WO2021259032A1 - Ipv6网络通信方法、装置及系统 - Google Patents
Ipv6网络通信方法、装置及系统 Download PDFInfo
- Publication number
- WO2021259032A1 WO2021259032A1 PCT/CN2021/098155 CN2021098155W WO2021259032A1 WO 2021259032 A1 WO2021259032 A1 WO 2021259032A1 CN 2021098155 W CN2021098155 W CN 2021098155W WO 2021259032 A1 WO2021259032 A1 WO 2021259032A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- network
- data packet
- connection
- terminal
- Prior art date
Links
- 230000006854 communication Effects 0.000 title claims abstract description 64
- 238000004891 communication Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012545 processing Methods 0.000 claims description 29
- 238000006243 chemical reaction Methods 0.000 claims 2
- 230000015654 memory Effects 0.000 description 14
- 238000011144 upstream manufacturing Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 101100435070 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) APN2 gene Proteins 0.000 description 1
- 101100401199 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) SAM2 gene Proteins 0.000 description 1
- 101100268779 Solanum lycopersicum ACO1 gene Proteins 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5092—Address allocation by self-assignment, e.g. picking addresses at random and testing if they are already in use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/604—Address structures or formats
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/668—Internet protocol [IP] address subnets
Definitions
- the embodiments of the present application relate to the field of communication, and in particular to an IPV6 network communication method, device, and system.
- a network device running in Internet Protocol Version 6 (Internet Protocol Version 6, IPV6) full routing mode can receive the IPV6 prefix configured for the network device by multiple data networks.
- the terminal may generate its own Internet Protocol (IP) address, where the IP address may include one of the IPv6 prefixes received by the network device.
- IP Internet Protocol
- the IP address of a terminal does not include the IPV6 prefix configured by a data network to the network device
- the source IP address and/or destination IP address of the data packets exchanged on the network are modified.
- the network security settings need to be turned off, but this will bring network security risks.
- the embodiments of this application provide an IPV6 network communication method, device and system. Even if the IP address of the terminal does not include the IPV6 prefix configured by the data network to the network device, the network security settings enabled by the network device can also be identified as belonging to the The downlink data packet of the service connection initiated by the terminal will not block the service connection initiated by the terminal to the data network, ensuring that the terminal can access the data network to implement a specific service.
- an IPV6 network communication method which can be executed by a communication device.
- the communication device may be a network device, or a chip or a system on a chip deployed in the network device.
- the method includes: the communication device first receives an uplink data packet sent by the terminal to the first data network, wherein the uplink data packet is used to request the establishment of a service connection.
- the communication device may also generate connection tracking information of the service connection, where the connection tracking information indicates that the destination IP address of the downlink data packet from the first data network and belonging to the service connection is the first IP address.
- the network security setting can also identify the downlink data packet as belonging to the connection tracking information included in the service connection.
- the downlink data packet of the service connection that is, the downlink data packet belonging to the service connection, will be determined by the network security setting as the data packet belonging to the service connection initiated by the terminal, and the downlink data packet will not be terminated/discarded by the network security setting to ensure The terminal can visit the data network through the network equipment to realize the corresponding business.
- the security settings enabled by the network device can also identify the downlink data packets belonging to the service connection initiated by the terminal, and will not block the The service connection initiated by the terminal to the data network ensures that the terminal can access the data network to implement specific services.
- a communication device in a second aspect, includes units or means for performing the steps in the first aspect above.
- a communication device in a third aspect, includes a processor and an interface circuit.
- the processor is used to communicate with other devices through the interface circuit and execute the method provided in the first aspect above.
- a communication device in a fourth aspect, includes a processor connected to a memory and configured to call a program stored in the memory to execute the method provided in the first aspect.
- the memory may be located in the communication device or outside the communication device.
- a network device including the communication device provided in any of the above aspects.
- a network system including a terminal, a first data network, and the communication device/network equipment provided in any of the above aspects.
- the network system may further include a second data network, and the IP address of the terminal includes an IPV6 prefix configured by the second data network to the network device.
- a computer-readable storage medium for storing instructions.
- the instructions are executed by a processor of a communication device, the communication device realizes the method provided in the first aspect.
- a computer program is provided, when the computer program is executed by a processor, it is used to execute the method provided in the above first aspect.
- a computer program product may include the computer-readable storage medium provided in the seventh aspect, and the computer-readable storage medium includes the computer program provided in the eighth aspect.
- a chip in a tenth aspect, includes a processor for implementing the functions of the communication device provided in the foregoing aspects, for example, receiving or processing the data and/or information involved in the method of the foregoing first aspect .
- the chip also includes a memory for storing program instructions and/or data.
- the processor may be implemented by hardware or software.
- the processor may be a logic circuit, an integrated circuit, or the like.
- the processor can be a general-purpose processor, which can be implemented by reading the software code stored in the memory; where the memory can be integrated in the processor or located independently of the processor. exist.
