CN101426030B - Method and terminal for acquiring network address - Google Patents
Method and terminal for acquiring network address Download PDFInfo
- Publication number
- CN101426030B CN101426030B CN2008102198083A CN200810219808A CN101426030B CN 101426030 B CN101426030 B CN 101426030B CN 2008102198083 A CN2008102198083 A CN 2008102198083A CN 200810219808 A CN200810219808 A CN 200810219808A CN 101426030 B CN101426030 B CN 101426030B
- Authority
- CN
- China
- Prior art keywords
- ike
- network address
- configuration load
- load request
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention discloses a method for acquiring network address comprising: sending Internet key exchanging protocol configuration load request, the IKE configuration load request carrying preset indication information for acquiring network address; receiving response to IKE configuration load request, the IKE configuration load request response carrying network address information; resolving the IKE configuration load request response, acquiring network address information. Accordingly, the embodiment of the invention also discloses a terminal. IKE configuration request carrying indication information for acquiring network address is transmitted to target terminal through simply extending IKEv2 protocol. Network address can be conveniently acquired by interacting with target terminal about IKE configuration load, thereby avoiding high cost of acquiring network address through STUN technology and satisfying demand of people for low cost.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of method and terminal that obtains the network address.
Background technology
In communication technical field, Internet Protocol (IP, Internet Protocol) address; Being commonly referred to the network address, is limited, network address translation (NAT; Network Address Translation) technology is one of the method that solves the shortage problem of IP address; The NAT technology makes that through the IP address is changed the multiple host in the same local area network (LAN) uses less public network address visit external resource, yet; The NAT technology is carried out on the NAT server the conversion of IP address, and this transparent address transition is handled the public network address that each main frame that makes in the local area network (LAN) of NAT can not directly be learnt the reality of using when local terminal sends to destination.But; In the network application of current NAT, upper layer application often need be carried out business-binding through the IP address of reality, perhaps checks whether exist NAT to pass through through the IP address of judging actual use; Therefore, how obtaining actual public network address is the hot issue that people study always.
Current; The public network address that obtains local terminal has had relevant technical scheme; Like UDP (UDP; User Datagram Protocol) to network address translater simple traversal STUN (Simple Traversal of UDP Through Network Address Translators), promptly UDP is to the simple traversal mode of NAT.Particularly; STUN client (Client) is sent request STUN message through the STUN service end (Server) of UDP outside NAT; STUN Server produces response message after receiving request message; And returning response message to STUN Client, STUN Client learns the external address that it is corresponding on NAT, the network address of using when promptly obtaining sending information through the content in the response message body.Yet; The process need application program of utilizing the Simple Traversal of UDP Through Network Address Translators completion to obtain the network address is supported STUN Client function, and handles through STUN Server, promptly will obtain the support of STUN Server simultaneously; Therefore for some low-end products, increased product cost.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of method and terminal that obtains the network address, to obtain the network address simply and easily.
The embodiment of the invention has proposed a kind of method of obtaining the network address, and this method comprises:
User's incoming end sends to internet key exchange protocol IKE opposite end through network address translation device and carries internet key exchange protocol (IKE; Internet Key Exchange Protocol) the IKE message of configuration load request, said IKE configuration load request carries preset indication information for acquiring network address;
Said NAT device carries out the NAT conversion after receiving the IKE message of the said IKE of the carrying configuration load request that said user's incoming end sends, and sends to said IKE opposite end; After said IKE opposite end receives said IKE message; Obtain the indication information for acquiring network address in the said IKE configuration load request; From the IKE message that receives, obtain the network address, and return the IKE configuration load request response that carries the network address to said user's incoming end;
Said user's incoming end receives said IKE configuration load request response, resolves said IKE configuration load request response, obtains network address information.
Correspondingly, the embodiment of the invention also discloses a kind of terminal, it comprises:
Sending module; Be used for sending the IKE message that carries internet key exchange protocol IKE configuration load request through network address translation device to internet key exchange protocol IKE opposite end, said IKE configuration load request carries preset indication information for acquiring network address; So that said NAT device carries out the NAT conversion after receiving the IKE message of the said IKE of the carrying configuration load request that sending module sends, send to said IKE opposite end; Said IKE opposite end obtains the indication information for acquiring network address in the IKE configuration load request after receiving said IKE message, from the said IKE message that receives, obtains the network address, and returns the IKE configuration load request response that carries the network address;
Receiver module is used to receive said IKE configuration load request response, and said IKE configuration load request response carries network address information;
Resolve acquisition module, be used to resolve the said IKE configuration load request response that said receiver module receives, obtain network address information.
The embodiment of the invention is through expand the IKEv2 agreement simply; Send the IKE configuration load request that carries indication information for acquiring network address to destination; Promptly through carrying out the mutual of IKE configuration load with destination; Can obtain the network address simply and easily, avoid obtaining the expensive problem that cause the network address, satisfy people's demand cheaply through the STUN technology.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the method flow diagram that obtains the network address of the embodiment of the invention;
Fig. 2 is the structural representation at the terminal of the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of method and terminal that obtains the network address, can obtain the network address simply and easily, has avoided obtaining the expensive problem that cause the network address through the STUN technology, has satisfied people's demand cheaply.
Specify the preferred embodiments of the present invention below in conjunction with accompanying drawing.
See also the method flow diagram that obtains the network address of the embodiment of the invention shown in Fig. 1, this method comprises:
Step S101: send the IKE configuration load request, said IKE configuration load request carries preset indication information for acquiring network address;
Step S102: receive the response of IKE configuration load request, said IKE configuration load request response carries network address information;
Step S103: resolve said IKE configuration load request response, obtain network address information.
Need to prove; Between subscriber access termination and business service access server, dispose internet security agreement (IPSec; Internet Protocol Security); And security guarantee is provided through the IKE tunnel; The IKE agreement is on the framework that is based upon by Internet Security Association and IKMP ISAKMP (Internet Security Association and Key Management Protocol) definition, has a cover self-protection mechanism, can be on network safely distributed key, identity verification, set up ipsec security alliance.Clear and definite standard uses the configuration load exchange can obtain incoming end private network IP address in the IKEv2 agreement, dns server address information, and keep other purposes of extended field confession.
Particularly, among the step S101, user's incoming end sends the IKE message to destination; Said IKE message includes the IKE configuration load request, and said user's incoming end and destination are the IKEv2 peer-to-peer, and they communicate based on IKEv2; Particularly, said user's incoming end can be access point (AP, Access Point); As: access devices such as modulator-demodulator Modem, base station, said destination can be access server security gateway (SEGW, Security Gateway) equipment.Need to prove; User's incoming end is before the destination transmission carries the IKE configuration load request of preset indication information for acquiring network address; Indication information for acquiring network address is set in advance, and said indication information for acquiring network address is this request of Digital ID support of equipment vendor oneself definition through agreement regulation or enforcement butt joint.Said indication information for acquiring network address can be shown sign or the identify label (ID that obtains the network address for being used in reference to; Identification/Identity) value; Particularly, the ID value of the ID value of the network address for the attribute type of said IKE configuration load obtained in said indication.Current, the IKEv2 protocol specification exchange process of configuration load, define the ID value of a series of attribute types; For supporting the attribute type expansion, the ID value that has kept 16-16383 is used for Internet distributor gear (IANA, Internet Assigned Numbers Authority); And the ID value of 16384-32767 can be used by the user privately, and therefore, user's incoming end is before destination sends the IKE configuration load request; Both sides both can select the ID value of a 16384-32767 voluntarily, and the ID value as 16390 is carried out standard to it; Define the public network IP address that its attribute type is a local terminal, promptly this ID value is used to indicate the public network IP address that obtains local terminal; Also can file an application to IANA, obtain the ID value of a 16-16383, it is carried out standard, define the public network IP address that its attribute type is a local terminal, promptly this ID value is used to indicate the public network IP address that obtains local terminal.
Need to prove; User's incoming end (being transmitting terminal) often need pass through NAT device to the IKE message that carries the IKE configuration load request that destination (being the IKE opposite end) sends; Be to carry out the NAT conversion after NAT device receives the IKE message that user's incoming end sends, send to destination then, after destination receives said IKE message; Obtain the indication information for acquiring network address in the IKE configuration load request; From the IKE message that receives, obtain the network address then, promptly obtain through NAT device and change the network address (transmitting terminal public network IP address) of using when the IKE message is sent in the back, and return the IKE configuration load request response that carries said public network IP address to user's incoming end; User's incoming end parses said public network IP address after receiving said IKE configuration load request response.
Implement the foregoing description; Attribute type through to the configuration load field of IKEv2 agreement is expanded, and access point sends the IKE configuration load request that carries indication information for acquiring network address to the access server security gateway, promptly through carrying out the mutual of IKE configuration load with destination; Can obtain the network address simply and easily; Satisfy the application of upper-layer service, avoided obtaining the expensive problem that cause the network address, satisfied people's demand cheaply through the STUN technology; Obtaining the network address through present embodiment can also judge whether to exist NAT to pass through; The network address when network address that is about to obtain and access point send compares, if the network address is consistent, does not then exist NAT to pass through; If the network address is inconsistent, then there is the NAT conversion; Present embodiment is through the mutual realization of the IKE configuration load of expansion, and whole process has received the encipherment protection of IKE, has improved fail safe.
Above-mentionedly specified the method flow that obtains the network address of the present invention; Correspondingly; Below in conjunction with Fig. 2 the structure at the terminal of the embodiment of the invention is described, said terminal comprises: sending module 21, receiver module 22, resolve acquisition module 23 and module 24 is set, wherein:
Sending module 21 is used to send internet key exchange protocol IKE configuration load request, and said IKE configuration load request carries preset indication information for acquiring network address;
Resolve acquisition module 23 and be used to resolve the IKE configuration load request response that receiver module 22 receives, obtain the public network IP address information at this terminal;
Particularly, said terminal is user's incoming end, sends the IKE message to destination; Be that said user's incoming end and destination are the IKEv2 peer-to-peer; They communicate based on IKEv2, and particularly, said user's incoming end can be AP; As: access devices such as modulator-demodulator Modem, base station; Said destination can be SEGW equipment, and the sending module 21 of user's incoming end includes the IKE configuration load request to the IKE message that destination sends, and this IKE configuration load request carries preset indication information for acquiring network address.Need to prove; Before sending module 21 transmissions carry the IKE configuration load request of preset indication information for acquiring network address; Module 24 is set indication information for acquiring network address is set in advance, said indication information for acquiring network address is this request of Digital ID support of equipment vendor oneself definition through agreement regulation or enforcement butt joint.Said indication information for acquiring network address can be shown the ID value of obtaining the network address for being used in reference to, and particularly, the ID value of the ID value of the network address for the attribute type of said IKE configuration load obtained in said indication.Current, the IKEv2 protocol specification exchange process of configuration load, define the ID value of a series of attribute types; For supporting the attribute type expansion, the ID value that has kept 16-16383 is used for IANA, and the ID value of 16384-32767 can be used by the user privately; Therefore, user's incoming end is before destination sends the IKE configuration load request, and both sides both can select the ID value of a 16384-32767 privately; ID value as 16390; It is carried out standard, and defining its attribute type is the local terminal network address, and promptly this ID value is used for indication and obtains the network address; Also can file an application to IANA, obtain the ID value of a 16-16383, it is carried out standard, defining its attribute type is the local terminal network address, and promptly this ID value is used for indication and obtains the network address.
Need to prove; The sending module 21 of user's incoming end (being transmitting terminal) often need pass through NAT device to the IKE message that carries the IKE configuration load request that destination (being the IKE opposite end) sends; Be to carry out the NAT conversion after NAT device receives the IKE message that user's incoming end sends; Send to destination then; Destination obtains the indication information for acquiring network address in the IKE configuration load request after receiving said IKE message, from the IKE message that receives, obtains the network address then; The network address (transmitting terminal public network IP address) of using when promptly obtaining through NAT device conversion back transmission IKE message; And return the IKE configuration load request response that carries said public network IP address to user's incoming end, after the receiver module 22 of user's incoming end receives said IKE configuration load request response, parse said public network IP address through resolving acquisition module 23.
