WO2006114037A1 - Systeme de communication dote d’un module de commande de session en peripherie et procede de transmission de paquet de signalisation - Google Patents
Systeme de communication dote d’un module de commande de session en peripherie et procede de transmission de paquet de signalisation Download PDFInfo
- Publication number
- WO2006114037A1 WO2006114037A1 PCT/CN2006/000523 CN2006000523W WO2006114037A1 WO 2006114037 A1 WO2006114037 A1 WO 2006114037A1 CN 2006000523 W CN2006000523 W CN 2006000523W WO 2006114037 A1 WO2006114037 A1 WO 2006114037A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signaling
- function entity
- address
- network
- port number
- Prior art date
Links
- 230000011664 signaling Effects 0.000 title claims abstract description 603
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000004891 communication Methods 0.000 title claims abstract description 41
- 230000005540 biological transmission Effects 0.000 title description 4
- 230000003068 static effect Effects 0.000 claims abstract description 158
- 238000013519 translation Methods 0.000 claims abstract description 17
- 230000006870 function Effects 0.000 claims description 397
- 238000006243 chemical reaction Methods 0.000 claims description 83
- 230000009466 transformation Effects 0.000 claims description 60
- 238000013507 mapping Methods 0.000 claims description 21
- 230000008569 process Effects 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 15
- 230000004044 response Effects 0.000 claims description 12
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 2
- 230000001131 transforming effect Effects 0.000 claims description 2
- 230000006855 networking Effects 0.000 abstract description 15
- 238000010586 diagram Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 230000009131 signaling function Effects 0.000 description 3
- 238000000926 separation method Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012913 prioritisation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1083—In-session procedures
Definitions
- the present invention relates to the field of communication technologies, and in particular to a session border controller
- the SBC is a concept proposed by the Internet Work Organization (IETF). It is called the Session Border Controller (SBC), which is used to solve the boundary control problem of border session services in the Next Generation Network (NGN), such as the access network.
- NTN Next Generation Network
- Problems such as quality (QoS) control, such as different address domains between different networks (access network, backbone network, etc.), cannot be directly interworked on the IP network, or because the management domain is different, it needs to be controlled at the boundary point.
- QoS quality
- the access network and the backbone network are connected to the SBC for border control, and the two different backbone networks are interconnected by SBC for boundary control.
- Figure 2 shows the networking diagram of interworking between two networks using SBC.
- the communication system includes a network A, a network B, and an SBC.
- the network A and the network B are respectively connected to the SBC, and the SBC further includes a signaling control function entity and a media forwarding function entity.
- the signaling control function entity and the media forwarding function entity respectively have two interfaces, and each entity connects to the network A and the network B by using these two interfaces.
- the signaling control function entity completes the processing of the session signaling plane, such as the receiving and terminating of the signaling message, the processing of the media information in the signaling message, and the forwarding control of the media stream according to the session state in the signaling message.
- the function of (reject/allow, etc.), the media forwarding function entity completes the forwarding of the session media stream under the control of the signaling control function entity.
- the signaling control function entity uses two IP addresses, namely, IP address 1 and IP address ⁇ , to communicate with the user equipment in network A and the functional entity in network B, respectively, and the media forwarding function entity utilizes two The IP addresses, namely IP address 2 and IP address 2, communicate with the user equipment in network A and the functional entities in network B, respectively.
- IP addresses namely IP address 1 and IP address ⁇
- IP address 2 and IP address 2 communicate with the user equipment in network A and the functional entities in network B, respectively.
- the SBC signaling plane address and the media plane address seen by each user equipment in the network A are different, and the two addresses belong to the address domain of the network A and the address domain of the network B, respectively.
- Step 401 The user equipment in the network A sends a signaling message of the user registration request to the signaling control function entity of the SBC. .. ,
- Step 404 The function entity in the network B authenticates the user equipment, and if the authentication succeeds, sends a response signaling packet with successful authentication to the signaling control function entity. If the authentication fails, the signaling is controlled. The functional entity sends a response signaling packet with the authentication failure.
- Step 405 After receiving the response signaling packet, the signaling control function entity sends the signaling packet to the user equipment in the network A.
