 这一点可能会限制 TURN服务器 63的性能。  In the TURN scheme as described above, the TURN server 63 assigns an address, i.e., an IP-port pair, to each client that issues a relay request. The TURN server 63 must also maintain the assigned address (i.e., (IP-lr, Port-lr) in Figures 1 and 2) and the client's NAT address (i.e., (IP-le, Port-le) in Figures 1 and 2). The mapping between ). Address management and mapping maintenance add extra work to the TURN server 63. In addition, the port number of the TURN server 63 is a limited resource. This may limit the performance of the TURN server 63.
另外, 在 P2P或类似的情形中, NAT给网络连通性带来了很大的问 题。 由于可能有许多主机都在 NAT设备后面, 所以 TURN方案面临着严 重的可扩展性问题。 因此, 希望提供一种利用中继方式穿越 NAT的方法、 系统和相应的 中继服务器, 其中, 中继服务器是无状态的, 不需要为其客户端分配和管 理地址。 另外, 希望提供一种利用中继方式穿越 NAT的方法、 系统和相 应的中继服务器, 其可以解决现有技术的 TURN方案所面临的可扩展性问 题。 发明内容 In addition, in P2P or similar situations, NAT poses a significant problem for network connectivity. Since there may be many hosts behind the NAT device, the TURN solution faces serious scalability issues. Therefore, it is desirable to provide a method, system, and corresponding relay server that utilizes a relay mode to traverse NAT, wherein the relay server is stateless and does not need to allocate and manage addresses for its clients. In addition, it is desirable to provide a method, system, and corresponding relay server that utilizes a relay mode to traverse NAT, which can solve the scalability problem faced by the prior art TURN solution. Summary of the invention
本发明的一个目的是提供一种利用中继方式穿越 NAT的方法、 系统 和相应的中继服务器, 其中, 中继服务器是无状态的, 不需要为其客户端 分配和管理地址。 本发明的另一个目的是提供一种利用中继方式穿越 NAT 的方法、 系统和相应的中继服务器, 其可以解决现有技术的 TURN方案所 面临的可扩展性问题。  It is an object of the present invention to provide a method, system and corresponding relay server for traversing NAT using a relay method, wherein the relay server is stateless and does not need to allocate and manage addresses for its clients. Another object of the present invention is to provide a method, system and corresponding relay server for traversing NAT by means of a relay, which can solve the scalability problem faced by the prior art TURN scheme.
根据本发明的一个方面, 提供了一种通过中继方式进行网络地址转换 NAT穿越的方法, 包括: 第一主机经由 NAT设备利用 NAT地址向中继服 务器的服务地址发送中继请求消息; 以及中继服务器向第一主机返回中继 响应消息, 该中继响应消息包括地址列表, 该地址列表包括中继地址和所 述 NAT地址。  According to an aspect of the present invention, a method for network address translation NAT traversal by means of a relay is provided, including: the first host sends a relay request message to a service address of the relay server by using a NAT address by using a NAT device; Following the server returning a relay response message to the first host, the relay response message includes an address list including a relay address and the NAT address.
根据本发明的另一个方面, 提供了一种通过中继方式进行网络地址转 换 NAT穿越的系统, 包括: 第一主机, 该第一主机向中继服务器的服务 地址发送中继请求消息; NAT设备, 该 NAT设备截取所述中继请求消 息, 并利用 NAT地址将所述中继请求消息转发到所述服务地址; 以及中 继服务器, 该中继服务器经由所述 NAT设备向所述第一主机返回中继响 应消息, 该中继响应消息包括地址列表, 该地址列表包括中继地址和所述 NAT地址。  According to another aspect of the present invention, a system for performing network address translation NAT traversal by means of a relay is provided, including: a first host, the first host sending a relay request message to a service address of the relay server; The NAT device intercepts the relay request message, and forwards the relay request message to the service address by using a NAT address; and a relay server, and the relay server sends the first host to the first host via the NAT device Returning a relay response message, the relay response message including an address list including a relay address and the NAT address.
根据本发明的另一方面, 提供了一种中继服务器, 包括: 消息收发单 元, 其在服务地址上接收从网络地址转换 NAT地址发送来的中继请求消 息, 将所述中继请求消息传递到中继请求处理单元, 并利用所述服务地址 向所述 NAT地址返回由中继请求处理单元构造出的中继响应消息; 以及 中继请求处理单元, 其构造所述中继响应消息, 所述中继响应消息包括地 址列表, 该地址列表包括中继地址和所述 NAT地址。 According to another aspect of the present invention, a relay server is provided, comprising: a messaging unit that receives a relay request message sent from a network address translation NAT address on a service address, and transmits the relay request message Returning to the relay request processing unit, and returning, by the service address, a relay response message constructed by the relay request processing unit to the NAT address; and a relay request processing unit configured to construct the relay response message, The relay response message includes A list of addresses, the address list including a relay address and the NAT address.
本发明的以上和其他优点和特征将从以下结合附图的详细描述中变得 更清楚。 附图说明  The above and other advantages and features of the present invention will become more apparent from the following detailed description. DRAWINGS
附图中相同或相似的标号表示相同或相似的要素, 其中:  The same or similar reference numerals in the drawings denote the same or similar elements, in which:
图 1是示出根据现有技术的使用 TURN服务器的 NAT穿越方法的名 称绑定阶段的操作过程的示图;  1 is a diagram showing an operation procedure of a name binding phase of a NAT traversal method using a TURN server according to the related art;
图 2是示出根据现有技术的使用 TURN服务器的 NAT穿越方法的通 信阶段的操作过程的示图;  2 is a diagram showing an operation procedure of a communication phase of a NAT traversal method using a TURN server according to the related art;
图 3是示出根据本发明第一实施例的利用中继服务器来穿越 NAT的 系统的示意性框图;  3 is a schematic block diagram showing a system for traversing a NAT using a relay server according to a first embodiment of the present invention;
图 4是示出图 3所示的系统在根据本发明第一实施例的 NAT穿越方 法的名称绑定阶段的操作过程的示图;  4 is a diagram showing an operation procedure of the system shown in FIG. 3 in the name binding phase of the NAT traversal method according to the first embodiment of the present invention;
图 5是示出图 3所示的系统在根据本发明第一实施例的 NAT穿越方 法的通信阶段的操作过程的示图;  Figure 5 is a diagram showing an operation procedure of the system shown in Figure 3 in the communication phase of the NAT traversal method according to the first embodiment of the present invention;
图 6是示出根据本发明第二实施例的利用中继服务器来穿越 NAT的 系统的示意性框图; 并且  6 is a schematic block diagram showing a system for traversing a NAT using a relay server according to a second embodiment of the present invention;
图 7是示出图 6所示的系统在根据本发明第二实施例的 NAT穿越方 法的中继节点报告与选择阶段的操作过程的示图。 具体实施方式  Figure 7 is a diagram showing the operational procedure of the relay node reporting and selection phase of the system of Figure 6 in the NAT traversal method according to the second embodiment of the present invention. detailed description
本发明利用了覆盖 (overlay) 网络和自组织 (ad-hoc) 网络中广泛使 用的源路由技术的原理来解决 NAT问题, 尤其是对称 NAT的问题。  The present invention utilizes the principles of source routing techniques widely used in overlay networks and ad-hoc networks to solve NAT problems, especially symmetric NAT.
源路由技术使得分组的发送者能够部分或全部地指定该分组在网络中 经过的路线。 与之不同, 在非源路由协议中, 由网络中的路由器基于分组 的目的地来确定路径。  Source routing technology enables the sender of a packet to specify, in part or in whole, the route that the packet passes through the network. In contrast, in non-source routing protocols, the path is determined by routers in the network based on the destination of the packet.
在典型的源路由机制中, 发送者 /源将路由信息包裹到分组中。 路由信 息包含从源地址到目的地地址的必要路径信息。 路径上每个接收到该分组 的节点从该分组中提取出下一跳地址, 然后将其转发到下一跳。 该路径上 的每个节点都重复该过程, 直到该分组到达目的地为止。 In a typical source routing mechanism, the sender/source wraps the routing information into packets. The routing information contains the necessary path information from the source address to the destination address. Each packet received on the path The node extracts the next hop address from the packet and then forwards it to the next hop. Each node on the path repeats the process until the packet reaches its destination.
例如, 假设主机 A想向主机 B发送数据, 并且主机 A预先知道其可 以经由主机 C向主机 B发送数据。 也就是说, 主机 A预先知道从其到目 的地主机 B的覆盖路径: 主机 A ->主机 C ->主机 B。  For example, suppose host A wants to send data to host B, and host A knows in advance that it can send data to host B via host C. That is, host A knows in advance the coverage path from host B to destination host B: Host A -> Host C -> Host B.
于是, 主机 A构造这样的分组: 在该分组的应用层有效数据 (例如语 音数据) 前, 添加了主机 B的地址作为覆盖层头部。 在 TCP/IP层看来, 该覆盖层头部也是应用层有效数据的一部分。 其中主机 B的地址可以包括 主机 B的地址和端口。 另外, 主机 B的地址还可包括协议。 例如, 主机 B 的地址可以是这样的形式: 202.1.1.1, 80, TCP。  Thus, host A constructs such a packet: the address of host B is added as the overlay header before the application layer valid data (e.g., voice data) of the packet. In the TCP/IP layer, the overlay header is also part of the application layer's valid data. The address of host B can include the address and port of host B. In addition, the address of host B may also include a protocol. For example, the address of host B can be of the form: 202.1.1.1, 80, TCP.
在该覆盖层头部的前面, 再添加 TCP/IP层的头部, 该 TCP/IP层的头 部中包括主机 A的 IP地址和端口作为源地址、 主机 C的 IP地址和端口作 为目的地地址。  In front of the overlay layer header, the header of the TCP/IP layer is added. The header of the TCP/IP layer includes the IP address and port of the host A as the source address, the IP address and port of the host C as the destination. address.
主机 A 随后向主机 C发送该分组。 主机 C接收到该分组, 提取 TCP/IP头部中的地址信息部分, 以及应用层有效数据部分中的主机 B的地 址, 然后从分组中去除主机 B的地址, 并将仅含原始的有效数据 (例如语 音数据) 的分组发送到主机 B的地址。  Host A then sends the packet to Host C. The host C receives the packet, extracts the address information portion in the TCP/IP header, and the address of the host B in the valid data portion of the application layer, and then removes the address of the host B from the packet, and will only contain the original valid data. A packet (for example, voice data) is sent to the address of Host B.
本发明利用了这种源路由技术的思想来解决 NAT 问题尤其是对称 NAT的问题。 下面参考附图来描述本发明的实施例。  The present invention takes advantage of the idea of this source routing technique to solve the problem of NAT, especially symmetric NAT. Embodiments of the present invention are described below with reference to the accompanying drawings.
在描述本发明的实施例之前, 将对本发明中的术语使用进行说明。 在本发明中, 当提及 "地址 " 时, 除非另有说明, 否则一般指的是由 IP地址和端口号的组合形成的传输地址。 在一些情况下, "地址"可以包 括 IP地址、 端口号和协议三者的组合。 这里为了简明起见, 只使用了 IP 地址和端口号两者的组合。 在本说明书及附图中, 使用 (IP, Port)的形式来 表示 IP地址和端口号的组合。  Before describing an embodiment of the present invention, the use of the terms in the present invention will be explained. In the present invention, when referring to "address", unless otherwise stated, it generally refers to a transport address formed by a combination of an IP address and a port number. In some cases, an "address" can include a combination of an IP address, a port number, and a protocol. For the sake of brevity, only a combination of both IP address and port number is used. In the present specification and the drawings, a combination of an IP address and a port number is expressed in the form of (IP, Port).
另外, 在附图中, 以 " src: (xxx, xxx) dst: (yyy,yyy)数据: zzzzz" 的形 式表示出了相应的消息的源地址、 目的地地址和有效数据 (payload) 部分 包括的特殊内容。  In addition, in the drawing, the source address, the destination address, and the payload (payload) portion of the corresponding message are expressed in the form of "src: (xxx, xxx) dst: (yyy, yyy) data: zzzzz". Special content.
例如, 图 4中的步骤 S101中发送的中继请求消息的箭头下方的 "src: (IP_li, Port— li) dst: (IP_s, Port_s)"表明, 该中继请求消息的源地址为 (IP— li Port_li), 目的地地址为 (IP— s, Port—s)。 没有特别指明 "数据" , 表明该中 继请求消息的有效数据部分与通常的中继请求消息的内容相同。 For example, "src: below the arrow of the relay request message transmitted in step S101 in FIG. (IP_li, Port-li) dst: (IP_s, Port_s)" indicates that the source address of the relay request message is (IP_li Port_li) and the destination address is (IP_s, Port_s). "Data" indicates that the valid data portion of the relay request message is the same as the content of the normal relay request message.
又例如, 图 4的步骤 S105中发送的中继响应消息的箭头下方的 "src: (IP s, Port s) dst: (IP— le, Port— le)数据: [(IP— r, Port— r), (IP le, Port_le)],,表 明, 该中继响应消息的源地址为(IP— s, Port— s), 目的地地址为(IP— le, Port— le), 并且在该中继响应消息的有效数据部分中, 除了通常的中继响 应消息中可能包括的内容之外, 还包括根据本发明的地址列表 [(IP_r, Port_r), (IP le, Port— le)]。  For another example, "src: (IP s, Port s) dst: (IP-le, Port-le) data below the arrow of the relay response message transmitted in step S105 of FIG. 4: [(IP-r, Port- r), (IP le, Port_le)], indicates that the source address of the relay response message is (IP_s, Port_s), the destination address is (IP_le, Port-le), and In the valid data portion of the relay response message, in addition to what may be included in the usual relay response message, an address list [(IP_r, Port_r), (IP le, Port-le)] according to the present invention is also included.
另外, 注意, 在本发明中, 当提及某个消息的源地址或目的地地址 时, 实际上指的承载该消息的分组的 TCP/IP层头部中记载的源地址或目 的地地址。 当提及某个消息的有效数据部分时, 实际上指的是承载该消息 的分组的去除 TCP/IP 层头部以后的应用层有效数据 (application payload ) 。  Further, it is to be noted that, in the present invention, when referring to the source address or destination address of a certain message, it actually refers to the source address or the destination address recorded in the TCP/IP layer header of the packet carrying the message. When referring to the valid data portion of a message, it actually refers to the application layer payload of the packet carrying the message after the TCP/IP layer header is removed.
图 3 示出了根据本发明第一实施例的用于 NAT穿越的系统 1 的框 图。  Fig. 3 shows a block diagram of a system 1 for NAT traversal according to a first embodiment of the present invention.
如图 1 所示, 系统 1包括第一主机 11、 NAT设备 12、 中继服务器 13、 名称服务器 14和第二主机 15。  As shown in FIG. 1, the system 1 includes a first host 11, a NAT device 12, a relay server 13, a name server 14, and a second host 15.
如图所示, 第一主机 11处于私网中, NAT设备 12是该私网的 NAT 设备, 而中继服务器 13、 名称服务器 14和第二主机 15都在该私网外部。 这里假定中继服务器 13、 名称服务器 14和第二主机 15都在公网中。  As shown, the first host 11 is in the private network, the NAT device 12 is the NAT device of the private network, and the relay server 13, the name server 14, and the second host 15 are all outside the private network. It is assumed here that the relay server 13, the name server 14, and the second host 15 are all in the public network.
第一主机 11 包括消息收发单元 101、 存储单元 102、 名称绑定单元 103、 通信处理单元 104。 消息收发单元 101 用于接收来自其他设备的消 息, 根据接收到的消息的类型等等将其传递到名称绑定单元 103或通信处 理单元 104等等, 以及向期望的目的地发送名称绑定单元 103和通信处理 单元 104指示发送的消息。 名称绑定单元 103可执行在本发明方法的名称 绑定阶段期间第一主机 11 处的处理。 通信处理单元 104可执行在本发明 方法的通信阶段期间第一主机 11 处的处理。 存储单元 102可存储第一主 机 11 的操作中可能需要使用和存储的信息。 例如, 存储单元 102可存储 第一主机 11的本地地址, 以及第一主机 1 1从中继服务器 13接收到的地址 列表等等。 The first host 11 includes a messaging unit 101, a storage unit 102, a name binding unit 103, and a communication processing unit 104. The messaging unit 101 is configured to receive a message from another device, pass it to the name binding unit 103 or the communication processing unit 104 or the like according to the type of the received message, etc., and send the name binding unit to the desired destination. The 103 and communication processing unit 104 indicates the transmitted message. The name binding unit 103 can perform the processing at the first host 11 during the name binding phase of the method of the present invention. Communication processing unit 104 may perform the processing at first host 11 during the communication phase of the method of the present invention. The storage unit 102 can store information that may be needed to be used and stored in the operation of the first host 11. For example, the storage unit 102 can store The local address of the first host 11, and the address list received by the first host 11 from the relay server 13, and the like.
NAT设备 12包括消息收发单元 201、 存储单元 202、 NAT处理单元 203。 消息收发单元 201 用于接收来自其他设备的消息, 将接收到的消息 传递到 NAT处理单元 203, 以及向期望的目的地发送 NAT处理单元 203 指示发送的消息。 NAT处理单元 203可执行 NAT处理。 存储单元 202可 存储 NAT设备 12的操作中可能需要使用和存储的信息。 例如, 存储单元 202可存储 NAT设备 12在私网中使用的内部地址、 可为私网中的主机分 配的外部地址, 以及内部地址与外部地址之间的映射和有关策略等等。  The NAT device 12 includes a messaging unit 201, a storage unit 202, and a NAT processing unit 203. The messaging unit 201 is configured to receive messages from other devices, deliver the received messages to the NAT processing unit 203, and send a message to the desired destination that the NAT processing unit 203 indicates to transmit. The NAT processing unit 203 can perform NAT processing. The storage unit 202 can store information that may be needed to be used and stored in the operation of the NAT device 12. For example, storage unit 202 can store internal addresses used by NAT device 12 in the private network, external addresses that can be assigned to hosts in the private network, and mappings and related policies between internal and external addresses, and the like.
中继服务器 13包括消息收发单元 301、 存储单元 302、 中继请求处理 单元 303、 中继处理单元 304。 消息收发单元 301用于接收来自其他设备 的消息, 根据接收到的消息的类型等等将其传递到中继请求处理单元 303 或中继处理单元 304, 以及向期望的目的地发送中继请求处理单元 303和 中继处理单元 304指示发送的消息。 中继请求处理单元 303可执行在本发 明方法的名称绑定阶段期间中继服务器 13 处的处理。 中继处理单元 304 可执行在本发明方法的通信阶段期间中继服务器 13 处的处理。 存储单元 302可存储中继服务器 13的操作中可能需要使用和存储的信息。 例如, 存 储单元 302可以存储服务地址和中继地址。  The relay server 13 includes a messaging unit 301, a storage unit 302, a relay request processing unit 303, and a relay processing unit 304. The messaging unit 301 is configured to receive a message from another device, transfer it to the relay request processing unit 303 or the relay processing unit 304 according to the type of the received message, and the like, and send a relay request processing to the desired destination. Unit 303 and relay processing unit 304 indicate the transmitted message. The relay request processing unit 303 can perform the processing at the relay server 13 during the name binding phase of the method of the present invention. Relay processing unit 304 may perform the processing at relay server 13 during the communication phase of the method of the present invention. The storage unit 302 can store information that may be needed to be used and stored in the operation of the relay server 13. For example, storage unit 302 can store a service address and a relay address.
名称服务器 14包括消息收发单元 401、 存储单元 402、 绑定更新处理 单元 403、 查询处理单元 404。 消息收发单元 401用于接收来自其他设备 的消息, 根据接收到的消息的类型等等将其传递到绑定更新处理单元 403 或查询处理单元 404等等, 以及向期望的目的地发送绑定更新处理单元 403和查询处理单元 404指示发送的消息。 绑定更新处理单元 403可执行 在本发明方法的名称绑定阶段期间名称服务器 14处的处理。 查询处理单 元 404可执行在本发明方法的通信阶段期间名称服务器 14处的处理。 存 储单元 402可存储名称服务器 14的操作中可能需要使用和存储的信息。 例如, 存储单元 402可以存储由主机报告来的绑定信息。  The name server 14 includes a messaging unit 401, a storage unit 402, a binding update processing unit 403, and a query processing unit 404. The messaging unit 401 is configured to receive a message from another device, pass it to the binding update processing unit 403 or the query processing unit 404 or the like according to the type of the received message, and the like, and send a binding update to the desired destination. Processing unit 403 and query processing unit 404 indicate the transmitted message. Binding update processing unit 403 can perform the processing at name server 14 during the name binding phase of the method of the present invention. The query processing unit 404 can perform the processing at the name server 14 during the communication phase of the method of the present invention. The storage unit 402 can store information that may need to be used and stored in the operation of the name server 14. For example, the storage unit 402 can store binding information reported by the host.
第二主机 15包括消息收发单元 501、 存储单元 502、 通信处理单元 503。 消息收发单元 501 用于接收来自其他设备的消息, 根据接收到的消 息的类型等等将其传递到通信处理单元 503等等, 以及向期望的目的地发 送通信处理单元 503指示发送的消息。 通信处理单元 503可执行在本发明 方法的通信阶段期间第二主机 15处的处理。 存储单元 502可存储第二主 机 15 的操作中可能需要使用和存储的信息。 例如, 存储单元 502可存储 第二主机 15可使用的地址信息。 The second host 15 includes a messaging unit 501, a storage unit 502, and a communication processing unit 503. The messaging unit 501 is configured to receive messages from other devices, according to the received cancellation The type of interest or the like is passed to the communication processing unit 503 or the like, and the message transmitted by the communication processing unit 503 is instructed to the desired destination. Communication processing unit 503 can perform the processing at second host 15 during the communication phase of the method of the present invention. The storage unit 502 can store information that may be needed to be used and stored in the operation of the second host 15. For example, the storage unit 502 can store address information usable by the second host 15.
下面将参考图 4和图 5来详细描述在根据本发明的 NAT穿越方法中 图 3所示的系统 1的操作示例。  An example of the operation of the system 1 shown in Fig. 3 in the NAT traversing method according to the present invention will be described in detail below with reference to Figs. 4 and 5.
图 4示出了根据本发明的 NAT穿越方法的名称绑定阶段的操作过 程。  Figure 4 illustrates the operation of the name binding phase of the NAT traversal method in accordance with the present invention.
如图 4所示, 中继服务器 13 可使用两个地址来接收和发送消息。 即, 中继服务器 13可在这两个地址上监听传入的消息, 并且可利用这两 个消息中的任一个发送外出消息。 这两个地址包括服务地址 (IP— s, Port— s) 和中继地址 (IP— r, Port— r)。 服务地址 (IP— s, Port— s)用于 NAT设备后面的私网 中的主机, 而中继地址 (IP_r,Port— ι用于私网外部的主机。 注意, 在本发明 中, 服务地址和中继地址可以是相同的。  As shown in Figure 4, the relay server 13 can use two addresses to receive and send messages. That is, the relay server 13 can listen for incoming messages at these two addresses, and can use any of the two messages to send outgoing messages. These two addresses include the service address (IP_s, Port_s) and the relay address (IP_r, Port-r). The service address (IP_s, Port_s) is used for the host in the private network behind the NAT device, and the relay address (IP_r, Port is used for the host outside the private network. Note that in the present invention, the service address And the relay address can be the same.
' 假设私网中的某个主机, 例如第一主机 11, 希望中继服务器 13为其 提供中继服务, 以便该私网外部的主机能够发起与第一主机 11 的通信。 如图所示, 第一主机 11在 NAT设备 12后面。 也就是说, 第一主机 11收 发的分组都需要经过 NAT设备 12进行的 NAT处理。  It is assumed that a host in the private network, such as the first host 11, expects the relay server 13 to provide a relay service for the host outside the private network to initiate communication with the first host 11. As shown, the first host 11 is behind the NAT device 12. That is to say, the packets received by the first host 11 need to be processed by the NAT device 12 for NAT.
首先, 在步骤 S101中, 第一主机 11的名称绑定单元 103构造中继请 求消息, 并通过消息收发单元 101 将其发送出。 该中继请求消息的目的地 地址为中继服务器 13的服务地址, 源地址为第一主机 11在私网中的本地 地址或者说内部地址 (IP— li, Port— li)。  First, in step S101, the name binding unit 103 of the first host 11 constructs a relay request message and transmits it out through the messaging unit 101. The destination address of the relay request message is the service address of the relay server 13, and the source address is the local address or internal address (IP_li, Port-li) of the first host 11 in the private network.
在步骤 S102中, NAT设备 12的消息收发单元 201截取到该中继请求 消息, 并将其传递到 NAT处理单元 203。 NAT处理单元 203通过执行 NAT处理, 将该中继请求消息的源地址改为公共地址或者说外部地址 (IP le, Port_le)0 此地址也可被称为 NAT地址。 在此情况下, NAT处理单 元 203形成 (IP— li, Port— li)和 (IP一 le, Port— le)之间的映射, 并且为该映射制 定这样的策略: 允许从 (IP— s, Port— s)发送到 (IP— le, Port— le)的消息被转发到 (IP_li, Port_li) o 也就是说, 如果 NAT设备 12以后接收到的传入消息的分 组的源地址为 CIP—s, Port— s 目的地地址为 (IP— le, Port— le;), 则该消息可以 被转发到第一主机 11的内部地址 (IP— li, Port— li)。 NAT处理单元 203将包 含所述映射和策略的条目记录在存储单元 202 中的例如映射和策略数据库 中。 In step S102, the messaging unit 201 of the NAT device 12 intercepts the relay request message and passes it to the NAT processing unit 203. NAT NAT processing unit 203 by performing the processing, the source address of the relay request message to a public address or the external address (IP le, Port_le) 0 This address may also be referred to as a NAT address. In this case, the NAT processing unit 203 forms a mapping between (IP-li, Port-li) and (IP-le, Port-le), and formulates such a policy for the mapping: Allowing from (IP_s, Port_s) The message sent to (IP-le, Port-le) is forwarded to (IP_li, Port_li) o That is, if the source address of the packet of the incoming message received by the NAT device 12 later is CIP_s, and the destination address of the Port_s is (IP_le, Port_le;), then The message can be forwarded to the internal address (IP_li, Port-li) of the first host 11. The NAT processing unit 203 records the entries containing the mappings and policies in, for example, a mapping and policy database in the storage unit 202.
在步骤 S103中, NAT设备 12将源地址经修改的中继请求消息转发到 中继服务器 13。  In step S103, the NAT device 12 forwards the source address modified relay request message to the relay server 13.
在步骤 S104中, 中继服务器 13通过消息收发单元 301接收到从 NAT 设备 12转发来的中继请求消息。 该中继请求消息被传递给中继请求处理 单元 303。 中继请求处理单元 303 获知该中继请求消息的源地址 (IP_le, Port— le) (NAT地址) 。 中继请求处理单元 303 构造这样的中继响应消 息: 该中继响应消息的有效数据部分中包括地址列表 [(IP— r, Port— r),(IP— le, Port— le)]。 该地址列表也可称为路由信息, 其中包括中继地址 (IP— r, Port— r) 和 NAT地址 (IP— le, Port_le) o 与现有技术中不同, 该中继地址 (IP— r, Port— r) 可以不是为第一主机 11特别分配的。 也就是说, 中继服务器 13可以为接 收到的多个或者所有中继请求消息使用一个共同的中继地址 (IP— I·, Port_r)0 另外, 与现有技术中不同, 中继服务器 13也无需存储任何映射。 当其以 后在中继地址 (IP— r, Port— r)接收到通信请求消息时, 它只需根据该消息自身 所携带的地址利用其服务地址 (IP— s, Port— s)发送到特定的目的地即可, 下 文将对此进行更详细描述。 In step S104, the relay server 13 receives the relay request message forwarded from the NAT device 12 through the messaging unit 301. The relay request message is delivered to the relay request processing unit 303. The relay request processing unit 303 learns the source address (IP_le, Port_le) (NAT address) of the relay request message. The relay request processing unit 303 constructs a relay response message: the valid data portion of the relay response message includes an address list [(IP - r, Port - r), (IP - le, Port - le)]. The address list may also be referred to as routing information, including a relay address (IP_r, Port-r) and a NAT address (IP_le, Port_le) o different from the prior art, the relay address (IP-r , Port — r) may not be specifically allocated for the first host 11 . That is, the relay server 13 may be a plurality or all of the received relay request message using a common repeater address (IP- I ·, Port_r) 0 Further, the prior art different, the relay server 13 There is also no need to store any mappings. When it receives a communication request message at the relay address (IP_r, Port-r) later, it only needs to send it to the specific address according to the address carried by the message itself using its service address (IP_s, Port_s). The destination is OK, as described in more detail below.
在步骤 S105中, 中继请求处理单元 303通过消息收发单元 301, 利用 服务地址 (IP_s, Port_s)向地址 (IP— le, Port— le)发送中继响应消息。  In step S105, the relay request processing unit 303 transmits a relay response message to the address (IP_le, Port_le) by the message transmitting and receiving unit 301 using the service address (IP_s, Port_s).
在步骤 S106 中, NAT设备 12接收到该中继响应消息。 此时, NAT 处理单元 203对照存储单元 202中存储的映射和策略数据库来检查该中继 响应消息。 在这里的情况下, 由于该中继响应消息的源地址为 (IP— s, Port_s) , 目的地地址为 (IP— le, Port— le), 因此该消息通过检查。 于是, NAT处理单元 203 将中继响应消息的目的地地址从 (IP— le, Port_le)改成 (IP— li, Port— li)。 或者, 如果该消息未能通过检查, 则被丢弃 (或者被转发 到其他匹配的地址) 。 在步骤 S107中, 消息收发单元 201将目的地地址己被修改的中继响 应消息转发到第一主机 11。 In step S106, the NAT device 12 receives the relay response message. At this time, the NAT processing unit 203 checks the relay response message against the mapping and policy database stored in the storage unit 202. In this case, since the source address of the relay response message is (IP_s, Port_s) and the destination address is (IP_le, Port-le), the message passes the check. Thus, the NAT processing unit 203 changes the destination address of the relay response message from (IP_le, Port_le) to (IP_li, Port-li). Or, if the message fails to pass the check, it is discarded (or forwarded to another matching address). In step S107, the messaging unit 201 forwards the relay response message whose destination address has been modified to the first host 11.
在步骤 S108中, 第一主机 11的消息收发单元 101将接收到的中继响 应消息传递到名称绑定单元 103。 名称绑定单元 103从该中继响应消息的 有效数据部分中提取出地址列表 [(IP— r, Port— r), (IP一 le, Port— le)]。 名称绑 定单元 103 随后构造绑定更新消息, 在该绑定更新消息的有效数据部分中 包括绑定信息, 该绑定信息指示出第一主机 11 (例如第一主机 11 的主机 名) 与地址列表 [(IP_r, Port_r), (IP le, Port— le)]的绑定。  In step S108, the messaging unit 101 of the first host 11 delivers the received relay response message to the name binding unit 103. The name binding unit 103 extracts the address list [(IP - r, Port - r), (IP - le, Port - le)] from the valid data portion of the relay response message. The name binding unit 103 then constructs a binding update message, including binding information indicating the first host 11 (e.g., the host name of the first host 11) and the address in the valid data portion of the binding update message. The binding of the list [(IP_r, Port_r), (IP le, Port-le)].
在步骤 S109中, 第一主机 11的消息收发单元 101根据名称绑定单元 103 的指示, 向名称服务器 14的地址 (IP— ns, Port— ns)发送绑定更新消息。 注意, 第一主机 11与名称服务器 14通信时使用的内部地址与其在与中继 服务器 13 通信时使用的内部地址通常是不相同的。 这里为表明这种区 别, 用 (IP— li'和 Port— Π')来表示第一主机 11与名称服务器 14通信时使用 的内部地址。 正如本领域的技术人员所熟知的, 常见的情况是 IP地址相同 而端口号不同。 也就是说, IP— li'与 IP— li可以相同, 而 Port一 li,与 Port_li 通常是不同的。 同一设备在与不同设备通信时通常使用不同的传输地址 (至少是不同的端口号) 。 这一点同样适用于以下所述的第一主机与中继 选择服务器 16通信时使用的内部地址 (IP—li", Portli"), 以及第二主机与 名称服务器通信时和经由中继服务器向第一主机发起通信请求时分别使用 的地址 (IP_2 '和 ΙΡ_2')和 (IP_2和 IP_2)。  In step S109, the messaging unit 101 of the first host 11 transmits a binding update message to the address (IP_ns, Port_ns) of the name server 14 in accordance with the instruction of the name binding unit 103. Note that the internal address used by the first host 11 to communicate with the name server 14 is generally different from the internal address used when communicating with the relay server 13. Here, to indicate such a distinction, (IP_li' and Port_Π') are used to indicate the internal address used when the first host 11 communicates with the name server 14. As is well known to those skilled in the art, it is common for IP addresses to be the same and port numbers to be different. That is to say, IP-li' and IP-li can be the same, and Port-li is usually different from Port_li. The same device typically uses a different transport address (at least a different port number) when communicating with different devices. This also applies to the internal address (IP-li", Portli") used by the first host to communicate with the relay selection server 16, as described below, and when the second host communicates with the name server and via the relay server. The addresses (IP_2 'and ΙΡ_2') and (IP_2 and IP_2) used by a host to initiate a communication request.
在步骤 S110中, 与步骤 S102中类似, NAT设备 12的消息收发单元 201截取该绑定更新消息并将其传递到 NAT处理单元 203。 NAT处理单元 203通过执行 NAT处理, 将该绑定更新消息的源地址改为公共地址或者说 外部地址 (IP_le', Port_le')。 这里, 由于 (IP_li,, Port_li,) 不同于 (IP— li, Port_li) , 因此 (IP— li', Port_li' ) 所被映射到的外部地址 (IP— le', Port—le') 不同于 (IP_li, Port— li ) 所被映射到的外部地址 (IP— le, Port— le)。 其中, IP— le'与 IP— le可以相同, 而 Port—le'和 Port_le通常是不同的。 这同样适 用于下文所述的 (IP_li", Port— li") 禾口 (IP— le", Port— le")的情况下。 在此情 况下, 与步骤 S102 中类似, NAT处理单元 203 形成 (IP— li,, Port— li')禾口 (IP_le', Port— le')之间的映射, 并且为该映射制定这样的策略: 允许从 (IP_ns, Port— ns)发送到 (IP— le,, Port— le,)的消息被转发到 (IP— li', Port_li')0 NAT处理单元 203将包含所述映射和策略的条目记录在存储单元 202中的 例如映射和策略数据库中。 In step S110, similar to step S102, the messaging unit 201 of the NAT device 12 intercepts the binding update message and passes it to the NAT processing unit 203. The NAT processing unit 203 changes the source address of the binding update message to a public address or an external address (IP_le', Port_le') by performing NAT processing. Here, since (IP_li, Port_li,) is different from (IP_li, Port_li), the external address (IP_le', Port_le') to which (IP_li', Port_li') is mapped is different from (IP_li, Port-li ) The external address (IP_le, Port-le) to which it is mapped. Among them, IP-le' and IP-le can be the same, and Port-le' and Port_le are usually different. The same applies to the case of (IP_li", Port-li") and (IP-le", Port-le" described below. In this case, similar to step S102, the NAT processing unit 203 forms (IP-li, Port-li') and Mapping between (IP_le', Port-le'), and formulating a policy for this mapping: Allow messages sent from (IP_ns, Port-ns) to (IP-le, Port-le,) to be forwarded to (IP_li', Port_li') 0 The NAT processing unit 203 records an entry containing the mapping and policy in, for example, a mapping and policy database in the storage unit 202.
在步骤 S111中, NAT设备 12将源地址经修改的绑定更新消息发送到 其期望目的地 -名称服务器 14。  In step S111, the NAT device 12 transmits the modified binding update message of the source address to its desired destination-name server 14.
在步骤 S112中, 名称服务器 14的消息收发单元 401接收到该绑定更 新消息并将其传递到绑定更新处理单元 403。 绑定更新处理单元 403从该 绑定更新消息的有效数据部分中提取出指示第一主机 11 的主机名与地址 列表 [(IP— r, Port_r), (IP_le, Port_le)]的绑定的信息, 并将该信息存储在存储 单元 402中的例如绑定数据库中。  In step S112, the messaging unit 401 of the name server 14 receives the binding update message and passes it to the binding update processing unit 403. The binding update processing unit 403 extracts information indicating the binding of the host name of the first host 11 and the address list [(IP_r, Port_r), (IP_le, Port_le)] from the valid data portion of the binding update message. And storing the information in, for example, a binding database in the storage unit 402.
图 5示出了根据本发明的 NAT穿越方法的通信阶段的操作过程。  Figure 5 shows the operation of the communication phase of the NAT traversal method in accordance with the present invention.
如图所示, 第二主机 15希望发起与第一主机 11的通信。 第二主机 15 不在第一主机 11所在私网中。 第二主机 15可能在公网中, 也可能在另一 个私网中。 也就是说, 第二主机 15可能不在 NAT设备后面, 也可能在另 一个 NAT设备后面。 为简明起见, 这里假设第二主机 15不在 NAT设备 后面。  As shown, the second host 15 wishes to initiate communication with the first host 11. The second host 15 is not in the private network where the first host 11 is located. The second host 15 may be in the public network or in another private network. That is, the second host 15 may not be behind the NAT device or behind another NAT device. For the sake of brevity, it is assumed here that the second host 15 is not behind the NAT device.
首先, 在步骤 S201中, 第二主机 15的通信处理单元 503构造绑定查 询消息, 该绑定査询消息指定第一主机 11 的主机名, 希望查询第一主机 11的地址。 消息收发单元 501向名称服务器 14发送该绑定查询消息。  First, in step S201, the communication processing unit 503 of the second host 15 constructs a binding query message, which specifies the host name of the first host 11, and wishes to query the address of the first host 11. The messaging unit 501 sends the binding query message to the name server 14.
在步骤 S202中, 名称服务器 14的消息收发单元 401接收到该绑定査 询消息并将其传递到查询处理单元 404。 查询处理单元 404以第一主机 11 的主机名为关键字查找存储单元 402中的绑定数据库, 找出与第一主机 11 的主机名相对应的地址列表 [(IP_r, Port— r), (IP— le, Port— le)]。 查询处理单元 404构造绑定答复消息, 该消息的有效数据部分中包括与第一主机 11的主 机名相对应的地址列表 [(IP_r, Port_r), (IP_le, Port_le)]。  In step S202, the messaging unit 401 of the name server 14 receives the binding query message and passes it to the query processing unit 404. The query processing unit 404 searches the binding database in the storage unit 402 with the host name of the first host 11 to find the address list corresponding to the host name of the first host 11 [(IP_r, Port_r), ( IP—le, Port—le)]. The query processing unit 404 constructs a binding reply message in which the valid data portion of the message includes an address list [(IP_r, Port_r), (IP_le, Port_le)] corresponding to the host name of the first host 11.
在步骤 S203中, 名称服务器 14的消息收发单元 401将该绑定答复消 息发送到第二主机 15。  In step S203, the messaging unit 401 of the name server 14 transmits the binding reply message to the second host 15.
在步骤 S204中, 第二主机 15的消息收发单元 501接收到该绑定答复 消息, 并将其传递到通信处理单元 503。 通信处理单元 503从该绑定答复 消息的有效数据部分中提取出与第一主机 11 相对应的地址列表 |XIP_r, Port— r), (IP— le, Port— le)], 并且构造通信请求消息, 该通信请求消息的有效 数据部分中除包括第二主机 15通常发送的通信请求消息中本来有的数据 内容外, 还包括提取出的地址列表中的 NAT地址 (IP— le,Port_le;)。 In step S204, the messaging unit 501 of the second host 15 receives the binding reply. The message is passed to the communication processing unit 503. The communication processing unit 503 extracts an address list |XIP_r, Port_r), (IP_le, Port_le) corresponding to the first host 11 from the valid data portion of the binding reply message, and constructs a communication request. The message, the valid data part of the communication request message includes the original data content in the communication request message normally sent by the second host 15, and the NAT address in the extracted address list (IP_le, Port_le;) .
在步骤 S205 中, 在通信处理单元 503 的指示下, 消息收发单元 501 利用源地址 (IP— 2, Port— 2)向所提取出的地址列表中的中继地址 (IP— r, Port— r) 发送通信请求, 从而来发起与第一主机 11的通信。  In step S205, under the instruction of the communication processing unit 503, the messaging unit 501 uses the source address (IP-2, Port-2) to forward the relay address in the extracted address list (IP_r, Port-r). A communication request is sent to initiate communication with the first host 11.
在步骤 S206中, 中继服务器 13的消息收发单元 301在中继地址 (IP— r, Port— r)上接收到该通信请求消息, 并将其相应地传递到中继处理单元 304。 中继处理单元 304从该通信请求消息中提取出作为路由信息的 (IP_le, Port_le 中继处理单元 304随后基于此通信请求消息构造一个新的通信请 求, SP, 去除原通信请求消息中包括的 (IP_le, Port— le;), 并且在其中包括 通信请求消息的原本源地址, 即第二主机 15的地址 (IP_2,Port— 2)。  In step S206, the messaging unit 301 of the relay server 13 receives the communication request message on the relay address (IP_r, Port-r) and passes it to the relay processing unit 304 accordingly. The relay processing unit 304 extracts as the routing information from the communication request message (IP_le, the Port_le relay processing unit 304 then constructs a new communication request based on the communication request message, SP, and removes the original communication request message included in the IP_le, Port_le;), and includes the original source address of the communication request message, that is, the address of the second host 15 (IP_2, Port-2).
在步骤 S207中, 在中继处理单元 304的指示下, 消息收发单元 301 利用其服务地址 (IP— s, Port— s)将新的通信请求消息转发到 (IP_le, Port_le 可见, 在名称绑定阶段期中继服务器向第一主机返回的路由信息使得 第二主机可以以源路由的方式在所发送的通信请求消息中指定该消息的路 径。 中继服务器从而可根据该消息中包含的内容将其转发到适当的 NAT 地址, 而其自身无需维护任何映射信息。 In step S207, under the instruction of the relay processing unit 304, the message transceiving unit 301 with its service address (IP- s, Port- s) of the new communication request is forwarded to the message (IP_le, Port_le seen bound name The routing information returned by the relay server to the first host is such that the second host can specify the path of the message in the sent communication request message by means of source routing. The relay server can thus be based on the content contained in the message. Forwards to the appropriate NAT address without itself maintaining any mapping information.
在步骤 S208 中, NAT设备 12 的消息收发单元 201 在地址 (IP— le, Port— le)上接收到该新的通信请求消息, 并将其传递给 NAT处理单元 203。 NAT处理单元 203对照存储单元 202中的映射和策略数据库来检查 该消息。 在这里的情况下, 由于该消息的源地址为 (IP_s, Port— s), 目的地 地址为 (IP— le, Port_le), 因此该消息通过检查。 于是, NAT处理单元 203 将该消息的目的地地址从 (IP— le, Port_le)改成 (IP— li, Port_li)。  In step S208, the messaging unit 201 of the NAT device 12 receives the new communication request message at the address (IP_le, Port-le) and passes it to the NAT processing unit 203. The NAT processing unit 203 checks the message against the mapping and policy database in the storage unit 202. In this case, since the source address of the message is (IP_s, Port_s) and the destination address is (IP_le, Port_le), the message passes the check. Thus, the NAT processing unit 203 changes the destination address of the message from (IP_le, Port_le) to (IP_li, Port_li).
在步骤 S209中, 消息收发单元 201 将目的地地址经修改的通信请求 消息转发到第一主机 11的内部地址 (IP— li, Port— li)。  In step S209, the messaging unit 201 forwards the modified communication request message of the destination address to the internal address (IP_li, Port-li) of the first host 11.
在步骤 S210中, 第一主机 11的消息收发单元 101接收到从 NAT设 备 12转发来的该通信请求消息, 并将其传递到通信处理单元 104。 通信处 理单元 104从该通信请求消息的有效数据部分中, 提取出原始通信请求消 息的有效数据内容以及原始源地址 (IP— 2, Port— 2)。 通信处理单元 104随后 为该通信请求消息创建通信响应消息, 在该通信响应消息的有效数据部分 中, 除包括第一主机 11 通常发送的通信响应消息中本来包括的有效数据 内容外, 还包括该通信响应消息的实际目的地地址 (IP— 2, Port_2)0 In step S210, the messaging unit 101 of the first host 11 receives the slave NAT setting. The communication request message forwarded by the device 12 is passed to the communication processing unit 104. The communication processing unit 104 extracts the valid data content of the original communication request message and the original source address (IP-2, Port-2) from the valid data portion of the communication request message. The communication processing unit 104 then creates a communication response message for the communication request message, and includes, in addition to the valid data content originally included in the communication response message normally sent by the first host 11, in the valid data portion of the communication response message. The actual destination address of the communication response message (IP-2, Port_2) 0
在步骤 S211中, 第一主机 11通过消息收发单元 101向中继服务器 13 的服务地址 (IP— s, Port— s)发送该通信响应消息。  In step S211, the first host 11 transmits the communication response message to the service address (IP_s, Port_s) of the relay server 13 via the messaging unit 101.
在步骤 S212中, NAT设备 12的消息收发单元 201截取到该通信响应 消息, 并将其传递到 NAT处理单元 203。 在此情况下, 由于存储单元 202 中的映射和策略数据库中已经有关于 (IP_li, Port_li)、 (IP_le, Port— le)和 (IP_s, Port— s)之间的映射和策略的条目, 因此 NAT处理单元 203直接将该 通信响应消息的源地址改为 (IP一 le, Port— le)。  In step S212, the messaging unit 201 of the NAT device 12 intercepts the communication response message and passes it to the NAT processing unit 203. In this case, since there are already entries for mappings and policies between (IP_li, Port_li), (IP_le, Port_le) and (IP_s, Port_s) in the mapping and policy database in the storage unit 202, The NAT processing unit 203 directly changes the source address of the communication response message to (IP-le, Port-le).
在步骤 S213中, NAT设备 12将源地址经修改的通信响应消息转发到 中继服务器 13。  In step S213, the NAT device 12 forwards the modified communication response message of the source address to the relay server 13.
在步骤 S214中, 中继服务器 13的消息收发单元 301在服务地址 (IP— s, Port— s)上接收到通信响应消息, 并将其传递到中继处理单元 304。 中继处 理单元 304从该通信响应消息的有效数据部分中提取出实际目的地 (IP— 2, Port— 2)和响应消息的实际内容, 并且构造出在有效数据部分中包括该实际 内容的实际通信响应消息。  In step S214, the messaging unit 301 of the relay server 13 receives the communication response message on the service address (IP_s, Port_s) and passes it to the relay processing unit 304. The relay processing unit 304 extracts the actual content of the actual destination (IP-2, Port-2) and the response message from the valid data portion of the communication response message, and constructs the actual content including the actual content in the valid data portion. Communication response message.
在步骤 S215 中, 在中继处理单元 304的指示下, 消息收发单元 301 利用中继地址 (IP— r, Port— 1, 将该实际通信响应消息发送到第二主机 15的 地址(IP— 2, Port_2  In step S215, under the instruction of the relay processing unit 304, the messaging unit 301 transmits the actual communication response message to the address of the second host 15 (IP-2) using the relay address (IP_r, Port-1). , Port_2
第二主机 15于是接收到了从第一主机 11发送来的通信响应消息。 第 一主机 11和第二主机 15之间的通信可根据上述过程, 以中继服务器 13为 中继, 继续进行下去。  The second host 15 then receives the communication response message sent from the first host 11. The communication between the first host 11 and the second host 15 can be continued by the relay server 13 in accordance with the above process.
注意, 虽然以上以示例方式描述了通过第一主机 11 在从中继服务器 13获取地址列表之后向名称服务器更新绑定、 随后第二主机 15 向名称服 务器查询的方式来使得第二主机 15能够获取与第一主机 11绑定的地址列 表, 但是本发明并不限于此。 正如本领域的技术人员将会明了的, 第二主 机 15也可通过其他方式获得与第一主机 11相对应的地址列表。 例如, 第 一主机 11 可以通过电子邮件等等其他信息传达方式将其相应的地址列表 告知第二主机 15。 实际上, 只要第一主机 11从中继服务器 13请求获取了 地址列表, 并且第二主机 12通过某种适当的方式获知该地址列表, 它就 可以经由中继服务器 13发起与第一主机 11的通信。 Note that although the above describes by way of example, by the first host 11 updating the binding to the name server after acquiring the address list from the relay server 13, and then the second host 15 queries the name server, the second host 15 can acquire and Address column bound by the first host 11 Table, but the invention is not limited thereto. As will be apparent to those skilled in the art, the second host 15 can also obtain a list of addresses corresponding to the first host 11 by other means. For example, the first host 11 can inform the second host 15 of its corresponding address list by means of email or the like. In fact, as long as the first host 11 requests the address list from the relay server 13, and the second host 12 knows the address list by some suitable means, it can initiate communication with the first host 11 via the relay server 13. .
可见, 与现有技术中不同, 根据本发明的中继服务器不需要为每个接 收到的中继请求分配一个中继地址并记录所分配的中继地址和中继请求源 地址 (NAT地址) 之间的映射。 也就是说, 中继服务器不需要为其客户端 分配地址, 也不需要维护状态信息。 状态信息改为由来自外部主机的每条 消息的分组携带。 这样, 本发明的服务器是无状态的, 并且更为健壮和高 效。  It can be seen that, unlike the prior art, the relay server according to the present invention does not need to allocate a relay address for each received relay request and record the assigned relay address and relay request source address (NAT address). The mapping between. That is, the relay server does not need to assign an address to its clients, nor does it need to maintain state information. The status information is instead carried by the packet for each message from the external host. Thus, the server of the present invention is stateless and more robust and efficient.
另外, 如前所述, 在 P2P或类似的情形中, NAT给网络连通性带来了 很大的问题。 由于可能有许多主机都在 NAT设备后面, 所以 TURN方案 面临着严重的可扩展性问题。  In addition, as mentioned earlier, in P2P or similar situations, NAT poses a significant problem for network connectivity. Since there may be many hosts behind the NAT device, the TURN solution faces serious scalability issues.
然而, 由于本发明对源路由技术的利用, 本发明很适合用于以源路由 作为路由机制的覆盖网络中。 在用于覆盖网络中的情况下, 不在 NAT后 面的每个覆盖节点都可以充当 TURN服务器。  However, due to the utilization of source routing techniques by the present invention, the present invention is well suited for use in overlay networks where source routing is the routing mechanism. In the case of being used in an overlay network, each overlay node that is not behind the NAT can act as a TURN server.
也就是说, 利用本发明, 可扩展性不再成问题, 因为公共网络中的每 个主机都可充当中继服务器。 另外, 本发明因为无状态设计而减轻了中继 节点的负担。 公共网络中的每个节点可向中继选择服务器报告。 所报告的 信息可包括该节点的服务地址 (也就是以上所述的 (IP— s, Port— s)) , 节点 的能力, 节点所属的服务提供商 (ISP) , 节点的位置等等。  That is to say, with the present invention, scalability is no longer a problem because each host in the public network can act as a relay server. In addition, the present invention alleviates the burden on the relay node because of the stateless design. Each node in the public network can report to the relay selection server. The reported information may include the service address of the node (i.e., (IP_s, Port_s) as described above), the capabilities of the node, the service provider (ISP) to which the node belongs, the location of the node, and the like.
当 NAT后面的主机向中继选择服务器发出查询, 希望找出一个或多 个中继节点来充当其中继服务器时, 中继选择服务器将会基于其所存储的 关于中继节点的信息, 以及发出査询的主 tL的信息 (位置、 ISP等等) , 来选择一个或多个中继节点。 然后, 该 NAT后面的节点通过与第一实施 例中类似的名称绑定向名称服务器更新其绑定。 其他主机于是就可以以所 选择的中继节点作为中继来发起与该 NAT后面的节点的通信。 下面参考图 6和图 7来详细描述本发明的第二实施例。 第二实施例示 出了本发明应用在例如源路由 P2P网络中的情况。 When the host behind the NAT issues a query to the relay selection server, and wants to find one or more relay nodes to act as its relay server, the relay selection server will be based on the information about the relay node that it stores, and issue Query the primary tL information (location, ISP, etc.) to select one or more relay nodes. Then, the node following the NAT updates its binding to the name server by a name binding similar to that in the first embodiment. The other host can then initiate communication with the node behind the NAT with the selected relay node as a relay. A second embodiment of the present invention will be described in detail below with reference to Figs. 6 and 7. The second embodiment shows the case where the present invention is applied, for example, in a source-routed P2P network.
图 6示出了根据本发明第二实施例的用于 NAT穿越的系统 1'的框图。 根据本发明第二实施例的系统 Γ包括第一主机 1 Γ、 NAT设备 12、 一 个或多个中继节点 (图 6示出了其中的一个中继节点 13-a) 、 名称服务器 14、 第二主机 15和中继选择服务器 16, 等等。  Figure 6 shows a block diagram of a system 1' for NAT traversal in accordance with a second embodiment of the present invention. A system according to a second embodiment of the present invention includes a first host 1, a NAT device 12, one or more relay nodes (one of the relay nodes 13-a is shown in FIG. 6), a name server 14, and a Two hosts 15 and a relay selection server 16, and so on.
NAT设备 12、 名称服务器 14和第二主机 15 与第一实施例中的相 同。 这里不再重复描述。  The NAT device 12, the name server 14, and the second host 15 are the same as in the first embodiment. The description will not be repeated here.
中继节点 13-a 以及其他没有示出的中继节点 13-b等等均位于公网 中, 它们具有如图 6所示的结构。 此结构与第一实施例的中继服务器 13 的不同之处在于还包括信息报告单元 305。 信息报告单元 305用于向中继 选择服务器 16报告自身节点的服务地址、 能力、 ISP、 位置等等信息。  The relay node 13-a and other relay nodes 13-b and the like not shown are located in the public network, and have the structure as shown in FIG. This structure is different from the relay server 13 of the first embodiment in that it further includes an information reporting unit 305. The information reporting unit 305 is configured to report the service address, capability, ISP, location, and the like of the own node to the relay selection server 16.
第一主机 1 Γ与第一实施例的第一主机 11 的不同之处在于其还包括中 继确定单元 105, 用于请求中继选择服务器 16为其选择一个或多个节点作 为其中继节点。  The first host 1 is different from the first host 11 of the first embodiment in that it further includes a relay determining unit 105 for requesting the relay selection server 16 to select one or more nodes as its relay node.
中继选择服务器 16包括消息收发单元 601、 存储单元 602、 报告处理 单元 603、 中继选择单元 604。 消息收发单元 601用于接收来自其他设备 的消息, 根据接收到的消息的类型等等将其传递到报告处理单元 603或中 继选择单元 604等等, 以及向期望的目的地发送报告处理单元 603和中继 选择单元 604指示发送的消息。 报告处理单元 603可用于接收中继节点发 送来的报告并将关于节点的信息存储在存储单元 602 中。 中继选择单元 604可以根据例如第一主机 1 Γ的请求为其选择中继节点。 存储单元 602可 存储中继选择服务器 16 的操作中可能需要使用和存储的信息。 例如存储 单元 602可存储由各个中继节点报告来的信息。  The relay selection server 16 includes a messaging unit 601, a storage unit 602, a report processing unit 603, and a relay selection unit 604. The messaging unit 601 is configured to receive a message from another device, transfer it to the report processing unit 603 or the relay selection unit 604 or the like according to the type of the received message, and the like, and transmit the report processing unit 603 to the desired destination. And relay selection unit 604 indicates the transmitted message. The report processing unit 603 can be configured to receive reports sent by the relay node and store information about the nodes in the storage unit 602. The relay selection unit 604 can select a relay node for it according to, for example, the request of the first host 1 。. The storage unit 602 can store information that may be needed to be used and stored in the operation of the relay selection server 16. For example, storage unit 602 can store information reported by various relay nodes.
图 7示出了在节点报告与选择阶段本发明的方法的操作示例。  Figure 7 shows an example of the operation of the method of the present invention at the node reporting and selection stage.
如图 7所示, 在步骤 S301中, 中继节点 13-a的消息收发单元 301将 信息报告单元 305所构造的报告消息发送到中继选择服务器 16。 该报告消 息的有效数据部分中包括例如中继节点 13-a的服务地址、 能力、 ISP、 位 置等等的信息。 在步骤 S302中, 中继选择服务器 16的消息收发单元 601接收到从中 继节点 13-a发送来的该报告消息, 提取出其有效数据部分中记载的信息, 并在存储单元 602中的节点数据库中为中继节点 13-a创建一条目, 其中包 括中继节点 13-a的上述信息。 As shown in FIG. 7, in step S301, the messaging unit 301 of the relay node 13-a transmits a report message constructed by the information reporting unit 305 to the relay selection server 16. The valid data portion of the report message includes information such as the service address, capability, ISP, location, etc. of the relay node 13-a. In step S302, the message transceiving unit 601 of the relay selection server 16 receives the report message transmitted from the relay node 13-a, extracts the information recorded in the valid data portion thereof, and the node database in the storage unit 602. An entry is created for the relay node 13-a, which includes the above information of the relay node 13-a.
类似地, 在步骤 S303和步骤 S304中, 中继节点 13-b向中继选择服务 器 16报告其服务地址、 能力、 ISP、 位置等等, 中继选择服务器 16将这些 信息记录在存储单元 602中的节点数据库中。  Similarly, in step S303 and step S304, the relay node 13-b reports its service address, capability, ISP, location, etc. to the relay selection server 16, and the relay selection server 16 records the information in the storage unit 602. In the node database.
虽然图中仅示出了两个中继节点向中继选择服务器 16报告的情况, 但是应当明白, 其他中继节点也可通过类似的步骤来向中继选择服务器 16 报告其信息。  Although only the two relay nodes report to the relay selection server 16 are shown in the figure, it should be understood that other relay nodes may also report their information to the relay selection server 16 through similar steps.
在步骤 S305中, 第一主机 1 Γ的消息收发单元 101向中继选择服务器 16发送中继确定单元 105构造的中继选择请求消息, 该中继选择请求消息 的有效数据部分中例如包括第一主机 1 Γ的 ISP、 位置等等的信息。  In step S305, the messaging unit 101 of the first host 1 transmits a relay selection request message constructed by the relay determining unit 105 to the relay selection server 16, and the valid data portion of the relay selection request message includes, for example, the first Host 1 Γ ISP, location, etc.
NAT设备 12在步骤 S306中对该中继选择请求消息执行与上述的步骤 S102和 S110中类似的处理, 并在步骤 S307中将源地址从 (IP— li", Port_li") 变为 (IP—le", Port— le")的中继选择请求消息转发到中继选择服务器 16。  The NAT device 12 performs processing similar to that in the above-described steps S102 and S110 in the relay selection request message in step S306, and changes the source address from (IP_li", Port_li") to (IP- in step S307). The relay selection request message of le", Port_le") is forwarded to the relay selection server 16.
在步骤 S308中, 中继选择服务器 16的消息收发单元 601接收到该中 继选择请求消息, 并将其传递到中继选择单元 604。 中继选择单元 604根 据中继选择请求消息中包括的第一主机 1 Γ的 ISP、 位置等等以及存储单元 602 中的节点数据库中存储的节点的能力、 ISP、 位置等等, 为第一主机 1 Γ选择一个或多个适当的中继节点, 以作为为其提供中继服务的中继服务 器。 中继选择单元 604构造中继选择响应消息, 在该消息的有效数据部分 中包括所选择的中继节点的服务地址以及其他可能需要的信息, 等等。  In step S308, the messaging unit 601 of the relay selection server 16 receives the relay selection request message and passes it to the relay selection unit 604. The relay selection unit 604 is the first host according to the ISP, location, and the like of the first host 1 包括 included in the relay selection request message, and the capability, ISP, location, and the like of the node stored in the node database in the storage unit 602. 1 Select one or more appropriate relay nodes to act as relay servers for which relay services are provided. The relay selection unit 604 constructs a relay selection response message including the service address of the selected relay node and other information that may be needed in the valid data portion of the message, and the like.
在步骤 S309中, 中继选择服务器 16的消息收发单元 601 向 (IP_le", Port— le")发送该中继选择响应消息。  In step S309, the messaging unit 601 of the relay selection server 16 transmits the relay selection response message to (IP_le", Port-le").
然后, 经过步骤 S310中的 NAT处理以及步骤 S311 中的转发, 该中 继选择响应消息到达第一主机 11'。  Then, through the NAT processing in step S310 and the forwarding in step S311, the relay selection response message arrives at the first host 11'.
第一主机 1 Γ于是获知了可以为其提供中继服务的一个或多个中继节 点的服务地址。 第一主机 1 Γ随后可通过图 4所示的步骤 S101至 SU2向这 些中继节点发送中继请求消息, 并根据所获得的中继响应来向名称服务器The first host 1 then knows the service address of one or more relay nodes for which relay services can be provided. The first host 1 Γ can then proceed to this via steps S101 to SU2 shown in FIG. The relay nodes send a relay request message and refer to the name server according to the obtained relay response.
14更新其主机名与一个或多个地址列表的绑定。 14 Update the binding of its hostname to one or more address lists.
然后, 第二主机 15可类似地通过图 5所示的步骤 S201至 S215 , 以中 继选择服务器 16为第一主机 1 Γ选择的一个或多个中继节点之一作为中 继, 来发起与第一主机 1 Γ的通信。  Then, the second host 15 can similarly pass through steps S201 to S215 shown in FIG. 5 to relay the selection server 16 as one of the one or more relay nodes selected by the first host 1 as a relay to initiate and Communication of the first host 1 Γ.
可见, 本发明解决了现有技术的 TURN方案所面临的可扩展性问题, 这是因为公共网络中的每个主机都可充当中继服务器。 中继选择服务器可 根据请求节点与中继节点各自的状况来为请求节点选择一个或多个中继节 It can be seen that the present invention solves the scalability problem faced by the prior art TURN scheme because each host in the public network can act as a relay server. The relay selection server may select one or more relay sections for the requesting node according to the respective conditions of the requesting node and the relay node.
"占、、。 ° "Accumulate,,. °
虽然已经通过具体实施例来描述了本发明, 但是本领域的技术人员可 以明白, 在不脱离由权利要求限定的本发明的精神和范围的情况下, 可以 对本发明进行各种修改、 替换、 组合和变更。  While the invention has been described by way of the embodiments and the embodiments of the embodiments of the invention And changes.

Claims

权 利 要 求 书 Claim
1.一种通过中继方式进行网络地址转换 NAT穿越的方法, 包括: 第一主机经由 NAT设备利用 NAT地址向中继服务器的服务地址发送 中继请求消息; 以及 A method for performing network address translation NAT traversal by means of a relay, comprising: transmitting, by a NAT device, a relay request message to a service address of a relay server by using a NAT address; and
中继服务器向第一主机返回中继响应消息, 该中继响应消息包括地址 列表, 该地址列表包括中继地址和所述 NAT地址。  The relay server returns a relay response message to the first host, the relay response message including an address list including a relay address and the NAT address.
2.如权利要求 1所述的方法, 还包括:  2. The method of claim 1 further comprising:
第二主机获取所述地址列表, 并通过向所述中继地址发送包括所述 NAT地址的通信请求消息, 来发起与所述第一主机的通信。  The second host acquires the address list and initiates communication with the first host by transmitting a communication request message including the NAT address to the relay address.
3.如权利要求 2所述的方法, 还包括:  3. The method of claim 2, further comprising:
第一主机向名称服务器发送表明将所述第一主机绑定到所述地址列表 的绑定更新消息, 并且其中  The first host sends a binding update message to the name server indicating that the first host is bound to the address list, and wherein
所述第二主机获取所述地址列表的步骤包括査询所述名称服务器来获 取所述第一主机绑定到的所述地址列表。  The step of the second host acquiring the address list includes querying the name server to obtain the address list to which the first host is bound.
4.如权利要求 2所述的方法, 还包括:  4. The method of claim 2, further comprising:
所述中继服务器在所述中继地址上接收到所述通信请求消息, 通过在 所述通信请求消息中包括所述第二主机的地址来修改所述通信请求消息, 并且将修改后的通信请求消息转发到所述第一主机。  Receiving, by the relay server, the communication request message on the relay address, modifying the communication request message by including an address of the second host in the communication request message, and modifying the communication The request message is forwarded to the first host.
5.如权利要求 4所述的方法, 其中,  The method according to claim 4, wherein
所述中继服务器将所述修改后的通信请求消息转发到所述第一主机的 步骤包括利用所述服务地址向所述 NAT地址发送修改后的通信请求消 息, 并且  The step of the relay server forwarding the modified communication request message to the first host includes transmitting, by using the service address, a modified communication request message to the NAT address, and
所述方法还包括:  The method further includes:
所述 NAT设备在所述 NAT地址上接收到所述修改后的通信请求 消息, 并将所述修改后的通信消息转发到所述第一主机;  Receiving, by the NAT device, the modified communication request message on the NAT address, and forwarding the modified communication message to the first host;
所述第一主机从所述修改后的通信请求消息中提取所述第二主机 的地址, 并经由所述 NAT设备向所述中继服务器的服务地址发送包括所 述第二主机的地址的通信响应消息; 以及 所述中继服务器将所述通信响应消息转发到所述第二主机。 The first host extracts an address of the second host from the modified communication request message, and sends a communication including an address of the second host to a service address of the relay server via the NAT device. Response message; The relay server forwards the communication response message to the second host.
6.如权利要求 1所述的方法, 其中  6. The method of claim 1 wherein
所述中继服务器向第一主机返回中继响应消息的步骤包括利用所述服 务地址向所述 NAT地址发送所述中继响应消息, 并且  The step of the relay server returning a relay response message to the first host includes transmitting the relay response message to the NAT address by using the service address, and
所述方法还包括所述 NAT设备在所述 NAT地址上接收到所述中继响 应消息, 并将所述中继响应消息转发到所述第一主机。  The method also includes the NAT device receiving the relay response message on the NAT address and forwarding the relay response message to the first host.
7.如权利要求 1所述的方法, 还包括:  7. The method of claim 1 further comprising:
一个或多个中继节点中的每个中继节点向中继选择服务器发送包括该 中继节点的信息的报告;  Each of the one or more relay nodes transmits a report including information of the relay node to the relay selection server;
中继选择服务器记录接收到的报告中包括的信息; 以及  The relay selection server records the information included in the received report;
所述第一主机向所述中继选择服务器发送中继选择请求, 并接收所述 中继选择服务器返回的中继选择响应, 并且其中  The first host sends a relay selection request to the relay selection server, and receives a relay selection response returned by the relay selection server, and wherein
所述中继选择响应指示的一个或多个中继节点之一充当所述中继服务 器。  One of the one or more relay nodes indicated by the relay selection response acts as the relay server.
8.如权利要求 1所述的方法, 其中, 所述服务地址、 中继地址、 NAT 地址中的每一个包括 IP地址和端口号。  The method of claim 1, wherein each of the service address, relay address, and NAT address comprises an IP address and a port number.
9.如权利要求 1所述的方法, 其中, 所述服务地址和所述中继地址是 相同的。  The method of claim 1, wherein the service address and the relay address are the same.
10.一种通过中继方式进行网络地址转换 NAT穿越的系统, 包括: 第一主机, 该第一主机向中继服务器的服务地址发送中继请求消息; NAT设备, 该 NAT设备截取所述中继请求消息, 并利用 NAT地址将 所述中继请求消息转发到所述服务地址; 以及  A system for performing network address translation NAT traversal by means of a relay, comprising: a first host, wherein the first host sends a relay request message to a service address of the relay server; and the NAT device intercepts the middle device Following the request message, and forwarding the relay request message to the service address using a NAT address;
中继服务器, 该中继服务器经由所述 NAT设备向所述第一主机返回 中继响应消息, 该中继响应消息包括地址列表, 该地址列表包括中继地址 和所述 NAT地址。  a relay server that returns a relay response message to the first host via the NAT device, the relay response message including an address list including a relay address and the NAT address.
11.如权利要求 10所述的系统, 还包括:  11. The system of claim 10, further comprising:
第二主机, 其获取所述地址列表, 并且通过向所述中继地址发送包括 所述 NAT地址的通信请求消息, 来发起与所述第一主机的通信。  And a second host that obtains the address list and initiates communication with the first host by transmitting a communication request message including the NAT address to the relay address.
12.如权利要求 11所述的系统, 还包括: 名称服务器, 其接收从所述第一主机发送来的表明将所述第一主机绑 定到所述地址列表的绑定更新消息, 记录所述第一主机绑定到的所述地址 列表, 并且在接收到所述第二主机的査询后向所述第二主机返回所述第一 主机绑定到的地址列表。 12. The system of claim 11 further comprising: a name server, which receives a binding update message sent from the first host indicating binding the first host to the address list, records the address list to which the first host is bound, and Returning, to the second host, the address list to which the first host is bound after receiving the query of the second host.
13.如权利要求 11所述的系统, 其中, 所述中继服务器在所述中继地 址上接收到所述通信请求消息, 通过在所述通信请求消息中包括所述第二 主机的地址来修改所述通信请求消息, 并且将修改后的通信请求消息转发 到所述第一主机。  The system according to claim 11, wherein the relay server receives the communication request message on the relay address by including an address of the second host in the communication request message. Modifying the communication request message and forwarding the modified communication request message to the first host.
14.如权利 求 13所述的系统, 其中,  14. The system of claim 13 wherein
所述中继服务器通过利用所述服务地址向所述 NAT地址发送修改后 的通信请求消息来将修改后的通信请求消息转发到所述第一主机;  The relay server forwards the modified communication request message to the first host by transmitting the modified communication request message to the NAT address by using the service address;
所述 NAT设备在所述 NAT地址上接收到所述修改后的通信消息, 并 将所述修改后的通信消息转发到所述第一主机;  Receiving, by the NAT device, the modified communication message on the NAT address, and forwarding the modified communication message to the first host;
所述第一主机从所述修改后的通信请求消息中提取所述第二主机的地 址, 经由所述 NAT设备向所述中继服务器的服务地址发送包括所述第二 主机的地址的通信响应消息; 并且  The first host extracts an address of the second host from the modified communication request message, and sends a communication response including an address of the second host to a service address of the relay server via the NAT device. Message; and
所述中继服务器将所述通信响应消息转发到所述第二主机。  The relay server forwards the communication response message to the second host.
15.如权利要求 10所述的系统, 其中,  15. The system of claim 10, wherein
所述中继服务器通过利用所述服务地址向所述 NAT地址发送所述中 继响应消息来向第一主机返回所述中继响应消息; 并且  The relay server returns the relay response message to the first host by transmitting the relay response message to the NAT address using the service address;
所述 NAT设备在所述 NAT地址上接收到所述中继响应消息, 并将所 述中继响应消息转发到所述第一主机。  The NAT device receives the relay response message on the NAT address and forwards the relay response message to the first host.
16.如权利要求 10所述的系统, 还包括:  16. The system of claim 10, further comprising:
中继选择服务器, 其接收来自多个中继节点中的每一个的包括该中继 节点的信息的报告, 记录接收到的报告中包括的信息, 并且在接收到来自 所述第一主机的中继选择请求后, 根据记录的信息选择所述多个中继节点 中的一个或多个, 并且其中  a relay selection server that receives a report of information including the relay node from each of the plurality of relay nodes, records information included in the received report, and receives the information from the first host After selecting the request, selecting one or more of the plurality of relay nodes according to the recorded information, and wherein
所述中继服务器是所选择的中继节点之一。  The relay server is one of the selected relay nodes.
17.如权利要求 10所述的系统, 其中, 所述服务地址、 中继地址、 NAT地址中的每一个包括因特网协议地址和端口号。 17. The system of claim 10, wherein the service address, relay address, Each of the NAT addresses includes an internet protocol address and a port number.
18.如权利要求 10所述的系统, 其中, 所述服务地址和所述中继地址 是相同的。  18. The system of claim 10, wherein the service address and the relay address are the same.
19.一种中继服务器, 包括:  19. A relay server, comprising:
消息收发单元, 其在服务地址上接收从网络地址转换 NAT地址发送 来的中继请求消息, 将所述中继请求消息传递到中继请求处理单元, 并利 用所述服务地址向所述 NAT地址返回由中继请求处理单元构造出的中继 响应消息; 以及  a messaging unit that receives a relay request message sent from a network address translation NAT address at a service address, delivers the relay request message to a relay request processing unit, and uses the service address to the NAT address Returning a relay response message constructed by the relay request processing unit;
中继请求处理单元, 其构造所述中继响应消息, 所述中继响应消息包 括地址列表, 该地址列表包括中继地址和所述 NAT地址。  A relay request processing unit that constructs the relay response message, the relay response message including an address list including a relay address and the NAT address.
20.如权利要求 19所述的中继服务器, 还包括中继处理单元, 其中: 所述消息收发单元还在所述中继地址上接收包括所述 NAT地址的通 信请求消息, 并将所述通信请求消息传递到所述中继处理单元;  20. The relay server of claim 19, further comprising a relay processing unit, wherein: said messaging unit further receives a communication request message including said NAT address on said relay address, and said a communication request message is delivered to the relay processing unit;
所述中继处理单元从所述通信请求消息中提取出所述 NAT地址, 并 且通过在所述通信请求消息中包括所述通信请求消息的源地址来修改所述 通信请求消息; 并且  The relay processing unit extracts the NAT address from the communication request message, and modifies the communication request message by including a source address of the communication request message in the communication request message;
所述消息收发单元利用所述服务地址向所述 NAT地址发送修改后的 通信请求消息。  The messaging unit transmits the modified communication request message to the NAT address by using the service address.
21.如权利要求 19所述的中继服务器, 还包括:  21. The relay server of claim 19, further comprising:
信息报告单元, 其构造包括该中继服务器的信息的报告, 所述信息包 括所述服务地址, 并且其中  An information reporting unit that constructs a report including information of the relay server, the information including the service address, and wherein
所述消息收发单元向中继选择服务器发送所述报告。  The messaging unit transmits the report to a relay selection server.
22.如权利要求 19所述的中继服务器, 其中, 所述服务地址、 中继地 址、 NAT地址中的每一个包括因特网协议地址和端口号。  The relay server according to claim 19, wherein each of the service address, the relay address, and the NAT address includes an internet protocol address and a port number.
23.如权利要求 19所述的中继服务器, 其中, 所述服务地址和所述中 继地址是相同的。  The relay server according to claim 19, wherein the service address and the relay address are the same.
PCT/CN2010/000813 2009-09-24 2010-06-10 Method, system and relay server for network address translation (nat) traversal by way of relay WO2011035528A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910175620.8 2009-09-24
CN200910175620.8A CN102035900B (en) 2009-09-24 2009-09-24 NAT (network address translation) traversal method, system and relay server by relay mode

Publications (1)

Publication Number Publication Date
WO2011035528A1 true WO2011035528A1 (en) 2011-03-31

Family

ID=43795319

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/000813 WO2011035528A1 (en) 2009-09-24 2010-06-10 Method, system and relay server for network address translation (nat) traversal by way of relay

Country Status (2)

Country Link
CN (1) CN102035900B (en)
WO (1) WO2011035528A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017050109A1 (en) * 2015-09-23 2017-03-30 上海斐讯数据通信技术有限公司 Path establishment method, apparatus and system for p2p connection nat traversal
US9826044B2 (en) 2013-10-23 2017-11-21 Qualcomm Incorporated Peer-to-peer communication for symmetric NAT
CN110012118A (en) * 2019-03-08 2019-07-12 平安科技(深圳)有限公司 It is a kind of that the method and controller of network address translation NAT service are provided
CN113572867A (en) * 2021-09-26 2021-10-29 北京海誉动想科技股份有限公司 Communication method and device

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013067870A1 (en) * 2011-11-11 2013-05-16 中国移动通信集团公司 Method for traversing the translator server and the corresponding server, terminal, system
CN102404227B (en) * 2011-12-09 2014-06-18 徐州医学院 Hierarchical routing system crossing internal network
CN103188134B (en) * 2011-12-29 2016-12-21 腾讯科技(深圳)有限公司 Logic transfer communication method, logic transfer server and logic transfer communication system
CN103220377A (en) * 2012-05-08 2013-07-24 西北工业大学 System and method for network address translation (NAT) traversing and bandwidth multiplexing
TWI538449B (en) * 2013-11-29 2016-06-11 晶睿通訊股份有限公司 Nat traversal method, computer-readable medium, and system for mediating connection
CN106331195B (en) * 2015-06-23 2020-01-14 中兴通讯股份有限公司 Data receiving and sending method and device
TWI625950B (en) * 2016-08-04 2018-06-01 群暉科技股份有限公司 Method for relaying packets with aid of network address translation in a network system, and associated apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056271A (en) * 2007-06-06 2007-10-17 杭州华三通信技术有限公司 Method for penetrating the NAT and corresponding communication terminal and NAT device
US20080126528A1 (en) * 2003-01-15 2008-05-29 Matsushita Electric Industrial Co., Ltd. PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS
CN100464540C (en) * 2005-09-09 2009-02-25 北京中星微电子有限公司 Communication for spanning gateway

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126528A1 (en) * 2003-01-15 2008-05-29 Matsushita Electric Industrial Co., Ltd. PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS
CN100464540C (en) * 2005-09-09 2009-02-25 北京中星微电子有限公司 Communication for spanning gateway
CN101056271A (en) * 2007-06-06 2007-10-17 杭州华三通信技术有限公司 Method for penetrating the NAT and corresponding communication terminal and NAT device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9826044B2 (en) 2013-10-23 2017-11-21 Qualcomm Incorporated Peer-to-peer communication for symmetric NAT
WO2017050109A1 (en) * 2015-09-23 2017-03-30 上海斐讯数据通信技术有限公司 Path establishment method, apparatus and system for p2p connection nat traversal
CN110012118A (en) * 2019-03-08 2019-07-12 平安科技(深圳)有限公司 It is a kind of that the method and controller of network address translation NAT service are provided
CN113572867A (en) * 2021-09-26 2021-10-29 北京海誉动想科技股份有限公司 Communication method and device
CN113572867B (en) * 2021-09-26 2022-01-07 北京海誉动想科技股份有限公司 Communication method and device

Also Published As

Publication number Publication date
CN102035900A (en) 2011-04-27
CN102035900B (en) 2015-05-06

Similar Documents

Publication Publication Date Title
WO2011035528A1 (en) Method, system and relay server for network address translation (nat) traversal by way of relay
USRE47566E1 (en) NAT traversal for mobile network devices
JP4579934B2 (en) Addressing method and apparatus for establishing a Host Identity Protocol (HIP) connection between a legacy node and a HIP node
US6128298A (en) Internet protocol filter
US9013992B2 (en) Method and apparatus for network address translation
US6381638B1 (en) System and method for options based address reuse
KR100901790B1 (en) CONTROL TUNNEL AND DIRECT TUNNEL CONFIGURATION METHOD IN IPv6 SERVICE PROVIDE SYSTEM BASED IPv4 NETWORK
US20040044778A1 (en) Accessing an entity inside a private network
US20040148439A1 (en) Apparatus and method for peer to peer network connectivty
WO2010127610A1 (en) Method, equipment and system for processing visual private network node information
JPWO2005027438A1 (en) Packet relay device
JP2006086800A (en) Communication apparatus for selecting source address
WO2007041417A1 (en) Peer-to-peer communication traversing symmetric network address translators
US20100312901A1 (en) Method for the establishing of peer-to-peer multimedia sessions in a communication system
TW200924462A (en) System and method for connection of hosts behind NATs
JP4766976B2 (en) Node connection method and apparatus
WO2009129707A1 (en) A method, apparatus and communication system for sending and receiving information between local area networks
EP2161881A1 (en) Method for acquiring traversal resource, peer to peer node and peer to peer system
EP3977712A1 (en) Transparent multiplexing of ip endpoints
KR100562390B1 (en) Network Data Flow Identification Method and System Using Host Routing and IP Aliasing Technique
Komu et al. Basic host identity protocol (HIP) extensions for traversal of network address translators
de Launois Unleashing traffic engineering for IPv6 multihomed sites
CN117061479A (en) Local area network communication method and device
Komu et al. RFC 5770: Basic Host Identity Protocol (HIP) Extensions for Traversal of Network Address Translators
Kang et al. IPv6 anycast routing aware of a service flow

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10818222

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10818222

Country of ref document: EP

Kind code of ref document: A1