WO2016201966A1 - Nat traversal method, apparatus and system - Google Patents

Nat traversal method, apparatus and system Download PDF

Info

Publication number
WO2016201966A1
WO2016201966A1 PCT/CN2016/070436 CN2016070436W WO2016201966A1 WO 2016201966 A1 WO2016201966 A1 WO 2016201966A1 CN 2016070436 W CN2016070436 W CN 2016070436W WO 2016201966 A1 WO2016201966 A1 WO 2016201966A1
Authority
WO
WIPO (PCT)
Prior art keywords
nat
port
local area
network device
area network
Prior art date
Application number
PCT/CN2016/070436
Other languages
French (fr)
Chinese (zh)
Inventor
叶位彬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016201966A1 publication Critical patent/WO2016201966A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2575NAT traversal using address mapping retrieval, e.g. simple traversal of user datagram protocol through session traversal utilities for NAT [STUN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2585NAT traversal through application level gateway [ALG]

Abstract

Provided are an NAT traversal method, apparatus and system. The method comprises: a local area network device starts a session via a source port PORT_LAN; a gateway generates an NAT address conversion table of the local area network device; and a public network device establishes communication with the local area network device according to the NAT address conversion table. Through the implementation of the present invention, the gateway generates the NAT address conversion table and provides same for use by the public network device, so that the public network device can establish communication with the local area network device according to the NAT address conversion table. In comparison with the related art, a relay server is removed, thereby simplifying the network structure and reducing the operating cost, so that the present invention particularly applies to cost-sensitive smart home applications.

Description

一种NAT穿透方法、装置及系统NAT penetration method, device and system 技术领域Technical field
本发明涉及物联网通讯领域,尤其涉及一种NAT(Network Address Translation,网络地址转换)穿透方法、装置及系统。The present invention relates to the field of Internet of Things (IoT) communication, and in particular, to a NAT (Network Address Translation) network penetration method, device and system.
背景技术Background technique
物联网是指将无处不在的末端设备和设施,包括移动终端、工业系统、楼控系统、家庭智能设施、视频监控系统等,通过各种无线或有线的长距离或短距离通讯网络实现互联互通以及基于云计算的营运等模式,在内网、专网和互联网环境下,采用适当的信息安全保障机制,提供安全可控的实时在线监测、定位追溯、报警联动、调度指挥、远程控制、安全防范等管理和服务功能,实现对“万物”的实时掌控。物联网往往涉及局域网与公网的互联互通问题,例如智能家居,家庭网络就是一个局域网,使用局域网地址,当家庭网络的智能设备需要访问互联网时,先要经过家庭网关(通常就是一个家用路由器)将局域网地址转换为公网地址,才能与外界通讯。局域网地址转换为公网地址所使用的技术叫NAT(Network Address Translation,网络地址转换)。使用NAT技术,可以使局域网设备访问互联网,但也带来了一个问题,就是如果外网中的设备想要访问局域网内的设备,要采用一定穿透技术才能做到。因为外网中的设备不能直接与局域网的设备通讯,外网中设备使用的是公网地址,每个地址是全球唯一的,而局域网设备使用的是局域网地址,只在局域网内有效,全球有无数个局域网设备在使用相同的局域网地址。The Internet of Things refers to the interconnection of ubiquitous end equipment and facilities, including mobile terminals, industrial systems, building control systems, home intelligence facilities, video surveillance systems, etc., through various wireless or wired long-distance or short-distance communication networks. Interoperability and cloud computing-based operations, in the internal network, private network and Internet environment, use appropriate information security mechanisms to provide secure and controllable real-time online monitoring, location and traceability, alarm linkage, dispatching command, remote control, Management and service functions such as security and prevention, real-time control of “everything”. The Internet of Things often involves the interconnection and intercommunication between the local area network and the public network. For example, smart home, the home network is a local area network, using a local area network address. When the smart device of the home network needs to access the Internet, it must first pass through the home gateway (usually a home router). Convert the LAN address to a public network address to communicate with the outside world. The technology used to translate a LAN address into a public network address is called Network Address Translation (NAT). Using NAT technology, LAN devices can access the Internet, but it also brings a problem. If the devices in the external network want to access devices in the LAN, they must use certain penetration techniques. Because the devices in the external network cannot communicate directly with the devices on the LAN, the devices in the external network use the public network address, each address is globally unique, and the LAN device uses the LAN address, which is valid only in the LAN, and there are global Numerous LAN devices are using the same LAN address.
为了解决上述问题,相关技术在互联网中架设一台中继服务器,中继服务器的域名或者IP是固定的,局域网内设备先要连接到中继服务器,从而中继服务器掌握了局域网设备的地址和端口信息。当外网设备需要连接局域网设备时,它并不是直接局域网设备,而是先连接到中继服务器,从中继服务器获取局域网设备的地址和端口信息,再使用该信息连接局域网设备。In order to solve the above problem, the related technology sets up a relay server in the Internet, the domain name or IP of the relay server is fixed, and the device in the local area network is first connected to the relay server, so that the relay server grasps the address and port of the local area network device. information. When an external network device needs to connect to a LAN device, it is not a direct LAN device. Instead, it connects to the relay server first, obtains the address and port information of the LAN device from the relay server, and then uses the information to connect to the LAN device.
上述方案是目前广泛使用的NAT穿透方法,例如目前流行的即时通讯软件,都是需要先登录到服务商的服务器,才能与好友建立通讯,如果服务器停止运行,则无法与好友建立连接。目前这种穿透方法对于大规模的应用场景,或者是对成本不敏感的场景,是很好的。但是对于像智能家居这类小型的物联网,则成本过于高昂,例如,目前的网络摄像头,都需要依赖厂商的服务器才能在互联网中工作,如果厂商关闭服务器,则这些摄像头都会失联。The above solution is a widely used NAT penetration method. For example, the currently popular instant messaging software needs to log in to the server of the service provider before establishing communication with the friend. If the server stops running, the connection cannot be established with the friend. At present, this penetration method is very good for large-scale application scenarios or for cost-insensitive scenarios. But for a small Internet of Things like smart home, the cost is too high. For example, the current webcam needs to rely on the manufacturer's server to work on the Internet. If the manufacturer shuts down the server, these cameras will lose their connection.
因此,如何提供一种不需要第三方服务器的NAT穿透方法,是本领域技术人员亟待解决的技术问题。Therefore, how to provide a NAT penetration method that does not require a third-party server is a technical problem to be solved by those skilled in the art.
发明内容 Summary of the invention
本发明实施例提供了一种NAT穿透方法、装置及系统,以至少解决目前NAT穿透技术需要第三方服务器的问题。The embodiment of the invention provides a NAT penetration method, device and system, so as to at least solve the problem that the current NAT penetration technology requires a third-party server.
本发明实施例提供了一种NAT穿透方法,该方法包括:局域网设备通过源端口PORT_LAN开启会话;网关生成局域网设备的NAT地址转换表;公网设备根据NAT地址转换表与局域网设备建立通讯。The embodiment of the present invention provides a NAT penetration method. The method includes: the local area network device starts a session through the source port PORT_LAN; the gateway generates a NAT address translation table of the local area network device; and the public network device establishes communication with the local area network device according to the NAT address translation table.