- the number of processors included in the communication device may be one or more, and the number of memories may be one or more.
- the memory can be integrated with the processor, or the memory and the processor can be provided separately.
- the memory and the processor may be integrated on the same chip, or they may be separately arranged on different chips.
- the type of the memory and the setting mode of the memory and the processor are not limited.
- the process of information transmission or reception may be a process of sending and receiving information by the processor.
- the process of sending an uplink data packet may be the output of an uplink data packet from the processor;
- the process of receiving an uplink data packet may be the process of receiving an uplink data packet by the processor.
- the uplink data packet output by the processor may be output to the transmitter, and the uplink data packet received by the processor may come from the receiver.
- the transmitter and receiver can be collectively referred to as a transceiver.
- the source IP address of the uplink data packet from the terminal may be the second IP address, and the second IP address includes the second IPV6 prefix configured by the second data network to the network device.
- the communication device may perform IPv6-to-IPv6 Network Prefix Translation (NPTV6) on the second IP address according to the first IPv6 prefix to obtain the first IP address.
- NPTV6 IPv6-to-IPv6 Network Prefix Translation
- the communication device may also receive a downlink data packet from the first data network that belongs to the service connection, and modify the destination IP address of the downlink data packet to the source IP address of the uplink data packet from the terminal, and then forward The terminal sends the modified downlink data packet.
- a service connection can be established between the terminal and the data network and a specific service can be realized according to the service connection.
- the connection status of the connection tracking information may be set to the indication information indicating that the connection is successful.
- the first data network may include, but is not limited to, an internet protocol television (IPTV) network or a cloud virtual reality (cloud virtual reality, Cloud VR) network.
- IPTV internet protocol television
- Cloud VR cloud virtual reality
- the second data network may include but is not limited to the Internet.
- FIG. 1 is a schematic diagram of a business scenario to which the technical solution of the embodiment of the application is applicable.
- Figure 2 is a schematic diagram of the structure of an IP address including an IPV6 prefix.
- Fig. 3 is a flowchart of a communication method provided in an embodiment of the application.
- Fig. 4 is a schematic diagram of a communication process between a terminal and a data network in an embodiment of the application.
- FIG. 5 is a schematic structural diagram of a communication device provided in an embodiment of this application.
- FIG. 1 is a schematic diagram of a business scenario to which the technical solution of the embodiment of the application is applicable.
- the network device 10 can allocate a service set identifier (SSID), configure multiple Ethernet interfaces such as ETH0, ETH1, and ETH2, and configure multiple wide area network interfaces such as WAN0, WAN1, and WAN2.
- SSID service set identifier
- the network device 10 may be configured with more or fewer Ethernet interfaces, and more or less wide area network interfaces.
- the identification of the network interface and each WAN interface can be replaced with a real value.
- the network device 10 can be connected to one or more data networks for supporting specific services.
- the network device 10 may be connected to a data network used to support specific services such as the Internet, an IPTV network, and a Cloud VR network through multiple different WAN interfaces.
- Different data networks can be configured with different IPV6 prefixes to the network device 10, which can be specifically configured by upper-layer servers, network management devices, or other devices in the data network.
- the data network can maintain a route from the data network to the network device 10 according to its own IPV6 prefix configured to the network device.
- the data network can correspond to the IPV6 prefix Routing, sending the downlink data packet to the network device 10.
- a terminal equipped with a wireless communication module can be connected to the network device 10 according to the SSID allocated by the network device 10.
- mobile phones and virtual reality (VR) devices can be connected to the network device 10 according to the SSID allocated by the network device 10.
- a terminal equipped with an interface device for connecting a communication cable can be connected to the Ethernet interface of the network device 10 through a corresponding communication cable.
- a personal computer (PC) and a set-top box (STB) can be connected to the Ethernet interface of the network device 10 through a corresponding communication cable.
- the aforementioned various terminals may be directly connected to the network device 10, or may be connected to an access point (AP); wherein the AP may be connected to the network device 10 according to the SSID allocated by the network device 10, or through corresponding
- the communication cable is connected to the Ethernet interface of the network device 10.
- the terminal connected to the network device 10 may also be of other types, such as an augmented reality (AR) device.
- AR augmented reality
- the terminal can generate its own IP address according to one of the IPv6 prefixes configured by the network device 10.
- the IP address generated by the terminal may include a network part and an interface part.
- the interface part may include a 64-bit interface identifier generated by the terminal according to its own MAC address.
- the network part may include one of the IPv6 prefixes configured by the network device 10, and optionally may also include a 16-bit subnet identifier; for example, the network part may include a 16-bit subnet identifier and a 48-bit IPv6 prefix.
- the network device 10 can track the service connection and generate connection tracking information of the service connection (or referred to as a connection record item).
- the connection tracking information may include uplink connection information and downlink connection information, and may also include other information such as protocol type and protocol number.
- the uplink connection information may include at least the source IP address and the destination IP address of the uplink data packet from the terminal and belonging to the service connection; the downlink connection information may include at least the source IP of the downlink data packet that the network device 10 expects to receive and belongs to the service connection. Address and destination IP address.
- the uplink connection information and the downlink connection information may also include one or more other information.
- the uplink connection information may also include: the source port number and destination port number of the uplink data packet belonging to the TCP connection, and the downlink connection may also Including: the source port number and the destination port number of the downlink data packet that the network device 10 expects to receive and belongs to the service connection.
- TCP transmission control protocol
- the network device 10 may enable network security settings, where the network security settings may include, but are not limited to, a firewall or an application layer gateway (ALG).
- the network security setting can determine whether the downlink data packet belongs to the service connection initiated by the terminal according to the connection tracking information generated by the network device 10. For example, the connection information of the downlink data packet from the data network can be obtained.
- the connection information can include but is not limited to the source IP address and destination IP address of the downlink data packet;
- the downlink connection of a piece of connection tracking information is matched; if there is a piece of connection tracking information that has the same downlink connection information as the connection information of the downlink data packet, it means that the downlink data packet belongs to the business connection corresponding to the connection tracking information, and the corresponding It can be determined that the downlink data packet belongs to a service connection initiated by the terminal.
- the downlink data packet will be forwarded to the corresponding terminal by the network device 10; otherwise, the downlink data packet will be terminated/discarded by the network security settings, so that the downlink data packet is not It will be forwarded by the network device 10 to the corresponding terminal.
- the network device 10 can enable network security settings to allow service connections initiated by the terminal to the data network, and block the service connections initiated by the data network to the terminal, so as to realize the detection of downlink data packets from the data network that may be used to attack the terminal. Perform filtering to prevent intruders from using data networks to attack the terminal.
- the network device 10 needs to modify the source IP address of the upstream data packet with a new IP address, and the new IP address includes the IPV6 prefix configured by the data network to the network device 10. In this way, after the modified uplink data packet is sent to the data network, the data network can send the downlink data packet belonging to the service connection to the network device 10, where the destination IP address of the downlink data packet is the new IP address.
- the downlink connection information may indicate that the destination IP address of the downlink data packet of the service connection is the IP address of the terminal, that is, the network device 10 expects to receive and belongs to
- the destination IP address of the downlink data packet of the service connection is the IP address of the terminal.
- the destination IP address of the downlink data packet belonging to the service connection is the new IP address, and the network security settings cannot identify the downlink data packet belonging to the service connection or the service connection based on the connection tracking information of the service connection.
- the downlink data packet will be erroneously determined as a downlink data packet that does not belong to the service connection initiated by the terminal, resulting in the downlink data packet belonging to the service connection being terminated/discarded by the network security setting enabled by the network device.
- the network security setting needs to be turned off.
- the network device first receives the uplink data packet sent by the terminal to the data network, where the uplink data packet is used to request the establishment of a service connection. Then modify the source IP address of the upstream data packet to the first IP address, and send the modified upstream data packet to the data network, where the first IP address includes the IPV6 prefix configured by the data network to the network device; in addition, the network device
- the connection tracking information of the service connection may also be generated, where the connection tracking information indicates that the destination IP address of the downlink data packet from the data network and belonging to the service connection is the first IP address.
- the network security setting can identify the downlink data packet as a downlink data packet belonging to the service connection, or in other words, according to the indication of the connection tracking information of the service connection.
- the downlink data packet of the service connection will be determined by the network security setting as a data packet belonging to the service connection initiated by the terminal.
- the downlink data packet will not be terminated/discarded by the network security setting to ensure that the terminal can access the data network through the network device. Corresponding business.
- the security settings enabled by the network device can also identify the downlink data packets belonging to the service connection initiated by the terminal, and will not block the The service connection initiated by the terminal to the data network ensures that the terminal can access the data network to implement specific services.
- Fig. 3 is a flowchart of a communication method provided in an embodiment of the application. As shown in Figure 3, the method may at least include the following steps.
- Step 301 The network device receives the uplink data packet sent by the terminal to the data network.
- the source IP address of the uplink data packet may or may not include the IPV6 prefix configured by the data network to the network device, and the uplink data packet is used to request the establishment of a service connection.
- the service connection may include, but is not limited to, a TCP connection or a user datagram protocol (user datagram protocol, UDP) connection, for example, may also include a control message protocol (internet control message protocol, ICMP) connection.
- the source IP address of the upstream data packet is the IP address of the terminal.
- the data network may include, but is not limited to, the Internet, IPTV network, or Cloud VR network.
- Step 303 The network device modifies the source IP address of the uplink data packet to the first IP address, and sends the modified uplink data packet to the data network.
- the first IP address includes the IPV6 prefix configured by the data network to the network device.
- the data network is able to send the downlink data packet that belongs to the service connection and the destination IP address is the first IP address to the network device.
- Step 305 Generate connection tracking information of the service connection.
