CN1599330A - Method for realizing remote accession management for network equipment in NAT - Google Patents
Method for realizing remote accession management for network equipment in NAT Download PDFInfo
- Publication number
- CN1599330A CN1599330A CN 200410016739 CN200410016739A CN1599330A CN 1599330 A CN1599330 A CN 1599330A CN 200410016739 CN200410016739 CN 200410016739 CN 200410016739 A CN200410016739 A CN 200410016739A CN 1599330 A CN1599330 A CN 1599330A
- Authority
- CN
- China
- Prior art keywords
- network equipment
- telnet
- link
- management
- keeper
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention relates to a realization method for far-distance log-on management to network devices in NAT, overcoming the shortcoming of being unable to carry out uniform management to the network devices among different NAT characterizing in setting up a far-distance management TCP links for managers and network devices separately by SS to form a far-distance log-on management IP pass with SS as the agent, SS transfers far-distance log-on management signaling and data on the pass and monitors it. If one end of TCP is closed or fault, then the total IP pass is closed.
Description
Technical field
The present invention is applicable to the Telnet management domain, particularly the implementation method of the network equipment in the Telnet management NAT.
Background technology
The note of relative words:
IP: Internet protocol
NAT: network address translation, with reference to RFC 1631
TCP:(Transmission Control Protocol) transmission control protocol
UDP:(User Datagram Protocol) User Datagram Protoco (UDP)
VoIP:(Voice over Internet Protocol) IP network voice technology
TCP/IP: transmission control protocol/Internet protocol
Socket: socket
IPV4:(Internet Protocol Version 4) Internet protocol is the 4th edition
Telnet:(Telnet Protocol) long-range connection protocol
The safe shell of SSH (Secure Shell)
Http (Hypertext Transfer Protocol) hypertext transfer protocol
SS: soft switchcall server.
Fast development along with Internet and broadband technology, increasing business also has been achieved on Internet, but because the structure of network also becomes increasingly complex, the IP address shortage of IPv4 and becoming increasingly conspicuous of network security problem, and the user is linked into Internet and adopts the NAT technology mostly, and therefore how managing the network equipment (as the VoIP multimedia terminal equipment) that is dispersed in Internet in a large number becomes the problem that the service provider needs solution badly.Solution commonly used at present is that all terminals all are registered in the SS system, carries out middle centralized and unified management by the keeper in the SS system, and convenience Telnet timely management is provided.But because the keeper and the network equipment are on the different NAT networks mostly, therefore are difficult to use normal Telnet way to manage and manage the interior network equipment of NAT, the management that how to solve the network equipment between different N AT is the key that realizes unified management.
Existing technical problem: if the keeper directly carries out communication with the terminal equipment that is in the different N AT, directly send the managing signaling request toward terminal equipment, carry out under the situation of port mapping or map addresses in nothing on the NAT, the outer keeper of NAT can not set up IP communication (as can not set up TCP chain) with the network equipment in the NAT, make the Telnet signaling can't pass to the interior network equipment of NAT, can cause the Telnet management channel to set up like this.The keeper can't get in touch with the network equipment, cause the keeper to carry out the Telnet management to it like this.
At present, many manufacturers that have network equipment development ability and experience are arranged, they have developed the network equipment product of oneself, and great majority all support the Telnet management (as Telnet, SSH, Http) etc., because existing Internet network is based on the NAT technology mostly, and the network equipment is to be applied on the Internet mostly, can't realize normal TCP communication between the different N AT network, how being implemented in the Telnet management of NAT lower network equipment, is to improve the range of application of the network equipment and the key of the efficiency of management.
Summary of the invention
The technical issues that need to address of the present invention are: how to realize normal TCP communication between different N AT network, how to be implemented in the Telnet management of NAT lower network equipment.In order to solve the problem of Telnet normally management, thinking of the present invention is: by SS set up with keeper's telemanagement TCP link, with the telemanagement link of the network equipment, utilize the link of setting up with both sides to come transmitting signaling and data method.Wherein key technology is exactly how to allow the SS and the network equipment set up the TCP link, reaches keeper and SS and sets up the TCP link, and monitor on two TCP links, and carry out the mutual of signaling and packet.Adopt the present invention, they can just can carry out the Telnet management to the network equipment on Internet under existing technical foundation and NAT network environment.For this reason, purpose of the present invention is utilized one exactly, and to be in that SS (if any the IP address of a public network) that keeper and target device can both " see " be that two ends (keeper's end and network equipment end) are created TCP and linked, and utilize these two chains to fetch and transmit Telnet managing signaling and data, realize the unified Telnet management of keeper to destination network device.
Technical scheme of the present invention is: a kind of method that realizes the network equipment in the NAT is carried out the Telnet management, set up with keeper's telemanagement TCP link, and set up telemanagement TCP link with the network equipment by SS by SS, form an IP path by SS agency's Telnet management, on this IP path, transmit Telnet managing signaling and data by SS, and this path monitored, if finding has an end TCP to close or makes mistakes, then with this IP path contract fully.
This method further may further comprise the steps:
1, the network equipment utilizes UDP or TCP to set up an IP link after network is connected, (as the registration path at the UDP of VoIP equipment, and regularly sending packet to keep the survival of this path).
2, SS receives when the network equipment in keeper and the NAT is set up Telnet management request, by the IP link of having set up with the network equipment, sends to the network equipment and to set up Telnet TCP link notice.
3, the SS and the network equipment are set up Telnet management TCP link:
1) network equipment is initiatively set up a telemanagement TCP link to SS when receiving the link setup notice, and the service end of starting Telnet management is as (Telnet Server, SSH Server, Web Server etc.).
2) network equipment comes order data that receiving management person transmits and and the result data is issued SS by this link.
4, SS and keeper set up Telnet management TCP link
1) SS also sends to the keeper after the request of receiving the keeper and sets up Telnet management TCP chain notice simultaneously.
2) keeper also will initiatively set up link to SS after receiving the link setup notice.And starting remote login tools client is as (Telnet, SSH, Web Brower, also special instrument etc.)
5, transmit the telemanagement signaling and the data of the keeper and the network equipment
1) SS will be by being transmitted to the network equipment with the Telnet link management of setting up with the network equipment when receiving administrator data.
2) SS will be by being transmitted to the keeper with the Telnet link management of setting up with the keeper when receiving network equipment data.
6, by step 3 and step 4 realization and SS and keeper, the foundation of the Telnet link of the SS and the network equipment.
7, monitoring link circuit condition
SS detects two TCP links:
When wrong generation or when obtaining close message when (far-end as TCP is closed), with two TCP link-downs.
Wherein, step 3 and step 4 order is carried out simultaneously.Described configuration management signaling data bag is to issue the network equipment by setting up telemanagement TCP link when receiving administrator data, simultaneously, when receiving the data that the network equipment sends, the telemanagement TCP link through keeper and SS foundation is transmitted to the keeper equally.
The invention has the beneficial effects as follows:
1) the present invention has realized the network equipment in the NAT is carried out the Telnet management, has and realizes that simply unified management pattern extensibility is strong.
2) speed provides the user to serve, and unified service management pattern reduces the service operation maintenance cost.
3) compatible original Telnet function.
4) saved limited IP address resource.
5) fail safe of assurance legacy network equipment
6) make full use of the existing Internet resources of user, the protection customer investment.
Description of drawings
Fig. 1 is the schematic diagram of the network equipment in the Telnet management NAT of the present invention
Fig. 2 is the implementation method flow chart of the network equipment in the Telnet management NAT of the present invention
Fig. 3 monitors two link schematic diagrames of the network equipment in the Telnet management NAT for the present invention
Specific implementation
Accompanying drawing 1 realizes that different N AT keeper C or B outer or public network are remotely logged into the interior destination network device of NAT through SS.Logical SS carries out to the Telnet management of the network equipment in the NAT, so SS needs a public network IP (keeper and the network equipment are all seen).In conjunction with the accompanying drawings 2, SS need create two TCP links and be respectively keeper and network equipment service.How to create these two links and on these two links, realize mutual transparent forwarding, promptly realized the process of under the NAT Telnet of the network equipment being managed.
Below in conjunction with the whole process of describing the destination network device in keeper's Telnet NAT in detail shown in Figure 2:
At first, the network equipment when network is connected and SS set up IP tunnel, and the authentication word (ID) of the network equipment is sent to SS, SS preserves channel information (comprising IP address and port numbers) and user's ID.(step 1)
The keeper signs in in the SS system (as with WEB, Telnet, modes such as application client) and manages, and sends the order of terminal equipment under the telemanagement NAT to SS.(step 2)
Set up the Telnet passage of the SS and the network equipment:
When the keeper when SS sends Remote Login request, SS extracts the IP tunnel and the destination network device information of the network equipment in IP tunnel of storing and network equipment information table by keeper's request content, if the network equipment is in the NAT, SS monitors (Listen) Socket.(step 3)
Send Remote Login request message to destination network device simultaneously and by the IP tunnel that extracts, require the network equipment to set up link to monitoring Socket.(step 4)
The network equipment is after receiving Remote Login request, if accept this request, it is managing concatenated that the network equipment will be set up Telnet to the Socket of SS appointment.And startup Telnet management service end.(step 5)
SS will monitor on the Socket Accept () to a Socket, with this Socket as with the managing concatenated Socket of the Telnet of the network equipment.(step 6)
Set up the Telnet passage of keeper and SS:
SS monitors (Listen) another Socket simultaneously, as the monitoring Socket that sets up Telnet management TCP link to the keeper.(step 8)
And send one to the keeper and set up the managing concatenated request of Telnet, require the keeper to set up link to this monitoring Socket.(step 9)
The keeper sets up a TCP link to the Socket of SS appointment after the link setup request of receiving SS, as the telemanagement link of managing network device, and start the Telnet administrative client.(step 10)
SS will monitor Accept to Socket on the Socket, and the Socket that Accept is come out is as the Socket managing concatenated with keeper's Telnet.(step 11)
Wherein, the Telnet passage sequencing of the Telnet passage of the SS and the network equipment and keeper and SS can be adjusted, and because of the network reason, the link of both direction all might successively be set up successfully, so need to preserve set up earlier the data received on the successful link (step 7), treat that the opposing party sets up success after, be transmitted to the opposing party again, and these two links are weaved into one group, can manage a plurality of network equipments simultaneously with the keeper.(situation that step 12-step 15) will occur is as follows:
Whether set up if when receiving the data of the network equipment earlier, detect this moment,, then these data are preserved that (step 7) after treating to set up with keeper's management channels, is issued the keeper with these data again if set up with keeper's collocation channel.If set up then and directly this signaling directly be transmitted to management.(step 12-step 13)
If SS is when receiving keeper's data earlier, whether the collocation channel that detects with the network equipment is set up,, then these data are preserved that (step 7) after treating to set up with the management channels of the network equipment, is issued the network equipment with these data again if set up.If set up then and directly this signaling directly be transmitted to the network equipment.(all packets of step 14-step 15) are transmitted by SS.
Monitor two Telnets management TCP link processes below in conjunction with the SS that describes shown in Figure 3:
By come regularly to detect the situation of two TCP links as Select: if having data to receive on a Telnet management TCP link, SS reads the data of this link, sends on another link.If wrong generation (Socket closes as far-end) etc. on Telnet management TCP link is all closed other two links.
Claims (6)
1, a kind of method that realizes the network equipment in the NAT is carried out the Telnet management, it is characterized in that setting up with keeper's telemanagement TCP link, and setting up telemanagement TCP link with the network equipment by SS by SS, form an IP path by SS agency's Telnet management, on path, transmit Telnet managing signaling and data by SS, and this path monitored, if finding has an end TCP to close or makes mistakes, then with this IP path contract fully.
2, a kind of method that realizes the network equipment in the NAT is carried out the Telnet management according to claim 1 is characterized in that concrete steps are:
A, the network equipment utilize UDP or TCP to set up an IP link after network is connected, and as the registration path at the UDP of VoIP equipment, and regularly send packet to keep the survival of this path;
B, SS receive when the network equipment in keeper and the NAT is set up Telnet management request, by the IP link of having set up with the network equipment, sends to the network equipment and to set up Telnet TCP link notice;
C, SS and the network equipment are set up Telnet management TCP link:
A) network equipment is initiatively set up a telemanagement TCP link to SS receiving link setup when notice, and the service end such as the Telnet Server of starting Telnet management, SSH Server, a kind of among the Web Server;
B) network equipment by this link come order data that receiving management person transmits and and the result data are issued SS;
D, SS and keeper set up Telnet management TCP link
A) SS also sends to the keeper after the request of receiving the keeper and sets up Telnet management TCP chain notice simultaneously;
B) keeper also will initiatively set up link to SS after receiving the link setup notice, and starting remote login tools client such as Telnet, SSH, a kind of, the also special instrument among the Web Brower;
The telemanagement signaling and the data of E, forwarding keeper and the network equipment
A) SS will be by being transmitted to the network equipment with the Telnet link management of setting up with the network equipment when receiving administrator data;
B) SS will be by being transmitted to the keeper with the Telnet link management of setting up with the keeper when receiving network equipment data;
F, by step C and step D realization and SS and keeper, the foundation of the Telnet link of the SS and the network equipment;
G, monitoring link circuit condition
SS is to detecting two TCP links, when wrong generation or when learning that a side closes, with two TCP link-downs.
3, a kind of method that realizes the network equipment in the NAT is carried out Telnet management according to claim 2 is characterized in that setting up on the SS two Socket, is respectively applied for treatment S S and keeper, and SS manages TCP with the Telnet of the network equipment and links.
4, a kind of method that realizes the network equipment in the NAT is carried out the Telnet management according to claim 2 is characterized in that the Telnet management TCP chain of network equipment end is to adopt reverse link setup mode, and promptly SS sends the link setup request to the network equipment.
5, a kind of method that realizes the network equipment in the NAT is carried out the Telnet management according to claim 2 is characterized in that need setting up two TCP links in the Telnet management service of a network equipment.
6, a kind of method that realizes the network equipment in the NAT is carried out the Telnet management according to claim 2, it is characterized in that step C and step D carry out in proper order simultaneously, described configuration management signaling data bag is to issue the network equipment by setting up telemanagement TCP link when receiving administrator data, simultaneously, when receiving the data that the network equipment sends, the telemanagement TCP link through keeper and SS foundation is transmitted to the keeper equally.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100167398A CN100420196C (en) | 2004-03-05 | 2004-03-05 | Method for realizing remote accession management for network equipment in NAT |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100167398A CN100420196C (en) | 2004-03-05 | 2004-03-05 | Method for realizing remote accession management for network equipment in NAT |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1599330A true CN1599330A (en) | 2005-03-23 |
| CN100420196C CN100420196C (en) | 2008-09-17 |
Family
ID=34663041
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100167398A Expired - Fee Related CN100420196C (en) | 2004-03-05 | 2004-03-05 | Method for realizing remote accession management for network equipment in NAT |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100420196C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007041918A1 (en) * | 2005-10-10 | 2007-04-19 | Huawei Technologies Co., Ltd. | Method and system for obtaining ssh host key of managed device |
| CN101764701A (en) * | 2008-12-23 | 2010-06-30 | 康佳集团股份有限公司 | Network management system |
| CN101277215B (en) * | 2007-03-28 | 2011-06-08 | 中国电信股份有限公司 | System and method for implementing remote equipment monitoring management by port proxy relay |
| CN102882733A (en) * | 2012-10-24 | 2013-01-16 | 广东天波信息技术股份有限公司 | WEB webmaster method realized by penetrating through NAT (Network Address Translation) equipment |
| CN102984202A (en) * | 2012-10-31 | 2013-03-20 | 广东天波信息技术股份有限公司 | System achieving Telnet web management by traversing network address translation (NAT) device and method thereof |
| CN106161642A (en) * | 2016-07-26 | 2016-11-23 | 苏州迈科网络安全技术股份有限公司 | Network equipment long-distance management method, platform and system |
| CN112738074A (en) * | 2020-12-25 | 2021-04-30 | 成都鼎安华智慧物联网股份有限公司 | Method for realizing Telnet communication in network isolation |
| CN112751947A (en) * | 2019-10-31 | 2021-05-04 | 瞻博网络公司 | Communication system and method |
| CN114531433A (en) * | 2020-11-06 | 2022-05-24 | 中盈优创资讯科技有限公司 | Interaction method and device for web login equipment |
| US11784874B2 (en) | 2019-10-31 | 2023-10-10 | Juniper Networks, Inc. | Bulk discovery of devices behind a network address translation device |
-
2004
- 2004-03-05 CN CNB2004100167398A patent/CN100420196C/en not_active Expired - Fee Related
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007041918A1 (en) * | 2005-10-10 | 2007-04-19 | Huawei Technologies Co., Ltd. | Method and system for obtaining ssh host key of managed device |
| US7792939B2 (en) | 2005-10-10 | 2010-09-07 | Huawei Technologies Co., Ltd. | Method and system for obtaining secure shell host key of managed device |
| CN101277215B (en) * | 2007-03-28 | 2011-06-08 | 中国电信股份有限公司 | System and method for implementing remote equipment monitoring management by port proxy relay |
| CN101764701A (en) * | 2008-12-23 | 2010-06-30 | 康佳集团股份有限公司 | Network management system |
| CN102882733A (en) * | 2012-10-24 | 2013-01-16 | 广东天波信息技术股份有限公司 | WEB webmaster method realized by penetrating through NAT (Network Address Translation) equipment |
| CN102882733B (en) * | 2012-10-24 | 2015-08-19 | 广东天波信息技术股份有限公司 | A kind of cross-over NAT equipment realizes WEB network management method |
| CN102984202A (en) * | 2012-10-31 | 2013-03-20 | 广东天波信息技术股份有限公司 | System achieving Telnet web management by traversing network address translation (NAT) device and method thereof |
| CN102984202B (en) * | 2012-10-31 | 2015-11-25 | 广东天波信息技术股份有限公司 | A kind of cross-over NAT equipment realizes the System and method for of Telnet webmaster |
| CN106161642A (en) * | 2016-07-26 | 2016-11-23 | 苏州迈科网络安全技术股份有限公司 | Network equipment long-distance management method, platform and system |
| CN112751947A (en) * | 2019-10-31 | 2021-05-04 | 瞻博网络公司 | Communication system and method |
| CN112751947B (en) * | 2019-10-31 | 2023-07-25 | 瞻博网络公司 | Communication system and method |
| US11784874B2 (en) | 2019-10-31 | 2023-10-10 | Juniper Networks, Inc. | Bulk discovery of devices behind a network address translation device |
| US11805011B2 (en) | 2019-10-31 | 2023-10-31 | Juniper Networks, Inc. | Bulk discovery of devices behind a network address translation device |
| CN114531433A (en) * | 2020-11-06 | 2022-05-24 | 中盈优创资讯科技有限公司 | Interaction method and device for web login equipment |
| CN114531433B (en) * | 2020-11-06 | 2023-07-21 | 中盈优创资讯科技有限公司 | Interaction method and device of web login equipment |
| CN112738074A (en) * | 2020-12-25 | 2021-04-30 | 成都鼎安华智慧物联网股份有限公司 | Method for realizing Telnet communication in network isolation |
| CN112738074B (en) * | 2020-12-25 | 2023-02-24 | 成都鼎安华智慧物联网股份有限公司 | Method for realizing Telnet communication in network isolation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100420196C (en) | 2008-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fall et al. | Tcp/ip illustrated | |
| KR101278297B1 (en) | Method and apparatus for reliably delivering multicast data | |
| CN1232080C (en) | Method of providing internal service apparatus in network for saving IP address | |
| US7480794B2 (en) | System and methods for transparent encryption | |
| CN102231763B (en) | Sharing method based on NAT (Network Address Translation) penetration | |
| CN1881916A (en) | Method and apparatus for realizing communication between communication equipments | |
| CN1439213A (en) | Method for comunicating audio data in a packet switched network | |
| CN101064625A (en) | Method for managing user side equipment through network address translation gateway | |
| CN1960338A (en) | Communication controlling method | |
| CN101056271A (en) | Method for penetrating the NAT and corresponding communication terminal and NAT device | |
| CN100448233C (en) | Virtual domain name resolution proxy method and system | |
| CN1968226A (en) | Method for crossing network address conversion in point-to-point communication | |
| CN110611724A (en) | Internet of things gateway intranet penetration method based on reverse proxy | |
| CN1599330A (en) | Method for realizing remote accession management for network equipment in NAT | |
| WO2009053646A8 (en) | Method of traversing address translation equipment for sip signalling messages by temporary use of the tcp transport protocol. | |
| CN1553674A (en) | Method for wideband connection server to obtain port numbers of its uers | |
| CN1976356A (en) | Network address conversion penetrating system, method and user equipment | |
| CN104426732A (en) | High-speed transmission tunnel realization method and system | |
| CN101599992A (en) | P2PNAT traversal scheme based on SIP | |
| CN1758654A (en) | Method for set-up direct link tunnel for user terminal and its communication method and server | |
| CN1177438C (en) | Relay management method of network equipment based on Telnet protocol | |
| CN1764172A (en) | Multimedia communication proxy system and method capable of crossing network address conversion and firewall | |
| CN1299476C (en) | Method for H.323 agent server to register on gatekeeper from terminals after being agent of NAT | |
| CN1606304A (en) | Method for traversing NAT equipment/firewall by NGN service | |
| CN101039327A (en) | Method and system for supporting multiple services using SIP protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI AOWEI COMMUNICATION SCIENCE CO., LTD. Free format text: FORMER OWNER: AOWEI COMMUNICATION TECHNOLOGY CO., LTD., SHANGHAI Effective date: 20081031 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20081031 Address after: Room 1, building 3000, 1002-1003 East Dragon Road, Zhangjiang, Shanghai Patentee after: Shanghai Wei Wei Communication Technology Co., Ltd. Address before: Room 511, Jin Yun Building, 2507 Pudong Road, Shanghai Patentee before: Shanghai Aowei Communication Technology Co., Ltd. |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080917 Termination date: 20120305 |