可选地,还包括:公网设备通过安全认证后,从网关获取NAT地址转换表。Optionally, the method further includes: after the public network device passes the security authentication, obtaining a NAT address translation table from the gateway.
可选地,网关生成局域网设备的NAT地址转换表包括:网关将局域网设备的局域网IP地址转换为公网IP地址,将源端口PORT_LAN映射为公网端口PORT_NAT,生成NAT地址转换表。Optionally, the NAT address translation table of the gateway generating the local area network device includes: the gateway converts the local area network IP address of the local area network device into a public network IP address, and maps the source port PORT_LAN to the public network port PORT_NAT to generate a NAT address translation table.
可选地,公网设备根据NAT地址转换表与局域网设备建立通讯包括:公网设备从NAT地址转换表查询使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,通过公网端口PORT_NAT与局域网设备建立通讯。Optionally, the public network device establishes communication with the local area network device according to the NAT address translation table, including: the public network device queries the local area network device that uses the source port PORT_LAN from the NAT address translation table, and searches for the public network port PORT_NAT corresponding to the source port PORT_LAN, and passes the public network. The port PORT_NAT establishes communication with the LAN device.
可选地,在局域网设备为多个时,公网设备根据NAT地址转换表与局域网设备建立通讯还包括:公网设备从NAT地址转换表查询所有使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,分别通过公网端口PORT_NAT与局域网设备建立会话,获取局域网设备的身份标识,获取目标局域网设备的公网端口PORT_NAT,通过目标局域网设备的公网端口PORT_NAT与目标局域网设备建立通讯。Optionally, when the local area network device is multiple, the public network device establishes communication with the local area network device according to the NAT address translation table. The public network device queries all the local area network devices that use the source port PORT_LAN from the NAT address translation table, and searches for the source port PORT_LAN. The corresponding public network port PORT_NAT establishes a session with the local area network device through the public network port PORT_NAT, obtains the identity of the local area network device, obtains the public network port PORT_NAT of the target local area network device, and establishes with the target local area network device through the public network port PORT_NAT of the target local area network device. communication.
本发明实施例提供了一种NAT穿透装置,其包括:被接入模块,位于局域网设备,设置为通过源端口PORT_LAN开启会话;NAT记录模块,位于网关,设置为生成局域网设备的NAT地址转换表;接入模块,位于公网设备,设置为根据NAT地址转换表与被接入模块建立通讯。An embodiment of the present invention provides a NAT penetration device, including: an access module, located in a local area network device, configured to open a session through a source port PORT_LAN; and a NAT recording module located at the gateway, configured to generate a NAT address translation of the local area network device The access module, located in the public network device, is configured to establish communication with the accessed module according to the NAT address translation table.
可选地,接入模块还设置为在通过安全认证后,从NAT记录模块获取NAT地址转换表。Optionally, the access module is further configured to obtain a NAT address translation table from the NAT recording module after passing the security authentication.
可选地,NAT记录模块设置为将局域网设备的局域网IP地址转换为公网IP地址,将源端口PORT_LAN映射为公网端口PORT_NAT,生成NAT地址转换表。Optionally, the NAT recording module is configured to convert the local area network IP address of the local area network device into a public network IP address, and map the source port PORT_LAN to the public network port PORT_NAT to generate a NAT address translation table.
可选地,接入模块设置为从NAT地址转换表查询使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,通过公网端口PORT_NAT与局域网设备内的被接入模块建立通讯。Optionally, the access module is configured to query the local area network device that uses the source port PORT_LAN from the NAT address translation table, search for the public network port PORT_NAT corresponding to the source port PORT_LAN, and establish communication with the accessed module in the local area network device through the public network port PORT_NAT. .
可选地,在局域网设备为多个时,接入模块还设置为从NAT地址转换表查询所有使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,分别通过公网端口PORT_NAT与局域网设备建立会话,获取局域网设备的身份标识,获取目标局域网设备的公网端口PORT_NAT,通过目标局域网设备的公网端口PORT_NAT与目标局域网设备内的被接入模块建立通讯。Optionally, when there are multiple LAN devices, the access module is further configured to query all LAN devices that use the source port PORT_LAN from the NAT address translation table, and search for the public network port PORT_NAT corresponding to the source port PORT_LAN, respectively, through the public network port PORT_NAT Establish a session with the LAN device, obtain the identity of the LAN device, obtain the public network port PORT_NAT of the target LAN device, and establish communication with the accessed module in the target LAN device through the public network port PORT_NAT of the target LAN device.
对应的,本发明实施例提供了一种NAT穿透系统,其包括局域网设备、网关、公网设备, 以及本发明实施例提供的NAT穿透装置。Correspondingly, the embodiment of the present invention provides a NAT penetration system, which includes a LAN device, a gateway, and a public network device. And the NAT penetrating device provided by the embodiment of the present invention.
本发明实施例的有益效果:Advantageous effects of embodiments of the present invention:
本发明实施例提供了一种新的NAT穿透方法,网关生成NAT地址转换表,并提供给公网设备使用,这样公网设备就可以根据NAT地址转换表与局域网设备建立通讯,与相关技术相比,去掉了中继服务器,简化网络结构,减低运营成本,特别适合于对成本敏感的智能家居应用。The embodiment of the invention provides a new method for NAT penetration. The gateway generates a NAT address translation table and provides it to the public network device, so that the public network device can establish communication with the local area network device according to the NAT address translation table, and related technologies. Compared to the elimination of the relay server, simplifying the network structure and reducing operating costs, it is especially suitable for cost-sensitive smart home applications.
附图说明DRAWINGS
图1为本发明第一实施例提供的NAT穿透装置的结构示意图;1 is a schematic structural diagram of a NAT penetrating device according to a first embodiment of the present invention;
图2为本发明第二实施例提供的NAT穿透方法的流程图;2 is a flowchart of a NAT penetration method according to a second embodiment of the present invention;
图3为本发明第三实施例中智能家居运用场景的示意图;3 is a schematic diagram of a smart home application scenario in a third embodiment of the present invention;
图4为本发明第三实施例提供的NAT穿透方法的流程图。FIG. 4 is a flowchart of a NAT penetration method according to a third embodiment of the present invention.
具体实施方式detailed description
现通过具体实施方式结合附图的方式对本发明做出进一步的诠释说明。The invention will now be further illustrated by way of specific embodiments in conjunction with the accompanying drawings.
第一实施例:First embodiment:
图1为本发明第一实施例提供的NAT穿透装置的结构示意图,由图1可知,在本实施例中,本发明实施例提供的NAT穿透装置1包括:FIG. 1 is a schematic structural diagram of a NAT penetrating apparatus according to a first embodiment of the present invention. As shown in FIG. 1 , in the embodiment, the NAT penetrating apparatus 1 provided by the embodiment of the present invention includes:
被接入模块11,位于局域网设备,设置为通过源端口PORT_LAN开启会话;The access module 11, located in the local area network device, is configured to open a session through the source port PORT_LAN;
NAT记录模块12,位于网关,设置为生成局域网设备的NAT地址转换表;The NAT recording module 12 is located at the gateway and configured to generate a NAT address translation table of the local area network device.
接入模块13,位于公网设备,设置为根据NAT地址转换表与被接入模块建立通讯。The access module 13 is located on the public network device and is configured to establish communication with the accessed module according to the NAT address translation table.
在一些实施例中,上述实施例中的接入模块13还设置为在通过安全认证后,从NAT记录模块12获取NAT地址转换表。In some embodiments, the access module 13 in the above embodiment is further configured to acquire a NAT address translation table from the NAT recording module 12 after passing the security authentication.
在一些实施例中,上述实施例中的NAT记录模块12设置为将局域网设备的局域网IP地址转换为公网IP地址,将源端口PORT_LAN映射为公网端口PORT_NAT,生成NAT地址转换表。In some embodiments, the NAT recording module 12 in the above embodiment is configured to convert the local area network IP address of the local area network device into a public network IP address, and map the source port PORT_LAN to the public network port PORT_NAT to generate a NAT address translation table.
在一些实施例中,上述实施例中的接入模块13设置为从NAT地址转换表查询使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,通过公网端口PORT_NAT与局域网设备内的被接入模块建立通讯。In some embodiments, the access module 13 in the above embodiment is configured to query the local area network device using the source port PORT_LAN from the NAT address translation table, and search for the public network port PORT_NAT corresponding to the source port PORT_LAN, and the public network port PORT_NAT and the local area network device. The access module within the establishment establishes communication.
在一些实施例中,在局域网设备为多个时,上述实施例中的接入模块13还设置为从NAT 地址转换表查询所有使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,分别通过公网端口PORT_NAT与局域网设备建立会话,获取局域网设备的身份标识,获取目标局域网设备的公网端口PORT_NAT,通过目标局域网设备的公网端口PORT_NAT与目标局域网设备内的被接入模块建立通讯。In some embodiments, when there are multiple local area network devices, the access module 13 in the above embodiment is also set to be a slave NAT. The address translation table queries all LAN devices that use the source port PORT_LAN, and searches for the public network port PORT_NAT corresponding to the source port PORT_LAN. The public network port PORT_NAT establishes a session with the LAN device to obtain the identity of the LAN device and obtain the public network of the target LAN device. The port PORT_NAT establishes communication with the accessed module in the target LAN device through the public network port PORT_NAT of the target LAN device.
对应的,本发明实施例提供了一种NAT穿透系统,其包括局域网设备、网关、公网设备,以及本发明提供的NAT穿透装置。Correspondingly, the embodiment of the present invention provides a NAT penetration system, which includes a LAN device, a gateway, a public network device, and a NAT penetration device provided by the present invention.
第二实施例:Second embodiment:
图2为本发明第二实施例提供的NAT穿透方法的流程图,由图2可知,在本实施例中,本发明实施例提供的NAT穿透方法包括以下步骤:FIG. 2 is a flowchart of a NAT penetration method according to a second embodiment of the present invention. As shown in FIG. 2, in the embodiment, the NAT penetration method provided by the embodiment of the present invention includes the following steps:
S201:局域网设备通过源端口PORT_LAN开启会话;S201: The local area network device starts the session by using the source port PORT_LAN.
S202:网关生成局域网设备的NAT地址转换表;S202: The gateway generates a NAT address translation table of the local area network device.
S203:公网设备根据NAT地址转换表与局域网设备建立通讯。S203: The public network device establishes communication with the local area network device according to the NAT address translation table.
在一些实施例中,上述实施例还包括:公网设备通过安全认证后,从网关获取NAT地址转换表。In some embodiments, the foregoing embodiment further includes: after the public network device passes the security authentication, obtaining a NAT address translation table from the gateway.
在一些实施例中,上述实施例中的网关生成局域网设备的NAT地址转换表包括:网关将局域网设备的局域网IP地址转换为公网IP地址,将源端口PORT_LAN映射为公网端口PORT_NAT,生成NAT地址转换表。In some embodiments, the gateway in the foregoing embodiment generates a NAT address translation table of the local area network device, including: the gateway converts the local area network IP address of the local area network device into a public network IP address, and maps the source port PORT_LAN to the public network port PORT_NAT to generate a NAT. Address translation table.
在一些实施例中,上述实施例中的公网设备根据NAT地址转换表与局域网设备建立通讯包括:公网设备从NAT地址转换表查询使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,通过公网端口PORT_NAT与局域网设备建立通讯。In some embodiments, the public network device in the foregoing embodiment establishes communication with the local area network device according to the NAT address translation table, including: the public network device queries the local area network device that uses the source port PORT_LAN from the NAT address translation table, and searches for the public port corresponding to the source port PORT_LAN. The network port PORT_NAT establishes communication with the LAN device through the public network port PORT_NAT.
在一些实施例中,上述实施例在局域网设备为多个时,公网设备根据NAT地址转换表与局域网设备建立通讯还包括:公网设备从NAT地址转换表查询所有使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,分别通过公网端口PORT_NAT与局域网设备建立会话,获取局域网设备的身份标识,获取目标局域网设备的公网端口PORT_NAT,通过目标局域网设备的公网端口PORT_NAT与目标局域网设备建立通讯。In some embodiments, when the local area network device is multiple, the public network device establishes communication with the local area network device according to the NAT address translation table, and the public network device queries all the local area network devices that use the source port PORT_LAN from the NAT address translation table. Find the public port PORT_NAT corresponding to the source port PORT_LAN, establish a session with the LAN device through the public network port PORT_NAT, obtain the identity of the LAN device, obtain the public network port PORT_NAT of the target LAN device, and pass the public network port PORT_NAT of the target LAN device. Establish communication with the target LAN device.
现结合具体应用实例对本发明实施例做进一步的诠释说明。The embodiments of the present invention will be further explained in conjunction with specific application examples.
第三实施例: Third embodiment:
表1Table 1
Figure PCTCN2016070436-appb-000001
Figure PCTCN2016070436-appb-000001
如图3所示,假设一个智能家居的应用场景包含三台智能摄像头,一台家庭网关,一台手机终端。三台智能摄像头都包含了被接入模块,都分别开启了一个源端口为333的会话,等待连接。家庭网关包含了NAT记录模块,NAT记录模块收到三台智能摄像头的会话报文后,分别进行了地址转换,并保存于NAT地址转换表中,如上表1所示。手机终端安装有接入模块,该接入模块可以是一个手机APP(应用程序)。手机接入互联网后,希望查看第一摄像头的实时影像。As shown in FIG. 3, it is assumed that a smart home application scenario includes three smart cameras, one home gateway, and one mobile phone terminal. The three smart cameras all contain the access modules, each opening a session with a source port of 333, waiting for the connection. The home gateway includes a NAT record module. After receiving the session messages of the three smart cameras, the NAT record module performs address translation and stores them in the NAT address translation table, as shown in Table 1 above. The mobile terminal is equipped with an access module, which can be a mobile APP (application). After the mobile phone is connected to the Internet, you want to view the live image of the first camera.
图4为本发明第三实施例提供的NAT穿透方法的流程图,由图4可知,在本实施例中,本发明提供的NAT穿透方法包括以下步骤:FIG. 4 is a flowchart of a NAT penetration method according to a third embodiment of the present invention. As shown in FIG. 4, in the embodiment, the NAT penetration method provided by the present invention includes the following steps:
S401:局域网设备开启会话,等待连接。位于第一局域网设备的被接入模块开启一个源端口为特定端口PORT_LAN的会话,等待连接。S401: The local area network device starts a session and waits for a connection. The accessed module located in the first local area network device opens a session whose source port is a specific port PORT_LAN, waiting for a connection.
PORT_LAN不是唯一的,不同设备的相同功能的会话有相同的PORT_LAN,例如所有设备的FTP协议端口都为21。PORT_LAN is not unique. Sessions with the same function of different devices have the same PORT_LAN. For example, the FTP protocol port of all devices is 21.
S402:网关生成NAT地址转换表。位于网关的NAT记录模块将被接入模块的局域网IP地址转换为公网IP地址,并且把被接入模块的源端口PORT_LAN映射为一个公网端口PORT_NAT,并且把此映射关系保存于NAT地址转换表中。S402: The gateway generates a NAT address translation table. The NAT record module located at the gateway converts the LAN IP address of the access module into a public network IP address, and maps the source port PORT_LAN of the access module to a public network port PORT_NAT, and saves the mapping relationship in NAT address translation. In the table.
PORT_NAT是唯一的,不同的会话有不同的PORT_NAT,PORT_NAT设置为标识某一局域网设备的某一会话,所有局域网设备都使用相同的公网IP地址,但PORT_NAT各不相同,这样就各自的报文就区分开来了。PORT_NAT is unique. Different sessions have different PORT_NAT. PORT_NAT is set to identify a session of a LAN device. All LAN devices use the same public IP address, but PORT_NAT is different, so each message is sent. It’s separated.
S403:公网设备获取NAT地址转换表。位于公网设备的接入模块通过安全认证的方法连接NAT记录模块,并且从NAT记录模块获取其NAT地址转换表。S403: The public network device obtains a NAT address translation table. The access module of the public network device connects to the NAT record module by means of security authentication, and obtains its NAT address translation table from the NAT record module.
S404:公网设备获取局域网设备映射后的公网端口。接入模块从该NAT地址转换表中,找出所有源端口为PORT_LAN的局域网设备,并且得到这些设备映射后的公网端口。 S404: The public network device obtains the public network port mapped by the local area network device. From the NAT address translation table, the access module finds all LAN devices whose source ports are PORT_LAN, and obtains the public network ports mapped by these devices.
S405:公网设备与局域网设备建立通讯。接入模块使用得到的这些公网端口分别与这些设备建立会话,并且获取这些设备的身份ID,从而找出第一局域网设备的公网端口为PORT_NAT,这样公网设备就可以使用PORT_NAT与第一局域网设备建立通讯。S405: The public network device establishes communication with the local area network device. The access module uses the obtained public network ports to establish a session with the devices, and obtains the identity IDs of the devices, so as to find that the public network port of the first local area network device is PORT_NAT, so that the public network device can use PORT_NAT and the first The LAN device establishes communication.
结合图3所示的运用场景,首先,手机通过公网IP地址101.23.65.145连接到家庭网关,并使用预设的用户名和密码通过了安全认证。接着,家庭网关将表1所示NAT地址转换表发送给手机。手机查找源端口为333的会话,发现共有3个,而且知道了转换后的端口分别为1000、1001、1002,但还不知道哪个是第一摄像头。接着,手机分别使用公网源端口1000、1001、1002建立3个会话,分别与三个摄像头进行通讯,获取身份ID,从而知道公网源端口1000对应的是第一摄像头。于是,手机使用公网源端口1000向第一摄像头发起实时影像请求,第一摄像头向手机发送影像数据,这样手机就成功获得第一摄像头的实时影像。Combined with the application scenario shown in Figure 3, first, the mobile phone connects to the home gateway through the public network IP address 101.23.65.145, and passes the security authentication using the preset username and password. Next, the home gateway sends the NAT address translation table shown in Table 1 to the mobile phone. The mobile phone searches for a session with a source port of 333, and finds that there are three, and that the converted ports are 1000, 1001, and 1002, respectively, but it is not known which is the first camera. Then, the mobile phone uses the public network source ports 1000, 1001, and 1002 to establish three sessions, respectively communicates with the three cameras to obtain the identity ID, so that the public network source port 1000 corresponds to the first camera. Therefore, the mobile phone uses the public network source port 1000 to request real-time image from the first camera hair, and the first camera sends image data to the mobile phone, so that the mobile phone successfully obtains the real-time image of the first camera.
综上可知,通过本发明的实施,至少存在以下有益效果:In summary, through the implementation of the present invention, at least the following beneficial effects exist:
转发装置利用报文归属业务的标识查找对应的独立网口的标识,并利用查找到的独立网口转发报文,通过将业务与网口进行映射,保证了业务报文在转发时的完整性,实现了转发装置内多个独立网口可以独立完成业务,网口之间互相不影响数据转发,同时本申请在业务报文进入协议栈路由分析流程之前,先根据映射表查询网口,查询到后直接返回,通过对应网口发包,过程简单。The forwarding device uses the identifier of the packet home service to find the identifier of the corresponding independent network port, and uses the found independent network port to forward the packet, and the service is mapped to the network port to ensure the integrity of the service packet when forwarding. The multiple independent network ports in the forwarding device can complete the service independently, and the network ports do not affect the data forwarding between each other. At the same time, before the service packet enters the protocol stack routing analysis process, the application first queries the network port according to the mapping table. After returning directly, the package is sent through the corresponding network port, and the process is simple.
以上仅是本发明的具体实施方式而已,并非对本发明做任何形式上的限制,凡是依据本发明的技术实质对以上实施方式所做的任意简单修改、等同变化、结合或修饰,均仍属于本发明技术方案的保护范围。The above is only a specific embodiment of the present invention, and is not intended to limit the present invention in any way. Any simple modification, equivalent change, combination or modification of the above embodiments in accordance with the technical spirit of the present invention is still in the present invention. The scope of protection of the technical solution of the invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种NAT穿透方法、装置及系统,具有以下有益效果:本发明实施例提供了一种新的NAT穿透方法,网关生成NAT地址转换表,并提供给公网设备使用,这样公网设备就可以根据NAT地址转换表与局域网设备建立通讯,与相关技术相比,去掉了中继服务器,简化网络结构,减低运营成本,特别适合于对成本敏感的智能家居应用。 As described above, the NAT penetration method, device, and system provided by the embodiments of the present invention have the following beneficial effects: The embodiment of the present invention provides a new NAT penetration method, and the gateway generates a NAT address translation table and provides It is used by public network devices, so that public network devices can establish communication with LAN devices according to the NAT address translation table. Compared with related technologies, the relay server is removed, the network structure is simplified, and the operation cost is reduced, which is particularly suitable for cost-sensitive. Smart home applications.

Claims (11)

  1. 一种网络地址转换NAT穿透方法,包括:A network address translation NAT penetration method includes:
    局域网设备通过源端口PORT_LAN开启会话;The LAN device opens the session through the source port PORT_LAN;
    网关生成所述局域网设备的NAT地址转换表;The gateway generates a NAT address translation table of the local area network device;
    公网设备根据所述NAT地址转换表与所述局域网设备建立通讯。The public network device establishes communication with the local area network device according to the NAT address translation table.
  2. 如权利要求1所述的NAT穿透方法,其中,还包括:公网设备通过安全认证后,从网关获取所述NAT地址转换表。The NAT penetration method of claim 1, further comprising: obtaining the NAT address translation table from the gateway after the public network device passes the security authentication.
  3. 如权利要求1或2所述的NAT穿透方法,其中,所述网关生成所述局域网设备的NAT地址转换表包括:所述网关将所述局域网设备的局域网IP地址转换为公网IP地址,将所述源端口PORT_LAN映射为公网端口PORT_NAT,生成所述NAT地址转换表。The NAT penetration method according to claim 1 or 2, wherein the generating the NAT address translation table of the local area network device by the gateway comprises: converting, by the gateway, a local area network IP address of the local area network device into a public network IP address, The source port PORT_LAN is mapped to the public network port PORT_NAT, and the NAT address translation table is generated.
  4. 如权利要求3所述的NAT穿透方法,其中,所述公网设备根据所述NAT地址转换表与所述局域网设备建立通讯包括:所述公网设备从所述NAT地址转换表查询使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,通过所述公网端口PORT_NAT与所述局域网设备建立通讯。The NAT penetration method of claim 3, wherein the establishing, by the public network device, the communication with the local area network device according to the NAT address translation table comprises: the public network device querying a usage source from the NAT address translation table The local area network device of the port PORT_LAN searches for the public network port PORT_NAT corresponding to the source port PORT_LAN, and establishes communication with the local area network device through the public network port PORT_NAT.
  5. 如权利要求4所述的NAT穿透方法,其中,在所述局域网设备为多个时,所述公网设备根据所述NAT地址转换表与所述局域网设备建立通讯还包括:所述公网设备从所述NAT地址转换表查询所有使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,分别通过公网端口PORT_NAT与所述局域网设备建立会话,获取局域网设备的身份标识,获取目标局域网设备的公网端口PORT_NAT,通过目标局域网设备的公网端口PORT_NAT与目标局域网设备建立通讯。The NAT penetration method of claim 4, wherein when the plurality of local area network devices are multiple, the public network device establishes communication with the local area network device according to the NAT address translation table, further comprising: the public network The device queries all the LAN devices that use the source port PORT_LAN from the NAT address translation table, and searches for the public network port PORT_NAT corresponding to the source port PORT_LAN, and establishes a session with the local area network device through the public network port PORT_NAT to obtain the identity of the local area network device. Obtain the public network port PORT_NAT of the target LAN device, and establish communication with the target LAN device through the public network port PORT_NAT of the target LAN device.
  6. 一种网络地址转换NAT穿透装置,包括:A network address translation NAT penetration device includes:
    被接入模块,位于局域网设备,设置为通过源端口PORT_LAN开启会话;The access module, located in the local area network device, is set to open the session through the source port PORT_LAN;
    NAT记录模块,位于网关,设置为生成所述局域网设备的NAT地址转换表;a NAT recording module, located at the gateway, configured to generate a NAT address translation table of the local area network device;
    接入模块,位于公网设备,设置为根据所述NAT地址转换表与所述被接入模块建立通讯。The access module, located in the public network device, is configured to establish communication with the accessed module according to the NAT address translation table.
  7. 如权利要求6所述的NAT穿透装置,其中,所述接入模块还设置为在通过安全认证后,从所述NAT记录模块获取所述NAT地址转换表。The NAT penetration device of claim 6, wherein the access module is further configured to acquire the NAT address translation table from the NAT recording module after passing the security authentication.
  8. 如权利要求6或7所述的NAT穿透装置,其中,所述NAT记录模块设置为将所述所述局域网设备的局域网IP地址转换为公网IP地址,将所述源端口PORT_LAN映射为公网端口PORT_NAT,生成所述NAT地址转换表。The NAT penetrating device according to claim 6 or 7, wherein the NAT recording module is configured to convert a local area network IP address of the local area network device into a public network IP address, and map the source port PORT_LAN to a public The network port PORT_NAT generates the NAT address translation table.
  9. 如权利要求8所述的NAT穿透装置,其中,所述接入模块设置为从所述NAT地址转换表查询使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口 PORT_NAT,通过所述公网端口PORT_NAT与所述局域网设备内的被接入模块建立通讯。The NAT penetrating device according to claim 8, wherein the access module is configured to query a local area network device using the source port PORT_LAN from the NAT address translation table to find a public network port corresponding to the source port PORT_LAN PORT_NAT establishes communication with the accessed module in the local area network device through the public network port PORT_NAT.
  10. 如权利要求9所述的NAT穿透装置,其中,在所述局域网设备为多个时,所述接入模块还设置为从所述NAT地址转换表查询所有使用源端口PORT_LAN的局域网设备,查找源端口PORT_LAN对应的公网端口PORT_NAT,分别通过公网端口PORT_NAT与所述局域网设备建立会话,获取局域网设备的身份标识,获取目标局域网设备的公网端口PORT_NAT,通过所述目标局域网设备的公网端口PORT_NAT与所述目标局域网设备内的被接入模块建立通讯。The NAT penetrating device according to claim 9, wherein when the plurality of local area network devices are plural, the access module is further configured to query all the local area network devices using the source port PORT_LAN from the NAT address translation table to search The public port PORT_NAT corresponding to the source port PORT_LAN establishes a session with the local area network device through the public port PORT_NAT, obtains the identity of the local area network device, acquires the public network port PORT_NAT of the target local area network device, and passes the public network of the target local area network device. The port PORT_NAT establishes communication with the accessed module in the target local area network device.
  11. 一种网络地址转换NAT穿透系统,包括局域网设备、网关、公网设备,以及如权利要求6至10任一项所述的NAT穿透装置。 A network address translation NAT penetration system, comprising a local area network device, a gateway, a public network device, and the NAT penetration device according to any one of claims 6 to 10.
PCT/CN2016/070436 2015-06-18 2016-01-07 Nat traversal method, apparatus and system WO2016201966A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510342177.4 2015-06-18
CN201510342177.4A CN106331187A (en) 2015-06-18 2015-06-18 NAT (Network Address Translation) penetration method, device and system

Publications (1)

Publication Number Publication Date
WO2016201966A1 true WO2016201966A1 (en) 2016-12-22

Family

ID=57544857

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/070436 WO2016201966A1 (en) 2015-06-18 2016-01-07 Nat traversal method, apparatus and system

Country Status (2)

Country Link
CN (1) CN106331187A (en)
WO (1) WO2016201966A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147186A (en) * 2019-12-30 2020-05-12 深圳市网心科技有限公司 Data transmission method and device, computer equipment and storage medium
CN114598572A (en) * 2022-03-28 2022-06-07 洛阳萃泽信息科技有限公司 Method for machine tool networking and industrial gateway
CN114765614A (en) * 2020-12-31 2022-07-19 华为技术有限公司 Method for accessing local area network service equipment and electronic equipment
CN116032879A (en) * 2022-12-30 2023-04-28 中国联合网络通信集团有限公司 Intervisit method of intranet equipment and extranet equipment, routing equipment and server

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855724B (en) * 2018-08-20 2023-04-28 成都臻识科技发展有限公司 Cloud operation and maintenance management method and system of intelligent camera and application of cloud operation and maintenance management method and system in parking charging
CN109862132B (en) * 2019-02-22 2021-08-17 安徽睿极智能科技有限公司 Method for video monitoring platform to adaptively penetrate through different networks
CN111315037B (en) * 2020-02-17 2021-08-24 腾讯科技(深圳)有限公司 Communication link establishing method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003030463A1 (en) * 2001-10-04 2003-04-10 Huawei Technologies Co., Ltd. A method and system for realizing ip voice service at private network
CN101119273A (en) * 2007-09-10 2008-02-06 杭州华三通信技术有限公司 Method and equipment for implementing universal router packaging tunnel crossing
CN101848197A (en) * 2009-03-23 2010-09-29 华为技术有限公司 Detection method and device and network with detection function
CN102148767A (en) * 2011-05-12 2011-08-10 杭州华三通信技术有限公司 Network address translation (NAT)-based data routing method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003030463A1 (en) * 2001-10-04 2003-04-10 Huawei Technologies Co., Ltd. A method and system for realizing ip voice service at private network
CN101119273A (en) * 2007-09-10 2008-02-06 杭州华三通信技术有限公司 Method and equipment for implementing universal router packaging tunnel crossing
CN101848197A (en) * 2009-03-23 2010-09-29 华为技术有限公司 Detection method and device and network with detection function
CN102148767A (en) * 2011-05-12 2011-08-10 杭州华三通信技术有限公司 Network address translation (NAT)-based data routing method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147186A (en) * 2019-12-30 2020-05-12 深圳市网心科技有限公司 Data transmission method and device, computer equipment and storage medium
CN111147186B (en) * 2019-12-30 2023-07-18 深圳市网心科技有限公司 Data transmission method and device, computer equipment and storage medium
CN114765614A (en) * 2020-12-31 2022-07-19 华为技术有限公司 Method for accessing local area network service equipment and electronic equipment
CN114598572A (en) * 2022-03-28 2022-06-07 洛阳萃泽信息科技有限公司 Method for machine tool networking and industrial gateway
CN116032879A (en) * 2022-12-30 2023-04-28 中国联合网络通信集团有限公司 Intervisit method of intranet equipment and extranet equipment, routing equipment and server

Also Published As

Publication number Publication date
CN106331187A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
WO2016201966A1 (en) Nat traversal method, apparatus and system
CN105933198B (en) Device for establishing direct connection VPN tunnel
KR102047197B1 (en) Discovering Wide Area Services for the Internet of Things
US20180343236A1 (en) Identity and Metadata Based Firewalls in Identity Enabled Networks
US20070189311A1 (en) Symmetric network address translation system using stun technique and method for implementing the same
US20140006584A1 (en) Method for establishing channel for managing ipv4 terminal and network gateway
CN109547452B (en) Method and system for realizing TCP transparent proxy on Linux network bridge equipment
KR20120071121A (en) Virtual tunnel router, ip camera management server and ip camera service method based on position information
US20120177049A1 (en) Method and system for implementing network intercommunication
WO2015043550A1 (en) Multimedia sharing method, registration method, server and proxy server
JP2019519146A (en) Routing establishment, packet transmission
WO2016101510A1 (en) Method andbroadband remote access serverdevice for acquiringnetwork address translation information
US20170207921A1 (en) Access to a node
WO2015117454A1 (en) Method and device for translation between ipv4 and ipv6
CN103001966B (en) The process of a kind of private network IP, recognition methods and device
CN112019563B (en) Video data forwarding and transmitting system and method
CN104168302B (en) Equipment manipulation implementation method, system and proxy gateway
US20090292796A1 (en) Method and device for providing routing policies to user terminals according to applications executed on user terminals
CN107547691B (en) Address resolution protocol message proxy method and device
EP3220584A1 (en) Wifi sharing method and system, home gateway and wireless local area network gateway
CN103516820A (en) Port forwarding method and apparatus based on MAC address
CN110753135A (en) IP address configuration method, configuration equipment and storage medium
US11196666B2 (en) Receiver directed anonymization of identifier flows in identity enabled networks
KR101688758B1 (en) Method for controlling simultaneous access to data produced by devices coupled to a mobile system coupled to a cpe
US9369523B2 (en) Method for exchanging network messages in distributed manner

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16810707

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16810707

Country of ref document: EP

Kind code of ref document: A1