- the connection tracking information indicates that the destination IP address of the downlink data packet from the data network and belonging to the service connection is the first IP address.
- the network security setting can identify the downlink data packet belonging to the service connection according to the indication of the connection tracking information of the service connection, and will not terminate/discard the downlink data packet belonging to the service connection, so as to ensure that the terminal can access the data network to Realize the corresponding business.
- the network security settings enabled by the network device can also identify the downlink data packets belonging to the service connection initiated by the terminal, and will not block the The service connection initiated by the terminal to the data network ensures that the terminal can access the data network to implement specific services.
- the process of communication between the terminal and the data network will be exemplarily described below in conjunction with the business scenario shown in FIG. 1.
- the communication process between the STB and the IPTV network may include the following steps 401 to 411.
- other data networks may be used to replace the Internet and/or IPTV network in the embodiment shown in FIG. 4, and other types of terminals may be used to replace the STB, and a technical solution based on the same concept as the embodiment shown in FIG. 4 can be obtained.
- Step 401 The IPTV network configures a first IPV6 prefix on the network device, and the Internet configures a second IPV6 prefix on the network device.
- Step 402 The network device sends the second IPV6 prefix to the STB.
- network devices may be connected to multiple types of terminals, and multiple types of terminals may need to access the Internet, but there are only one or more specific types of terminals that need to access other data networks, resulting in data interaction between the network device and the Internet
- the number of packets is much larger than the number of data packets that the network device interacts with other data networks.
- the network device can modify the source IP address/destination IP address of a relatively small number of data packets.
- the two IPv6 prefixes are broadcast, so that the IP addresses generated by each terminal including the STB all include the second IPv6 prefix.
- Step 403 The STB generates its own IP address according to the second IPV6 prefix.
- the IP address generated by the STB may include a second IPV6 prefix and a 64-bit interface identifier, which is generated by the STB according to its own media access control (MAC) address.
- MAC media access control
- the IP address generated by the STB is referred to as the second IP address in the subsequent steps.
- Step 404 The STB sends an uplink data packet for requesting establishment of a service connection to the data network.
- the network device can identify whether the uplink data packet is an uplink data packet for requesting establishment of a service connection according to the payload (Payload) carried in the uplink data packet.
- the connection information of the uplink data packet can be obtained from the uplink data packet, such as obtaining the source IP address and destination IP address of the uplink data packet; then, according to the connection information, it is determined whether the uplink data packet already exists in the network device.
- the connection tracking information of the service connection to which the data packet belongs if not, it means that the uplink data packet is an uplink data packet used to request the establishment of a service connection.
- step 405 may be performed to determine the data network used to receive the uplink data packet according to the destination IP address of the uplink data packet.
- the uplink data packet can be transmitted to the Internet through the high-speed Internet (HSI) service traffic channel between the network device and the data network, and the network device will not be repeated here. 10 Related processing procedures for this uplink data packet.
- HIS high-speed Internet
- the network device may perform step 406 to convert the source IP address of the uplink data packet according to the first IPV6 prefix to obtain the first IP address.
- the source IP address (ie, the second IP address) of the uplink data packet can be NTPV6, that is, the source IP address of the uplink data packet can be converted based on the RFC6292 algorithm.
- the application layer checksum of the upstream data packet will not be changed, and there is no need to recalculate The application layer checksum of the modified upstream data packet.
- the interface part of the first IP address and the interface identifier of the second IP address are the same or highly similar, and the interface part of the first IP address can more accurately express the MAC address of the STB.
- the modified uplink data packet it is very easy to trace the source of the uplink data packet according to the interface part of the first IP address, which is helpful for quickly determining that the terminal sending the uplink data packet is the STB.
- the second IPV6 prefix configured by the Internet to the network device is 2015:2015:0:6a
- the first IPV6 prefix configured by the IPTV network to the network device is 2002:0:0:0
- the interface identifier generated by the STB is 6987 :9945:8ec1:1065.
- the source IP address of the upstream data packet sent by STB to the IPTV network is 2015:2015:0:6a:6987:9945:8ec1:1065.
- the network device replaces the source IP address of the upstream data packet from 2015:2015:0:6a:6987:9945:8ec1:1065 to 2002:0:0:0:8a19:9945:8ec1:1065, and The application layer checksum of the upstream data packet is not changed.
- the interface part "8a19:9945:8ec1:1065" of the first IP address has a high similarity with the interface identification "6987:9945:8ec1:1065", which is easy to locate and send uplink data packets according to the interface part of the first IP address STB.
- Step 407 The network device generates connection tracking information of the service connection.
- the downlink connection information of the connection tracking information may indicate that the destination IP address of the downlink data packet belonging to the service connection is the first IP address.
- the network device may also set the connection status of the connection tracking information to new (NEW), or in other words, set the connection status of the connection tracking information to indication information indicating a new connection.
- the destination IP address of the uplink connection information is the same as the source IP address of the downlink connection information.