- Step 406 ⁇ 410 After the user equipment in the network A receives the message, that is, after the registration is successful, the signaling control function entity sends a signaling message to the functional entity in the network B again; likewise, the network B The functional entity in the network also uses the signaling control function entity to send a signaling message to the user equipment in the network A.
- the media forwarding function entity is used for the processing of the media plane.
- the functional characteristics and processing models of the two entities are different, and the requirements of the two are also different.
- the processing of a single device can handle a large amount of capacity, and the processing of the media plane is limited by the forwarding capability, so that the number of concurrent ports supported is limited, so the functional entity capacity of the media plane is compared to the device capacity of the signaling plane.
- the signaling control function entity of one signaling plane may control multiple media forwarding function entities; on the other hand, the signaling plane is usually centralized, for example, the signaling plane device may be located in the central computer room of the operator network. The media device is distributed, close to the user, such as the residential property room where the user is located. Therefore, the above networking application mode has the following disadvantages:
- the centralized large-capacity signaling control function entity is directly exposed to the access user.
- one of the above-mentioned networks A or B is an access network, and the access is an uncontrollable end user with security threats. Therefore, there is a certain security risk.
- the centralized large-capacity signaling control function entity is attacked, all users accessing the functional entity using the signaling control function cannot perform session services.
- the centralized signaling control function entity and the distributed media forwarding function entity make the networking mode difficult to deploy in an actual network.
- the signaling control function entity located in the operator center equipment room is not in the network B.
- the edge between the network A and the network A is usually located at the edge of the media forwarding function entity, so the signaling control function entity and the network A are difficult to directly interface (unless the private line is connected from the network A to the signaling control function entity directly.
- the mode is inconvenient and costly in practical applications, and the operator does not consider it. Therefore, the signaling control function entity cannot configure the IP address in network A, and the access user in network A cannot directly
- the signaling control function entity communicates directly, and as a result, the above model cannot be applied in the actual networking.
- the signaling control function entity and the media forwarding function entity are implemented on one device, that is, the IP address 1 and the IP address 2 are combined, that is, the signaling control function entity and the media forwarding function entity are not separated.
- This scheme does not take into account the difference between the signaling plane and the media plane processing characteristics. Because the signaling plane technically requires more processing power of the general-purpose CPU, the media plane technically requires more professional CPU or directly through specific use.
- the hardware forwarding capability provided by the integrated circuit (ASIC) chip so the separation of the two is more in line with the technical characteristics of signaling processing and media forwarding separation in the future network.
- an object of the present invention is to provide a communication network with SBC and a method for transmitting signaling thereof, so that a large-capacity centralized signaling control function entity shields an access user equipment and reduces a signaling control function entity. Security risks, and solve the problems that cannot be applied in the above actual networking.
- the present invention provides a method of transmitting signaling in a communication system having an SBC, the method being implemented as follows: the communication system includes at least a first network, a second network, and an SBC, and the SBC is at least The signaling static transformation function entity and the signaling control function entity include the following steps:
- the user equipment in the first network sends a signaling message of the registration request to the signaling static transformation function entity, where the destination IP address/port number of the signaling packet is a signaling static transformation function entity in the first network.
- IP address/port number, source IP address/port number is the IP address/port number of the user equipment in the first network;
- the signaling static conversion function entity modifies the destination IP address/port number of the signaling packet to the IP address/port number of the signaling control function entity, and the source IP address. /port number is modified to the IP address assigned by the signaling static conversion function entity
- the signaling control function entity After receiving the signaling message, the signaling control function entity analyzes and processes the signaling message, and sends the signaling message to the functional entity in the second network.
- Step B can further include:
- the step of setting the NAT entry of the signaling packet of the user equipment in the step B1 includes:
- the signaling static conversion function entity After receiving the signaling packet of the user equipment, the signaling static conversion function entity obtains the source IP address/port number in the signaling packet;
- the signaling static conversion function entity allocates an IP address/port number of the signaling static conversion function entity to the user equipment, and saves the IP address/port number of the user equipment in the first network and the signaling static transformation function entity. The correspondence between the IP address/port number assigned by itself.
- the IP address/port number of the signaling control function entity in step B may use the destination IP address/port number in the signaling packet to statically change the IP address of the functional entity in the first network from the preset signaling. Obtained in the mapping relationship between the port number and the IP address of the signaling control function entity.
- the mapping relationship between the IP address/port number of the first network and the IP address of the signaling control function entity of the signaling static conversion function entity may be preset in the signaling static transformation function entity, or may be set in the static and signaling Transforming functional entities that functional entities can communicate with.
- the mapping relationship between the IP address/port number of the first network and the IP address of the signaling control function entity may be randomly configured, or configured according to a certain algorithm, or according to a predefined Mechanism configured.
- Step C can further include:
- the Cl and the signaling control function entity After receiving the signaling packet, the Cl and the signaling control function entity obtain the user identity in the signaling packet. And a source IP address/port number of the signaling packet, where the source IP address/port number is an IP address/port number assigned by the signaling static conversion function entity, and the signaling control function entity records the user identity Corresponding to the IP address/port number assigned by the signaling static conversion function entity itself.
- step C it may further include:
- the notification static signaling function entity successfully authenticates, and the signaling static conversion function entity permanently maintains the signaling message.
- the notification signaling static transformation function entity fails to authenticate, and the signaling static transformation function entity deletes the signaling message. NAT entry.
- the method further includes:
- the timer is started, and if the signaling static conversion function entity receives the notification of successful authentication sent by the signaling control function entity before the timer expires, the timer is cancelled, and the subsequent processing steps are continued, if the timer expires before the timer expires. If the notification that the authentication succeeds is not received, the signaling static transformation function entity deletes the corresponding NAT entry.
- the method may further include: after the signaling control function entity receives the command to cancel the user from the second network, sending a command to delete the signaling NAT entry of the user to the signaling static transformation function entity. After receiving the command, the signaling static conversion function entity deletes the NAT entry of the signaling packet of the user equipment.
- step C it may further include:
- the signaling control function entity receives the signaling of the functional entity in the second network, and analyzes the signaling packet, and obtains the user identity from the signaling packet, according to step C1. The correspondence relationship is obtained, and the signaling static conversion function corresponding to the user identity is obtained. An IP address/port number of the entity, and forwarding the signaling packet to the signaling static conversion function entity according to the IP address/port number;
- the signaling static conversion function entity uses the signaling message NAT entry to perform NAT address translation on the signaling packet from the signaling control function entity, and sends the signaling message after the translated address to the first network.
- the user device in .
- the method may further comprise:
- the user equipment sends a signaling packet to the signaling static transformation function entity in the first network.
- the signaling static conversion function entity performs static NAT address translation on the source and destination address/port number of the signaling packet according to the NAT entry of the signaling packet, and forwards the signaling packet to the signaling packet.
- Signaling control function entity
- the signaling control function entity After receiving the signaling packet, the signaling control function entity parses and processes the signaling packet, and after determining that the user equipment has successfully registered, sends the signaling packet to the function in the second network. entity.
- Step B can further include:
- the NAT entry of the signaling packet of the user equipment is set.
- the entry is an IP address/port number of the user equipment in the first network and an IP address/port number assigned by the signaling static conversion function entity.
- the signaling static conversion function entity After receiving the signaling message of the user equipment or the signaling control function entity in the first network, the signaling static conversion function entity performs the NAT address conversion by using the NAT entry in step B21, and then sends the signaling entry to the NAT address.
- the signaling controls the functional entity or the user equipment in the first network.
- the communication system is an SBC-enabled NGN network defined by the International Telecommunication Union (ITU-T), ETSI's NGN network standard telecommunications and Internet convergence service, and Advanced Network Protocol (TISPAN), or in the Internet Working Group (IETF).
- ITU-T International Telecommunication Union
- ETSI's NGN network standard telecommunications and Internet convergence service and Advanced Network Protocol (TISPAN), or in the Internet Working Group (IETF).
