CN102624935A - Method, device and system for forwarding packet - Google Patents
Method, device and system for forwarding packet Download PDFInfo
- Publication number
- CN102624935A CN102624935A CN2011100286503A CN201110028650A CN102624935A CN 102624935 A CN102624935 A CN 102624935A CN 2011100286503 A CN2011100286503 A CN 2011100286503A CN 201110028650 A CN201110028650 A CN 201110028650A CN 102624935 A CN102624935 A CN 102624935A
- Authority
- CN
- China
- Prior art keywords
- message
- user
- information
- user terminal
- identifying user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/30—Types of network names
- H04L2101/365—Application layer names, e.g. buddy names, unstructured names chosen by a user or home appliance name
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a method, a device, and a system for forwarding a packet. The method comprises that: a network address translation device receives an Internet Protocol (IP) packet from a user terminal; the IP packet undergoes network address translation; user identification information is inserted in the IP packet; the IP packet, in which the user identification information is inserted, is sent, such that a network device receiving the IP packet identifies the user terminal on the basis of the user identification information. The technical scheme provided by the embodiment of the invention can be used for solving the problems of high complexity of the network and high load of a log server in the prior art when the user is identified and traced by querying a log file.
Description
Technical field
The present invention relates to network communication field, relate in particular to a kind of method that E-Packets, device and system.
Background technology
At IPv4 (Intemet Protocol version 4; Internet Protocol version 4) address is about to exhaust; IPv4 is to IPv6 (Intemet Protocol version 6; Internet Protocol version 6) stage of transition is because IPv6 large-scale application not as yet also can't solve the address shortage problem in the short time; In order to solve the address shortage problem, operator need dispose CGN (Carrier GradeNAT, carrier class networks address transition) equipment and come multiplexing public network IP v4 address (hereinafter to be referred as the IP address).But after disposing CGN, a lot of users share a public network IP address through NAT (Network AddressTranslation, network address translation) back, can't find particular user according to public network IP address, therefore bring problem to some application.The national legislation that for example has requires operator to support the user to trace to the source to hit the network crime; Some need distinguish user's application according to the IP address, for example user behavior analysis, application server according to the IP address come limited subscriber concurrent download thread quantity, or forbid that according to the IP address some do not stop to distribute arbituarily the user of article.So, just need trace to the source the correct user of differentiation through User Recognition and user.
In the network of existing deployment CGN, CGN can generate journal file, the corresponding relation of log record user Intranet side information (for example private network IP address) and outer net side information (for example public network IP address/port), and timestamp, information such as protocol type; Journal file can be stored in this locality, also can be stored on the special-purpose log server.Then can be through information such as user's public network IP address and port numbers; Query log files obtains the further information of user; Private network IP address etc. for example; Thereby the identification user then can also be according to information such as private network IP addresses to AAA (Authentication Authorization Accounting, authentication and authorization charging) server lookup and obtain user's details.Having under the situation of multistage CGN, needing each grade of inquiry CGN journal file could finally obtain user profile, network is complicated more.On the other hand; From reasons such as user information confidentiality and safety; The journal file of operator is general only to be opened to inner perhaps law enforcement agency of operator self; Do not open to other operators or website, for example download site be can't access operator journal file obtain user profile, thereby can't distinguish the user.
Summary of the invention
The embodiment of the invention provides a kind of method that E-Packets, and device and system carry out User Recognition and trace to the source network complexity and the high problem of log server load through visit CGN log server to solve in the prior art.
For solving the problems of the technologies described above, the embodiment of the invention provides a kind of method that E-Packets, and comprising:
Network address translation apparatus receives the Internet protocol IP message from user terminal;
Said IP message is carried out network address translation;
Insert the information of identifying user in the IP message after conversion;
Send the said IP message that has inserted the information of said identifying user, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.
The embodiment of the invention provides a kind of device that E-Packets, and comprising:
Receiver module is used for network address translation apparatus and receives the Internet protocol IP message from user terminal;
Modular converter is used for said IP message is carried out network address translation;
Insert module is used for the information that IP message after conversion inserts identifying user;
Sending module is used to send the said IP message that has inserted the information of said identifying user, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.
The embodiment of the invention provides a kind of system that E-Packets, and it is characterized in that, comprising:
Network address translation apparatus is used to receive the IP message from user terminal, and said IP message is carried out network address translation, inserts the information of identifying user in the IP message after conversion, and sends the said IP message that has inserted the information of said identifying user;
Receiving equipment is used to receive the said IP message that has inserted the information of said identifying user, and according to the said user terminal of the information Recognition of said identifying user.