- the source IP address of the uplink connection information is the source IP address of the uplink data packet from the terminal and belongs to the service connection, that is, the source IP address of the uplink connection information is the second IP address generated by the terminal;
- the destination IP address of the downlink connection information Is the source IP address of the modified uplink data packet, that is, the destination IP address of the downlink connection information is the first IP address generated by the network device.
- the network device can obtain the source IP address IP_1 and the destination IP address IP_2 of the uplink data packet, and the network device can obtain the first IP address by performing NPTV6 on IP_1. IP_3.
- the connection tracking information of the service connection generated by the network device is shown in Table 1 below.
- the destination IP address included in the uplink connection information and the source IP address included in the downlink connection information are both IP_2.
- the source IP address included in the uplink connection information is not the same as the destination IP address included in the downlink connection information; the source IP address included in the uplink connection information is the source IP address IP_1 of the uplink data packet from the terminal and belonging to the service connection ,
- the destination IP address included in the downlink connection information is the first IP address IP_3. That is, the downlink connection information indicates that the destination IP address of the downlink data packet that the network device expects to receive and belongs to the service connection is IP_3.
- the NPTV6/RFC6292 algorithm can be embedded in the network device to realize the function module for connection tracking of the service connection, so that in the connection tracking information generated by the network device, the destination IP address included in the downlink connection information is the use of NPTV6/
- the RFC6292 algorithm converts the terminal's IP address to the first IP address, so that the network device can enable the network security setting to block the service connection initiated by the data network.
- the network device can be compatible with various application layer security technologies such as firewall, ALG, and port mapping.
- Step 408 The network device modifies the source IP address of the upstream data packet to the first IP address, and sends the modified upstream data packet to the IPTV network.
- the uplink data packets sent by the terminal to the IPTV network that is, the IPTV service traffic, can be transmitted to the IPTV network through the IPTV service traffic channel between the network device 10 and the IPTV network.
- Step 409 The network device receives the downlink data packet belonging to the service connection sent by the IPTV network to the network device.
- the destination IP address of the downlink data packet belonging to the service connection is the first IP address.
- Step 410 The network device determines whether the connection tracking information of the service connection to which the downlink data packet belongs already exists.
- the network device may obtain connection information from the data network, where the connection information may at least include the source IP address and the destination IP address of the downlink data packet. If in each piece of connection tracking information generated by the network device, there is a piece of connection tracking information whose downlink connection information is the same as the connection information of the downlink data packet, it can be determined that the piece of connection tracking information is the connection of the service connection to which the downlink data packet belongs Tracking information, or connection tracking information that determines that the service connection to which the downlink data packet belongs already exists.
- the network security setting enabled by the network device can determine that the downlink data packet belongs to the downlink data packet of the service connection initiated by the terminal. The network security setting will not terminate/discard the downlink data packet.
- the network device can perform the following steps 411 and 412.
- Step 411 Set the connection status of the connection tracking information of the service connection to which the downlink data packet belongs to the indication information indicating that the connection is successful. For example, set the indication information of the connection tracking information from NEW to ESTABLISHED.
- the connection status of the connection tracking information of the service connection to which the downlink data packet belongs is set as the indication information indicating that the connection is successful, so that the network is safe
- the setting can sense that the STB has successfully established a service connection with the IPTV network.
- Step 412 Modify the destination IP address of the downlink data packet to the second IP address, and send the modified downlink data packet to the STB.
- the network device may modify the destination IP address of the downlink data packet according to the connection tracking information of the service connection to: the source IP address included in the uplink connection information of the connection tracking information of the service connection.
- the network device may register the correspondence between the first IP address and the second IP address in a Network Address Translation (NAT) table, and according to the correspondence recorded in the NAT table, the destination IP address of the downlink data packet may be changed from The first IP address is modified to the second IP address.
- NAT Network Address Translation
- an embodiment of the present application also provides a communication device 500 that includes units or means for implementing each step performed by a network device in any of the above methods. .
- the communication device 500 may include: a receiving unit 501, configured to receive an uplink data packet sent by the terminal to the first data network, where the uplink data packet is used to request the establishment of a service connection.
- the processing unit 502 is configured to modify the source IP address of the uplink data packet to a first IP address, where the first IP address includes the first IPV6 prefix configured by the first data network to the network device; and is also used to generate the service connection
- the connection tracking information of the connection tracking information indicates that the destination IP address of the downlink data packet from the first data network and belonging to the service connection is the first IP address.
- the sending unit 503 is configured to send the modified uplink data packet to the first data network.
- each unit in the communication device can all be implemented in the form of software called by processing elements; they can also be all implemented in the form of hardware; part of the units can also be implemented in the form of software called by the processing elements, and some of the units can be implemented in the form of hardware.
- each unit can be a separately established processing element, or it can be integrated in a certain chip of the device for implementation.
- it can also be stored in the memory in the form of a program, and the unit can be called and executed by a certain processing element of the communication device. Function.
- each step of the foregoing method or each of the above units may be implemented by an integrated logic circuit of hardware in a processor element or implemented in a form of being called by software through a processing element.
- the unit in any one of the above communication devices may be one or more integrated circuits configured to implement the above method, for example: one or more specific integrated circuits (ASIC), or one Or multiple microprocessors (digital signal processors, DSPs), or, one or more Field Programmable Gate Arrays (Field Programmable Gate Arrays, FPGAs), or a combination of at least two of these integrated circuits.
- ASIC specific integrated circuits
- DSPs digital signal processors
- FPGAs Field Programmable Gate Arrays
- the unit in the communication device can be implemented in the form of a processing element scheduler
- the processing element can be a general-purpose processor, such as a central processing unit (CPU) or other processors that can call programs.
- CPU central processing unit
- these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).
- the above receiving unit is an interface circuit of the communication device for receiving signals from other devices.
- the receiving unit is an interface circuit used by the chip to receive signals from other chips or devices.
- the above unit for sending is an interface circuit of the communication device for sending signals to other devices.
- the sending unit is an interface circuit used by the chip to send signals to other chips or devices.
- the unit for the network device to implement each step in the above method can be implemented in the form of a processing element scheduler.
- the device for the network device includes a processing element and a storage element, and the processing element calls the program stored by the storage element to Perform the method performed by the network device in the above method embodiment.
- the storage element may be a storage element with the processing element on the same chip, that is, an on-chip storage element, or a storage element on a different chip from the processing element, that is, an off-chip storage element.
- the units for the network equipment to implement each step in the above method can be integrated together and implemented in the form of a system-on-chip.
- the baseband device includes an SOC chip for implementing the method performed by the above network equipment.
- At least one processing element and a storage element can be integrated in the chip, and the processing element can call the stored program of the storage element to implement the method executed by the above network device; or, at least one integrated circuit can be integrated in the chip to implement the above network The method executed by the device; or, it can be combined with the above implementations.
- the functions of some units are implemented in the form of calling programs by processing elements, and the functions of some units are implemented in the form of integrated circuits.
- the above communication apparatus for a network device may include at least one processing element and an interface circuit, wherein at least one processing element is used to execute any of the methods provided in the above method embodiments that are executed by the network device.
- the processing element can execute part or all of the steps executed by the network device in the first way: calling the program stored in the storage element; or in the second way: combining instructions through the integrated logic circuit of the hardware in the processor element Part or all of the steps performed by the network device are executed in the method; of course, part or all of the steps executed by the network device above can also be executed in combination with the first method and the second method.
- the processing element here is the same as the above description, and it can be a general-purpose processor, such as a CPU, or can be configured as one or more integrated circuits, such as: one or more ASICs, or, one or more microprocessors DSP, or , One or more FPGAs, etc., or a combination of at least two of these integrated circuit forms.
- a general-purpose processor such as a CPU
- integrated circuits such as: one or more ASICs, or, one or more microprocessors DSP, or , One or more FPGAs, etc., or a combination of at least two of these integrated circuit forms.
- the storage element can be a memory or a collective term for multiple storage elements.
- the embodiments of the present application also provide an IPV6 network communication system, including a terminal, a data network, and the communication device/network equipment provided in any of the embodiments of the present application.
- the communication system may include one or more terminals of the same or different types, and include one or more data networks each used to support the realization of different services.
- A/B can mean A or B.
- the "and/or” in this application is only an association relationship describing the associated objects, which means that there can be three kinds of relationships; for example, A and/or B can mean: A alone exists, A and B exist at the same time, exist alone B these three situations.
- a and/or B can mean: A alone exists, A and B exist at the same time, exist alone B these three situations.
- a device means to one or more such devices.
- At least one of means one or any combination of subsequent associated objects, for example, "at least one of A, B, and C” includes A, B, C , AB, AC, BC, or ABC, etc. Determining Y based on X does not mean that Y is determined only based on X. Y can also be determined based on X and other information.
- first and second are only used for descriptive purposes, and cannot be understood as indicating or implying relative importance or implicitly indicating the number of indicated technical features. Therefore, the features defined with “first” and “second” may explicitly or implicitly include one or more of these features.
- the terms “including”, “including”, “having” and their variations all mean “including but not limited to” unless otherwise specifically emphasized.
- the size of the sequence number of the above-mentioned processes does not mean the order of execution.
- the execution order of the processes should be determined by their functions and internal logic, and should not be dealt with.
- the implementation process of the embodiments of this application constitutes any limitation.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
源IP地址 | 目的IP地址 | |
上行连接信息 | IP_1 | IP_2 |
下行连接信息 | IP_2 | IP_3 |
Claims (11)
- 一种IPV6网络通信方法,其特征在于,应用于网络设备,包括:接收终端向第一数据网络发送的上行数据包;其中,所述上行数据包用于请求建立业务连接;将所述上行数据包的源互联网协议IP地址修改为第一IP地址,并向所述第一数据网络发送修改后的所述上行数据包;其中,所述第一IP地址包括所述第一数据网络向所述网络设备配置的第一互联网协议第六版IPV6前缀;以及,生成所述业务连接的连接跟踪信息;其中,所述连接跟踪信息指示了来自所述第一数据网络并且属于所述业务连接的下行数据包的目的IP地址为所述第一IP地址。
- 根据权利要求1所述的方法,其特征在于,所述上行数据包的源IP地址为第二IP地址,所述第二IP地址包括第二数据网络向所述网络设备配置的第二IPV6前缀;在所述将所述上行数据包的源IP地址修改为第一IP地址之前,所述方法还包括:根据所述第一IPV6前缀,对所述第二IP地址进行IPV6至IPV6网络前缀转换NPTV6,得到第一IP地址。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:接收来自所述第一数据网络并且属于所述业务连接的下行数据包;将所述下行数据包的目的IP地址修改为所述上行数据包的源IP地址;以及,将所述连接跟踪信息的连接状态置为表示连接成功的指示信息;向所述终端发送修改后的所述下行数据包。
- 根据权利要求2或3所述的方法,其特征在于,所述第一数据网络包括互联网协议电视IPTV网络或云虚拟现实VR网络;所述第二数据网络包括互联网。
- 一种通信装置,其特征在于,包括:接收单元,用于接收终端向第一数据网络发送的上行数据包;其中,所述上行数据包用于请求建立业务连接;处理单元,用于将所述上行数据包的源互联网协议IP地址修改为第一IP地址;其中,所述第一IP地址包括所述第一数据网络向网络设备配置的第一互联网协议第六版IPV6前缀;所述处理单元,还用于生成所述业务连接的连接跟踪信息;其中,所述连接跟踪信息指示了来自所述第一数据网络并且属于所述业务连接的下行数据包的目的IP地址为所述第一 IP地址;发送单元,用于向所述第一数据网络发送修改后的所述上行数据包。
- 根据权利要求5所述的通信装置,其特征在于,所述上行数据包的源IP地址为第二IP地址,所述第二IP地址包括第二数据网络向所述网络设备配置的第二IPV6前缀;所述处理单元,还用于根据所述第一IPV6前缀,对所述第二IP地址进行IPV6至IPV6网络前缀转换NPTV6,得到第一IP地址。
- 根据权利要求5所述的通信装置,其特征在于,所述接收单元,还用于接收来自所述第一数据网络并且属于所述业务连接的下行数据包;所述处理单元,还用于将所述下行数据包的目的IP地址修改为所述上行数据包的源IP地址;以及,将所述连接跟踪信息的连接状态置为表示连接成功的指示信息;所述发送单元,还用于向所述终端发送修改后的所述下行数据包。
- 根据权利要求6或7中任一所述的通信装置,其特征在于,所述第一数据网络包括互联网协议电视IPTV网络或云虚拟现实VR网络;所述第二数据网络包括互联网。
- 一种通信装置,其特征在于,包括处理器和接口电路,所述处理器用于通过所述接口电路与其它装置通信,并执行权利要求1至4中任一项所述的方法。
- 一种IPV6网络系统,其特征在于,包括终端、第一数据网络以及权利要求5至9中任一项所述的通信装置。
- 一种计算机可读存储介质,用于存储指令,其特征在于,当所述存储的指令被通信装置的处理器执行时,使得该通信装置实现1至4中任一项所述的方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022579034A JP2023530190A (ja) | 2020-06-22 | 2021-06-03 | IPv6ネットワーク通信方法、装置、及びシステム |
KR1020237001765A KR20230026424A (ko) | 2020-06-22 | 2021-06-03 | IPv6 네트워크 통신 방법, 장치 및 시스템 |
EP21828119.4A EP4156626A4 (en) | 2020-06-22 | 2021-06-03 | IPV6 NETWORK COMMUNICATION METHOD, APPARATUS AND SYSTEM |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010575876.4 | 2020-06-22 | ||
CN202010575876.4A CN113923186A (zh) | 2020-06-22 | 2020-06-22 | Ipv6网络通信方法、装置及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021259032A1 true WO2021259032A1 (zh) | 2021-12-30 |
Family
ID=79231233
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/098155 WO2021259032A1 (zh) | 2020-06-22 | 2021-06-03 | Ipv6网络通信方法、装置及系统 |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP4156626A4 (zh) |
JP (1) | JP2023530190A (zh) |
KR (1) | KR20230026424A (zh) |
CN (1) | CN113923186A (zh) |
WO (1) | WO2021259032A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115022334A (zh) * | 2022-05-13 | 2022-09-06 | 深信服科技股份有限公司 | 流量分配方法、装置、电子设备及存储介质 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115550318A (zh) * | 2022-09-26 | 2022-12-30 | Oppo广东移动通信有限公司 | IPv6地址配置方法及装置、设备、存储介质 |
CN116668408B (zh) * | 2023-08-01 | 2023-10-13 | 华中科技大学 | 一种IPv6容器云平台真实地址编码验证与溯源方法及系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100290478A1 (en) * | 2009-05-12 | 2010-11-18 | Futurewei Technologies, Inc. | Using Internet Protocol Version Six (IPv6) Tunnel for Access Identifier Transport |
CN106464744A (zh) * | 2014-05-13 | 2017-02-22 | 瑞典爱立信有限公司 | 用于提供ip地址转换服务的系统和方法 |