In sum; Embodiment of the present invention embodiment; Attribute type through to the configuration load field of IKEv2 agreement is expanded, and user's incoming end sends the IKE configuration load request that carries indication information for acquiring network address to destination (being the IKE opposite end), promptly through carrying out the mutual of IKE configuration load with the IKE opposite end; Can obtain the network address simply and easily; Satisfy the application of upper-layer service, avoided obtaining the expensive problem that cause the network address, satisfied people's demand cheaply through the STUN technology; Obtaining the network address through present embodiment can also judge whether to exist NAT to pass through; The network address when network address that is about to obtain and access device send compares, if the network address is consistent, then exists NAT to pass through; If the network address is inconsistent, then there is the NAT conversion; Present embodiment is through the mutual realization of the IKE configuration load of expansion, and whole process has received the encipherment protection of IKE, has improved fail safe.
Need to prove that through the description of above execution mode, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential hardware platform, can certainly all implement through hardware.Based on such understanding; All or part of can the coming out that technical scheme of the present invention contributes to background technology with the embodied of software product; This computer software product can be stored in the storage medium, like ROM/RAM, magnetic disc, CD etc., comprises that some instructions are with so that a computer equipment (can be a personal computer; Server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
The above disclosed preferred embodiment that is merely in the embodiment of the invention can not limit the present invention's interest field certainly with this, so according to the equivalent variations that claim of the present invention is done, still belong to the scope that the present invention is contained.
Claims (10)
1. a method of obtaining the network address is characterized in that, said method comprises:
User's incoming end sends the IKE message that carries the IKE configuration load request through network address translation device to internet key exchange protocol IKE opposite end, and said IKE configuration load request carries preset indication information for acquiring network address;
Said NAT device carries out the NAT conversion after receiving the IKE message of the said IKE of the carrying configuration load request that said user's incoming end sends, and sends to said IKE opposite end; After said IKE opposite end receives said IKE message; Obtain the indication information for acquiring network address in the said IKE configuration load request; From the IKE message that receives, obtain the network address, and return the IKE configuration load request response that carries the network address to said user's incoming end;
Said user's incoming end receives said IKE configuration load request response, resolves said IKE configuration load request response, obtains network address information.
2. the method for claim 1 is characterized in that, also comprises before the step of said transmission internet key exchange protocol IKE configuration load request:
Indication information for acquiring network address is set.
3. method as claimed in claim 2 is characterized in that, said indication information for acquiring network address is: be used to indicate sign or the identify label ID value of obtaining the network address.
4. method as claimed in claim 3 is characterized in that, the ID value of the ID value of the network address for the attribute type of said IKE configuration load obtained in said indication.
5. like arbitrary described method among the claim 1-4, it is characterized in that the said network address is the public network Internet Protocol IP address of transmit leg.
6. a terminal is characterized in that, said terminal comprises:
Sending module is used for sending the IKE message that carries the IKE configuration load request through network address translation device to internet key exchange protocol IKE opposite end, and said IKE configuration load request carries preset indication information for acquiring network address; So that said NAT device carries out the NAT conversion after receiving the IKE message of the said IKE of the carrying load configuration request that sending module sends, send to said IKE opposite end; After said IKE opposite end receives said IKE message, obtain the indication information for acquiring network address in the said IKE configuration load request, from the said IKE message that receives, obtain the network address, and return the IKE configuration load request response that carries the network address;
Receiver module is used to receive said IKE configuration load request response, and said IKE configuration load request response carries network address information;
Resolve acquisition module, be used to resolve the said IKE configuration load request response that said receiver module receives, obtain network address information.
7. terminal as claimed in claim 6 is characterized in that, said terminal also comprises:
Module is set, is used to be provided with indication information for acquiring network address.
8. terminal as claimed in claim 7 is characterized in that, said indication information for acquiring network address is: be used to indicate sign or the identify label ID value of obtaining the network address.
9. terminal as claimed in claim 8 is characterized in that, the ID value of the ID value of the network address for the attribute type of said IKE configuration load obtained in said indication.