The embodiment of the invention has the following advantages:
In embodiments of the present invention; Network address translation apparatus is through carrying the information of identifying user in the User IP message; Receiving equipment is certain website/forum's server for example, can carry out User Recognition and trace to the source according to the information of identifying user in the said IP message of receiving.Can find out; Because the information of having carried identifying user in the said IP message can be discerned the user according to the information real-time of said identifying user so that under the situation that does not increase network complexity and log server load; And then can obtain User Detail, realize that the user traces to the source.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of method flow diagram that E-Packets that the embodiment of the invention provides;
Fig. 2 is a kind of device block diagram that E-Packets that the embodiment of the invention provides;
Fig. 3 is a kind of system block diagram that E-Packets that the embodiment of the invention provides;
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is a part of embodiment of the present invention, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The embodiment of the invention provides a kind of method that E-Packets, and comprising: network address translation apparatus receives the Internet protocol IP message from user terminal, in said IP message, inserts the information of identifying user; Send the said IP message that has inserted the information of said identifying user to network, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.The technical scheme that adopts the embodiment of the invention to provide can solve in the prior art and carry out User Recognition and trace to the source network complexity and the high problem of log server load through visit CGN log server.
For above-mentioned purpose, the feature and advantage that make the embodiment of the invention can be more obviously understandable, the embodiment of the invention is done further detailed explanation below in conjunction with accompanying drawing and embodiment.
Referring to Fig. 1, be a kind of method flow diagram that E-Packets that the embodiment of the invention provides, concrete steps are following:
Step 101: network address translation apparatus receives the Internet protocol IP message from user terminal.
Said network address translation apparatus can be a CGN equipment.
Step 102: said IP message is carried out network address translation.
Step 103: the information of inserting identifying user in the IP message after conversion;
The information of said identifying user is to discern user's under the CGN sign, normally the IPv4 address of user terminal.
But under some scene, the user terminal that is connected to same CGN has identical IPv4 address, needs to use other information this moment; Comprise the IPv6 address like user terminal to the Tunnel Identifier of CGN equipment; The virtual private network sign, generic route encapsulation GRE keyword, pptp tunneling sign; The L2TP Tunnel sign, ipsec tunnel sign or IPv6 flow label (IPv6 stream label) wait and distinguish the user.In the for example light-duty pair of stack DS-Lite scheme; A plurality of home gateways insert a CGN; A plurality of users are arranged again under the one family gateway; And all home gateways all use in the 192.0.0.0/29 network segment address except that 192.0.0.0 and 192.0.0.1 to give user's distributing IP v4 address, and so, a lot of users' IPv4 address all is identical under CGN; If the user is direct and CGN sets up the tunnel, for example this user at this moment, just can be discerned through Tunnel Identifier IPv6 address in the IPv4-in-IPv6 tunnel; If the user sets up the tunnel through home gateway and CGN, just need this moment to combine user's IPv4 address and Tunnel Identifier to discern this user of CGN.
In addition, also have under some scene, the user need pass through a plurality of CGN equipment could visit certain website; A kind of mode is; Each grade CGN equipment all carries out the NAT conversion to user's IP message; And insert the information (the IP address before the NAT conversion) of identifying user in the IP message after conversion; When this website is received through the final IP message after the multistage CGN equipment NAT conversion, need to discern this user according to the information of the source IP address of this final IP message and the identifying user that wherein carries; Another kind of mode is; Each grade CGN equipment all carries out the NAT conversion to user's IP message; But only insert information (user's IP address and the first order CGN equipment mark of identifying user in the IP message of first order CGN equipment after conversion; As public network IP v4 address that can this CGN equipment of unique identification or domain name etc.), when final IP message is received in this website, just can discern this user according to the information of the identifying user that carries in this final IP message.
Step 104: send the said IP message that has inserted the information of said identifying user, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.
Embodiment 1
With the IP message process one-level CGN equipment of user terminal, the scene that the IPv4 address of user terminal can identify this user is an example.A CGN equipment has two user User1 (the IPv4 address is ip1) and User2 (the IPv4 address is ip2) access internet website under the CGN1, according to the embodiment of the invention, process is following:
CGN1 receives the IP message from User1 and User2, and source IP address is respectively ip1 and ip2;
CGN1 carries out the NAT conversion to the IP message, and the source IP address of conversion back IP message is the IPv4 address of CGN1;
CGN1 inserts the information ip1 of sign User1 in from the IP message of User1, in from the IP message of User2, insert the information ip2 of sign User2;
CGN1 encapsulates and sends the IP message of changing and inserted the information of identifying user from the process NAT of User1 and User2 again; After the IP message from CGN1 is received in this website, be respectively ip1 and ip2 according to the information of the identifying user that carries in the message, just can distinguish User1 and User2.When needing; This website can be identified User1 and take measures as required, as limiting or forbidding this website of User1 visit, perhaps according to the information ip1 searching user's information server (for example aaa server) that identifies User1; Obtain the details of User1, realize that the user traces to the source.