- TISPAN Advanced Network Protocol
- IETF Internet Working Group
- the SBC When the communication system is an ITU-T defined SGN-enabled NGN network, the SBC is a Service Control Proxy Function (SCPF) and a Border Gateway Function (BGF); when the communication system is an SNB-defined NGN defined by TISPAN In the network, the SBC is an application function (AF) and an access border gateway (A-BGF); the access network is a plurality of digital subscriber lines (xDSL), a wireless local area network (Wlan), a cable (Cable), and a global microwave connection. Interoperability (WiMax) and a variety of wireless and wired access networks.
- the first network adopts an Internet Protocol version 4 (IPv4) address format or an Internet Protocol version 6 (IPv6) address format
- the second network adopts an IPv4 address format or an IPv6 address format.
- IPv4 Internet Protocol version 4
- IPv6 Internet Protocol version 6
- the signaling static transformation function entity may be set in the media forwarding function entity in the SBC or exist as an independent physical entity.
- the present invention provides a communication system having an SBC, the system comprising: the system comprising at least a first network, a second network, and an SBC, the SBC including at least a signaling static transformation function entity and signaling control a functional entity, the signaling static transformation function entity is connected to the first network and the signaling control function entity, and the signaling control function entity is connected to the second network and the signaling static transformation function entity, wherein
- the signaling static conversion function entity is configured to receive a signaling message of the user equipment in the first network, and modify the destination IP address/port number of the signaling packet to an IP address/port number of the signaling control function entity, The source IP address/port number is changed to the IP address/port number assigned by the signaling static conversion function entity, and the signaling packet is sent to the signaling control function entity;
- the signaling control function entity is configured to receive the signaling packet of the signaling static transformation function entity, analyze the processing of the signaling packet, and send the signaling packet to the functional entity in the second network.
- the signaling static conversion function entity is further configured to: after receiving the signaling message of the first network user equipment for the first time, obtain the source IP address/port number of the signaling packet, and select signaling control for the user equipment.
- IP address/port number of the functional entity, the source IP address/port number is The IP address/port number of the user equipment in the first network, and the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the signaling static conversion function entity.
- the signaling control function entity is further configured to: after receiving the signaling message of the signaling static conversion function entity for the first time, save the source IP address of the user identity identifier and the signaling packet carried in the signaling packet/
- the source IP address/port number is the IP address/port number assigned by the signaling static conversion function entity itself.
- the signaling static conversion function entity is further configured to: when not receiving the signaling message of the first network user equipment for the first time, according to the IP address/port number and signaling static of the user equipment in the first network The corresponding relationship between the IP address and the port number assigned by the function entity is changed, the signaling packet is statically translated, and the converted signaling packet is sent to the signaling control function entity.
- the signaling control function entity is further configured to receive a signaling message from the second network, and determine a corresponding static signaling transformation according to a correspondence between the user identity and the source IP address/port number saved by the user.
- the IP address/port number assigned by the function entity itself, and the signaling packet is sent to the signaling static transformation function entity;
- the signaling static conversion function entity is further configured to receive a signaling message from the signaling control function entity, and convert the address of the signaling message according to the NAT entry of the signaling message saved by itself. Then sent to the user equipment of the second network.
- the communication system is an NGN network with SBC function defined by ITU-T, TISPAN, or a communication network satisfying the SBC model in the IETF,
- the SBC is SCPF and BGF;
- the communication system is an NGN network with SBC function defined by TISPAN
- the SBC is AF and A-BGF
- the access network is a network of xDSL, Wlan, Cable WiMax, and wireless access methods.
- the signaling static transformation function entity is a logical entity in a media forwarding function entity in the SBC, or an independent physical entity.
- the system and method of the present invention can provide only the media forwarding function entity for the users in the first network in the centrally arranged signaling control function entity and the distributed arrangement media forwarding function entity.
- the address resolves the actual networking configuration problem.
- the signaling control function entity since the signaling control function entity is connected to the second network and is not directly connected to the first network, the signaling message of the user must pass through the media forwarding function entity or the signaling static conversion function entity to reach the signaling. Control function entity. Therefore, users can only attack a media forwarding function entity or a signaling static transformation function entity, but the impact on the entire system is much smaller, which can effectively prevent malicious attacks by users and make the entire system more secure.
- the present invention can flexibly adapt to complex address situations in various networking networks to meet the networking requirements of different operators. BRIEF DESCRIPTION OF THE DRAWINGS
- Figure 1 is a schematic diagram of the SBC networking model
- FIG. 2 is a schematic diagram of a network model with SBC in the prior art
- FIG. 3 is a schematic diagram of a typical network model with SBC in the prior art
- FIG. 4 is a schematic diagram of a signaling transmission flow based on the network model shown in FIG. 3;
- FIG. 5A is a schematic diagram of a networking model for implementing the system of the present invention
- FIG. 5B is a schematic diagram of a networking of a specific embodiment of the system of the present invention
- Figure 6 is a schematic flow chart of the method of the present invention.
- FIG. 7 is a schematic flow chart of a specific embodiment of implementing the method of the present invention based on the system shown in FIG. 5B. Mode for carrying out the invention
- a communication system embodying the present invention includes: a first network, a second network, and an SBC.
- the SBC further includes a signaling control functional entity and a number of signaling static translation functional entities.
- the network A shown in Fig. 5A is a network, and the network B is a second network.
- the signaling control function entity is connected to the network B and the signaling static conversion function entity, and each signaling static transformation function entity is connected to the network 8, the network B, and the signaling control function entity.
- the signaling static transformation function entity may be a logical entity in a media forwarding function entity or an independent physical entity.
- the communication system of the present invention may be an NGN network with SBC function defined by ITU-T or TISPAN.
- the SBC is SCPF and BGF; when the communication system is defined for TISPAN
- the SBC is AF and A-BGF.
- network A is the access network
- network B is the core network.
- the access network can access the network for any of a variety of access modes, such as xDSL, Wlan, Cable, WiMax, and other wired and wireless modes.
- the IP address in the above network can be in the IPv4 address format or the IPv6 address format.
- the address translation includes address format conversion in various situations such as IPv4-IPv4, IPv4-IPv6, IPv6-IPv6, and IPv6-IPv4.
- the signaling static transformation function entity is configured to forward signaling packets between the network A and the signaling control function entity.
- the signaling static conversion function entity first forwards the signaling message of a user equipment in the network A, that is, the registration request of a user equipment in the network A
- the network of the user setting message in the network A needs to be dynamically created.
- An address translation (NAT) entry such as: a correspondence between an IP address/port number of the user equipment in the first network and an IP address/port number assigned by the signaling static conversion function entity, for receiving the subsequent From the first network or letter
- the signaling packets of the function control entity are translated by NAT, and the signaling packets are forwarded.
- the signaling static conversion function entity when the signaling static conversion function entity receives the signaling message that is not sent for the first time in the network A, the signaling packet is statically translated and then forwarded to the NAT entry according to the signaling packet.
- the signaling control function entity when the signaling static conversion function entity receives the signaling message from the signaling control function entity, the signaling message is also subjected to static address translation, and then forwarded to the user equipment in the network A.
- the mapping between the signaling address on the media forwarding packet and the address of the signaling control function entity is configured in the signaling static conversion function entity, and is used to convert the user equipment sent by the network device A.
- the destination address of the signaling packet, or the source address of the packet sent by the signaling control function entity when the signaling static conversion function entity receives the signaling message that is not sent for the first time in the network A, the signaling packet is statically translated and then forwarded to the NAT entry according to the signaling packet.
- the signaling control function entity when the signal
- the signaling control function entity is configured to analyze and process the received signaling message, and perform signaling interaction with the functional entity in the network B. After receiving the signaling message of the registration request forwarded by the signaling static transformation function entity, the signaling control function entity obtains the user identity identifier in the information packet, and saves the user identity identifier and the source IP address in the signaling packet.
- the source IP address/port number is the IP address/port number assigned by the signaling static conversion function entity itself.
- the signaling control function entity may obtain the user identity from the signaling message, and obtain the user identity and The mapping between the source address and the port number obtains the IP address/port number assigned by the signaling static conversion function entity corresponding to the user identity, and then forwards the signaling packet to the signaling static according to the IP address/port number. Transform functional entities.
- the signaling configuration allocated by the user equipment or the second network to the user is controlled.
- the address of the functional entity is the address of the signaling static transformation function entity.
- the user directly sends the signaling packet to the signaling static transformation function entity in the SBC, and the signaling static transformation function entity passes the signaling packet through the letter.
- the control function entity is forwarded to the functional entity in the second network.
- the signaling control function entity sends the signaling packet to the signaling static transformation function entity, and then the signaling static transformation function entity sends the signaling packet to the signaling entity.
- the signaling control function entity sends the signaling packet to the signaling static transformation function entity, and then the signaling static transformation function entity sends the signaling packet to the signaling entity.
- the method of implementing the present invention includes the following steps:
- Step 601 The user equipment in the first network sends a signaling message of the registration request to the signaling static transformation function entity, where the destination IP address/port number of the signaling packet is a signaling static transformation function entity in the first network.
- the IP address/port number, the source address/port number is the address/port number of the user equipment in the first network.
- Step 602 After receiving the signaling packet of the user equipment, the signaling static transformation function entity modifies the destination IP address/port number of the signaling packet to the IP address of the signaling control function entity, and the source IP address/port. The number is modified to the IP address assigned by the signaling static transformation function entity.
- the signaling message is sent to the signaling control function entity.
- the IP address/port number assigned by the signaling static conversion function entity may be randomly selected by the media forwarding entity, or may be selected according to a certain priority, or may be selected according to an algorithm. , or other predefined mechanisms of choice.
- the IP address of the signaling control function entity may be obtained from the above mapping relationship by using the destination IP address/port number in the signaling message/ The port number.
- the mapping relationship between the IP address/port number of the signaling static conversion function entity and the IP address of the signaling control function entity can be configured according to the requirements of the operator.
- mapping relationship between the signaling IP address/port number of the signaling static conversion function entity and the IP address of the signaling control function entity is not configured in advance, it may also be random, according to some kind Priority or choice according to some algorithm.
- Step 603 After receiving the signaling packet, the signaling control function entity analyzes and processes the signaling packet, and sends the signaling packet to the functional entity in the second network.
- the process of analyzing and processing the signaling packet may be the same as or different from the prior art, and how it is handled does not affect the protection scope of the present invention.
- the signaling static conversion function entity can correctly forward the subsequent signaling message sent by the user equipment, and the signaling sent by the second network to the user equipment, in the step A NAT entry is dynamically created in the 602 to perform static address translation on the received signaling packet, so as to achieve correct forwarding.
- the NAT entry of the signaling packet can include the following two conditions:
- the entry may include only the user equipment in the network. Correspondence between the IP address/port number and the IP address/port number assigned by the signaling static conversion function entity. In this way, the NAT entry of the signaling packet of the user equipment can be set as follows:
- the signaling static conversion function entity After receiving the signaling packet sent by the user equipment for the first time, the signaling static conversion function entity obtains the source IP address/port number in the signaling packet after registering the request packet; the signaling static conversion function entity is the The user equipment allocates an IP address/port number of the signaling static conversion function entity, and saves the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the signaling static conversion function entity. The relationship is the NAT entry of the signaling packet corresponding to the user equipment.
- the NAT entry of the signaling packet of the user equipment may include: Correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the signaling static conversion function entity, and Correspondence between the IP address/port number of the first network and the IP address of the signaling control function entity. Therefore, you can obtain NAT entries in the following manner:
- the signaling static conversion function entity After receiving the signaling message sent by the user equipment for the first time, the signaling static conversion function entity obtains the source IP address/port number and the destination IP address/port number in the signaling message after registering the request message, and The signaling static conversion function entity allocates a IP address/port number of the signaling static conversion function entity to the user equipment, and selects an IP address/port number of the signaling control function entity, and saves the user equipment in the first network. Correspondence between the IP address/port number and the IP address/port number assigned by the signaling static conversion function entity, and the correspondence between the IP address/port number of the first network and the IP address of the signaling control function entity. The corresponding relationship is the NAT entry of the signaling packet.
- the NAT entry of the above signaling packet can be deleted after the user logs out and the user fails to register.
- the signaling control function entity can obtain the user identity in the signaling message after receiving the signaling message in the foregoing step 603.
