CN102457580B - NAT through method and system - Google Patents
NAT through method and system Download PDFInfo
- Publication number
- CN102457580B CN102457580B CN201010510328.XA CN201010510328A CN102457580B CN 102457580 B CN102457580 B CN 102457580B CN 201010510328 A CN201010510328 A CN 201010510328A CN 102457580 B CN102457580 B CN 102457580B
- Authority
- CN
- China
- Prior art keywords
- communication
- turn
- node
- message
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of NAT through method and system. The method includes: communication initiates node according to the mailing address of communications reception node obtained and the first authentication information, initiates the first unidirectional connectivity test from self communication address to the mailing address of communications reception node; And the result according to the first unidirectional connectivity test, it is selected to the mailing address pair intercomed mutually. The present invention can be applied to cannot be carried out offer/response or scene that offer/response cost is big.
Description
Technical Field
The present invention relates to a Network Address Translation (NAT) traversal technology, and in particular, to a NAT traversal method and system.
Background
ICE (interactive connectivity establishment) is a standard of a NAT traversal solution established by IETF (internet engineering task force), and by using the ICE, a connection can be established for two nodes blocked by the NAT, and the ICE also has a function of traversing a firewall. ICE comprehensively utilizes NAT traversal protocols such as STUN (SimpleTraversalofUDPoverNATs, UDP simple traversal of NAT) and TURN (TraversalUsingRelayNAT, NAT traversal by relay mode); the TURN protocol is used for relaying, and the TURN server can allocate relay addresses to nodes and relay messages for the nodes allocated with the relay addresses.
As shown in fig. 1, the flow of the prior art ICE includes:
step 101, a node A collects a communication address of the node A;
the communication address may be: one or more of a host address, a reflection address, a relay address, an NAT auxiliary address, and a UDP (user datagram protocol) tunnel address; one or more of each communication address can be collected;
102, the node A sends a providing message carrying a self communication address and a STUN user name fragment 1 to a third-party node;
103, the third party node forwards the providing message carrying the communication address of the node A and the STUN user name fragment 1 to the node B;
step 104, the node B collects the communication address of the node B;
step 105, the node B sends a response message carrying the self communication address, the STUN user name fragment 2 and the STUN password to a third-party node;
wherein the STUN password is determined by the communication receiving node; in this example, decided by the node B;
step 106, the third party node forwards the response message carrying the communication address of the node B, the STUN user name fragment 2 and the STUN password to the node A;
optionally, the node a directly sends the provided message carrying the self communication address and the STUN user name fragment 1 to the node B, and correspondingly, the node B directly sends the response message carrying the self communication address, the STUN user name fragment 2 and the STUN password to the node a without forwarding through a third-party node;
step 107, performing an ICE connectivity test between the node A and the node B;
in step 108, the node A selects a communication address pair capable of communicating with each other according to the ICE connectivity test result, and a pair of communication address pairs comprises a communication address of the node A and a communication address of the node B.
As can be seen from fig. 1, the ICE flow mainly includes three steps of collecting the own communication address, exchanging communication address and authentication information in offer/answer mode, and testing ICE connectivity; wherein, the authentication information of the node A refers to a STUN user name fragment 1; the authentication information of the node B refers to a STUN user name fragment 2 and a STUN password; the ICE connectivity test employs a stunting request message. ICE requires that two nodes must be able to exchange communication addresses and authentication information in an offer/answer manner (steps 102, 103, 105, 106) either directly or through a third party node, which is a very important process in ICE, by which the exchanged communication addresses and authentication information are used for subsequent ICE connectivity tests. In addition, as shown in fig. 3, if the TURN protocol is used to implement NAT traversal, exchanging the communication address and the authentication information in the providing/responding manner triggers the TURN server serving the communication receiving node to add the communication address of the initiating node to the forwarding right list (step 305) and 306), and when the TURN message encapsulated with the stunting request message for ICE connectivity test is sent to the TURN server, the TURN server needs to check the right based on the IP address, and then forward the message after the check is passed.
FIG. 2 illustrates one example of an ICE connectivity test (step 107); as shown in fig. 2, the ICE connectivity test using STUN check specifically includes:
step 207, the node A sends a stunning request message to the node B, wherein the stunning request message comprises a STUN user name fragment 1 connection 2 and a STUN password;
as can be seen from fig. 2, in the ICE connectivity test, the username in the stunning request message is formed by splicing STUN username segments provided by both communication parties, and the STUN password is determined by the communication receiving node;
step 208-.
The steps 201-206 in the flow shown in fig. 2 are the same as the steps 101-106 in fig. 1, and therefore, the description thereof is omitted here.
FIG. 3 shows an example of an ICE connectivity test (step 107); as shown in fig. 3, the ICE connectivity test using TURN check specifically includes:
step 309, the node A sends a stunning request message to the TURN server, wherein the stunning request message comprises a STUN user name fragment 1 connection 2 and a STUN password;
step 310-;
step 312-;
step 314-.
The steps 301-304 and 307-308 in the flow shown in FIG. 3 are the same as the steps 101-106 in FIG. 1, and therefore are not described herein again.
As mentioned above, ICE requires that two nodes must be able to exchange communication addresses and authentication information in a offer/answer manner, either directly or through a third party node, which is a very important process in ICE; however, in some scenarios, the provision/response between two nodes cannot be performed or is costly, and therefore, ICE cannot be adopted. For example, in a P2P (peer-to-peer) content distribution system, a peer node can obtain communication addresses of a plurality of other nodes from a tracking server (tracker), but the tracker does not forward offer/response messages between nodes, so that two peer nodes cannot exchange communication addresses and authentication information in an offer/response manner. Accordingly, there is a need for improvements to ICE for scenarios where offers/answers are not available or costly.
Disclosure of Invention
The present invention is proposed for a scenario that an ICE in the prior art cannot be applied to providing/responding or having a high providing/responding cost, and therefore, a main object of the present invention is to provide a method and a system for NAT traversal to solve the above problems.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a NAT traversal method comprises the following steps:
the communication initiating node initiates a first one-way communication test from the communication address of the communication initiating node to the communication address of the communication receiving node according to the obtained communication address of the communication receiving node and the first authentication information; and selecting a communication address pair capable of communicating with each other according to the result of the first one-way connectivity test.
Further, the first one-way connectivity test comprises:
the communication initiating node sends a STUN binding request message from the communication address of the communication initiating node to the communication address of the communication receiving node, wherein the STUN binding request message contains the first authentication information;
the communication receiving node checks the first authentication information in the received STUN binding request message, and returns a STUN binding response message to the communication initiating node after the check is passed.
Further, the first one-way connectivity test comprises:
the method comprises the steps that a communication initiating node sends a TURN message encapsulated with a STUN binding request message from a communication address of the communication initiating node to an address of a TURN server serving a communication receiving node, wherein the STUN binding request message comprises first authentication information, and the TURN message comprises a TURN password or certificate;
the TURN server verifies the TURN password or certificate in the received TURN message, adds the communication address of the communication initiating node into a forwarding authority list after the verification is passed, and forwards the TURN message encapsulated with the STUN binding request message to a communication receiving node;
the communication receiving node extracts the STUN binding request message in the received TURN message, verifies the first authentication information in the STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
when the TURN server verifies that the forwarding destination address of the TURN message in which the STUN binding response message is encapsulated is in the forwarding authority list, the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node.
Further, the first one-way connectivity test comprises:
the communication initiating node sends a STUN binding request message from the communication address of the communication initiating node to the address of a TURN server serving a communication receiving node, wherein the STUN binding request message contains the first authentication information;
the TURN server encapsulates the received STUN binding request message in the TURN message and forwards the TURN message to a communication receiving node;
the communication receiving node extracts the STUN binding request message in the received TURN message, verifies the first authentication information in the STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node.
Further, the first one-way connectivity test comprises:
the method comprises the steps that a communication initiating node requests a TURN server serving a communication receiving node to add a forwarding authority of a communication address of the communication initiating node, and after the TURN server adds the communication address of the communication initiating node to a forwarding authority list, the communication initiating node sends a STUN binding request message to the address of the TURN server from the communication address of the communication initiating node, wherein the STUN binding request message comprises first authentication information;
when the TURN server verifies that the source address of the STUN binding request message is in the forwarding authority list, encapsulating the STUN binding request message in the TURN message and forwarding the TURN message to a communication receiving node;
the communication receiving node extracts the STUN binding request message in the received TURN message, verifies the first authentication information in the STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
when the TURN server verifies that the forwarding destination address of the TURN message in which the STUN binding response message is encapsulated is in the forwarding authority list, the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node.
Further, the first authentication information includes a STUN user name and a STUN password decided by the communication receiving node.
After the communication initiating node selects a communication address pair capable of communicating with each other, the method further comprises:
the communication initiating node and the communication receiving node exchange communication addresses of both parties and second authentication information in a providing/responding mode by taking a communication address pair capable of communicating with each other as a communication path;
according to the communication address and the second authentication information of the opposite side, the communication initiating node and the communication receiving node carry out two-way communication test;
and the communication initiating node or the communication receiving node selects a communication address pair capable of communicating mutually according to the result of the bidirectional connectivity test.
After the communication initiating node selects a communication address pair capable of communicating with each other, the method further comprises:
the communication initiating node and the communication receiving node exchange communication addresses of both parties and second authentication information in a providing/responding mode by taking a communication address pair capable of communicating with each other as a communication path;
according to the obtained communication address of the opposite side and the second authentication information, the communication receiving node initiates a second one-way connectivity test;
and the communication initiating node or the communication receiving node selects a communication address pair capable of communicating mutually according to the result of the second one-way connectivity test.
Further, the communication initiating node obtains the communication address and the first authentication information of the communication receiving node from the third party node or the communication receiving node.
A NAT traversal system, comprising: a communication initiating node and a communication receiving node; wherein,
the communication initiating node is used for initiating a first one-way communication test from the communication address of the communication initiating node to the communication address of the communication receiving node according to the obtained communication address of the communication receiving node and the first authentication information; and selecting a communication address pair capable of communicating with each other according to the result of the first one-way connectivity test.
Further, the first authentication information includes a STUN user name and a STUN password decided by the communication receiving node.
Further, the communication initiating node is further configured to obtain the communication address and the first authentication information of the communication receiving node from the third party node or the communication receiving node.
According to the technical scheme, the existing ICE is improved, specifically, the communication initiating node obtains the communication address pair capable of communicating with each other through the first one-way connectivity test according to the communication address and the first authentication information of the communication receiving node, the communication address pair is used for communication needed by both sides, and therefore the improved ICE can be applied to scenes that providing/answering cannot be carried out or providing/answering cost is high.
Drawings
FIG. 1 is a schematic flow diagram of a prior art ICE;
FIG. 2 is a schematic flow chart of an ICE connectivity test using STUN verification in the prior art;
FIG. 3 is a schematic flow chart of an ICE connectivity test using TURN verification in the prior art;
FIG. 4 is a schematic flow diagram of an improved ICE of the present invention;
FIG. 5 is a flowchart illustrating a first embodiment of a first uni-directional connectivity test of the present invention;
FIG. 6 is a flowchart illustrating a second embodiment of a first uni-directional connectivity test of the present invention;
FIG. 7 is a flowchart illustrating a third embodiment of a first uni-directional connectivity test of the present invention;
fig. 8 is a flowchart illustrating a fourth embodiment of the first unidirectional connectivity test of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and examples.
As shown in fig. 4, the improved ICE process of the present invention includes:
step 401, the node B collects the communication address of itself;
the communication addresses collected may be: one or more of host address, reflection address, relay address, NAT auxiliary address and UDP tunnel address; one or more of each communication address can be collected;
step 402, the node A obtains the communication address of the node B and the first authentication information from the third party node or the node B;
the third-party node obtains the communication address of the node B and the first authentication information from the node B in advance;
the first authentication information comprises a STUN user name and a STUN password decided by the node B; in the prior art, the STUN user name used for verification is formed by splicing STUN user name fragments provided by two communication parties, and in the invention, the STUN user name used for verification is directly determined by a communication receiving node; in addition, the STUN password is also determined by the communication receiving node;
step 403, according to the obtained communication address of the node B and the first authentication information, the node a initiates a first one-way connectivity test from the communication address of the node a to the communication address of the node B, so as to test the connectivity between the communication address of the node a and the communication address of the node B;
before a first one-way connectivity test is carried out, a node A collects a communication address of the node A; the communication addresses collected may be: one or more of host address, reflection address, relay address, NAT auxiliary address and UDP tunnel address; one or more of each communication address can be collected;
step 404, the node A selects a communication address pair capable of communicating with each other for subsequent communication between the two parties according to the result of the first one-way connectivity test; wherein, a pair of communication address pairs comprises a communication address of each of the two parties;
each of the node a and the node B has at least one communication address, so that at least one pair of communication addresses can be tested; if at least one communication address pair passes the test, the node A can obtain at least one communication address pair for the subsequent communication of the two parties;
step 405, using the communication address pair capable of communicating with each other as the communication path, the node a and the node B exchange the communication addresses of both parties and the second authentication information in a providing/answering manner;
here, the meaning of the second authentication information is the same as that mentioned in the background art;
since the node a has obtained a communication address pair capable of communicating with each other in step 404, the node a and the node B may exchange communication addresses of both parties and second authentication information using the pair of communication address pairs as a communication path;
step 406, according to the communication address and the second authentication information of the other party obtained by each node, the node A and the node B perform a two-way connectivity test; or the node B initiates a second one-way connectivity test from the communication address of the node B to the communication address of the node A;
the bidirectional connectivity test refers to testing the connectivity from the communication address of the node B to the communication address of the node A and the connectivity from the communication address of the node A to the communication address of the node B;
the second one-way connectivity test initiated by the node B is used for testing the connectivity from the communication address of the node B to the communication address of the node A;
step 407, the node a or the node B selects at least one pair of communication address pairs capable of communicating with each other for subsequent communication between the two parties according to the result of the connectivity test in the previous step.
Step 405 and 407 conform to the current ICE standard flow, similar to the flow shown in fig. 2 and 3. These three steps are optional because in step 404, the communication address pair is obtained by the first one-way connectivity test from node a to node B, and is not necessarily the preferred communication address pair; if the communication address pair obtained in step 404 is not considered to be superior, steps 405 and 406 may be performed in an attempt to obtain a more superior communication address pair. A bi-directional connectivity test or a peerB to peerA connectivity test may find a better communication path, such as one that does not use a relay address, because it does not pass through a relay node. Sometimes, a preferred communication address fails the test for a forward connection, and the test for a reverse or bidirectional connection does. For example, node a has a public network address, and is not behind NAT, but node B is behind strict NAT, then the unidirectional connectivity test from node a to node B can only find one usable communication address pair (host address of node a, relay address of node B) finally, and at this time, the communication path needs to pass through the relay node. If the connectivity test is from node B to node a, the reflected address from node B can reach the host address of node a without going through a relay. For another example, "NAT holing", some communication paths need both parties to initiate connectivity test, and only in bidirectional test, the connectivity test is conducted.
In addition, the ICE classifies connectivity testing into two categories, normal connectivity testing and triggered connectivity testing. The common one-way connectivity test from the node A to the node B may trigger the trigger connectivity test from the node B to the node A; a normal one-way connectivity test from node B to node a may trigger a trigger connectivity test from node a to node B. The first and second unidirectional connectivity tests referred to in the above steps are referred to as normal connectivity tests.
FIG. 5 shows a first embodiment of a first one-way connectivity test (step 403); as shown in fig. 5, the first unidirectional connectivity test using STUN verification specifically includes (mainly refer to steps 502 and 504):
step 501, the node A obtains the communication address of the node B, and the STUN user name and the STUN password determined by the node B from a third-party node or the node B;
step 502, node a sends a stunting request message from a communication address of itself to a communication address of node B to test the connectivity between the two communication addresses; the stunning request message includes the STUN user name and STUN password obtained by the node a in step 501;
step 503, step 504, after receiving the stunning request message, the node B checks the STUN user name and STUN password in the stunning request message; after the check is passed, the node B returns a stunting response message to the node A, which indicates that the two communication addresses can be communicated;
the node B checks the STUN user name and the STUN password of the stunning request message, namely, whether the STUN user name and the STUN password in the stunning request message accord with the existing STUN user name and STUN password.
FIG. 6 shows a second embodiment of a first one-way connectivity test (step 403); as shown in fig. 6, the first one-way connectivity test using TURN password verification specifically includes (mainly refer to steps 602 and 607):
step 601, the node A obtains the communication address of the node B, the STUN user name and the STUN password determined by the node B and the TURN password from a third party node or the node B;
wherein the TURN password is set by the TURN server and obtained by the node B from the TURN server;
step 602, the node a sends the TURN message encapsulated with the stunting request message from a communication address of itself to a relay address of the node B, that is, an address of a TURN server served by the node B, so as to perform a connectivity test;
the stunning request message contains the STUN user name and STUN password obtained by the node a in step 601; the TURN message contains the TURN password obtained by node a in step 601;
step 603-; at this time, the TURN message does not contain the TURN password;
the TURN server checks the TURN password in the TURN message to verify whether the TURN password is consistent with the TURN password set by the TURN server;
step 605-; after the verification is passed, the node B returns a TURN message encapsulated with a stunting response message to the TURN server;
step 607-; after the verification is passed, the TURN server extracts the stunning response message from the TURN message and forwards the stunning response message to the node A.
The TURN server checking the forwarding destination address of the TURN message means checking whether the forwarding destination address of the TURN message, i.e., the communication address of the node a is in the forwarding authority list.
Alternatively, in step 602, the TURN message may not include the TURN password, but rather a certificate provided by node B and obtained by node a from a third party node or node B; or the certificate may be provided by node a itself. The procedure of the TURN server using certificate verification is similar to that of step 603-604, and therefore will not be described in detail.
FIG. 7 illustrates a third embodiment of the first one-way connectivity test (step 403); as shown in fig. 7, the first one-way connectivity test without TURN password verification specifically includes (mainly refer to steps 702 and 706):
step 701, a node A obtains a communication address of a node B, a STUN user name and a STUN password determined by the node B from a third party node or the node B;
step 702, node a sends a stunting request message from a communication address of itself to a relay address of node B, i.e. the address of TURN server served by node B, to perform connectivity test;
the stunning request message contains the STUN user name and STUN password obtained by the node a in step 701;
step 703, the TURN server encapsulates the received stunting request message in the TURN message and forwards the TURN message to the node B; the stunning request message contains the STUN user name and STUN password;
step 704-; after the verification is passed, the node B returns a TURN message encapsulated with a stunting response message to the TURN server;
in step 706, the TURN server extracts the stunning response message from the TURN message and forwards the stunning response message to node a.
FIG. 8 shows a fourth embodiment of a first one-way connectivity test (step 403); as shown in fig. 8, the first unidirectional connectivity test specifically includes (mainly refer to steps 802 and 810):
step 801, a node A obtains a communication address of a node B, and a STUN user name and a STUN password determined by the node B from a third-party node or the node B;
step 802, node a sends a request to add a forwarding permission for node a communication address to a TURN server serving node B;
step 803, after the TURN server adds the communication address of the node a to the forwarding authority list, the TURN server returns a response of successful addition of the forwarding authority to the node a;
step 804, the node a sends the stunting request message from a communication address of itself to a relay address of the node B, namely the address of the TURN server served by the node B, so as to perform a connectivity test;
the stunning request message contains the STUN user name and STUN password obtained by the node a in step 801;
step 805-;
the TURN server checks the source address of the TURN message, namely checks whether the source address of the TURN message, namely the communication address of the node A is in the forwarding authority list;
step 807 and 808, after receiving the TURN message, the node B extracts the stunning request message therein, and checks the STUN user name and STUN password in the stunning request message; after the verification is passed, the node B returns a TURN message encapsulated with a stunting response message to the TURN server;
step 809-; after the verification is passed, the TURN server extracts the stunning response message from the TURN message and forwards the stunning response message to the node A.
In order to implement the above NAT traversal method, the present invention correspondingly provides a NAT traversal system, which includes: a communication initiating node and a communication receiving node; wherein,
the communication initiating node is used for initiating a first one-way communication test from the communication address of the communication initiating node to the communication address of the communication receiving node according to the obtained communication address of the communication receiving node and the first authentication information; and selecting a communication address pair capable of communicating with each other according to the result of the first one-way connectivity test.
Wherein the first authentication information includes a STUN user name and a STUN password decided by the communication receiving node.
The communication initiating node is further configured to obtain the communication address and the first authentication information of the communication receiving node from the third party node or the communication receiving node.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (8)
1. A NAT traversal method is characterized by comprising the following steps:
the communication initiating node initiates a first one-way communication test from the communication address of the communication initiating node to the communication address of the communication receiving node according to the obtained communication address of the communication receiving node and the first authentication information; selecting a communication address pair capable of communicating with each other according to the result of the first one-way connectivity test;
wherein the first unidirectional connectivity test comprises:
the method comprises the steps that a communication initiating node sends a TURN message encapsulated with a STUN binding request message from a communication address of the communication initiating node to an address of a TURN server serving a communication receiving node, wherein the STUN binding request message comprises first authentication information, and the TURN message comprises a TURN password or certificate;
the TURN server verifies the TURN password or certificate in the received TURN message, adds the communication address of the communication initiating node into a forwarding authority list after the verification is passed, and forwards the TURN message encapsulated with the STUN binding request message to a communication receiving node;
the communication receiving node extracts the STUN binding request message in the received TURN message, verifies the first authentication information in the STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
when the TURN server verifies that the forwarding destination address of the TURN message encapsulated with the STUN binding response message is in the forwarding authority list, the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node; or,
the first one-way connectivity test comprises:
the communication initiating node sends a STUN binding request message from the communication address of the communication initiating node to the address of a TURN server serving a communication receiving node, wherein the STUN binding request message contains the first authentication information;
the TURN server encapsulates the received STUN binding request message in the TURN message and forwards the TURN message to a communication receiving node;
the communication receiving node extracts the STUN binding request message in the received TURN message, verifies the first authentication information in the STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node; or,
the first one-way connectivity test comprises:
the method comprises the steps that a communication initiating node requests a TURN server serving a communication receiving node to add a forwarding authority of a communication address of the communication initiating node, and after the TURN server adds the communication address of the communication initiating node to a forwarding authority list, the communication initiating node sends a STUN binding request message to the address of the TURN server from the communication address of the communication initiating node, wherein the STUN binding request message comprises first authentication information;
when the TURN server verifies that the source address of the STUN binding request message is in the forwarding authority list, encapsulating the STUN binding request message in the TURN message and forwarding the TURN message to a communication receiving node;
the communication receiving node extracts the STUN binding request message in the received TURN message, verifies the first authentication information in the STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
when the TURN server verifies that the forwarding destination address of the TURN message in which the STUN binding response message is encapsulated is in the forwarding authority list, the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node.
2. The NAT traversal method of claim 1, wherein the first authentication information comprises a STUN username and STUN password determined by the communication receiving node.
3. The NAT traversal method of claim 1, wherein after the communication initiating node selects a communication address pair capable of communicating with each other, the method further comprises:
the communication initiating node and the communication receiving node exchange communication addresses of both parties and second authentication information in a providing/responding mode by taking a communication address pair capable of communicating with each other as a communication path;
according to the communication address and the second authentication information of the opposite side, the communication initiating node and the communication receiving node carry out two-way communication test;
and the communication initiating node or the communication receiving node selects a communication address pair capable of communicating mutually according to the result of the bidirectional connectivity test.
4. The NAT traversal method of claim 1, wherein after the communication initiating node selects a communication address pair capable of communicating with each other, the method further comprises:
the communication initiating node and the communication receiving node exchange communication addresses of both parties and second authentication information in a providing/responding mode by taking a communication address pair capable of communicating with each other as a communication path;
according to the obtained communication address of the opposite side and the second authentication information, the communication receiving node initiates a second one-way connectivity test;
and the communication initiating node or the communication receiving node selects a communication address pair capable of communicating mutually according to the result of the second one-way connectivity test.
5. The NAT traversal method according to claim 1, wherein the communication initiating node obtains the communication address and the first authentication information of the communication receiving node from a third party node or the communication receiving node.
6. A NAT traversal system, the system comprising: a communication initiating node and a communication receiving node; wherein,
the communication initiating node is used for initiating a first one-way communication test from the communication address of the communication initiating node to the communication address of the communication receiving node according to the obtained communication address of the communication receiving node and the first authentication information; selecting a communication address pair capable of communicating with each other according to the result of the first one-way connectivity test;
wherein the first unidirectional connectivity test comprises:
the communication initiating node sends a TURN message encapsulated with a STUN binding request message from a communication address of the communication initiating node to an address of a TURN server serving a communication receiving node, wherein the STUN binding request message comprises the first authentication information, and the TURN message comprises a TURN password or certificate;
the TURN server verifies the TURN password or certificate in the received TURN message, adds the communication address of the communication initiating node into a forwarding authority list after the verification is passed, and forwards the TURN message encapsulated with the STUN binding request message to the communication receiving node;
the communication receiving node extracts a STUN binding request message in the received TURN message, verifies first authentication information in the STUN binding request message, and returns a TURN message encapsulated with a STUN binding response message to the TURN server after the verification is passed;
when the TURN server verifies that the forwarding destination address of the TURN message encapsulated with the STUN binding response message is in the forwarding authority list, the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node; or,
the first one-way connectivity test comprises:
the communication initiating node sends a STUN binding request message from a communication address of the communication initiating node to an address of a TURN server serving a communication receiving node, wherein the STUN binding request message contains the first authentication information;
the TURN server encapsulates the received STUN binding request message in a TURN message and forwards the TURN message to the communication receiving node;
the communication receiving node extracts a STUN binding request message in the received TURN message, verifies first authentication information in the STUN binding request message, and returns a TURN message encapsulated with a STUN binding response message to the TURN server after the verification is passed;
the TURN server forwards a STUN binding response message extracted from the TURN message to the communication initiating node; or,
the first one-way connectivity test comprises:
the communication initiating node requests a TURN server serving the communication receiving node to add a forwarding authority of a communication address of the communication initiating node, and after the TURN server adds the communication address of the communication initiating node to a forwarding authority list, the communication initiating node sends a STUN binding request message to the address of the TURN server from the communication address of the communication initiating node, wherein the STUN binding request message comprises the first authentication information;
when the TURN server verifies that the source address of the STUN binding request message is in the forwarding authority list, encapsulating the STUN binding request message in the TURN message and forwarding the TURN message to the communication receiving node;
the communication receiving node extracts a STUN binding request message in the received TURN message, verifies first authentication information in the received STUN binding request message, and returns the TURN message encapsulated with the STUN binding response message to the TURN server after the verification is passed;
when the TURN server verifies that the forwarding destination address of the TURN message in which the STUN binding response message is encapsulated is in the forwarding authority list, the TURN server forwards the STUN binding response message extracted from the TURN message to the communication initiating node.
7. The NAT traversal system of claim 6, wherein the first authentication information comprises a STUN username and a STUN password decided by the communication receiving node.
8. The NAT traversal system of claim 6 or 7, wherein the communication initiating node is further configured to obtain the communication address and the first authentication information of the communication receiving node from a third party node or the communication receiving node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010510328.XA CN102457580B (en) | 2010-10-18 | 2010-10-18 | NAT through method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010510328.XA CN102457580B (en) | 2010-10-18 | 2010-10-18 | NAT through method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102457580A CN102457580A (en) | 2012-05-16 |
| CN102457580B true CN102457580B (en) | 2016-06-08 |
Family
ID=46040225
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010510328.XA Active CN102457580B (en) | 2010-10-18 | 2010-10-18 | NAT through method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102457580B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104521211B (en) * | 2013-05-28 | 2018-04-27 | 大唐电商技术有限公司 | The methods, devices and systems that a kind of session connection is established |
| CN104519414B (en) * | 2013-09-27 | 2018-05-08 | 北京新媒传信科技有限公司 | A kind of method and system of streaming media |
| CN104702565B (en) * | 2013-12-05 | 2019-09-17 | 南京中兴新软件有限责任公司 | Media resource shared method, shared server and shared system |
| CN105516070B (en) * | 2014-09-30 | 2019-01-11 | 华为技术有限公司 | A kind of method and device that Service Ticket substitutes |
| CN109922156A (en) * | 2019-03-20 | 2019-06-21 | 深圳市网心科技有限公司 | A kind of data communications method and its relevant device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101179581A (en) * | 2007-12-13 | 2008-05-14 | 北京邮电大学 | A method for media transmission using ICE relay candidate addresses |
| CN101369959A (en) * | 2007-08-14 | 2009-02-18 | 中兴通讯股份有限公司 | Network address conversion traversing method supporting point-to-point service |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119299A (en) * | 2006-08-02 | 2008-02-06 | 华为技术有限公司 | Method for conducting media stream, conduction detection method and system thereof |
-
2010
- 2010-10-18 CN CN201010510328.XA patent/CN102457580B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101369959A (en) * | 2007-08-14 | 2009-02-18 | 中兴通讯股份有限公司 | Network address conversion traversing method supporting point-to-point service |
| CN101179581A (en) * | 2007-12-13 | 2008-05-14 | 北京邮电大学 | A method for media transmission using ICE relay candidate addresses |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102457580A (en) | 2012-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114866521B (en) | Conference server | |
| US10079803B2 (en) | Peer-to-peer connection establishment using TURN | |
| US20190182155A1 (en) | Distributed Network Sharing And Traffic Isolation | |
| US9131026B2 (en) | Method and system for establishing media channel based on relay | |
| RU2543304C2 (en) | Packet relay method and device | |
| RU2584752C2 (en) | Device and method for implementing data transmission network used for remote house control | |
| US8867553B2 (en) | Performing interactive connectivity checks in a mobility environment | |
| CN103597794B (en) | For providing information about data array associations and for forwarding data array assumptions | |
| CN102457580B (en) | NAT through method and system | |
| US20110145426A1 (en) | Networking method of communication apparatus, communication apparatus and storage medium | |
| US20150207729A1 (en) | Tying data plane paths to a secure control plane | |
| US11637874B2 (en) | Communications apparatus, systems, and methods for preventing and/or minimizing session data clipping | |
| CN105391817A (en) | SDP-based self-test NAT traversal system and method | |
| US7558249B2 (en) | Communication terminal, and communication method | |
| CN107659436B (en) | Method and device for preventing service interruption | |
| JP2010283762A (en) | Communication path setting device, communication path setting method, program, and storage medium | |
| CN101719859B (en) | Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address | |
| CN102045317B (en) | Realize the method for multi-party communication, Apparatus and system | |
| CN105556921B (en) | Mobile Device-Based Proxy for Browser-Initiated Procedures | |
| CN102239681B (en) | Method, network equipment and system for data transmission | |
| KR101712922B1 (en) | Virtual Private Network System of Dynamic Tunnel End Type, Manager Apparatus and Virtual Router for the same | |
| KR101586058B1 (en) | Device for connecting peer-to-peer communication considering nat types and method connecting peer-to-peer communication using the same | |
| Ujiie et al. | Proposal of CYPHONIC end-device functions on Windows OS | |
| KR20170140051A (en) | Virtual Private Network System of Dynamic Tunnel End Type, Manager Apparatus and Virtual Router for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201217 Address after: 224000 industrial concentration zone, Longgang Town, Yandu District, Yancheng City, Jiangsu Province (f) Patentee after: Phoenix Science and Technology Development Co.,Ltd. Address before: 518057 Ministry of justice, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen, Guangdong Patentee before: ZTE Corp. |
|
| TR01 | Transfer of patent right |