Embodiment 2
With the IP message of user terminal through one-level CGN, the IPv4 address of user terminal can not CGN of unique identification under user's scene be example.For example; Under the CGN equipment CGN1 a plurality of home gateway CPE1, CPE2 etc. are arranged; A plurality of user terminals are arranged under the one family gateway; As User1 (the IPv4 address is ip1), User2 (the IPv4 address is ip2) etc. are arranged under the CPE1, User5 (the IPv4 address is ip1), User6 (the IPv4 address is ip3) etc. are arranged under the CPE2.Suppose that CPE1 and CPE2 do not do the NAT conversion, set up the IPv6 tunnel between CPE1 and CGN1, Tunnel Identifier is IPv6-1, through the IP message of IPv6 tunnel encapsulation user terminal; Set up the IPv6 tunnel between CPE2 and CGN1, Tunnel Identifier is IPv6-2, through the IP message of IPv6 tunnel encapsulation user terminal.User User1, User2 and User5 access internet website, according to the embodiment of the invention, process is following:
CGN1 receives the IPv6 channel message from CPE1 and CPE2, and the IPv6 channel message is carried out decapsulation; After the decapsulation, from User1, the source IP address of the IP message of User2 and User5 is respectively ip1, ip2, ip1;
CGN1 carries out the NAT conversion to the IP message, and after the conversion, from User1, the source IP address of the IP message of User2 and User5 is the IPv4 address of CGN1;
CGN1 inserts information IPv6-1 and the ip1 of sign User1 in from the IP message of User1; In from the IP message of User2, insert information IPv6-1 and the ip2 of sign User2, in from the IP message of User5, insert information IPv6-2 and the ip1 of sign User5;
CGN1 encapsulates from User1 again, and the IP message of User2 and User5 sends the IP message of the information of having inserted identifying user; After the IP message from CGN1 is received in this website, be respectively IPv6-1 and ip1 according to the information of the identifying user that carries in the message, IPv6-1 and ip2, IPv6-2 and ip1 just can distinguish User1, User2 and User5.When needing, can be according to sign User1, the information inquiry subscriber information server of User2 and User5 (for example aaa server) obtains User1, and the details of User2 and User5 realize that the user traces to the source.
Embodiment 3
With the multistage CGN equipment of IP message process of user terminal, the IPv4 address of user terminal can identify user under the CGN, and CGN at different levels insert identifying user in said IP message information is example.User User1 (the IPv4 address is ip1) access internet website for example, the IP message of user terminal will pass through two-stage CGN equipment, is CGN1 and CGN2 successively, and according to the embodiment of the invention, process is following:
CGN1 receives the IP message from User1; The source IP address of said IP message is ip1; CGN1 carries out the NAT conversion to said IP message, converts source IP address into ip2, and in said IP message, inserts ip1; Again encapsulate said IP message then, and to send said source IP address be ip2, carried the IP message of ip1; CGN2 receives the IP message from CGN1; Said IP message is carried out the NAT conversion; Convert source IP address into ip3; And in said IP message, insert ip2, encapsulate said IP message then again, and to send said source IP address be ip3, carried the information ip1 of sign User1 and the IP message of ip2; At last, said IP message is received in this website, and according to the source IP address ip3 of said IP message, information ip1 and the ip2 of sign User1 just can discern User1.When needing,, obtain the details of User1, can realize that the user traces to the source according to the information inquiry subscriber information server (for example aaa server) of sign User1.
Embodiment 4
The multistage CGN equipment of IP message process with user terminal; The IPv4 address of user terminal can identify user under the CGN, and only in said IP message, to insert the information (the IPv4 address and the first order CGN equipment mark that comprise this user terminal) of identifying user be example to first order CGN.For example; User User2 (the IPv4 address is ip0) access internet website under user User1 (the IPv4 address is ip0) and the CGN2 (being designated IPn2) under the CGN1 (being designated IPn1), the IP message of User1 will pass through secondary CGN equipment, is CGN1 and CGN3 successively; The IP message of User2 will pass through secondary CGN equipment; Be CGN2 and CGN3 successively, according to the embodiment of the invention, process is following:
CGN1 receives the IP message from User1; The source IP address of said IP message is ip0; CGN1 carries out the NAT conversion to said IP message, converts source IP address into ip1, and in said IP message, inserts information ip0 and the IPn1 of sign User1; Again encapsulate said IP message then, and to send said source IP address be ip1, carried the IP message of ip0 and IPn1; CGN2 receives the IP message from User2; The source IP address of said IP message is ip0; CGN2 carries out the NAT conversion to said IP message, converts source IP address into ip2, and in said IP message, inserts information ip0 and the IPn2 of sign User2; Again encapsulate said IP message then, and to send said source IP address be ip2, carried the IP message of ip0 and IPn2; CGN3 receives the IP message from CGN1 and CGN2, and the IP message from CGN1 is carried out the NAT conversion, and conversion back source IP address is ip3, and the IP message from CGN2 is carried out the NAT conversion, and conversion back source IP address also is ip3; CGN3 encapsulates and sends the IP message after the said conversion again; At last, the IP message from CGN3 is received in this website, is respectively ip0 and IPn1 according to the information of the identifying user of said IP message, and ip0 and IPn2 just can discern User1 and User2.When needing, the information inquiry subscriber information server (for example aaa server) according to identifying user obtains User Detail, can realize that the user traces to the source.
Referring to Fig. 2, be a kind of device block diagram that E-Packets that the embodiment of the invention provides, this device specifically comprises receiver module 201, modular converter 202, insert module 203 and sending module 204.Wherein:
Said network address translation apparatus can be a CGN equipment.
The information of said identifying user is to discern user's under the CGN sign, normally the IPv4 address of user terminal; But under some scene, the user terminal that is connected to same CGN has identical IPv4 address, needs to use other information this moment; Like the Tunnel Identifier IPv6 address of said user terminal to CGN; The virtual private network sign, generic route encapsulation GRE keyword, pptp tunneling sign; The L2TP Tunnel sign, ipsec tunnel sign or IPv6 flow label (IPv6 stream label) wait and distinguish the user; Also have under some scene, the user need pass through a plurality of CGN equipment could visit certain website; When if each grade CGN equipment all inserts the information of identifying user in the IP message after the NAT conversion, need according to the source IP address of final IP message and wherein the information of identifying user discern this user; If only insert the information (this user's IP address and first order CGN equipment mark) of identifying user in the IP message of first order CGN equipment after the NAT conversion, only need just can discern this user according to the information of the identifying user that carries in the final IP message.
Sending module 204 is used to send the said IP message that has inserted the information of said identifying user, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.
Embodiment 5
With the IP message process one-level CGN equipment of user terminal, the scene that the IPv4 address of user terminal can identify this user is an example.A CGN equipment has two user User1 (the IPv4 address is ip1) and User2 (the IPv4 address is ip2) access internet website under the CGN1, according to the embodiment of the invention, process is following:
202 pairs of IP messages of modular converter carry out the NAT conversion, and the source IP address of conversion back IP message is the IPv4 address of CGN1;
CGN1 encapsulates the IP message of changing and inserted the information of identifying user from the process NAT of User1 and User2 again, and sending module 204 sends said IP message then; After the IP message from CGN1 is received in this website, be respectively ip1 and ip2 according to the information of the identifying user that carries in the message, just can distinguish User1 and User2.When needing,, obtain the details of User1, realize that the user traces to the source according to the information ip1 searching user's information server (for example aaa server) of sign User1.
Embodiment 6
With the IP message of user terminal through one-level CGN, the IPv4 address of user terminal can not CGN of unique identification under user's scene be example.For example; Under the CGN equipment CGN1 a plurality of home gateway CPE1, CPE2 etc. are arranged; A plurality of user terminals are arranged under the one family gateway; As User1 (the IPv4 address is ip1), User2 (the IPv4 address is ip2) etc. are arranged under the CPE1, User5 (the IPv4 address is ip1), User6 (the IPv4 address is ip3) etc. are arranged under the CPE2; Suppose that CPE1 and CPE2 do not do the NAT conversion, set up the IPv6 tunnel between CPE1 and CGN1, Tunnel Identifier is IPv6-1, through the IP message of IPv6 tunnel encapsulation user terminal; Set up the IPv6 tunnel between CPE2 and CGN1, Tunnel Identifier is IPv6-2, through the IP message of IPv6 tunnel encapsulation user terminal.User User1, User2 and User5 access internet website, according to the embodiment of the invention, process is following:
202 pairs of IP messages of modular converter carry out the NAT conversion, and conversion is afterwards from User 1, and the source IP address of the IP message of User2 and User5 is the IPv4 address of CGN1;
CGN1 encapsulates from User1 again, the IP message of User2 and User5, and sending module 204 sends the IP message of the information of having inserted identifying user; After the IP message from CGN1 is received in this website, be respectively IPv6-1 and ip1 according to the information of the identifying user that carries in the message, IPv6-1 and ip2, IPv6-2 and ip1 just can distinguish User1, User2 and User5.When needing, can be according to sign User1, the searching user's information server of the information of User2 and User5 (for example aaa server) obtains User1, and the details of User2 and User5 can realize that the user traces to the source.
Embodiment 7
With the multistage CGN equipment of IP message process of user terminal, the IPv4 address of user terminal can identify user under the CGN, and CGN at different levels insert identifying user in said IP message information is example.User User1 (the IPv4 address is ip1) access internet website for example, the IP message of user terminal will pass through two-stage CGN equipment, is CGN1 and CGN2 successively, and according to the embodiment of the invention, process is following:
The IP message that the receiver module 201 of CGN1 receives from User1; The source IP address of said IP message is ip1; 202 pairs of said IP messages of the modular converter of CGN1 carry out the NAT conversion, convert source IP address into ip2, and the insert module 203 of CGN1 is inserted ip1 in said IP message; CGN1 encapsulates said IP message again then, and it is ip2 that the sending module of CGN1 204 sends said source IP address, carried the IP message of ip1; The said IP message that the receiver module 201 of CGN2 receives from CGN1; 202 pairs of said IP messages of the modular converter of CGN2 carry out the NAT conversion; Convert source IP address into ip3; The insert module 203 of CGN1 is inserted ip2 in said IP message, CGN2 encapsulates said IP message again then, and it is ip3 that the sending module of CGN2 204 sends said source IP address, carried the IP message of ip1 and ip2; At last, the said IP message from CGN2 is received in this website, and according to the source IP address ip3 of said IP message, information ip1 and the ip2 of sign User1 just can discern User1.When needing,, obtain the details of User1, can realize that the user traces to the source according to the information inquiry subscriber information server (for example aaa server) of sign User1.
Embodiment 8
The multistage CGN equipment of IP message process with user terminal; The IPv4 address of user terminal can identify user under the CGN, and only in said IP message, to insert the information (the IPv4 address and the first order CGN equipment mark that comprise this user terminal) of identifying user be example to first order CGN equipment.For example; User User2 (the IPv4 address is ip0) access internet website under user User1 (the IPv4 address is ip0) and the CGN2 (being designated IPn2) under the CGN1 (being designated IPn1), the IP message of User1 will pass through secondary CGN equipment, is CGN1 and CGN3 successively; The IP message of User2 will pass through secondary CGN equipment; Be CGN2 and CGN3 successively, according to the embodiment of the invention, process is following:
The IP message that the receiver module 201 of CGN1 receives from User1; The source IP address of said IP message is ip0; 202 pairs of said IP messages of the modular converter of CGN1 carry out the NAT conversion, convert source IP address into ip1, and the insert module 203 of CGN1 is inserted information ip0 and the IPn1 of sign User1 in said IP message; CGN1 encapsulates said IP message again, and it is ip1 that the sending module of CGN1 204 sends said source IP address, carried the IP message of ip0 and IPn1; The IP message that the receiver module 201 of CGN2 receives from User2; The source IP address of said IP message is ip0; 202 pairs of said IP messages of the modular converter of CGN2 carry out the NAT conversion, convert source IP address into ip2, and the insert module 203 of CGN2 is inserted information ip0 and the IPn2 of sign User2 in said IP message; CGN2 encapsulates said IP message again, and it is ip2 that the sending module of CGN2 204 sends said source IP address, carried the IP message of ip0 and IPn2; CGN3 receives the IP message from CGN1 and CGN2, and the IP message from CGN1 is carried out the NAT conversion, and conversion back source IP address is ip3, and the IP message from CGN2 is carried out the NAT conversion, and conversion back source IP address also is ip3; CGN3 encapsulates and sends the IP message after the said conversion again; At last, the IP message from CGN3 is received in this website, is respectively ip0 and IPn1 according to the information of identifying user in the said IP message, and ip0 and IPn2 just can discern User1 and User2.When needing, the information inquiry subscriber information server (for example aaa server) according to identifying user obtains User Detail, can realize that the user traces to the source.
Referring to Fig. 3, be a kind of system block diagram that E-Packets that the embodiment of the invention provides, comprising:
Network address translation apparatus 301 is used to receive the IP message from user terminal, and said IP message is carried out network address translation, inserts the information of identifying user in the IP message after conversion, and sends the said IP message that has inserted the information of said identifying user;
Receiving equipment 302 is used to receive the said IP message that has inserted the information of said identifying user, and according to the said user terminal of the information Recognition of said identifying user.
The technical scheme that adopts the embodiment of the invention to provide; Because through in the IP message, having carried the information of identifying user; Can active user trace to the source and discern the user; Solve in the prior art and carry out User Recognition and trace to the source network complexity and the high problem of log server load through query log files.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to accomplish through program; Described program can be stored in the computer-readable recording medium; Said storage medium can be ROM/RAM, disk or CD etc.
The above; Be merely the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; The variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.
Claims (9)
1. a method that E-Packets is characterized in that, comprising:
Network address translation apparatus receives the Internet protocol IP message from user terminal;
Said IP message is carried out network address translation;
Insert the information of identifying user in the IP message after conversion;
Send the said IP message that has inserted the information of said identifying user, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.
2. method according to claim 1 is characterized in that, the information of said identifying user comprises the IP address of said user terminal and/or the Tunnel Identifier that said user terminal arrives said network address translation apparatus.
3. method according to claim 2 is characterized in that the information of said identifying user also comprises the device identification of said network address translation apparatus.
4. according to claim 2 or 3 described methods, it is characterized in that, when the information of said identifying user comprises said user terminal to the Tunnel Identifier of said network address translation apparatus; Said Tunnel Identifier comprises the IPv6 address; The virtual private network sign, Generic Routing Encapsulation GRE keyword, Point to Point Tunnel Protocol pptp tunneling sign; Level 2 Tunnel Protocol L2TP Tunnel sign, internet protocol secure ipsec tunnel sign or IPv6 stream label.
5. a device that E-Packets is characterized in that, comprising:
Receiver module is used for network address translation apparatus and receives the Internet protocol IP message from user terminal;
Modular converter is used for said IP message is carried out network address translation;
Insert module is used for the information that IP message after conversion inserts identifying user;
Sending module is used to send the said IP message that has inserted the information of said identifying user, so that the network equipment that receives said IP message is according to the said user terminal of the information Recognition of said identifying user.
6. device according to claim 5 is characterized in that, the information of said identifying user comprises the IP address of said user terminal and/or the Tunnel Identifier that said user terminal arrives said network address translation apparatus.
7. device according to claim 6 is characterized in that the information of said identifying user also comprises the device identification of said network address translation apparatus.
8. according to claim 6 or 7 described devices; It is characterized in that IP address and/or the said user terminal that comprises said user terminal when the information of said identifying user is during to the Tunnel Identifier of said network address translation apparatus, said Tunnel Identifier comprises the IPv4-in-IPv6 Tunnel Identifier; The virtual private network Tunnel Identifier; Generic route encapsulation gre tunneling sign, pptp tunneling sign, L2TP Tunnel sign or IPsec Tunnel Identifier or IPv6 stream label.
9. a system that E-Packets is characterized in that, comprising:
Network address translation apparatus is used to receive the IP message from user terminal, and said IP message is carried out network address translation, inserts the information of identifying user in the IP message after conversion, and sends the said IP message that has inserted the information of said identifying user;
Receiving equipment is used to receive the said IP message that has inserted the information of said identifying user, and according to the said user terminal of the information Recognition of said identifying user.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100286503A CN102624935A (en) | 2011-01-26 | 2011-01-26 | Method, device and system for forwarding packet |
| PCT/CN2011/078924 WO2012100531A1 (en) | 2011-01-26 | 2011-08-25 | Method, apparatus and system for forwarding packet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100286503A CN102624935A (en) | 2011-01-26 | 2011-01-26 | Method, device and system for forwarding packet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102624935A true CN102624935A (en) | 2012-08-01 |
Family
ID=46564617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100286503A Pending CN102624935A (en) | 2011-01-26 | 2011-01-26 | Method, device and system for forwarding packet |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102624935A (en) |
| WO (1) | WO2012100531A1 (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001966A (en) * | 2012-12-11 | 2013-03-27 | 杭州迪普科技有限公司 | Processing and identifying method and device for private network IP |
| CN103139326A (en) * | 2013-03-06 | 2013-06-05 | 中国联合网络通信集团有限公司 | Method, device and system for tracing internet protocol (IP) |
| CN103731515A (en) * | 2014-01-15 | 2014-04-16 | 中国联合网络通信集团有限公司 | Internet protocol (IP) source tracing method, device and system |
| CN103825763A (en) * | 2014-02-26 | 2014-05-28 | 中国联合网络通信集团有限公司 | Method and system for user source tracing |
| CN104125621A (en) * | 2014-08-11 | 2014-10-29 | 上海云联计算机***有限公司 | Mobile terminal data packet tracking and identifying method and device of wireless router |
| CN104993993A (en) * | 2015-05-13 | 2015-10-21 | 华为技术有限公司 | Message processing method, device, and system |
| CN105812372A (en) * | 2016-03-23 | 2016-07-27 | 东北大学 | Single-packet tracing method based on label switching |
| CN106027508A (en) * | 2016-05-11 | 2016-10-12 | 北京网御星云信息技术有限公司 | Authentication encrypted data transmission method and device |
| CN106656635A (en) * | 2017-02-14 | 2017-05-10 | 杭州迪普科技股份有限公司 | Method and apparatus for monitoring message forwarding flow |
| CN106713296A (en) * | 2016-12-15 | 2017-05-24 | 天津交控科技有限公司 | Data isolation method for main line and testing line, and communication device applied to the method |
| WO2017198135A1 (en) * | 2016-05-16 | 2017-11-23 | 华为技术有限公司 | User tracing method, apparatus and system |
| WO2018001111A1 (en) * | 2016-06-28 | 2018-01-04 | 华为技术有限公司 | Data transmission method and device |
| CN108989175A (en) * | 2018-07-26 | 2018-12-11 | 新华三技术有限公司 | A kind of communication means and device |
| WO2019128273A1 (en) * | 2017-12-28 | 2019-07-04 | 华为技术有限公司 | Method, device and system for determining connection relation of network devices |
| CN110061993A (en) * | 2019-04-23 | 2019-07-26 | 新华三技术有限公司 | A kind of log generation method, device and access device comprising public network exit address |
| CN110086702A (en) * | 2019-04-04 | 2019-08-02 | 杭州迪普科技股份有限公司 | Message forwarding method, device, electronic equipment and machine readable storage medium |
| CN111277494A (en) * | 2016-02-16 | 2020-06-12 | 华为技术有限公司 | Message transmission method and device |
| CN112272157A (en) * | 2020-09-15 | 2021-01-26 | 杭州数梦工场科技有限公司 | Host IP address conversion method and device, computer equipment and storage medium |
| CN113259393A (en) * | 2021-06-28 | 2021-08-13 | 北京华云安信息技术有限公司 | Data forwarding method and device based on multi-level nodes |
| CN113905364A (en) * | 2021-10-25 | 2022-01-07 | 广州通则康威智能科技有限公司 | Router uplink data tracing method and device, computer equipment and storage medium |
| CN114401120A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Object tracing method and related device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935490A (en) * | 2015-07-15 | 2015-09-23 | 上海地面通信息网络有限公司 | Mobile internet terminal accessing apparatus based on cloud virtual machine |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030014593A1 (en) * | 2001-07-12 | 2003-01-16 | International Business Machines Corporation | Incremental tag build for hierarchical memory architecture |
| CN101047568A (en) * | 2006-05-12 | 2007-10-03 | 华为技术有限公司 | Method and device of legal listening |
| CN101488904A (en) * | 2009-02-27 | 2009-07-22 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101047548A (en) * | 2006-03-31 | 2007-10-03 | 株式会社日立制作所 | Communication in multiple NAT private network |
-
2011
- 2011-01-26 CN CN2011100286503A patent/CN102624935A/en active Pending
- 2011-08-25 WO PCT/CN2011/078924 patent/WO2012100531A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030014593A1 (en) * | 2001-07-12 | 2003-01-16 | International Business Machines Corporation | Incremental tag build for hierarchical memory architecture |
| CN101047568A (en) * | 2006-05-12 | 2007-10-03 | 华为技术有限公司 | Method and device of legal listening |
| CN101488904A (en) * | 2009-02-27 | 2009-07-22 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001966B (en) * | 2012-12-11 | 2016-06-08 | 杭州迪普科技有限公司 | The process of a kind of private network IP, recognition methods and device |
| CN103001966A (en) * | 2012-12-11 | 2013-03-27 | 杭州迪普科技有限公司 | Processing and identifying method and device for private network IP |
| CN103139326A (en) * | 2013-03-06 | 2013-06-05 | 中国联合网络通信集团有限公司 | Method, device and system for tracing internet protocol (IP) |
| CN103139326B (en) * | 2013-03-06 | 2015-12-23 | 中国联合网络通信集团有限公司 | IP source tracing method, equipment and system |
| CN103731515A (en) * | 2014-01-15 | 2014-04-16 | 中国联合网络通信集团有限公司 | Internet protocol (IP) source tracing method, device and system |
| CN103825763A (en) * | 2014-02-26 | 2014-05-28 | 中国联合网络通信集团有限公司 | Method and system for user source tracing |
| CN104125621A (en) * | 2014-08-11 | 2014-10-29 | 上海云联计算机***有限公司 | Mobile terminal data packet tracking and identifying method and device of wireless router |
| CN104993993B (en) * | 2015-05-13 | 2018-06-15 | 华为技术有限公司 | A kind of message processing method, equipment and system |
| CN104993993A (en) * | 2015-05-13 | 2015-10-21 | 华为技术有限公司 | Message processing method, device, and system |
| CN111277494A (en) * | 2016-02-16 | 2020-06-12 | 华为技术有限公司 | Message transmission method and device |
| US11456943B2 (en) | 2016-02-16 | 2022-09-27 | Huawei Technologies Co., Ltd. | Packet transmission method and apparatus |
| CN105812372A (en) * | 2016-03-23 | 2016-07-27 | 东北大学 | Single-packet tracing method based on label switching |
| CN106027508A (en) * | 2016-05-11 | 2016-10-12 | 北京网御星云信息技术有限公司 | Authentication encrypted data transmission method and device |
| WO2017198135A1 (en) * | 2016-05-16 | 2017-11-23 | 华为技术有限公司 | User tracing method, apparatus and system |
| WO2018001111A1 (en) * | 2016-06-28 | 2018-01-04 | 华为技术有限公司 | Data transmission method and device |
| CN106713296A (en) * | 2016-12-15 | 2017-05-24 | 天津交控科技有限公司 | Data isolation method for main line and testing line, and communication device applied to the method |
| CN106713296B (en) * | 2016-12-15 | 2020-05-01 | 天津交控科技有限公司 | Data isolation method for main line and test line and communication equipment used for method |
| CN106656635A (en) * | 2017-02-14 | 2017-05-10 | 杭州迪普科技股份有限公司 | Method and apparatus for monitoring message forwarding flow |
| WO2019128273A1 (en) * | 2017-12-28 | 2019-07-04 | 华为技术有限公司 | Method, device and system for determining connection relation of network devices |
| CN109981329A (en) * | 2017-12-28 | 2019-07-05 | 华为终端有限公司 | Determine the method, equipment and system of network equipment connection relationship |
| CN108989175B (en) * | 2018-07-26 | 2020-10-02 | 新华三技术有限公司 | Communication method and device |
| CN108989175A (en) * | 2018-07-26 | 2018-12-11 | 新华三技术有限公司 | A kind of communication means and device |
| CN110086702B (en) * | 2019-04-04 | 2021-09-21 | 杭州迪普科技股份有限公司 | Message forwarding method and device, electronic equipment and machine-readable storage medium |
| CN110086702A (en) * | 2019-04-04 | 2019-08-02 | 杭州迪普科技股份有限公司 | Message forwarding method, device, electronic equipment and machine readable storage medium |
| CN110061993B (en) * | 2019-04-23 | 2022-06-24 | 新华三技术有限公司 | Log generation method and device containing public network exit address and access equipment |
| CN110061993A (en) * | 2019-04-23 | 2019-07-26 | 新华三技术有限公司 | A kind of log generation method, device and access device comprising public network exit address |
| CN112272157A (en) * | 2020-09-15 | 2021-01-26 | 杭州数梦工场科技有限公司 | Host IP address conversion method and device, computer equipment and storage medium |
| CN112272157B (en) * | 2020-09-15 | 2022-07-26 | 杭州数梦工场科技有限公司 | Method and device for converting host IP address, computer equipment and storage medium |
| CN113259393A (en) * | 2021-06-28 | 2021-08-13 | 北京华云安信息技术有限公司 | Data forwarding method and device based on multi-level nodes |
| CN113905364A (en) * | 2021-10-25 | 2022-01-07 | 广州通则康威智能科技有限公司 | Router uplink data tracing method and device, computer equipment and storage medium |
| CN113905364B (en) * | 2021-10-25 | 2023-07-04 | 广州通则康威智能科技有限公司 | Router uplink data tracing method, device, computer equipment and storage medium |
| CN114401120A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Object tracing method and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012100531A1 (en) | 2012-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102624935A (en) | Method, device and system for forwarding packet | |
| CN101252592B (en) | Method and system for tracing network source of IP network | |
| CN101729500B (en) | Method, device and system for identifying IP session | |
| CN104823470A (en) | System and method for correlating network information with subscriber information in mobile network environment | |
| EP1605645A3 (en) | Mobile communication system, access router, management device and mobile communication method | |
| CN102546407B (en) | File transmitting method and device | |
| JP2011515945A (en) | Method and apparatus for communicating data packets between local networks | |
| ATE307449T1 (en) | METHOD FOR PACKET AUTHENTICATION IN THE PRESENCE OF NETWORK ADDRESS TRANSLATIONS AND PROTOCOL CONVERSIONS | |
| CN101945047B (en) | Diameter routing method and system | |
| CN102136938A (en) | Method and device for providing user information for carried grade network address translation (CGN) equipment | |
| CN102970386A (en) | Method and device for realizing traverse of IPv6 message to IPv4 network | |
| CN103906055B (en) | Business datum shunt method and system | |
| CN103560995A (en) | URL filtering method for realizing IPv4 and IPv6 at the same time | |
| CN105101176A (en) | Session binding method, device and system in roaming scene | |
| CN105635335B (en) | Social resources cut-in method, apparatus and system | |
| US8296425B2 (en) | Method and system for lawful interception of internet service | |
| CN106878259A (en) | A kind of message forwarding method and device | |
| CN102546364B (en) | Network data distribution method and device | |
| CN102201996A (en) | Method and equipment for forwarding message in network address translation (NAT) environment | |
| CN102752266B (en) | Access control method and equipment thereof | |
| CN101925038A (en) | Data transmission method, communication device and network system | |
| CN102017530A (en) | Method and system for identification of packet gateways supporting different service types | |
| CN104244217B (en) | Realize the method and system of user data real-time synchronization | |
| CN102045260A (en) | Message transmission method in mobile IPv6 and UTM (unified threat management) equipment | |
| CN105100300B (en) | Method and device for converting network address into NAT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120801 |