10. like arbitrary described terminal among the claim 6-9, it is characterized in that the said network address is the public network Internet Protocol IP address of local terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102198083A CN101426030B (en) | 2008-12-09 | 2008-12-09 | Method and terminal for acquiring network address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102198083A CN101426030B (en) | 2008-12-09 | 2008-12-09 | Method and terminal for acquiring network address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101426030A CN101426030A (en) | 2009-05-06 |
| CN101426030B true CN101426030B (en) | 2012-06-27 |
Family
ID=40616358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102198083A Active CN101426030B (en) | 2008-12-09 | 2008-12-09 | Method and terminal for acquiring network address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101426030B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9401888B2 (en) | 2011-02-15 | 2016-07-26 | Zte Corporation | Internet protocol mapping resolution in fixed mobile convergence networks |
| CN102833359A (en) * | 2011-06-14 | 2012-12-19 | 中兴通讯股份有限公司 | Tunnel information acquiring method, SeGW (security gateway), evolution H(e)NB (home node B)/H(e)NB |
| CN104703211B (en) * | 2013-12-04 | 2018-06-19 | 华为技术有限公司 | A kind of virtualization cut-in method and equipment |
| CN113572766A (en) * | 2021-07-23 | 2021-10-29 | 南方电网数字电网研究院有限公司 | Power data transmission method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1770761A (en) * | 2004-11-01 | 2006-05-10 | 华为技术有限公司 | Address renewing method based on network key exchange protocol |
| CN1855924A (en) * | 2005-04-27 | 2006-11-01 | 华为技术有限公司 | Method for network layer safety text going through address changing device |
| WO2008084389A2 (en) * | 2007-01-12 | 2008-07-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for providing peer liveness for high speed environments |
| CN101227494A (en) * | 2008-01-09 | 2008-07-23 | 中兴通讯股份有限公司 | Method for establishing Internet safety protocol safe alliance when accessing multi grouping data network |
-
2008
- 2008-12-09 CN CN2008102198083A patent/CN101426030B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1770761A (en) * | 2004-11-01 | 2006-05-10 | 华为技术有限公司 | Address renewing method based on network key exchange protocol |
| CN1855924A (en) * | 2005-04-27 | 2006-11-01 | 华为技术有限公司 | Method for network layer safety text going through address changing device |
| WO2008084389A2 (en) * | 2007-01-12 | 2008-07-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for providing peer liveness for high speed environments |
| CN101227494A (en) * | 2008-01-09 | 2008-07-23 | 中兴通讯股份有限公司 | Method for establishing Internet safety protocol safe alliance when accessing multi grouping data network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101426030A (en) | 2009-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101252509B (en) | Application of dual-NAT method in packet data processing and routing of dynamic virtual private network (VPN) | |
| CN102934410B (en) | DS-LITE is strengthened by private IPV4 accessibility | |
| CN106790098B (en) | IPv4/IPv6 intercommunication system based on HTTP ALG and NAT64 technology | |
| CN104427010A (en) | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) | |
| CN103688516B (en) | There is provided the method for public accessibility and in relation to system and device | |
| CN102843391A (en) | Information transmitting method and gateway | |
| CN106604119B (en) | Network penetration method and system for private cloud equipment of smart television | |
| CN102695167A (en) | Mobile subscriber identity management method and apparatus thereof | |
| WO2022002069A1 (en) | Method for accessing network, media gateway, electronic device, and storage medium | |
| CN102148845A (en) | File transfer protocol (FTP) data transmission method and system | |
| CN101426030B (en) | Method and terminal for acquiring network address | |
| CN102684969A (en) | VPN (virtual private network) node, VPN node identification analysis agency and VPN node identification analysis, VPN server | |
| CN103581350A (en) | Method, terminals, equipment and system for publishing Internet services across NAT | |
| CN102970387A (en) | Domain name resolution method, device and system | |
| EP2451131B1 (en) | Method, apparatus and system for obtaining local domain name | |
| CN101083594A (en) | Method and system for managing network appliance | |
| CN103812868B (en) | The method and its system of Free Internet Access are realized based on IPv4/IPv6 conversions | |
| CN104735073A (en) | IPv4-IPv6 transitional protocol dispatching method and device | |
| KR101710033B1 (en) | Method for maintaining connectivity among dynamic ip devices and the apparatus therefor | |
| US9705794B2 (en) | Discovery of network address allocations and translations in wireless communication systems | |
| CN102480476A (en) | Multi-service access method based on DHCP protocol extension | |
| CN101355568B (en) | Method and system for binding router interface supported by static state PAT | |
| CN105429880B (en) | The network equipment and its method for carrying out routing forwarding | |
| CN105516121B (en) | The method and system that AC is communicated with AP in WLAN | |
| CN102123391B (en) | Registration and authentication method and system based on HIP (host identity protocol) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |