WO2011035528A1 - Procédé, système et serveur relais pour une traversée de transformation d'adresse de réseau (nat) au moyen d'un relais - Google Patents

Procédé, système et serveur relais pour une traversée de transformation d'adresse de réseau (nat) au moyen d'un relais Download PDF

Info

Publication number
WO2011035528A1
WO2011035528A1 PCT/CN2010/000813 CN2010000813W WO2011035528A1 WO 2011035528 A1 WO2011035528 A1 WO 2011035528A1 CN 2010000813 W CN2010000813 W CN 2010000813W WO 2011035528 A1 WO2011035528 A1 WO 2011035528A1
Authority
WO
WIPO (PCT)
Prior art keywords
relay
address
host
nat
server
Prior art date
Application number
PCT/CN2010/000813
Other languages
English (en)
Chinese (zh)
Inventor
黄权
夏勇
胡艳
Original Assignee
日电(中国)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日电(中国)有限公司 filed Critical 日电(中国)有限公司
Publication of WO2011035528A1 publication Critical patent/WO2011035528A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2589NAT traversal over a relay server, e.g. traversal using relay for network address translation [TURN]

Definitions

  • the present invention relates to computer networks, and more particularly relates to a relay through a network address translation mode (network address tr said anslation, g Jie NAT) traversal method, system and device that works to relay month (relay server) 0 BACKGROUND technology
  • NAT books network address translation
  • NAT-based systems perform NAT in order to enable multiple hosts on a private network to access the Internet using a common Internet Protocol (IP) address.
  • IP Internet Protocol
  • a host on a private network cannot directly access its Internet using its local address in the internal private network. Packets sent and received by these hosts must be processed by NAT performed by the NAT device in the private network. In this article, these hosts are called "behind the NAT device".
  • the NAT device may include a NAT-capable router, a gateway, a firewall, and the like. Those skilled in the art can select any suitable device as a NAT as needed. For example, assume that a host in a private network uses the internal private network address space 192.168.0.1/24.
  • the private IP address of the NAT router in the private network is 192.168.0.1, and the public IP address is 83.14.137.3.
  • IP-port pair IP-port pair
  • It includes the public 'address 83.14.137.3 of the NAT router and one port number of the NAT router.
  • Source IP-port pair and NAT router The mapping between IP-port pairs is stored in the NAT router.
  • NAT undermines the model of IP end-to-end connectivity on the Internet as originally envisaged, introducing complex factors in the communication between the hosts and affecting performance. It hides the structure of the internal network: From the perspective of external entities, all traffic seems to originate from the NAT device.
  • NAT devices do not have end-to-end connectivity and therefore cannot participate in certain Internet protocols. For example, services that require a Transfer Control Protocol (TCP) connection from an external network, or a stateless protocol such as the User Datagram Protocol (UDP) may not be possible.
  • TCP Transfer Control Protocol
  • UDP User Datagram Protocol
  • NATs In a total of four NATs, namely full cone NAT, restricted cone NAT, port-restricted cone NAT, and symmetric NAT.
  • Symmetric NAT is the most restrictive NAT.
  • Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port.
  • IP-2, Port-2 the address of a host outside the private network by using an internal IP address and port pair (IP_li, Port-li).
  • IP_li IP address and port pair
  • the private network's NAT device intercepts the request and maps the request to a unique external source IP address and port pair (IP_le, Port_le) and records this mapping and policy.
  • the NAT device When a packet is received later, the NAT device will check the packet against its record. The packet will be forwarded to (IP_li, Port-li) only if the source address of the packet is (IP-2, Port-2) and the destination address is (IP_le, Port-le). In other cases, the packet will not be forwarded to
  • TURN protocol One purpose of designing the TURN protocol is to enable NAT, especially symmetric NAT or hosts behind the firewall, to receive incoming data over TCP or UDP.
  • the basic idea is to use the TURN server in the public address space to relay incoming packets for hosts behind the NAT device.
  • TURN's work process involves two phases.
  • the first phase is the name binding phase. This phase binds the host behind the NAT to a public IP address and port.
  • the second phase is the communication phase. In the second phase, the external host initiates communication. These two phases are shown in Figures 1 and 2, respectively.
  • the TURN server 63 listens on the public service address (IP_s, Port_s).
  • step S601 the host behind the NAT, i.e., the first host 61, sends its TUR message to the TURN server 63 using its address (IP_li, Port_li): Packet Relay Request.
  • step S602 the source address of the message is changed to (IP-le, Port-le) by the NAT device 62.
  • the NAT device 62 forms a mapping between (IP-li, Port-li) and (IP-le, Port-le) and formulates such a policy for the mapping: Allowing from (IP) — s, Port_s) Messages sent to (IP_le, Port_le) are forwarded to (IP_li, Port_li) and the entries containing the mappings and policies are logged to the mapping and policy database they maintain.
  • step S603 the NAT device 62 forwards the relay request message to the TURN server.
  • step S604 the TUR server 63 that has received the relay request message performs relay request processing.
  • the relay request processing here includes assigning a specific relay address (IP_lr, Port lr) to the first host 61, and recording (IP_lr, Mapping between Port-le).
  • step S605 the TUR server 63 responds to the relay request of the first host 61 by transmitting a response message to (IP_s, Port_s) by (IP_s, Port_s), in the valid data portion of the response message. Contains the assigned relay address (IP_lr, Port-lr).
  • step S606 when the response message reaches the address of the NAT device 62 (IP_le, At port_le), NAT device 62 checks the response message against its mapping and policy database. In this case, the message passes the check. The NAT device 62 then changes the destination address of the response message from (IP-le, Port-le) to (IP-li, Port-li). Or, if the message fails the check, it is discarded.
  • step S607 the NAT device 62 delivers the response message to the address (IP-li, Port-li) of the first host 61.
  • step S608 the first host 61 obtains the address (IP_lr, Port_lr) assigned by the TURN server 63 from the response message, and constructs a binding update message.
  • the valid data portion of the binding update message includes information on the binding between the host name of the first host 61 itself and the assigned address.
  • the first host 61 transmits the binding update message to the name server 64 via the NAT device 62.
  • the name server 64 thereby obtains information about the binding between the host name of the first host 61 and the assigned address, and stores it in the database maintained by itself.
  • Figure 2 shows the communication phase.
  • another host the second host 65
  • the second host 65 is not in the private network where the first host 61 is located, and may be behind another NAT device (e.g., in another private network) or not behind the NAT device (e.g., in the public network).
  • Figure 2 shows the case where the second host 65 is not behind the NAT device.
  • step S701 the second host 65 queries the name server 64 for the relay address of the first host 61.
  • the name server 64 searches for a relay address bound to the first host 61 in its database in step S702, and returns a relay address (IP- corresponding to the first host 61) to the second host 65 in step S703. Lr, Port—lr) reply message.
  • the second host 65 obtains (IP_lr, Port lr) from the reply message of the name server 64 in step S704, and by using the source address (IP_2, Port_2) to (IP-lr, Port-lr) in step S705.
  • a request is sent to issue a communication request message to the first host 61.
  • the TURN server 63 receives the communication request message on (IP-lr, Port-lr), checks the mapping of its previous record, and finds that the message is for (IP_le, Port_le). The TURN server 63 then wraps the source address (IP-2, Port-2) of the communication request into the communication request (i.e., included in the valid data portion of the communication request message), and utilizes its service address in step S707. (IP- s, Port-s) forwards the request to the new communication (IP_le, Port_le),
  • step S708 the NAT device 62 receives the communication request forwarded from the TURN server 63 at the address (IP_le, Port_le), and by looking at the mapping and policy database, finds that the request should be forwarded to (IP_li) , Port_li). The NAT device 62 then changes the destination address of the communication request to (IP-li, Port-li) and forwards it to (IP-li, Port_li) in step S709.
  • step S710 the first host 61 receives the communication request, and retrieves the content of the original request message and the original source address (IP_2, Port-2) of the message from the valid data portion of the communication request.
  • the first host 61 creates a response message for the request, wrapping the actual destination address (IP-2, Port-2) of the response into the valid data portion of the response message.
  • step S711 the first host 61 transmits the response message to the service address (IP_s, Port_s) of the TUR server 63.
  • the NAT device 62 captures the response message in step S712, changes its source address to (IP-le, Port-le), and then forwards it to the TURN server 63 in step S713.
  • the TURN server 63 receives the response message at its service address (IP_s, Port_s) in step S714, extracts the actual destination (IP-2, Port-2) and the actual response message, and in step S715 The actual response message is delivered to the address of the second host 65 (IP-2, Port-2).
  • the second host 65 thus receives a response from the first host 61 to its communication request, and can continue to communicate with the first host 61 via the TURN server 63 in this manner.
  • the TURN server 63 assigns an address, i.e., an IP-port pair, to each client that issues a relay request.
  • the TURN server 63 must also maintain the assigned address (i.e., (IP-lr, Port-lr) in Figures 1 and 2) and the client's NAT address (i.e., (IP-le, Port-le) in Figures 1 and 2).
  • the port number of the TURN server 63 is a limited resource. This may limit the performance of the TURN server 63.
  • NAT poses a significant problem for network connectivity. Since there may be many hosts behind the NAT device, the TURN solution faces serious scalability issues. Therefore, it is desirable to provide a method, system, and corresponding relay server that utilizes a relay mode to traverse NAT, wherein the relay server is stateless and does not need to allocate and manage addresses for its clients. In addition, it is desirable to provide a method, system, and corresponding relay server that utilizes a relay mode to traverse NAT, which can solve the scalability problem faced by the prior art TURN solution. Summary of the invention
  • Another object of the present invention is to provide a method, system and corresponding relay server for traversing NAT by means of a relay, which can solve the scalability problem faced by the prior art TURN scheme.
  • a method for network address translation NAT traversal by means of a relay including: the first host sends a relay request message to a service address of the relay server by using a NAT address by using a NAT device; Following the server returning a relay response message to the first host, the relay response message includes an address list including a relay address and the NAT address.
  • a system for performing network address translation NAT traversal by means of a relay including: a first host, the first host sending a relay request message to a service address of the relay server;
  • the NAT device intercepts the relay request message, and forwards the relay request message to the service address by using a NAT address; and a relay server, and the relay server sends the first host to the first host via the NAT device Returning a relay response message, the relay response message including an address list including a relay address and the NAT address.
  • a relay server comprising: a messaging unit that receives a relay request message sent from a network address translation NAT address on a service address, and transmits the relay request message Returning to the relay request processing unit, and returning, by the service address, a relay response message constructed by the relay request processing unit to the NAT address; and a relay request processing unit configured to construct the relay response message,
  • the relay response message includes A list of addresses, the address list including a relay address and the NAT address.
  • FIG. 1 is a diagram showing an operation procedure of a name binding phase of a NAT traversal method using a TURN server according to the related art
  • FIG. 2 is a diagram showing an operation procedure of a communication phase of a NAT traversal method using a TURN server according to the related art
  • FIG. 3 is a schematic block diagram showing a system for traversing a NAT using a relay server according to a first embodiment of the present invention
  • FIG. 4 is a diagram showing an operation procedure of the system shown in FIG. 3 in the name binding phase of the NAT traversal method according to the first embodiment of the present invention
  • Figure 5 is a diagram showing an operation procedure of the system shown in Figure 3 in the communication phase of the NAT traversal method according to the first embodiment of the present invention
  • FIG. 6 is a schematic block diagram showing a system for traversing a NAT using a relay server according to a second embodiment of the present invention
  • Figure 7 is a diagram showing the operational procedure of the relay node reporting and selection phase of the system of Figure 6 in the NAT traversal method according to the second embodiment of the present invention. detailed description
  • the present invention utilizes the principles of source routing techniques widely used in overlay networks and ad-hoc networks to solve NAT problems, especially symmetric NAT.
  • Source routing technology enables the sender of a packet to specify, in part or in whole, the route that the packet passes through the network.
  • the path is determined by routers in the network based on the destination of the packet.
  • the sender/source wraps the routing information into packets.
  • the routing information contains the necessary path information from the source address to the destination address.
  • Each packet received on the path The node extracts the next hop address from the packet and then forwards it to the next hop.
  • Each node on the path repeats the process until the packet reaches its destination.
  • host A wants to send data to host B, and host A knows in advance that it can send data to host B via host C. That is, host A knows in advance the coverage path from host B to destination host B: Host A -> Host C -> Host B.
  • host A constructs such a packet: the address of host B is added as the overlay header before the application layer valid data (e.g., voice data) of the packet.
  • the overlay header is also part of the application layer's valid data.
  • the address of host B can include the address and port of host B.
  • the address of host B may also include a protocol.
  • the address of host B can be of the form: 202.1.1.1, 80, TCP.
  • the header of the TCP/IP layer includes the IP address and port of the host A as the source address, the IP address and port of the host C as the destination. address.
  • Host A then sends the packet to Host C.
  • the host C receives the packet, extracts the address information portion in the TCP/IP header, and the address of the host B in the valid data portion of the application layer, and then removes the address of the host B from the packet, and will only contain the original valid data.
  • a packet (for example, voice data) is sent to the address of Host B.
  • the present invention takes advantage of the idea of this source routing technique to solve the problem of NAT, especially symmetric NAT. Embodiments of the present invention are described below with reference to the accompanying drawings.
  • an "address” when referring to "address”, unless otherwise stated, it generally refers to a transport address formed by a combination of an IP address and a port number.
  • an "address” can include a combination of an IP address, a port number, and a protocol. For the sake of brevity, only a combination of both IP address and port number is used.
  • a combination of an IP address and a port number is expressed in the form of (IP, Port).
  • the source address, the destination address, and the payload (payload) portion of the corresponding message are expressed in the form of "src: (xxx, xxx) dst: (yyy, yyy) data: zzzzz". Special content.
  • the source address or destination address of a certain message when referring to the source address or destination address of a certain message, it actually refers to the source address or the destination address recorded in the TCP/IP layer header of the packet carrying the message.
  • the valid data portion of a message when referring to the valid data portion of a message, it actually refers to the application layer payload of the packet carrying the message after the TCP/IP layer header is removed.
  • Fig. 3 shows a block diagram of a system 1 for NAT traversal according to a first embodiment of the present invention.
  • the system 1 includes a first host 11, a NAT device 12, a relay server 13, a name server 14, and a second host 15.
  • the first host 11 is in the private network
  • the NAT device 12 is the NAT device of the private network
  • the relay server 13, the name server 14, and the second host 15 are all outside the private network. It is assumed here that the relay server 13, the name server 14, and the second host 15 are all in the public network.
  • the first host 11 includes a messaging unit 101, a storage unit 102, a name binding unit 103, and a communication processing unit 104.
  • the messaging unit 101 is configured to receive a message from another device, pass it to the name binding unit 103 or the communication processing unit 104 or the like according to the type of the received message, etc., and send the name binding unit to the desired destination.
  • the 103 and communication processing unit 104 indicates the transmitted message.
  • the name binding unit 103 can perform the processing at the first host 11 during the name binding phase of the method of the present invention.
  • Communication processing unit 104 may perform the processing at first host 11 during the communication phase of the method of the present invention.
  • the storage unit 102 can store information that may be needed to be used and stored in the operation of the first host 11. For example, the storage unit 102 can store The local address of the first host 11, and the address list received by the first host 11 from the relay server 13, and the like.
  • the NAT device 12 includes a messaging unit 201, a storage unit 202, and a NAT processing unit 203.
  • the messaging unit 201 is configured to receive messages from other devices, deliver the received messages to the NAT processing unit 203, and send a message to the desired destination that the NAT processing unit 203 indicates to transmit.
  • the NAT processing unit 203 can perform NAT processing.
  • the storage unit 202 can store information that may be needed to be used and stored in the operation of the NAT device 12. For example, storage unit 202 can store internal addresses used by NAT device 12 in the private network, external addresses that can be assigned to hosts in the private network, and mappings and related policies between internal and external addresses, and the like.
  • the relay server 13 includes a messaging unit 301, a storage unit 302, a relay request processing unit 303, and a relay processing unit 304.
  • the messaging unit 301 is configured to receive a message from another device, transfer it to the relay request processing unit 303 or the relay processing unit 304 according to the type of the received message, and the like, and send a relay request processing to the desired destination.
  • Unit 303 and relay processing unit 304 indicate the transmitted message.
  • the relay request processing unit 303 can perform the processing at the relay server 13 during the name binding phase of the method of the present invention.
  • Relay processing unit 304 may perform the processing at relay server 13 during the communication phase of the method of the present invention.
  • the storage unit 302 can store information that may be needed to be used and stored in the operation of the relay server 13. For example, storage unit 302 can store a service address and a relay address.
  • the name server 14 includes a messaging unit 401, a storage unit 402, a binding update processing unit 403, and a query processing unit 404.
  • the messaging unit 401 is configured to receive a message from another device, pass it to the binding update processing unit 403 or the query processing unit 404 or the like according to the type of the received message, and the like, and send a binding update to the desired destination.
  • Processing unit 403 and query processing unit 404 indicate the transmitted message.
  • Binding update processing unit 403 can perform the processing at name server 14 during the name binding phase of the method of the present invention.
  • the query processing unit 404 can perform the processing at the name server 14 during the communication phase of the method of the present invention.
  • the storage unit 402 can store information that may need to be used and stored in the operation of the name server 14. For example, the storage unit 402 can store binding information reported by the host.
  • the second host 15 includes a messaging unit 501, a storage unit 502, and a communication processing unit 503.
  • the messaging unit 501 is configured to receive messages from other devices, according to the received cancellation
  • the type of interest or the like is passed to the communication processing unit 503 or the like, and the message transmitted by the communication processing unit 503 is instructed to the desired destination.
  • Communication processing unit 503 can perform the processing at second host 15 during the communication phase of the method of the present invention.
  • the storage unit 502 can store information that may be needed to be used and stored in the operation of the second host 15. For example, the storage unit 502 can store address information usable by the second host 15.
  • Figure 4 illustrates the operation of the name binding phase of the NAT traversal method in accordance with the present invention.
  • the relay server 13 can use two addresses to receive and send messages. That is, the relay server 13 can listen for incoming messages at these two addresses, and can use any of the two messages to send outgoing messages.
  • These two addresses include the service address (IP_s, Port_s) and the relay address (IP_r, Port-r).
  • the service address (IP_s, Port_s) is used for the host in the private network behind the NAT device, and the relay address (IP_r, Port is used for the host outside the private network. Note that in the present invention, the service address And the relay address can be the same.
  • a host in the private network such as the first host 11, expects the relay server 13 to provide a relay service for the host outside the private network to initiate communication with the first host 11.
  • the first host 11 is behind the NAT device 12. That is to say, the packets received by the first host 11 need to be processed by the NAT device 12 for NAT.
  • step S101 the name binding unit 103 of the first host 11 constructs a relay request message and transmits it out through the messaging unit 101.
  • the destination address of the relay request message is the service address of the relay server 13, and the source address is the local address or internal address (IP_li, Port-li) of the first host 11 in the private network.
  • step S102 the messaging unit 201 of the NAT device 12 intercepts the relay request message and passes it to the NAT processing unit 203.
  • NAT NAT processing unit 203 by performing the processing, the source address of the relay request message to a public address or the external address (IP le, Port_le) 0 This address may also be referred to as a NAT address.
  • the NAT processing unit 203 forms a mapping between (IP-li, Port-li) and (IP-le, Port-le), and formulates such a policy for the mapping: Allowing from (IP_s, Port_s)
  • the message sent to (IP-le, Port-le) is forwarded to (IP_li, Port_li) o That is, if the source address of the packet of the incoming message received by the NAT device 12 later is CIP_s, and the destination address of the Port_s is (IP_le, Port_le;), then The message can be forwarded to the internal address (IP_li, Port-li) of the first host 11.
  • the NAT processing unit 203 records the entries containing the mappings and policies in, for example, a mapping and policy database in the storage unit 202.
  • step S103 the NAT device 12 forwards the source address modified relay request message to the relay server 13.
  • step S104 the relay server 13 receives the relay request message forwarded from the NAT device 12 through the messaging unit 301.
  • the relay request message is delivered to the relay request processing unit 303.
  • the relay request processing unit 303 learns the source address (IP_le, Port_le) (NAT address) of the relay request message.
  • the relay request processing unit 303 constructs a relay response message: the valid data portion of the relay response message includes an address list [(IP - r, Port - r), (IP - le, Port - le)].
  • the address list may also be referred to as routing information, including a relay address (IP_r, Port-r) and a NAT address (IP_le, Port_le) o different from the prior art, the relay address (IP-r , Port — r) may not be specifically allocated for the first host 11 . That is, the relay server 13 may be a plurality or all of the received relay request message using a common repeater address (IP- I ⁇ , Port_r) 0 Further, the prior art different, the relay server 13 There is also no need to store any mappings.
  • IP_r When it receives a communication request message at the relay address (IP_r, Port-r) later, it only needs to send it to the specific address according to the address carried by the message itself using its service address (IP_s, Port_s).
  • IP_s the address carried by the message itself using its service address (IP_s, Port_s).
  • the destination is OK, as described in more detail below.
  • step S105 the relay request processing unit 303 transmits a relay response message to the address (IP_le, Port_le) by the message transmitting and receiving unit 301 using the service address (IP_s, Port_s).
  • step S106 the NAT device 12 receives the relay response message.
  • the NAT processing unit 203 checks the relay response message against the mapping and policy database stored in the storage unit 202. In this case, since the source address of the relay response message is (IP_s, Port_s) and the destination address is (IP_le, Port-le), the message passes the check. Thus, the NAT processing unit 203 changes the destination address of the relay response message from (IP_le, Port_le) to (IP_li, Port-li). Or, if the message fails to pass the check, it is discarded (or forwarded to another matching address).
  • the messaging unit 201 forwards the relay response message whose destination address has been modified to the first host 11.
  • step S108 the messaging unit 101 of the first host 11 delivers the received relay response message to the name binding unit 103.
  • the name binding unit 103 extracts the address list [(IP - r, Port - r), (IP - le, Port - le)] from the valid data portion of the relay response message.
  • the name binding unit 103 then constructs a binding update message, including binding information indicating the first host 11 (e.g., the host name of the first host 11) and the address in the valid data portion of the binding update message.
  • the binding of the list [(IP_r, Port_r), (IP le, Port-le)].
  • step S109 the messaging unit 101 of the first host 11 transmits a binding update message to the address (IP_ns, Port_ns) of the name server 14 in accordance with the instruction of the name binding unit 103.
  • the internal address used by the first host 11 to communicate with the name server 14 is generally different from the internal address used when communicating with the relay server 13.
  • (IP_li' and Port_ ⁇ ') are used to indicate the internal address used when the first host 11 communicates with the name server 14.
  • IP addresses it is common for IP addresses to be the same and port numbers to be different. That is to say, IP-li' and IP-li can be the same, and Port-li is usually different from Port_li.
  • the same device typically uses a different transport address (at least a different port number) when communicating with different devices. This also applies to the internal address (IP-li", Portli") used by the first host to communicate with the relay selection server 16, as described below, and when the second host communicates with the name server and via the relay server.
  • IP-li Portli
  • Portli Portli
  • step S110 similar to step S102, the messaging unit 201 of the NAT device 12 intercepts the binding update message and passes it to the NAT processing unit 203.
  • the NAT processing unit 203 changes the source address of the binding update message to a public address or an external address (IP_le', Port_le') by performing NAT processing.
  • IP_le', Port_le' the external address (IP_le', Port_le') to which (IP_li', Port_li') is mapped is different from (IP_li, Port-li )
  • the external address (IP_le, Port-le) to which it is mapped is mapped.
  • IP-le' and IP-le can be the same, and Port-le' and Port_le are usually different.
  • the NAT processing unit 203 forms (IP-li, Port-li') and Mapping between (IP_le', Port-le'), and formulating a policy for this mapping: Allow messages sent from (IP_ns, Port-ns) to (IP-le, Port-le,) to be forwarded to (IP_li', Port_li') 0
  • the NAT processing unit 203 records an entry containing the mapping and policy in, for example, a mapping and policy database in the storage unit 202.
  • step S111 the NAT device 12 transmits the modified binding update message of the source address to its desired destination-name server 14.
  • step S112 the messaging unit 401 of the name server 14 receives the binding update message and passes it to the binding update processing unit 403.
  • the binding update processing unit 403 extracts information indicating the binding of the host name of the first host 11 and the address list [(IP_r, Port_r), (IP_le, Port_le)] from the valid data portion of the binding update message. And storing the information in, for example, a binding database in the storage unit 402.
  • Figure 5 shows the operation of the communication phase of the NAT traversal method in accordance with the present invention.
  • the second host 15 wishes to initiate communication with the first host 11.
  • the second host 15 is not in the private network where the first host 11 is located.
  • the second host 15 may be in the public network or in another private network. That is, the second host 15 may not be behind the NAT device or behind another NAT device. For the sake of brevity, it is assumed here that the second host 15 is not behind the NAT device.
  • step S201 the communication processing unit 503 of the second host 15 constructs a binding query message, which specifies the host name of the first host 11, and wishes to query the address of the first host 11.
  • the messaging unit 501 sends the binding query message to the name server 14.
  • step S202 the messaging unit 401 of the name server 14 receives the binding query message and passes it to the query processing unit 404.
  • the query processing unit 404 searches the binding database in the storage unit 402 with the host name of the first host 11 to find the address list corresponding to the host name of the first host 11 [(IP_r, Port_r), ( IP—le, Port—le)].
  • the query processing unit 404 constructs a binding reply message in which the valid data portion of the message includes an address list [(IP_r, Port_r), (IP_le, Port_le)] corresponding to the host name of the first host 11.
  • step S203 the messaging unit 401 of the name server 14 transmits the binding reply message to the second host 15.
  • step S204 the messaging unit 501 of the second host 15 receives the binding reply.
  • the message is passed to the communication processing unit 503.
  • the communication processing unit 503 extracts an address list
  • the message, the valid data part of the communication request message includes the original data content in the communication request message normally sent by the second host 15, and the NAT address in the extracted address list (IP_le, Port_le;) .
  • step S205 under the instruction of the communication processing unit 503, the messaging unit 501 uses the source address (IP-2, Port-2) to forward the relay address in the extracted address list (IP_r, Port-r).
  • IP-2, Port-2 the source address
  • IP_r, Port-r the relay address in the extracted address list
  • step S206 the messaging unit 301 of the relay server 13 receives the communication request message on the relay address (IP_r, Port-r) and passes it to the relay processing unit 304 accordingly.
  • the relay processing unit 304 extracts as the routing information from the communication request message (IP_le, the Port_le relay processing unit 304 then constructs a new communication request based on the communication request message, SP, and removes the original communication request message included in the IP_le, Port_le;), and includes the original source address of the communication request message, that is, the address of the second host 15 (IP_2, Port-2).
  • step S207 under the instruction of the relay processing unit 304, the message transceiving unit 301 with its service address (IP- s, Port- s) of the new communication request is forwarded to the message (IP_le, Port_le seen bound name
  • IP- s, Port- s service address
  • Port_le Port_le seen bound name
  • the routing information returned by the relay server to the first host is such that the second host can specify the path of the message in the sent communication request message by means of source routing.
  • the relay server can thus be based on the content contained in the message. Forwards to the appropriate NAT address without itself maintaining any mapping information.
  • step S208 the messaging unit 201 of the NAT device 12 receives the new communication request message at the address (IP_le, Port-le) and passes it to the NAT processing unit 203.
  • the NAT processing unit 203 checks the message against the mapping and policy database in the storage unit 202. In this case, since the source address of the message is (IP_s, Port_s) and the destination address is (IP_le, Port_le), the message passes the check. Thus, the NAT processing unit 203 changes the destination address of the message from (IP_le, Port_le) to (IP_li, Port_li).
  • step S209 the messaging unit 201 forwards the modified communication request message of the destination address to the internal address (IP_li, Port-li) of the first host 11.
  • step S210 the messaging unit 101 of the first host 11 receives the slave NAT setting.
  • the communication request message forwarded by the device 12 is passed to the communication processing unit 104.
  • the communication processing unit 104 extracts the valid data content of the original communication request message and the original source address (IP-2, Port-2) from the valid data portion of the communication request message.
  • the communication processing unit 104 then creates a communication response message for the communication request message, and includes, in addition to the valid data content originally included in the communication response message normally sent by the first host 11, in the valid data portion of the communication response message.
  • the actual destination address of the communication response message IP-2, Port_2) 0
  • step S211 the first host 11 transmits the communication response message to the service address (IP_s, Port_s) of the relay server 13 via the messaging unit 101.
  • step S212 the messaging unit 201 of the NAT device 12 intercepts the communication response message and passes it to the NAT processing unit 203.
  • the NAT processing unit 203 directly changes the source address of the communication response message to (IP-le, Port-le).
  • step S213 the NAT device 12 forwards the modified communication response message of the source address to the relay server 13.
  • step S214 the messaging unit 301 of the relay server 13 receives the communication response message on the service address (IP_s, Port_s) and passes it to the relay processing unit 304.
  • the relay processing unit 304 extracts the actual content of the actual destination (IP-2, Port-2) and the response message from the valid data portion of the communication response message, and constructs the actual content including the actual content in the valid data portion. Communication response message.
  • step S215 under the instruction of the relay processing unit 304, the messaging unit 301 transmits the actual communication response message to the address of the second host 15 (IP-2) using the relay address (IP_r, Port-1). , Port_2
  • the second host 15 then receives the communication response message sent from the first host 11.
  • the communication between the first host 11 and the second host 15 can be continued by the relay server 13 in accordance with the above process.
  • the second host 15 can acquire and Address column bound by the first host 11 Table, but the invention is not limited thereto.
  • the second host 15 can also obtain a list of addresses corresponding to the first host 11 by other means.
  • the first host 11 can inform the second host 15 of its corresponding address list by means of email or the like.
  • the second host 12 knows the address list by some suitable means, it can initiate communication with the first host 11 via the relay server 13. .
  • the relay server according to the present invention does not need to allocate a relay address for each received relay request and record the assigned relay address and relay request source address (NAT address).
  • NAT address relay address and relay request source address
  • NAT poses a significant problem for network connectivity. Since there may be many hosts behind the NAT device, the TURN solution faces serious scalability issues.
  • each overlay node that is not behind the NAT can act as a TURN server.
  • each host in the public network can act as a relay server.
  • the present invention alleviates the burden on the relay node because of the stateless design.
  • Each node in the public network can report to the relay selection server.
  • the reported information may include the service address of the node (i.e., (IP_s, Port_s) as described above), the capabilities of the node, the service provider (ISP) to which the node belongs, the location of the node, and the like.
  • the relay selection server When the host behind the NAT issues a query to the relay selection server, and wants to find one or more relay nodes to act as its relay server, the relay selection server will be based on the information about the relay node that it stores, and issue Query the primary tL information (location, ISP, etc.) to select one or more relay nodes. Then, the node following the NAT updates its binding to the name server by a name binding similar to that in the first embodiment. The other host can then initiate communication with the node behind the NAT with the selected relay node as a relay.
  • a second embodiment of the present invention will be described in detail below with reference to Figs. 6 and 7. The second embodiment shows the case where the present invention is applied, for example, in a source-routed P2P network.
  • FIG. 6 shows a block diagram of a system 1' for NAT traversal in accordance with a second embodiment of the present invention.
  • a system according to a second embodiment of the present invention includes a first host 1, a NAT device 12, one or more relay nodes (one of the relay nodes 13-a is shown in FIG. 6), a name server 14, and a Two hosts 15 and a relay selection server 16, and so on.
  • the NAT device 12, the name server 14, and the second host 15 are the same as in the first embodiment. The description will not be repeated here.
  • the relay node 13-a and other relay nodes 13-b and the like not shown are located in the public network, and have the structure as shown in FIG. This structure is different from the relay server 13 of the first embodiment in that it further includes an information reporting unit 305.
  • the information reporting unit 305 is configured to report the service address, capability, ISP, location, and the like of the own node to the relay selection server 16.
  • the first host 1 is different from the first host 11 of the first embodiment in that it further includes a relay determining unit 105 for requesting the relay selection server 16 to select one or more nodes as its relay node.
  • the relay selection server 16 includes a messaging unit 601, a storage unit 602, a report processing unit 603, and a relay selection unit 604.
  • the messaging unit 601 is configured to receive a message from another device, transfer it to the report processing unit 603 or the relay selection unit 604 or the like according to the type of the received message, and the like, and transmit the report processing unit 603 to the desired destination.
  • relay selection unit 604 indicates the transmitted message.
  • the report processing unit 603 can be configured to receive reports sent by the relay node and store information about the nodes in the storage unit 602.
  • the relay selection unit 604 can select a relay node for it according to, for example, the request of the first host 1 ⁇ .
  • the storage unit 602 can store information that may be needed to be used and stored in the operation of the relay selection server 16. For example, storage unit 602 can store information reported by various relay nodes.
  • Figure 7 shows an example of the operation of the method of the present invention at the node reporting and selection stage.
  • step S301 the messaging unit 301 of the relay node 13-a transmits a report message constructed by the information reporting unit 305 to the relay selection server 16.
  • the valid data portion of the report message includes information such as the service address, capability, ISP, location, etc. of the relay node 13-a.
  • step S302 the message transceiving unit 601 of the relay selection server 16 receives the report message transmitted from the relay node 13-a, extracts the information recorded in the valid data portion thereof, and the node database in the storage unit 602. An entry is created for the relay node 13-a, which includes the above information of the relay node 13-a.
  • step S303 and step S304 the relay node 13-b reports its service address, capability, ISP, location, etc. to the relay selection server 16, and the relay selection server 16 records the information in the storage unit 602. In the node database.
  • relay nodes Although only the two relay nodes report to the relay selection server 16 are shown in the figure, it should be understood that other relay nodes may also report their information to the relay selection server 16 through similar steps.
  • step S305 the messaging unit 101 of the first host 1 transmits a relay selection request message constructed by the relay determining unit 105 to the relay selection server 16, and the valid data portion of the relay selection request message includes, for example, the first Host 1 ⁇ ISP, location, etc.
  • the NAT device 12 performs processing similar to that in the above-described steps S102 and S110 in the relay selection request message in step S306, and changes the source address from (IP_li", Port_li") to (IP- in step S307).
  • the relay selection request message of le", Port_le" is forwarded to the relay selection server 16.
  • the messaging unit 601 of the relay selection server 16 receives the relay selection request message and passes it to the relay selection unit 604.
  • the relay selection unit 604 is the first host according to the ISP, location, and the like of the first host 1 ⁇ included in the relay selection request message, and the capability, ISP, location, and the like of the node stored in the node database in the storage unit 602. 1 Select one or more appropriate relay nodes to act as relay servers for which relay services are provided.
  • the relay selection unit 604 constructs a relay selection response message including the service address of the selected relay node and other information that may be needed in the valid data portion of the message, and the like.
  • step S309 the messaging unit 601 of the relay selection server 16 transmits the relay selection response message to (IP_le", Port-le").
  • the relay selection response message arrives at the first host 11'.
  • the first host 1 then knows the service address of one or more relay nodes for which relay services can be provided.
  • the first host 1 ⁇ can then proceed to this via steps S101 to SU2 shown in FIG.
  • the relay nodes send a relay request message and refer to the name server according to the obtained relay response.
  • the second host 15 can similarly pass through steps S201 to S215 shown in FIG. 5 to relay the selection server 16 as one of the one or more relay nodes selected by the first host 1 as a relay to initiate and Communication of the first host 1 ⁇ .
  • each host in the public network can act as a relay server.
  • the relay selection server may select one or more relay sections for the requesting node according to the respective conditions of the requesting node and the relay node.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un procédé, un système et un serveur relais pour une traversée de transformation d'adresse de réseau (NAT) au moyen d'un relais. Un procédé pour effectuer une transformation d'adresse de réseau NAT au moyen d'un relais consiste en ce que : en utilisant une adresse NAT, un premier ordinateur hôte envoie un message de demande de relais à l'adresse de serveur d'un serveur relais par l'intermédiaire d'un dispositif NAT; et le serveur relais renvoie au premier ordinateur hôte un message de réponse de relais, qui comprend une liste d'adresses contenant une adresse de relais et ladite adresse NAT.
PCT/CN2010/000813 2009-09-24 2010-06-10 Procédé, système et serveur relais pour une traversée de transformation d'adresse de réseau (nat) au moyen d'un relais WO2011035528A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910175620.8 2009-09-24
CN200910175620.8A CN102035900B (zh) 2009-09-24 2009-09-24 用于通过中继方式进行nat穿越的方法、系统和中继服务器

Publications (1)

Publication Number Publication Date
WO2011035528A1 true WO2011035528A1 (fr) 2011-03-31

Family

ID=43795319

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/000813 WO2011035528A1 (fr) 2009-09-24 2010-06-10 Procédé, système et serveur relais pour une traversée de transformation d'adresse de réseau (nat) au moyen d'un relais

Country Status (2)

Country Link
CN (1) CN102035900B (fr)
WO (1) WO2011035528A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017050109A1 (fr) * 2015-09-23 2017-03-30 上海斐讯数据通信技术有限公司 Système, appareil et procédé d'établissement de trajet pour traversée de nat de connexion d'homologues
US9826044B2 (en) 2013-10-23 2017-11-21 Qualcomm Incorporated Peer-to-peer communication for symmetric NAT
CN110012118A (zh) * 2019-03-08 2019-07-12 平安科技(深圳)有限公司 一种提供网络地址转换nat服务的方法及控制器
CN113572867A (zh) * 2021-09-26 2021-10-29 北京海誉动想科技股份有限公司 通信方法与装置

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013067870A1 (fr) * 2011-11-11 2013-05-16 中国移动通信集团公司 Procédé pour traverser le serveur de traducteur et serveur, terminal, système correspondants
CN102404227B (zh) * 2011-12-09 2014-06-18 徐州医学院 一种层次型穿越内网的路由系统
CN103188134B (zh) * 2011-12-29 2016-12-21 腾讯科技(深圳)有限公司 逻辑中转通信方法、逻辑中转服务器和逻辑中转通信系统
CN103220377A (zh) * 2012-05-08 2013-07-24 西北工业大学 一种nat穿越以及带宽复用的系统和方法
TWI538449B (zh) * 2013-11-29 2016-06-11 晶睿通訊股份有限公司 穿透網路位址轉換的方法、電腦可讀取媒體與連線中介系統
CN106331195B (zh) * 2015-06-23 2020-01-14 中兴通讯股份有限公司 数据接收、发送方法及装置
TWI625950B (zh) * 2016-08-04 2018-06-01 群暉科技股份有限公司 於一網路系統中藉助於網路位址轉譯來轉送封包之方法與裝置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056271A (zh) * 2007-06-06 2007-10-17 杭州华三通信技术有限公司 穿越nat的方法及相应的通信终端和nat设备
US20080126528A1 (en) * 2003-01-15 2008-05-29 Matsushita Electric Industrial Co., Ltd. PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS
CN100464540C (zh) * 2005-09-09 2009-02-25 北京中星微电子有限公司 一种跨网关通信的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126528A1 (en) * 2003-01-15 2008-05-29 Matsushita Electric Industrial Co., Ltd. PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS
CN100464540C (zh) * 2005-09-09 2009-02-25 北京中星微电子有限公司 一种跨网关通信的方法
CN101056271A (zh) * 2007-06-06 2007-10-17 杭州华三通信技术有限公司 穿越nat的方法及相应的通信终端和nat设备

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9826044B2 (en) 2013-10-23 2017-11-21 Qualcomm Incorporated Peer-to-peer communication for symmetric NAT
WO2017050109A1 (fr) * 2015-09-23 2017-03-30 上海斐讯数据通信技术有限公司 Système, appareil et procédé d'établissement de trajet pour traversée de nat de connexion d'homologues
CN110012118A (zh) * 2019-03-08 2019-07-12 平安科技(深圳)有限公司 一种提供网络地址转换nat服务的方法及控制器
CN113572867A (zh) * 2021-09-26 2021-10-29 北京海誉动想科技股份有限公司 通信方法与装置
CN113572867B (zh) * 2021-09-26 2022-01-07 北京海誉动想科技股份有限公司 通信方法与装置

Also Published As

Publication number Publication date
CN102035900A (zh) 2011-04-27
CN102035900B (zh) 2015-05-06

Similar Documents

Publication Publication Date Title
WO2011035528A1 (fr) Procédé, système et serveur relais pour une traversée de transformation d'adresse de réseau (nat) au moyen d'un relais
USRE47566E1 (en) NAT traversal for mobile network devices
JP4579934B2 (ja) レガシーノードとhipノード間のホストアイデンティティプロトコル(hip)接続を確立するためのアドレス指定方法及び装置
US6128298A (en) Internet protocol filter
US9013992B2 (en) Method and apparatus for network address translation
US6381638B1 (en) System and method for options based address reuse
KR100901790B1 (ko) IPv4 네트워크 기반 IPv6 서비스 제공시스템에서의 제어 터널 및 다이렉트 터널 설정 방법
US20040044778A1 (en) Accessing an entity inside a private network
US20040148439A1 (en) Apparatus and method for peer to peer network connectivty
WO2010127610A1 (fr) Procédé, équipement et système permettant de traiter des informations de noeud de réseau privé virtuel
JPWO2005027438A1 (ja) パケット中継装置
JP2006086800A (ja) ソースアドレスを選択する通信装置
WO2007041417A1 (fr) Communication d'egal a egal traversant des traducteurs d'adresses reseau symetriques
US20100312901A1 (en) Method for the establishing of peer-to-peer multimedia sessions in a communication system
TW200924462A (en) System and method for connection of hosts behind NATs
JP4766976B2 (ja) ノード間接続方法及び装置
WO2009129707A1 (fr) Procédé, appareil et système de communication pour envoyer et recevoir des informations entre réseaux locaux
EP2161881A1 (fr) Procédé servant à acquérir des ressources transversales, un n ud pair à pair et un système pair à pair
EP3977712A1 (fr) Multiplexage transparent de points d'extrémité ip
KR100562390B1 (ko) 호스트 라우팅과 IP Aliasing 기법을 이용한 네트워크 데이터 플로우 식별 방법 및 시스템
Komu et al. Basic host identity protocol (HIP) extensions for traversal of network address translators
de Launois Unleashing traffic engineering for IPv6 multihomed sites
CN117061479A (zh) 局域网通信方法及装置
Komu et al. RFC 5770: Basic Host Identity Protocol (HIP) Extensions for Traversal of Network Address Translators
Kang et al. IPv6 anycast routing aware of a service flow

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10818222

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10818222

Country of ref document: EP

Kind code of ref document: A1