CN106888450A (zh) * | 2016-11-09 | 2017-06-23 | 中国移动通信有限公司研究院 | 信息处理方法及装置 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100303027A1 (en) * | 2008-06-13 | 2010-12-02 | Media Patents, S.L. | Method for sending data packets in a data network during handover of a mobile node |
US9713066B2 (en) * | 2015-03-02 | 2017-07-18 | Qualcomm Incorporated | Mobile access point connection switching |
EP3310015A1 (en) * | 2016-10-11 | 2018-04-18 | Secucloud GmbH | Network filtering using router connection data |
-
2020
- 2020-06-22 CN CN202010575876.4A patent/CN113923186A/zh active Pending
-
2021
- 2021-06-03 WO PCT/CN2021/098155 patent/WO2021259032A1/zh unknown
- 2021-06-03 JP JP2022579034A patent/JP2023530190A/ja active Pending
- 2021-06-03 EP EP21828119.4A patent/EP4156626A4/en active Pending
- 2021-06-03 KR KR1020237001765A patent/KR20230026424A/ko unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100290478A1 (en) * | 2009-05-12 | 2010-11-18 | Futurewei Technologies, Inc. | Using Internet Protocol Version Six (IPv6) Tunnel for Access Identifier Transport |
CN106464744A (zh) * | 2014-05-13 | 2017-02-22 | 瑞典爱立信有限公司 | 用于提供ip地址转换服务的系统和方法 |
CN106888450A (zh) * | 2016-11-09 | 2017-06-23 | 中国移动通信有限公司研究院 | 信息处理方法及装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4156626A4 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115022334A (zh) * | 2022-05-13 | 2022-09-06 | 深信服科技股份有限公司 | 流量分配方法、装置、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN113923186A (zh) | 2022-01-11 |
EP4156626A1 (en) | 2023-03-29 |
JP2023530190A (ja) | 2023-07-13 |
EP4156626A4 (en) | 2023-09-27 |
KR20230026424A (ko) | 2023-02-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021259032A1 (zh) | Ipv6网络通信方法、装置及系统 | |
US11018892B2 (en) | Broadband remote access server (BRAS) system-based packet encapsulation | |
US7996894B1 (en) | MAC address modification of otherwise locally bridged client devices to provide security | |
WO2020253631A1 (zh) | Ip地址的配置方法、设备及系统 | |
WO2019205952A1 (zh) | 一种信息处理方法及装置 | |
EP2536092A1 (en) | Method and device for port mapping, and communications system | |
US8706908B2 (en) | System, method and apparatus for media access control (MAC) address proxying | |
WO2018126692A1 (zh) | 数据传输的控制方法和设备 | |
WO2010139194A1 (zh) | 具有IPv4应用的主机进行通信的方法及设备 | |
WO2021052399A1 (zh) | 接口扩展方法、装置和系统 | |
WO2011044808A1 (zh) | 一种匿名通信的溯源方法及系统 | |
WO2020038325A1 (zh) | 网络接入方法、无线终端接入设备以及下接设备 | |
US20170041226A1 (en) | Method and system for forwarding internet protocol (ip) data packets at a multiple wan network gateway | |
WO2021027858A1 (zh) | Rlc信道确定方法和装置 | |
WO2011035615A1 (zh) | 一种数据传输方法、系统及装置 | |
WO2011107052A2 (zh) | 一种防止地址冲突的方法及接入节点 | |
US9503276B2 (en) | Method and system to reduce wireless network packets for centralised layer two network | |
US10686730B2 (en) | Function-expandable wired network device | |
WO2012041168A1 (zh) | 用于IPv6网络的网络连接处理方法及其装置 | |
CN108989173B (zh) | 一种报文传输的方法及装置 | |
WO2021190075A1 (zh) | 策略的传输方法及装置、网络传输系统 | |
WO2023078144A1 (zh) | 报文处理方法、装置及系统 | |
EP4387189A1 (en) | Packet forwarding method, apparatus, device, and storage medium | |
CN110505137B (zh) | 功能扩展式有线网络装置 | |
US20240214307A1 (en) | Methods and apparatuses for controlling traffic flow in a network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21828119 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2022579034 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2021828119 Country of ref document: EP Effective date: 20221220 |
|
ENP | Entry into the national phase |
Ref document number: 20237001765 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |