WO2016066027A1

WO2016066027A1 - Media transmission method and device

Info

Publication number: WO2016066027A1
Application number: PCT/CN2015/092103
Authority: WO
Inventors: 张旭武; 张进生
Original assignee: 华为技术有限公司
Priority date: 2014-10-31
Filing date: 2015-10-16
Publication date: 2016-05-06
Also published as: CN105635076A; CN105635076B

Abstract

Disclosed are a media transmission method and device. The method comprises: a user terminal determines, according to a STUN detection result, the tunnel type of a transmission tunnel to be established for media to be transmitted to traverse firewalls, assigns, according to the determined tunnel type, a first port number of the user terminal side to a transmission tunnel corresponding to the tunnel type, and sends the tunnel type, the first port number and payload format information of a tunnel data packet to a network side, so that the network side assigns, according to the tunnel type, a second port number of the network side to the transmission tunnel corresponding to the tunnel type and establishes a transmission tunnel between the first port number and the second port number; and receives a data packet of the media that is transmitted by the network side through the established transmission tunnel and that is encapsulated according to the payload format information of the tunnel data packet, which not only can traverse all types of firewalls but also effectively improves the media transmission efficiency.

Description

Media transmission method and device

This application claims the priority of a Chinese application filed on November 7, 2014 with application number 201410623767.X, the invention name is "a media transmission method and equipment", and the application filed on October 31, 2014. The priority of the Chinese Patent Application No. 201410616529.6, entitled "A Media Transmission Method and Apparatus", the entire contents of which is incorporated herein by reference.

Technical field

The present invention relates to the field of IP communication technologies, and in particular, to a media transmission method and device.

Background technique

In a VoIP (Voice ove IP) communication system, voice data and video media data are usually transmitted in real time using RTP (Real-Time Transport Protocol), and RTCP (Real-Time Transport Control Protocol; The Real-Time Transport Control Protocol) provides a reliable transport management mechanism for RTP packets. RTP packets and RTCP packets are transmitted by User Datagram Protocol (UDP). When the RTP data packet and the RTCP data packet are respectively transmitted by different ports, the UDP port number required for transmitting the RTCP data packet is larger than the UDP port number used for transmitting the RTP data packet, and is used for transmitting the RTCP data packet. The UDP port number is an odd number.

In the enterprise network or LAN application scenario, for the sake of network security, a firewall is deployed between the enterprise network or the local area network and the public network. In addition to providing network address translation, firewalls often limit the types of packets allowed and the range of open ports. In practical applications, RTP packets and RTCP packets cannot be performed normally due to firewall limitations.

Therefore, when VoIP communication between the VoIP client and the network side, it is necessary to have the ability to traverse the firewall. Several different ways of traversing are proposed for how to traverse the firewall.

For example, Interactive Connectivity Establishment (ICE) is a protocol family that includes STUN (Session Traversal Utilities for NAT). The transmission application protocol, TURN (Traversal Using Relay Network Address Translation) protocol, is used to solve various NAT traversal problems.

When the ICE/STUN protocol is used to traverse the firewall, the ports used by the communication parties to transmit RTP data packets and RTCP data packets can be multiplexed on the same port, that is, the media gateway fixedly allocates the RTP/RTCP ports to 80. The media stream traverses from the 443 or 80 port of the firewall in the form of RTP/RTCP over TCP. In this way, although it can support media stream and signaling separation transmission in VoIP communication, and use a standard ICE client, in practice, this method can only guarantee to traverse part of the firewall, for example, has HTTP (Hyper Text Transport Protocol, Hypertext Transfer Protocol) The proxy function of the firewall cannot be traversed. Because the firewall with the HTTP proxy function only allows HTTP-type packets to pass, the firewall with the HTTP proxy function can identify whether the upper-layer protocol packets carried by the IP (Internetwork Protocol) packet are HTTP protocol packets, if not HTTP. Protocol packets, which directly drop packets. When the RTCP/RTP protocol packet is used to multiplex the same port and the TCP (Transmission Control Protocol) connection is used to traverse the firewall, the HTTP proxy function firewall can easily identify the packet as a non-HTTP packet and discard it. Media packets cannot traverse the firewall.

Further, an ICE/TURN solution is proposed, in which a TURN server is deployed between the VoIP client and the network side as a media relay server, and the TURN server supports the TURN request sent by the terminal from the protocol default port 3478 port. Receive TURN requests from ports 443 and 80. The media traverses the firewall from the 443 through the RTP/RTCP over UDP over TURN over TCP method, or through the RTP/RTCP over UDP over TURN over TLS mode to reach the TURN server, and the TURN server forwards the media to the peer end.

Although this method can solve the problem of crossing all firewalls, the following problems still exist:

1. The TURN server is added to the system, causing the data packet transmission delay of the media;

2. In the process of data packet transmission of the media, the number of data packets encapsulated by the media is too many, and the header of the media data packet is redundant, which affects the efficiency of media transmission;

3. TURN handshake signaling between the TURN server and the user terminal is complex, and each media A separate handshake negotiation is required to establish a relay channel, which increases the complexity of data packet transmission of the medium.

Summary of the invention

In view of this, the embodiments of the present invention provide a media transmission method and device, which are used to solve the problems of complex transmission and low transmission efficiency of the media of the current VoIP communication system in the process of traversing the firewall.

According to a first aspect of the present invention, a media transmission method is provided, comprising:

The user terminal determines, according to the detection result of the network address translation session transmission application STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, where the tunnel type includes at least a transport layer secure TLS tunnel type and data. Reporting one or more of the transport layer security DTLS tunnel types;

The user terminal allocates a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type according to the determined tunnel type, and loads the tunnel type, the first port number, and the tunnel data packet. The format information is sent to the network side, so that the network side allocates the second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, and establishes between the first port number and the second port number. Transmission tunnel

Receiving, by the user terminal, a data packet of a media encapsulated according to the load format information of the tunnel data packet that is transmitted by the network side through the established transmission tunnel.

With reference to a possible implementation manner of the first aspect of the present invention, in a first possible implementation, the user terminal sends the tunnel type, the first port number, and payload format information of a tunnel data packet to a network side. ,include:

Transmitting, by the user terminal, the tunnel type, the first port number, and the load format information of the tunnel data packet in a session description protocol SDP message to the IP bearer voice VoIP signaling server, where the VoIP signaling server is configured according to the The tunnel type is a second port number of the network side of the transmission tunnel corresponding to the tunnel type, and the second port number is sent to the media gateway and the user terminal;

The user terminal establishes a transmission tunnel between the first port number and the second port number by negotiating with the media gateway.

With reference to the possible implementation manners of the first aspect of the present invention, or the first possible implementation manner of the first aspect of the present invention, in the second possible implementation manner, the user terminal determines according to the detection result of the STUN Establish a tunnel type for the transport tunnel to traverse the firewall for the media to be transmitted, including:

The user terminal sends an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting real-time transmission. Controlling the public address of the port assignment of the protocol RTCP packet;

When the user terminal cannot receive the address collection response of the UDP bearer returned by the STUN server, it determines that the tunnel type of the transport tunnel for traversing the firewall for the media to be transmitted is the TLS tunnel type.

In conjunction with a possible embodiment of the first aspect of the invention, or a first possible embodiment of the first aspect of the invention, or a second possible embodiment of the first aspect of the invention, in the third In a possible implementation manner, the user terminal establishes a transmission tunnel between the first port number and the second port number, and specifically includes:

If the tunnel type determined by the user terminal is a TLS tunnel type, the user terminal establishes a TLS tunnel between the first port number and the second port number.

With reference to the possible implementation manners of the first aspect of the present invention, or the first possible implementation manner of the first aspect of the present invention, in the fourth possible implementation manner, the user terminal determines to wait according to the detection result of the STUN. The transmitted media establishes the tunnel type for the transport tunnel that traverses the firewall, including:

The user terminal sends an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting a real-time transmission control protocol. Port assignment of RTCP packets Use address

When receiving the address collection response returned by the STUN server, the user terminal further sends a STUN connectivity detection request of the media path to the media port corresponding to the media gateway by using the media port of the user terminal, where the STUN connectivity detection is performed. Determining whether the data packet of the media sent by the user terminal can directly reach the media port corresponding to the media gateway;

When the user terminal has not received the STUN connectivity detection response sent by the media gateway, the user terminal determines that the tunnel type of the transmission tunnel for traversing the firewall is the DTLS tunnel type.

In conjunction with a possible embodiment of the first aspect of the invention, or a first possible embodiment of the first aspect of the invention, or a fourth possible embodiment of the first aspect of the invention, in the fifth In a possible implementation manner, the user terminal establishes a transmission tunnel that includes the first port number and the second port number, and specifically includes:

If the tunnel type determined by the user terminal is a DTLS tunnel type, the user terminal establishes a DTLS tunnel between the first port number and the second port number.

In conjunction with a possible embodiment of the first aspect of the invention, or a first possible embodiment of the first aspect of the invention, or a second possible embodiment of the first aspect of the invention, or in combination with the invention A third possible implementation of the first aspect, or a fourth possible implementation of the first aspect of the invention, or a fifth possible implementation of the first aspect of the invention, in the sixth In a possible implementation manner, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

If the tunnel type is a TLS tunnel type, the RTP protocol data packet/RTCP protocol data packet and the UDP protocol data packet header included in the data packet of the media are encapsulated in the TLS tunnel data packet as the payload format information of the tunnel data packet; or

If the tunnel type is a DTLS tunnel type, the RTP protocol packet/RTCP protocol packet and the UDP protocol packet header included in the media packet are encapsulated in the DTLS tunnel packet as the payload format information of the tunnel packet.

With reference to the sixth possible implementation manner of the first aspect of the present invention, in a seventh possible implementation, the port number included in the UDP protocol packet header is respectively a media port and a location allocated by the user terminal. The media port assigned by the media gateway.

With reference to the sixth possible implementation manner of the first aspect of the present invention, or the seventh possible implementation manner of the first aspect of the present invention, in the eighth possible implementation manner, the media transmission method further includes :

The user terminal decapsulates the received media data packet, and acquires a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet;

And transmitting, according to the port number included in the UDP protocol packet header in the TLS tunnel data packet/DTLS tunnel data packet, the data packet of the media to the media processing unit.

According to a second aspect of the present invention, a media transmission device is provided, comprising:

a type determining module, configured to determine, according to a detection result of the network address translation session transmission application STUN, a tunnel type for a transmission tunnel traversing a firewall for the medium to be transmitted, where the tunnel type includes at least a transport layer security TLS One or more of tunnel type, datagram transport layer security DTLS tunnel type;

a tunnel establishment module, configured to allocate, according to the determined tunnel type, a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type, and the tunnel type, the first port number, and the tunnel data packet The load format information is sent to the network side, so that the network side allocates the second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, where the first port number and the second port number are Establish a transmission tunnel;

And a data packet receiving module, configured to receive, by the network side, a data packet of the media encapsulated according to the load format information of the tunnel data packet that is transmitted by using the established transmission tunnel.

With reference to a possible implementation manner of the second aspect of the present invention, in a first possible implementation, the tunnel establishment module sends the tunnel type, the first port number, and load format information of a tunnel data packet to a network. Side, specifically for:

Carrying the tunnel type, the first port number, and the load format information of the tunnel data packet at the conference The voice description protocol SDP message is sent to the IP bearer voice VoIP signaling server, and the VoIP signaling server allocates the second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, and the second port number is The port number is sent to the media gateway and the user terminal;

A transmission tunnel is established between the first port number and the second port number by negotiating with the media gateway.

In conjunction with the possible implementation of the second aspect of the present invention, or in combination with the first possible implementation of the second aspect of the present invention, in the second possible implementation, the type determining module is based on the detection result of the STUN. Determining the tunnel type for the transport tunnel to traverse the firewall for the media to be transmitted, specifically for:

Sending an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting a real-time transmission control protocol RTCP data. The public address of the port assignment of the packet;

When the UDP bearer address collection response returned by the STUN server cannot be received, it is determined that the tunnel type for the transport tunnel traversing the firewall for the media to be transmitted is the TLS tunnel type.

In conjunction with a possible embodiment of the second aspect of the invention, or a first possible embodiment of the second aspect of the invention, or a second possible embodiment of the second aspect of the invention, in the third In a possible implementation, the tunnel establishment module establishes a transmission tunnel between the first port number and the second port number, specifically for:

In conjunction with the possible implementation of the second aspect of the present invention, or in combination with the first possible implementation of the second aspect of the present invention, in a fourth possible implementation, the type determining module is based on the detection result of the STUN. Determining the tunnel type for the transport tunnel to traverse the firewall for the media to be transmitted, specifically for:

Sending an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet Port and a public address for the port assignment of the Real-Time Transport Control Protocol RTCP packet;

Upon receiving the address collection response returned by the STUN server, the STUN connectivity detection request of the media path is further sent to the media port corresponding to the media gateway by the media port of the user terminal, where the STUN connectivity detection request is used to determine Whether the data packet of the media sent by the user terminal can directly reach the media port corresponding to the media gateway;

When the STUN connectivity detection response sent by the media gateway has not been received, it is determined that the tunnel type of the transmission tunnel for traversing the firewall for the media to be transmitted is a DTLS tunnel type.

In conjunction with a possible embodiment of the second aspect of the invention, or a first possible embodiment of the second aspect of the invention, or a fourth possible embodiment of the second aspect of the invention, in the fifth In a possible implementation, the tunnel establishment module establishes a transmission tunnel that includes the first port number and the second port number, specifically for:

In conjunction with a possible embodiment of the second aspect of the invention, or a first possible embodiment of the second aspect of the invention, or a second possible embodiment of the second aspect of the invention, or in combination with the invention A third possible implementation of the second aspect, or a fourth possible implementation of the second aspect of the invention, or a fifth possible implementation of the second aspect of the invention, in the sixth In a possible implementation manner, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

In conjunction with the sixth possible implementation of the second aspect of the invention, in a seventh possible implementation The port number included in the UDP protocol packet header is respectively a media port allocated by the user terminal and a media port allocated by the media gateway.

With reference to the sixth possible implementation manner of the second aspect of the present invention, or the seventh possible implementation manner of the second aspect of the present invention, in the eighth possible implementation manner, the media transmission device further includes : Parsing module, where:

The parsing module is configured to decapsulate the received media data packet, and obtain a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet;

The beneficial effects of the present invention are as follows:

In the embodiment of the present invention, the user terminal determines, according to the detection result of the STUN, the tunnel type of the transmission tunnel used to traverse the firewall for the media to be transmitted, and allocates the user terminal to the transmission tunnel corresponding to the tunnel type according to the determined tunnel type. a first port number of the side, and sending the tunnel type, the first port number, and the load format information of the tunnel data packet to the network side, so that the network side is the transmission tunnel corresponding to the tunnel type according to the tunnel type. Allocating a second port number on the network side, establishing a transmission tunnel between the first port number and the second port number; receiving the tunnel data packet that is transmitted by the network side through the established transmission tunnel The payload format information encapsulates the packets of the media. In this way, when the IP data packet traverses the firewall, the firewall cannot know the type of the upper layer protocol packet, and the method of the embodiment of the present invention directly establishes a transmission tunnel with the media gateway without adding additional network elements and nodes, which can not only traverse All types of firewalls, and effectively avoid the delay problem in media transmission, improve the efficiency of media transmission.

DRAWINGS

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, A person of ordinary skill in the art, without premise of creative labor Further drawings can also be obtained from these figures.

FIG. 1 is a schematic flowchart diagram of a media transmission method according to Embodiment 1 of the present invention;

2 is a schematic diagram of a TLS tunnel data packet format when traversing a firewall;

3 is a schematic diagram of a DTLS tunnel data packet format when traversing a firewall;

4 is a schematic flowchart of a media transmission method according to Embodiment 2 of the present invention;

FIG. 5 is a schematic flowchart diagram of a media transmission method according to Embodiment 3 of the present invention;

FIG. 6 is a schematic flowchart diagram of a media transmission method according to Embodiment 4 of the present invention;

FIG. 7 is a schematic structural diagram of a media transmission device according to Embodiment 5 of the present invention;

FIG. 8 is a schematic structural diagram of a media transmission device according to Embodiment 6 of the present invention.

detailed description

In order to achieve the object of the present invention, an embodiment of the present invention provides a media transmission method and device. The user terminal determines, according to the detection result of the STUN, a tunnel type for a transmission tunnel traversing a firewall for the media to be transmitted, according to the determined Assigning, by the tunnel type, a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type, and storing the tunnel type, the first port number, and the payload of the tunnel data packet (English: Payload) format information Sending to the network side, the network side allocates a second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, and establishes a transmission tunnel between the first port number and the second port number. Receiving, by the network side, the data packet of the media encapsulated according to the payload format information of the tunnel data packet transmitted by the established transmission tunnel. In this way, when the IP data packet traverses the firewall, the firewall cannot know the type of the upper layer protocol packet, and the method of the embodiment of the present invention directly establishes a transmission tunnel with the media gateway without adding additional network elements and nodes, which can not only traverse All types of firewalls, and effectively avoid the delay problem in media transmission, improve the efficiency of media transmission.

It should be noted that the data packet of the media described in the embodiment of the present invention includes: an RTP data packet and/or an RTCP data packet.

The term "and/or" in this article is merely an association describing the associated object, indicating that There are three kinds of relationships, for example, A and/or B, which can indicate that there are three cases in which A exists separately, and A and B exist simultaneously, and B exists alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.

The embodiments of the present invention are further described in detail below with reference to the accompanying drawings. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

Embodiment 1:

FIG. 1 is a schematic flowchart diagram of a media transmission method according to Embodiment 1 of the present invention. The method can be as follows.

Step 101: The user terminal determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the media to be transmitted.

The tunnel type includes at least one of a transport layer security (TLS) tunnel type and a datagram transport layer security (DTLS) tunnel type.

In step 101, the user terminal initiates a VoIP session and runs the ICE client to initiate the ICE/STUN traversal firewall process.

The user terminal randomly allocates a pair of port numbers P1 and P2 for the RTP data packet and the RTCP data packet to be transmitted, wherein the RTP port number is an even number and is one less than the port number of the RTCP.

The user terminal sends an address collection request to the STUN server.

The address collection request is used to obtain a public address that is used by the firewall to transmit a real-time transport protocol RTP data packet and a port for transmitting a real-time transport control protocol RTCP data packet.

It should be noted that the user terminal sends an address collection request carried by the UDP (User Datagram Protocol) to the STUN server.

Specifically, the user terminal sends the UDP to the STUN server through the P1 port and the P2 port respectively. The bearer address allocation request (ie STUN allocate) or the STUN bind request (ie STUN Binding) (in the present invention, for convenience of description, the STUN address allocation request and the STUN binding request may be collectively referred to as an address collection request).

The STUN server obtains the source address of the address collection request. The source address is the public network address assigned by the firewall to the port of the user terminal that sends the address collection request. The STUN server sends the public network address to the user terminal through the address collection response, so that the user The terminal knows the public network address assigned by the firewall to its port.

Situation 1:

The address collection response sent by the user terminal by the UDP bearer and the STUN server to the user terminal is also carried by the UDP. Once the firewall restricts the UDP packet from passing, or the firewall port 3478 (the default protocol port of the STUN) is not open, the firewall The address collection request sent by the user terminal is discarded, so that the STUN server cannot receive the address collection request sent by the user terminal, and the user terminal cannot receive the address collection response sent by the STUN server.

At this time, the user terminal determines that the firewall prohibits VoIP media transmission, and needs to establish a transmission tunnel for traversing the firewall for the media to be transmitted.

In this case, the user terminal determines that the firewall restricts the transmission of the UDP data packet, and the tunnel type that needs to establish a transmission tunnel for the medium to be transmitted for traversing the firewall is a TLS tunnel type.

Case 2:

The response is collected by the UDP-hosted address returned by the STUN server. If the firewall has not restricted the UDP packet passing, or the firewall port 3478 (the default protocol port of the STUN) is open, the user terminal receives the address collection response returned by the STUN server, and obtains the firewall respectively. A public address (also known as a reflexive address) assigned to a P1 port and a P2 port.

The user terminal continues to execute the ICE/STUN traversal firewall process:

The user terminal sends an SDP (Session Description Protocol) message to the VoIP signaling server, where the SDP message includes a reflexive address.

The VoIP signaling server sends the received SDP message and ICE information to the media gateway, and The device allocates corresponding network side media ports (ie, P3 port and P4 port) for the P1 port and the P2 port.

It should be noted that the network side media port herein may refer to a media port corresponding to the media gateway.

The VoIP signaling server returns an SDP response message to the user terminal, wherein the SDP response message includes the allocated network side media ports (ie, P3 port and P4 port).

The user terminal further sends a STUN Connectivity check request of the media path to the media port corresponding to the media gateway through the media port of the user terminal, where the STUN connectivity detection request is used to determine whether the media sent by the user terminal is The user can directly access the media port corresponding to the media gateway, that is, the user terminal checks whether the path between the local media port and the media port corresponding to the media gateway is reachable.

If the firewall between the user terminal and the media gateway does not open the protocol port of the communication party, the user terminal cannot receive the STUN connectivity detection response sent by the media gateway. At this time, the user terminal determines to establish the media to be transmitted for use. A transmission tunnel that traverses the firewall.

In other words, because the firewall between the user terminal and the media gateway has the DPI (Deep Packet Inspection) function, the STUN connectivity detection request can be allowed to pass, but the RTP/RTCP data packet is not allowed to pass, so that the user terminal remains. The media data packet from the media gateway cannot be received. At this time, the user terminal determines to establish a transmission tunnel for traversing the firewall for the media to be transmitted.

In this case, the tunnel type that the user terminal needs to establish a transport tunnel for traversing the firewall for the medium to be transmitted is a DTLS tunnel type.

In summary, if the user terminal sends an address collection request that is carried by the UDP to the STUN server, and fails to receive the address collection response of the UDP bearer returned by the STUN server, it is determined that the transmission for the media to be transmitted is established for traversing the firewall. The tunnel type of the tunnel is the TLS tunnel type.

If the user terminal sends an address collection request by the UDP to the STUN server, and receives the response from the UDP bearer returned by the STUN server, the media port corresponding to the media gateway through the P1 and P2 ports respectively according to the existing technical specifications. Send a STUN connectivity check request, When the STUN connectivity detection response sent by the media gateway has not been received, it is determined that the tunnel type of the transmission tunnel for traversing the firewall for the media to be transmitted is a DTLS tunnel type.

Step 102: The user terminal allocates a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type according to the determined tunnel type.

In step 102, the user terminal traverses the firewall by using the tunnel data packet to encapsulate the RTP/RTCP over UDP data packet when determining to establish a transmission tunnel for traversing the firewall. In this case, the transmission tunnel corresponding to the determined tunnel type is determined. The first port number on the user terminal side is assigned.

If the determined tunnel type is a TLS tunnel type, the first port number on the user terminal side is a port number of the TLS tunnel type assigned to the user terminal side TLS client;

If the determined tunnel type is the DTLS tunnel type, the first port number on the user terminal side is the port number of the DTLS client allocated to the user terminal side for the TLS tunnel type.

Step 103: The user terminal sends the tunnel type, the first port number, and the load format information of the tunnel data packet to the network side, so that the network side allocates the transmission tunnel corresponding to the tunnel type according to the tunnel type. A second port number on the network side, establishing a transmission tunnel between the first port number and the second port number.

In step 103, the user terminal carries the tunnel type, the first port number, and the payload format information of the tunnel data packet in an SDP message and sends the information to the IP bearer voice VoIP signaling server, which is determined by the VoIP signaling server. The tunnel type is a second port number on the network side of the transmission tunnel corresponding to the tunnel type, and the second port number is sent to the media gateway and the user terminal.

The user terminal may also send the IP address of the user terminal to the VoIP signaling server.

The VoIP signaling server may also send an authentication parameter to the user terminal, where the authentication parameter is used to authenticate the media gateway when establishing a transmission tunnel with the media gateway.

It should be noted that the payload format of the tunnel data packet refers to how the RTP protocol data packet/RTCP protocol data packet is carried in the tunnel data packet, and the payload format information of the tunnel data packet refers to a specific identifier or attribute line carried by the SDP, and is used for Notify the receiver how to encapsulate the data packets of the media to be sent in the tunnel data packet.

Situation 1:

Specifically, the VoIP signaling server receives the SDP message sent by the user terminal, and determines the TLS protocol default port number 443 as the TLS tunnel network side when determining the firewall traversed by the TLS tunnel according to the tunnel type included in the SDP message. Port, at the same time, randomly assigns the port number of the RTP protocol packet/RTCP protocol packet to P4/P5; and generates an authentication parameter for the user terminal to authenticate the media gateway during the handshake negotiation process of establishing the TLS transmission tunnel, for example: The authentication parameter may be a media gateway digital certificate fingerprint or a pre-shared key.

In addition, the VoIP signaling server sends the port number of the allocated TLS transmission tunnel network side and the authentication parameter for establishing the TLS tunnel to the user terminal through the SDP response message.

At the same time, the VoIP signaling server sends the network side port (ie, the second port number) of the TLS transmission tunnel and the payload format information of the tunnel data packet to the media gateway.

The user terminal and the media gateway negotiate to establish a TLS transmission tunnel between the first port number and the second port number according to the existing TLS protocol.

It should be noted that when a TLS transmission tunnel is established between the user terminal and the media gateway, only one-side authentication is required, that is, the user terminal authenticates the media gateway because the TLS transmission is established according to the existing ICE protocol. After the tunnel, the user terminal sends a STUN connectivity check request through the TLS transport tunnel. At this time, the media gateway authenticates the user terminal by using the ICE short-term credential mechanism.

Case 2:

Specifically, the VoIP signaling server receives the SDP message sent by the user terminal, and determines the default port number 3478 of the STUN protocol as the DTLS tunnel network side when determining the firewall that traverses the DTLS tunnel mode according to the tunnel type included in the SDP message. The authentication parameter of the user terminal to authenticate the media gateway during the handshake negotiation process of establishing the DTLS transmission tunnel. For example, the authentication parameter may be a media gateway digital certificate fingerprint or a pre-shared key.

In addition, the VoIP signaling server sends the port number (ie, the second port number) of the DTLS tunnel network side and the authentication parameter for establishing the tunnel to the user terminal through the SDP response message.

At the same time, the VoIP signaling server sends the network format port of the DTLS tunnel and the payload format information of the tunnel data packet to the media gateway.

The user terminal and the media gateway negotiate to establish a DTLS transmission tunnel between the first port number and the second port number according to the existing DTLS protocol.

Step 104: The user terminal receives a data packet of a media that is encapsulated by the network side and is encapsulated according to load format information of the tunnel data packet.

The data packet of the media includes an RTP protocol data packet/RTCP protocol data packet and a UDP protocol header, that is, an RTP/RTCP over UDP data packet, and the port number included in the UDP protocol header is the communication party carried in the SDP. RTP/RTCP port.

Optionally, in the embodiment of the present invention, the data packet of the tunneled media may be encapsulated in an encrypted form or a non-encrypted form.

Specifically, according to the existing protocol, TLS and DTLS encapsulate the carried data packets in two ways. One is to encrypt data by using a normal encryption algorithm (such as AES, 3DES, etc.), and the other is to adopt Data is encapsulated in plain text without encryption. According to the existing TLS/DTLS protocol, even if the data is carried in the plaintext encapsulation mode, the two parties must perform the same TLS/DTLS handshake negotiation process as the encryption encapsulation method, except that the encryption algorithm negotiated by both parties is null (null). . The so-called null algorithm does not actually encrypt the data, and the format of the packet is the same regardless of the encapsulation method. In addition, since the firewall does not perform protocol logic analysis on the TLS/DTLS handshake process, it cannot be known which encryption algorithm is used for encryption by TLS/DTLS. The data of the default payload part has been encrypted, so that the firewall cannot know the data carried by the TLS/DTLS tunnel. Package protocol type. Therefore, as long as the user terminal can establish a TLS/DTLS tunnel with the media gateway, no matter which encryption algorithm is used, the media data packets carried by the TLS/DTLS tunnel do not affect the firewall.

In step 104, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

If the tunnel type is TLS tunnel type, the RTP protocol packet/RTCP protocol packet and the UDP protocol packet header included in the media packet are used as the payload format information of the tunnel packet. Encapsulated in a TLS tunnel packet; or

The port number included in the UDP protocol packet header is respectively a media port allocated by the user terminal and a media port allocated by the media gateway.

Optionally, the media transmission method further includes:

The user terminal decapsulates the received media data packet, acquires a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet, and according to a UDP protocol data packet in a TLS tunnel data packet/DTLS tunnel data packet The port number included in the header sends the data packet of the media to the media processing unit.

As shown in Figure 2, it is a schematic diagram of the TLS tunnel packet format when traversing the firewall.

Figure 2 shows the TLS tunnel packet. As can be seen from Figure 2, the TLS message contains the tunnel packet header, the tunnel packet payload, and the TLS trailer. The port number of the TCP included in the tunnel packet header is the source port number and destination port number of the TLS transport tunnel. If the data packet of the media is sent by the user terminal to the media gateway, the source port number of the tunnel data packet is the first port number, and the destination port is the second port number; if the media data packet is sent by the media gateway to the user terminal, The source port number of the tunnel packet is the second port number, and the destination port number is the port number corresponding to the public network address assigned to the user terminal through the firewall. In the STUN connectivity detection phase, the media gateway passes the STUN connectivity check (for example: The TLS handshake request message or the STUN connectivity check request message acquires a public network address assigned to the user terminal by the firewall.

As with the normal VoIP conference, the communication parties exchange the media port number of the peer end through the SDP message. The port number of the UDP header included in the tunnel packet payload is the media port number of the communication parties carried in the SDP. If the media packet is used by the user. When the terminal sends the media gateway to the media gateway, the source port number of the UDP header is P1/P2, and the destination port number is P3/P4. If the media packet is sent by the media gateway to the user terminal, the source port number of the UDP header is P3. /P4, the destination port is P1/P2.

The TLS trailer part is the integrity check value of the TLS payload part. According to the TLS protocol, this value is used to verify whether the payload part data has been modified.

It should be pointed out here that no matter which encryption algorithm is used by TLS, even the null algorithm does not change the format of the data packet.

Since the tunnel packet payload portion is encapsulated between the TLS header and the trailer, the firewall cannot know the type of packet of the media carried by the tunnel packet.

As shown in Figure 3, it is a schematic diagram of the DTLS tunnel packet format when traversing the firewall.

Figure 3 shows the DTLS tunnel packet. As can be seen from Figure 3, the DTLS message contains the tunnel packet header, the tunnel packet payload, and the DTLS trailer. The port number of the UDP included in the tunnel packet header is the source port number and destination port of the DTLS transmission tunnel. If the data packet of the media is sent by the user terminal to the media gateway, the source port number of the tunnel data packet is the first port number, and the destination port number is the second port number; if the media data packet is sent by the media gateway to the user terminal The source port number of the tunnel data packet is the second port number, and the destination port number is the port number corresponding to the public network address allocated by the firewall for the user terminal. In the STUN connectivity detection phase, the media gateway passes the STUN connectivity detection (for example, The DTLS handshake request message or the STUN connectivity check message acquires a public network address assigned to the user terminal by the firewall.

The port number of the UDP header included in the tunnel packet payload is the media port number of the communication parties carried by the SDP. If the media packet is sent by the user terminal to the media gateway, the port number is P1/P2; if the media datagram When the text is sent to the user terminal by the media gateway, the port number is P3/P4.

The DTLS trailer part is the integrity check value of the TLS payload part. According to the DTLS protocol, this value is used to verify whether the payload part data has been modified.

It should be pointed out here that no matter which encryption algorithm is used by DTLS, even the null algorithm does not change the format of the data packet. Since the tunnel packet payload portion is encapsulated between the DTLS header and the DTLS trailer, the firewall cannot know the type of packet of the media carried by the tunnel packet.

According to the solution of the first embodiment of the present invention, the user terminal determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, according to the determined tunnel. a type, the first port number on the user terminal side is allocated to the transmission tunnel corresponding to the tunnel type, and the tunnel type, the first port number, and the load format information of the tunnel data packet are sent to the network side, so that the network side And assigning, according to the tunnel type, a second port number of the network side to the transmission tunnel corresponding to the tunnel type, establishing a transmission tunnel between the first port number and the second port number; and receiving the network side to establish The data packet of the media that is transmitted by the transport tunnel and encapsulated according to the payload format information of the tunnel data packet. In this way, when the IP data packet traverses the firewall, the firewall cannot know the type of the upper layer protocol packet, and the method of the embodiment of the present invention directly establishes a transmission tunnel with the media gateway without adding additional network elements and nodes, which can not only traverse All types of firewalls, and effectively avoid the delay problem in media transmission, improve the efficiency of media transmission.

Embodiment 2:

FIG. 4 is a schematic flowchart diagram of a media transmission method according to Embodiment 2 of the present invention. The method can be as follows.

Step 401: The user terminal initiates a VoIP session and runs the ICE client.

In step 401, the user terminal initiates the ICE/STUN traversal firewall process.

Step 402: The user terminal randomly allocates a pair of port numbers P1 and P2 for the RTP data packet and the RTCP data packet to be transmitted.

The RTP port number is an even number and is one less than the port number of the RTCP.

Step 403: The user terminal sends an address collection request to the STUN server.

Specifically, the user terminal sends an address allocation request (ie, STUN allocate) or a STUN binding request (that is, STUN Binding) carried by the UDP to the STUN server through the P1 port and the P2 port, respectively (in the present invention, for the convenience of description, address allocation) Request and STUN binding request can Collectively referred to as address collection requests).

Step 404: The user terminal determines whether the address collection response returned by the STUN server can be received. If yes, step 409 is performed; if not, step 405 is performed.

Step 405: The user terminal determines that the tunnel type of the transmission tunnel for traversing the firewall for the media to be transmitted is a TLS tunnel type.

Step 406: The user terminal allocates a port number of the user terminal side TLS client to the transmission tunnel corresponding to the TLS tunnel type according to the determined TLS tunnel type.

It should be noted that the port number of the TLS client on the user terminal side herein may also be referred to as the first port number on the user terminal side.

Step 407: The user terminal sends the tunnel type, the port number of the user terminal side TLS client, and the load format information of the tunnel data packet to the network side, so that the network side corresponds to the tunnel type according to the tunnel type. The transmission tunnel allocates a port number on the network side, and establishes a transmission tunnel between the port number of the TLS client on the user terminal side and the port number on the network side.

It should be noted that the port number on the network side herein may also be referred to as a second port number on the network side.

In step 407, the user terminal carries the tunnel type, the port number of the user terminal side TLS client, and the payload format information of the tunnel data packet in an SDP message and sends the message to the IP bearer voice VoIP signaling server by VoIP. The signaling server allocates a port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, and sends the port number of the network side to the media gateway and the user terminal.

The VoIP signaling server may further send an authentication parameter to the user terminal, where the authentication parameter is used. The media gateway is authenticated when establishing a transmission tunnel with the media gateway.

Specifically, the VoIP signaling server receives the SDP message sent by the user terminal, and determines the TLS protocol default port number 443 as the TLS tunnel network side when determining the firewall traversed by the TLS tunnel according to the tunnel type included in the SDP message. Port, the port number of the RTP/RTCP protocol data packet is randomly assigned to be P4/P5; and the authentication parameter for authenticating the media gateway by the user terminal during the handshake negotiation process of establishing the TLS transmission tunnel, for example, the authentication parameter may be A digital certificate fingerprint or pre-shared key for the media gateway.

At the same time, the VoIP signaling server sends the port format of the network side of the TLS transmission tunnel and the payload format information of the tunnel data packet to the media gateway.

The user terminal and the media gateway negotiate to establish a TLS transmission tunnel between the port number of the TLS client on the user terminal side and the port number on the network side according to the existing TLS protocol.

Step 408: The user terminal receives a data packet of a media that is encapsulated by the network side and is encapsulated according to the load format information of the tunnel data packet.

In step 408, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

When the tunnel type is the TLS tunnel type, the RTP protocol packet/RTCP protocol packet and the UDP protocol packet header included in the media packet are encapsulated in the TLS tunnel packet as the payload format information of the tunnel packet.

The user terminal sends a STUN connectivity check request through the TLS transport tunnel, and the media gateway adopts The short-term credential mechanism is used to perform authentication on the user terminal. After receiving the STUN connectivity detection response, the user terminal notifies the media gateway by using the update SDP offer message to determine to traverse the firewall by using the TLS transmission tunnel. The user terminal and the media gateway send the RTP/RTCP over UDP protocol data packet to the peer end according to the TLS tunnel data packet format of FIG. 2 through the TLS transport tunnel.

Step 409: The user terminal receives the address collection response returned by the STUN server, and obtains the public address assigned by the firewall to the P1 port and the P2 port respectively.

The user terminal sends an SDP (Session Description Protocol) message to the VoIP signaling server, where the public address is included in the SDP message.

The VoIP signaling server sends the received SDP message and ICE information to the media gateway, and randomly allocates the media ports (ie, P3 port and P4 port) corresponding to the network side to the P1 port and the P2 port.

The VoIP signaling server returns an SDP response message to the user terminal, where the SDP response message includes the media port corresponding to the allocated network side (ie, the P3 port and the P4 port).

Step 410: The user terminal sends a STUN connectivity detection request of the media path to the media port P3/P4 corresponding to the media gateway through the media port P1/P2.

The STUN Connectivity check (STUN Connectivity check) request is used to determine whether the media sent by the user terminal can directly reach the media port corresponding to the media gateway, that is, the user terminal checks the media corresponding to the media gateway from the local media port to the media gateway. Whether the path between the ports is accessible.

Step 411: When the user terminal cannot receive the STUN connectivity detection response sent by the media gateway, determine that the tunnel type of the transmission tunnel used for traversing the firewall is the DTLS tunnel type.

In step 411, if the firewall between the user terminal and the media gateway does not open the protocol port of the communication party, the user terminal cannot receive the STUN connectivity detection response sent by the media gateway. At this time, the user terminal determines that the user terminal is to be transmitted. The media establishes a transport tunnel for traversing the firewall.

Or, because the firewall between the user terminal and the media gateway has DPI (Deep Packet) Inspection; deep packet inspection) function, which allows the STUN connectivity detection request to pass, but does not allow the RTP protocol packet/RTCP protocol packet to pass, so that the user terminal still cannot receive the data packet from the media gateway. The user terminal determines to establish a transport tunnel for traversing the firewall for the media to be transmitted.

Step 412: The user terminal allocates a port number of the DTLS client of the user terminal to the DTLS tunnel type according to the determined DTLS tunnel type.

It should be noted that the port number of the DTLS client on the user terminal side herein may also be referred to as the first port number on the user terminal side.

Step 413: The user terminal sends the tunnel type, the port number and the payload format information of the user terminal side DTLS client to the network side, so that the network side allocates the transmission tunnel corresponding to the tunnel type according to the tunnel type. A port number on the network side establishes a transmission tunnel between the port number of the DTLS client on the user terminal side and the port number on the network side.

In step 413, the VoIP signaling server receives the SDP message sent by the user terminal, and determines the default port number 3478 of the STUN protocol as the DTLS tunnel when determining the firewall traversed by the DTLS tunnel according to the tunnel type included in the SDP message. The authentication parameter of the user terminal to authenticate the media gateway during the handshake negotiation process of the DTLS transmission tunnel. For example, the authentication parameter may be a media gateway digital certificate fingerprint or a pre-shared key.

In addition, the VoIP signaling server sends the port number of the DTLS tunnel network side and the authentication parameter for establishing the tunnel to the user terminal through the SDP response message.

The user terminal and the media gateway negotiate to establish a DTLS transmission tunnel between the port number of the DTLS client on the user terminal side and the port number on the network side according to the existing DTLS protocol.

Step 414: The user terminal receives a data packet of a media that is encapsulated by the network side and is encapsulated according to the load format information of the tunnel data packet.

In step 414, the media is encapsulated according to the payload format information of the tunnel data packet in the following manner. Volume packet:

When the tunnel type is a DTLS tunnel type, the RTP protocol packet/RTCP protocol packet and the UDP protocol packet header included in the media packet are encapsulated in the DTLS as the payload format information of the tunnel packet corresponding to the DTLS tunnel type. In the tunnel packet.

Optionally, the user terminal sends the STUN connectivity check request through the DTLS transmission tunnel, and the media gateway performs the authentication on the user terminal by using the short-term credential mechanism. After receiving the STUN connectivity detection response, the user terminal notifies the media gateway through the update SDP offer message, and determines to use the DTLS transmission tunnel to traverse the firewall. The user terminal and the media gateway send the RTP/RTCP over UDP protocol data packet to the peer end through the DTLS transmission tunnel according to the encapsulation format of FIG. 3.

When the IP packet traverses the firewall, the firewall cannot know the packet type of the upper layer protocol. In the embodiment of the present invention, a transmission tunnel is directly established between the IP gateway and the node without adding additional network elements and nodes. All types of firewalls, and effectively avoid the delay problem in media transmission, improve the efficiency of media transmission.

Embodiment 3:

As shown in FIG. 5, it is a schematic flowchart of a media transmission method according to Embodiment 3 of the present invention. The method can be as follows.

Step 501: The user terminal initiates a VoIP session and runs the ICE client.

In step 501, the user terminal initiates the ICE/STUN traversal firewall process.

Step 502: The user terminal randomly allocates a pair of port numbers P1 and P2 for the RTP data packet and the RTCP data packet to be transmitted.

Step 503: The user terminal sends an address collection request to the STUN server.

It should be noted that the user terminal sends UDP (User Datagram) to the STUN server. Protocol, User Datagram Protocol) The address collection request carried.

Specifically, the user terminal sends an address allocation request (ie, STUN allocate) or a STUN binding request (that is, STUN Binding) carried by the UDP to the STUN server through the P1 port and the P2 port, respectively (in the present invention, for the convenience of description, address allocation) Request and STUN binding requests can be collectively referred to as address collection requests).

Step 504: When the user terminal cannot receive the address collection response returned by the STUN server, determine that the tunnel type used for the transmission tunnel to traverse the firewall is TLS tunnel type.

The address collection request sent by the user terminal is received by the UDP. Once the firewall restricts the UDP packet from passing through, or the firewall port 3478 (the default protocol port of the STUN) is not open, the firewall discards the address collection request sent by the user terminal, so that the STUN server cannot receive the packet. The address collection request sent by the user terminal does not receive the address collection response sent by the STUN server.

In this case, the user terminal determines that the firewall restricts the transmission of UDP packets, and the tunnel type that needs to establish a transmission tunnel for traversing the firewall for the media to be transmitted is a TLS tunnel type.

Step 505: The user terminal allocates a port number of the user terminal side TLS client to the transmission tunnel corresponding to the TLS tunnel type according to the determined TLS tunnel type.

Step 506: The user terminal sends the tunnel type, the port number of the user terminal side TLS client, and the payload format information of the tunnel data packet to the VoIP signaling server by using the SDP message, so that the VoIP signaling server determines to adopt the TLS tunnel mode to traverse Firewall.

It should be noted that the SDP message may also carry the IP address of the user terminal (that is, the private address of the user terminal).

In step 506, the manner in which the SDP message carries the tunnel type, the port number of the user terminal side TLS client, and the media encapsulation format includes but is not limited to:

The first way:

An SDP attribute line is defined. The SDP attribute line is used to describe the tunnel type that traverses the firewall, the port number of the TLS client on the user terminal side, and the media encapsulation format information.

For example, the format used is a=traversal:<port number of the TLS client on the user terminal side><tunnel type><load format information of the tunnel packet>.

In this embodiment, it can be specifically described as a=traversal: P3 TLS-tunnel UDP-included, indicating that the port number of the TLS client on the user terminal side is P1, and the TLS tunnel type is adopted, and the payload format information of the tunnel data packet is the RTP protocol data packet/ The RTCP protocol packet plus the UDP header is used as the payload of the TLS tunnel packet.

The second way:

The candidate attribute line in the SDP message is extended, and the identifier bit is added, and the path describing the candidate is the tunnel type and the payload format information of the tunnel data packet.

For example: use a=host candidate:<existing protocol parameter><tunnel type><load format information of tunnel packet>. This example can be specifically described as a=candidate: TCP P3 host candidate TLS-tunnel UDP-included.

Step 507: When the VoIP signaling server receives the SDP message sent by the user terminal, and determines the firewall traversed by the TLS tunnel according to the tunnel type included in the SDP message, the TLS protocol default port number 443 is fixedly allocated as the TLS tunnel server end. (that is, the network side) port, and the port number of the RTP/RTCP protocol packet randomly assigned at the same time is P4/P5.

Optionally, the VoIP signaling server generates an authentication parameter used by the user terminal to authenticate the media gateway in the handshake negotiation process of establishing the TLS transmission tunnel. For example, the authentication parameter may be a media gateway digital certificate fingerprint or a pre-shared key.

Step 508: The VoIP signaling server sends the port number of the allocated TLS transmission tunnel network side and the authentication parameter for establishing the TLS tunnel to the user terminal by using an SDP response message.

At the same time, the VoIP signaling server sends the network side port of the TLS transmission tunnel and the payload format information of the tunnel data packet to the media gateway.

Step 509: The user terminal and the media gateway negotiate to establish a TLS transmission tunnel between the port number of the TLS client on the user terminal side and the port number on the network side according to the existing TLS protocol.

The media gateway establishes a mapping relationship between the private address of the user terminal and the public network address assigned by the firewall according to the public network address allocated by the firewall for the user terminal and the private address of the user terminal sent by the VoIP signaling server.

It should be noted that the destination port number corresponding to the tunnel packet in the media data packet sent by the subsequent media gateway to the user terminal is the port number corresponding to the public network address.

Step 510: The user terminal receives the data packet of the media encapsulated according to the load format information of the tunnel data packet that is transmitted by the network side through the established transmission tunnel.

Specifically, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

When the tunnel type is the TLS tunnel type, the RTP protocol packet/RTCP protocol packet and the UDP protocol packet header included in the media packet are encapsulated in the TLS protocol as the payload format information of the tunnel packet corresponding to the TLS tunnel type. In the tunnel packet.

The user terminal sends a STUN connectivity check request through the TLS transport tunnel, and the media gateway performs short-term credential mechanism to perform authentication on the user terminal. After receiving the STUN connectivity detection response, the user terminal notifies the media gateway by using the update SDP offer message to determine to traverse the firewall by using the TLS transmission tunnel. The user terminal and the media gateway send the RTP/RTCP over UDP protocol data packet to the peer end according to the TLS tunnel data packet format of FIG. 2 through the TLS transport tunnel.

Embodiment 4:

FIG. 6 is a schematic flowchart diagram of a media transmission method according to Embodiment 4 of the present invention. The method can be as follows.

Step 601: The user terminal initiates a VoIP session and runs the ICE client.

In step 601, the user terminal initiates the ICE/STUN traversal firewall process.

Step 602: The user terminal randomly allocates a pair of port numbers P1 and P2 for the RTP data packet and the RTCP data packet to be transmitted.

Step 603: The user terminal sends an address collection request to the STUN server.

Specifically, the user terminal sends an UDP-encapsulated address allocation request (ie, STUN allocate) or a STUN binding request (that is, STUN Binding) to the STUN server through the P1 port and the P2 port, respectively (in the present invention, for the convenience of description, address allocation) Request and STUN binding requests can be collectively referred to as address collection requests).

Step 604: The user terminal receives the address collection response returned by the STUN server, and obtains a public address assigned by the firewall to the P1 port and the P2 port respectively.

Step 605: The user terminal sends a STUN connectivity detection request of the media path to the media port P3/P4 corresponding to the media gateway through the media port P1/P2.

Step 606: When the user terminal cannot receive the STUN connectivity detection response sent by the media gateway, determine that the tunnel type of the transmission tunnel used for traversing the firewall is the DTLS tunnel type.

In step 606, if the firewall between the user terminal and the media gateway does not open the protocol port of the communication party, the user terminal cannot receive the STUN connectivity detection response sent by the media gateway. At this time, the user terminal determines that the user terminal is to be transmitted. The media establishes a transport tunnel for traversing the firewall.

In other words, because the firewall between the user terminal and the media gateway has the DPI (Deep Packet Inspection) function, the STUN connectivity detection request can be allowed to pass, but the RTP protocol packet/RTCP protocol packet is not allowed to pass. The user terminal still cannot receive the data packet of the media from the media gateway. At this time, the user terminal determines to establish a transmission tunnel for traversing the firewall for the media to be transmitted.

Step 607: The user terminal allocates a port number of the DTLS client of the user terminal to the DTLS tunnel type according to the determined DTLS tunnel type.

Step 608: The user terminal sends, by using an SDP message, the tunnel type, the port number of the DTLS client on the user terminal side, and the payload format information of the tunnel data packet to the VoIP signaling server, so that The VoIP signaling server determines the firewall that traverses through the DTLS tunnel.

In step 608, the manner in which the SDP carries the tunnel type, the port number of the DTLS client on the user terminal side, and the payload format information of the tunnel data packet includes, but is not limited to:

The first way:

An SDP attribute line is defined. The SDP attribute line is used to describe the tunnel type, the port number of the DTLS client on the user terminal side, and the payload format information of the tunnel data packet.

For example, the format used is a=traversal: <the DTLS port number assigned by the local end><tunnel type><load format information of the tunnel packet>.

In this embodiment, it can be specifically described as a=traversal: P5 DTLS-tunnel UDP-included, indicating that the DTLS client port number is P5, and the DTLS tunnel type is adopted, and the payload format information of the tunnel data packet is RTP protocol data packet/RTCP protocol data. The packet is added with the UDP header as the payload of the DTLS tunnel packet.

The second way:

For example: use a=host candidate:<existing protocol parameter><tunnel type><load format information of tunnel packet>. This example can be specifically described as a=candidate: TCP P5 host candidate TLS-tunnel UDP-included.

Step 609: The VoIP signaling server receives the SDP message sent by the user terminal, and determines the default port number 3478 of the STUN protocol as the DTLS tunnel network side when determining the firewall traversed by the DTLS tunnel mode according to the tunnel type included in the SDP message. Port.

Optionally, the VoIP signaling server generates an authentication parameter that the user terminal authenticates the media gateway during the handshake negotiation process of establishing the DTLS transmission tunnel. For example, the authentication parameter may be a media gateway digital certificate fingerprint or a pre-shared key.

Step 610: The user terminal and the media gateway negotiate to establish a DTLS transmission tunnel between the port number of the DTLS client on the user terminal side and the port number on the network side according to the existing DTLS protocol.

When the DTLS transmission tunnel is established between the user terminal and the media gateway, only the unilateral authentication needs to be performed, that is, the user terminal authenticates the media gateway, because after the DTLS transmission tunnel is established according to the existing ICE protocol, the user The terminal sends a STUN connectivity detection request through the DTLS transmission tunnel. At this time, the media gateway authenticates the user terminal by using an ICE short-term credential mechanism.

It should be noted that the so-called short-term credential is actually using the STUN account password carried by the user terminal to send the STUN connectivity detection request for authentication.

The firewall obtained by the media gateway is the public network address allocated by the tunnel client in the user terminal and the private address of the tunnel client sent by the VoIP signaling server, and the private address of the user terminal and the public network address assigned by the firewall are established. The mapping relationship between. .

Step 611: The user terminal sends a STUN connectivity check request through the DTLS transmission tunnel. After receiving the STUN connectivity detection response, the user terminal is notified by the update SDP offer message to determine that the DTLS transmission tunnel is used to traverse the firewall.

Step 612: The user terminal receives a data packet of a media that is encapsulated by the network side through the established DTLS tunnel and encapsulated according to the payload format information of the tunnel data packet.

In step 612, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

The user terminal and the media gateway transmit the tunnel through DTLS according to the encapsulation format of FIG. RTP/RTCP over UDP protocol packets are sent to the peer.

Embodiment 5:

FIG. 7 is a schematic structural diagram of a media transmission device according to Embodiment 5 of the present invention. The media transmission device includes: a type determining module 71, a tunnel establishing module 72, and a data packet receiving module 73, where:

The type determining module 71 is configured to determine, according to the detection result of the network address translation session transmission application STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, where the tunnel type includes at least a transport layer security. One or more of the TLS tunnel type and the datagram transport layer security DTLS tunnel type;

The tunnel establishment module 72 is configured to allocate, according to the determined tunnel type, a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type, and use the tunnel type, the first port number, and the tunnel data. The load format information of the packet is sent to the network side, so that the network side allocates the second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, where the first port number and the second port number are Establish a transmission tunnel between them;

The data packet receiving module 73 is configured to receive, by the network side, the data packet of the media encapsulated according to the load format information of the tunnel data packet that is transmitted by using the established tunnel.

Specifically, the tunnel establishment module 72 sends the tunnel type, the first port number, and the load format information of the tunnel data packet to the network side, specifically for:

Transmitting the tunnel type, the first port number, and the load format information of the tunnel data packet in a session description protocol SDP message to the IP bearer voice VoIP signaling server, where the VoIP signaling server is based on the tunnel type The transmission tunnel corresponding to the tunnel type allocates a second port number on the network side, and sends the second port number to the media gateway and the user terminal;

Specifically, the type determining module 71 determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the media to be transmitted, specifically for:

Specifically, the tunnel establishment module 72 establishes a transmission tunnel between the first port number and the second port number, specifically for:

Specifically, the tunnel establishment module 72 establishes a transmission tunnel that includes the first port number and the second port number, specifically for:

Optionally, the data packet of the media is encapsulated according to the payload format information of the tunnel data packet by:

Optionally, the media transmission device further includes: a parsing module 74, where:

The parsing module 74 is configured to decapsulate the received media data packet, and obtain a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet;

It should be noted that the media transmission device in the fifth embodiment of the present invention may be implemented in a hardware manner or in a software manner, which is not limited herein.

Example 6:

FIG. 8 is a schematic structural diagram of a media transmission device according to Embodiment 6 of the present invention. The media transmission device has the functions of the first embodiment of the present invention to the fourth embodiment of the present invention. The media transmission device may adopt a general computer system structure, and the computer system may be a processor-based computer. The media transport device entity includes at least one processor 81, a communication bus 82, a memory 83, and at least one communication interface 84.

The processor 81 can be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention.

Wherein, the communication bus 82 can include a path for transferring information between the components. The communication interface 84, using any device such as a transceiver, for communicating with other devices or communication networks, Such as Ethernet, Radio Access Network (RAN), Wireless Local Area Networks (WLAN), etc.

The memory 83 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (RAM), or other information that can store information and instructions. Type of dynamic storage device, or Electrostatic Erasable Programmable Read-Only Memory (EEPROM), Compact Disc Read-Only Memory (CD-ROM) or other optical disc storage, optical disc Storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be Any other medium accessed by the computer, but is not limited to this. These memories are connected to the processor via a bus.

The memory 83 is used to store application code for executing the solution of the present invention, and the application code for executing the solution of the present invention is stored in a memory and controlled by the processor 81 for execution. The processor 81 is configured to execute an application stored in the memory 83.

In a possible implementation manner, when the application is executed by the processor 81, the following functions are implemented:

Determining, according to the detection result of the network address translation session transmission application STUN, a tunnel type for a transmission tunnel traversing the firewall for the medium to be transmitted, where the tunnel type includes at least a transport layer secure TLS tunnel type and datagram transmission. One or more of the layers of secure DTLS tunnel types;

Assigning, by the determined tunnel type, a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type, and sending the tunnel type, the first port number, and the load format information of the tunnel data packet to The network side, the network side is configured to allocate a second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, and establish a transmission tunnel between the first port number and the second port number;

Receiving, by the network side, the tunnel data packet that is transmitted through the established transmission tunnel The data packet of the media packaged by the payload format information.

In a possible implementation, the processor 81 sends the tunnel type, the first port number, and the load format information of the tunnel data packet to the network side, specifically for performing:

In a possible implementation manner, the processor 81 determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the media to be transmitted, specifically for performing:

In a possible implementation, the processor 81 establishes a transmission tunnel between the first port number and the second port number, specifically for performing:

The user terminal sends an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting the real-time transmission protocol. The port of the RTP packet and the public address of the port for transmitting the real-time transport control protocol RTCP packet;

In a possible implementation, the processor 81 establishes a transmission tunnel that includes the first port number and the second port number, specifically for performing:

Specifically, the port number included in the UDP protocol packet header is respectively a media port allocated by the user terminal and a media port allocated by the media gateway.

In a possible implementation manner, the processor 81 is further configured to decapsulate the received media data packet to obtain a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet;

According to the UDP tunnel packet/DTLS tunnel packet, the packet in the UDP protocol packet header The port number included, the data packet of the media is sent to the media processing unit.

In this embodiment, when the application is executed by the processor, the processing of the media transmission device, and the interaction method with other network elements, reference may be made to the foregoing method embodiment. It will not be described in detail here.

Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, apparatus (device), or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and

It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims

A media transmission method, comprising:

The user terminal determines, according to the detection result of the network address translation session transmission application STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, where the tunnel type includes at least a transport layer secure TLS tunnel type and data. Reporting one or more of the transport layer security DTLS tunnel types;

The user terminal allocates a first port number on the user terminal side to the transmission tunnel corresponding to the tunnel type according to the determined tunnel type, and loads the tunnel type, the first port number, and the tunnel data packet. The format information is sent to the network side, so that the network side allocates the second port number of the network side to the transmission tunnel corresponding to the tunnel type according to the tunnel type, and establishes between the first port number and the second port number. Transmission tunnel

Receiving, by the user terminal, a data packet of a media encapsulated according to the load format information of the tunnel data packet that is transmitted by the network side through the established transmission tunnel.
The media transmission method according to claim 1, wherein the user terminal sends the tunnel type, the first port number, and the payload format information of the tunnel data packet to the network side, including:

Transmitting, by the user terminal, the tunnel type, the first port number, and the load format information of the tunnel data packet in a session description protocol SDP message to the IP bearer voice VoIP signaling server, where the VoIP signaling server is configured according to the The tunnel type is a second port number of the network side of the transmission tunnel corresponding to the tunnel type, and the second port number is sent to the media gateway and the user terminal;

The user terminal establishes a transmission tunnel between the first port number and the second port number by negotiating with the media gateway.
The medium transmission method according to claim 1 or 2, wherein the user terminal determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, including:

The user terminal sends an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting real-time transmission. Controlling the public address of the port assignment of the protocol RTCP packet;

When the user terminal cannot receive the address collection response of the UDP bearer returned by the STUN server, it determines that the tunnel type of the transport tunnel for traversing the firewall for the media to be transmitted is the TLS tunnel type.
The media transmission method according to any one of claims 1 to 3, wherein the user terminal establishes a transmission tunnel between the first port number and the second port number, which specifically includes:

If the tunnel type determined by the user terminal is a TLS tunnel type, the user terminal establishes a TLS tunnel between the first port number and the second port number.
The medium transmission method according to claim 1 or 2, wherein the user terminal determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, including:

The user terminal sends an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting a real-time transmission control protocol. The public address of the port assignment of the RTCP packet;

When receiving the address collection response returned by the STUN server, the user terminal further sends a STUN connectivity detection request of the media path to the media port corresponding to the media gateway by using the media port of the user terminal, where the STUN connectivity detection is performed. Determining whether the data packet of the media sent by the user terminal can directly reach the media port corresponding to the media gateway;

When the user terminal has not received the STUN connectivity detection response sent by the media gateway, the user terminal determines that the tunnel type of the transmission tunnel for traversing the firewall is the DTLS tunnel type.
A media transmission method according to claim 1 or 2 or 5, wherein said user The terminal establishes a transmission tunnel that includes the first port number and the second port number, and specifically includes:

If the tunnel type determined by the user terminal is a DTLS tunnel type, the user terminal establishes a DTLS tunnel between the first port number and the second port number.
The media transmission method according to any one of claims 1 to 6, wherein the data packet of the medium is encapsulated according to the payload format information of the tunnel data packet by:

If the tunnel type is a TLS tunnel type, the RTP protocol data packet/RTCP protocol data packet and the UDP protocol data packet header included in the data packet of the media are encapsulated in the TLS tunnel data packet as the payload format information of the tunnel data packet; or

If the tunnel type is a DTLS tunnel type, the RTP protocol packet/RTCP protocol packet and the UDP protocol packet header included in the media packet are encapsulated in the DTLS tunnel packet as the payload format information of the tunnel packet.
The media transmission method according to claim 7, wherein the port number included in the UDP protocol packet header is a media port allocated by the user terminal and a media port allocated by the media gateway.
The media transmission method according to claim 7 or 8, wherein the media transmission method further comprises:

The user terminal decapsulates the received media data packet, and acquires a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet;

And transmitting, according to the port number included in the UDP protocol packet header in the TLS tunnel data packet/DTLS tunnel data packet, the data packet of the media to the media processing unit.
A media transmission device, comprising:

a type determining module, configured to determine, according to a detection result of the network address translation session transmission application STUN, a tunnel type for a transmission tunnel traversing a firewall for the medium to be transmitted, where the tunnel type includes at least a transport layer security TLS One or more of tunnel type, datagram transport layer security DTLS tunnel type;

a tunnel establishment module, configured to transmit, according to the determined tunnel type, the tunnel type The transmission tunnel allocates a first port number on the user terminal side, and sends the tunnel type, the first port number, and the load format information of the tunnel data packet to the network side, so that the network side is the tunnel according to the tunnel type. a transmission tunnel corresponding to the type of the second port number on the network side, and establishing a transmission tunnel between the first port number and the second port number;

And a data packet receiving module, configured to receive, by the network side, a data packet of the media encapsulated according to the load format information of the tunnel data packet that is transmitted by using the established transmission tunnel.
The media transmission device according to claim 10, wherein the tunnel establishment module sends the tunnel type, the first port number, and the payload format information of the tunnel data packet to the network side, specifically for:

Transmitting the tunnel type, the first port number, and the load format information of the tunnel data packet in a session description protocol SDP message to the IP bearer voice VoIP signaling server, where the VoIP signaling server is based on the tunnel type The transmission tunnel corresponding to the tunnel type allocates a second port number on the network side, and sends the second port number to the media gateway and the user terminal;

A transmission tunnel is established between the first port number and the second port number by negotiating with the media gateway.
The medium transmission device according to claim 10 or 11, wherein the type determining module determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, specifically for:

Sending an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting a real-time transmission control protocol RTCP data. The public address of the port assignment of the packet;

When the UDP bearer address collection response returned by the STUN server cannot be received, it is determined that the tunnel type for the transport tunnel traversing the firewall for the media to be transmitted is the TLS tunnel type.
The media transmission device according to any one of claims 10 to 12, wherein the tunnel establishment module establishes a transmission tunnel between the first port number and the second port number, specifically for:

If the tunnel type determined by the user terminal is a TLS tunnel type, the user terminal establishes a TLS tunnel between the first port number and the second port number.
The medium transmission device according to claim 10 or 11, wherein the type determining module determines, according to the detection result of the STUN, a tunnel type for establishing a transmission tunnel for traversing the firewall for the medium to be transmitted, specifically for:

Sending an address collection request carried by the user datagram protocol UDP to the STUN server, where the address collection request is used to obtain a firewall for transmitting a real-time transport protocol RTP data packet and for transmitting a real-time transmission control protocol RTCP data. The public address of the port assignment of the packet;

Upon receiving the address collection response returned by the STUN server, the STUN connectivity detection request of the media path is further sent to the media port corresponding to the media gateway by the media port of the user terminal, where the STUN connectivity detection request is used to determine Whether the data packet of the media sent by the user terminal can directly reach the media port corresponding to the media gateway;

When the STUN connectivity detection response sent by the media gateway has not been received, it is determined that the tunnel type of the transmission tunnel for traversing the firewall for the media to be transmitted is a DTLS tunnel type.
The media transmission device according to claim 10 or 11 or 14, wherein the tunnel establishment module establishes a transmission tunnel including the first port number and the second port number, specifically for:

If the tunnel type determined by the user terminal is a DTLS tunnel type, the user terminal establishes a DTLS tunnel between the first port number and the second port number.
The media transmission device according to any one of claims 10 to 15, wherein the data packet of the medium is encapsulated according to the payload format information of the tunnel data packet by:

If the tunnel type is a TLS tunnel type, the RTP protocol data packet/RTCP protocol data packet and the UDP protocol data packet header included in the data packet of the media are encapsulated in the TLS tunnel data packet as the payload format information of the tunnel data packet; or

If the tunnel type is a DTLS tunnel type, the RTP protocol data packet/RTCP protocol data packet and the UDP protocol data packet header included in the data packet of the media are used as the payload format of the tunnel data packet. The information is encapsulated in a DTLS tunnel packet.
The media transmission device according to claim 16, wherein the port number included in the UDP protocol packet header is a media port allocated by the user terminal and a media port allocated by the media gateway.
The media transmission device according to claim 16 or 17, wherein the media transmission device further comprises: a parsing module, wherein:

The parsing module is configured to decapsulate the received media data packet, and obtain a data packet of a media in a TLS tunnel data packet/DTLS tunnel data packet;

And transmitting, according to the port number included in the UDP protocol packet header in the TLS tunnel data packet/DTLS tunnel data packet, the data packet of the media to the media processing unit.