- the source IP address/port number is the IP address/port number assigned by the signaling static conversion function entity in step 602, and the signaling control function entity records the user identity.
- the signaling control function entity when receiving the signaling message sent by the function entity in the second network to the user equipment in the first network, the signaling control function entity obtains the signaling static transformation function entity from the corresponding relationship according to the called user number.
- the IP address/port number is forwarded to the signaling static transformation function entity according to the IP address/port number.
- the communication system of this embodiment includes a first network and a second network. And SBC.
- the SBC further includes a signaling control function entity and a media forwarding function entity.
- the network A shown in FIG. 5B is the first network, and the network B is the second network.
- the signaling control function entity is connected to the network B and the media forwarding function entity, and the media forwarding function entity is connected to the network A, the network B, and the signaling control function entity.
- the communication system of the present invention may be an NGN network with SBC function defined by ITU-T, TISPAN.
- the SBC is SCPF and BGF; when the communication system is defined for TISPAN
- the SBC is AF and A-BGF.
- network A is the access network
- network B is the core network.
- the access network can access the network for any of a variety of access modes, such as xDSL, Wlan, Cable, WiMax, and other wired and wireless modes.
- the IP address in the above network can be in the IPv4 address format or the IPv6 address format.
- the address translation includes address format conversion in various situations such as IPv4-IPv4, IPv4-IPv6, IPv6-IPv6, and IPv6-IPv4.
- the media forwarding function entity can be used to forward data packets between the network A and the network B, and can also be used to forward signaling messages between the network A and the signaling control function entity.
- the media forwarding function entity first forwards the signaling packet of a user equipment in the network A, that is, the registration request of the user equipment in the network A
- the NAT entry of the user equipment signaling packet in the network A needs to be dynamically created. That is, the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the media forwarding function entity itself is used for the received network from the first network or the signaling function control entity.
- the signaling packet is translated by NAT, and the signaling packet is forwarded.
- the device when the media forwarding function entity receives the signaling message that is not sent for the first time in the network A, the device performs the static address translation and then forwards the message to the message according to the NAT entry of the signaling message.
- the control function entity when the media forwarding function entity receives the signaling message from the signaling control function entity, the signaling message is also subjected to static address translation, and then forwarded to the media forwarding function entity.
- media forwarding The mapping between the signaling address on the media forwarding packet and the address of the signaling control function entity is configured in the entity to be used to convert the signaling sent by the user equipment in the network A. The destination address, or the source address of the packet sent by the signaling control function entity.
- the signaling control function entity is configured to analyze and process the received signaling message, and perform signaling interaction with the functional entity in the network B. After receiving the signaling message of the registration request forwarded by the media forwarding function entity, the signaling control function entity obtains the user identity identifier in the information packet, and saves the user identity identifier and the source IP address/port in the signaling packet. The correspondence between the numbers, where the source IP address/port number is the IP address/port number assigned by the media forwarding function entity itself.
- the signaling control function entity may obtain the user identity from the signaling message, and obtain the user identity and Corresponding relationship between the source address and the port number, obtaining the IP address/port number assigned by the media forwarding function entity corresponding to the user identity, and then according to the IP address
- Step 701 The user equipment in the network A sends a signaling message of the registration request to the media forwarding function entity, where the signaling packet includes the access.
- Request information and user information, and the destination IP address of the signaling message is the IP address of the media forwarding function entity, and the source IP address is the IP address of the user equipment in the network A.
- Steps 702 to 703 After receiving the signaling packet, the media forwarding function entity obtains the source IP address/port number and the destination IP address/port number of the signaling packet, and allocates a media forwarding function entity's own IP address. /port number, and then dynamically create a NAT entry for the signaling packet of the user equipment, where the entry is the IP address/port number of the user equipment in network A and the IP address/port assigned by the media forwarding function entity itself.
- the source IP address/port number of the signaling packet is set to the media forwarding function according to the NAT entry of the signaling packet.
- the IP address/port number assigned by the user; and the mapping relationship between the IP address/port number of the first network and the IP address/port number of the signaling control function entity is obtained according to the pre-set mapping relationship of the IP address/port number of the signaling control function entity.
- the IP address/port number is converted into the IP address/port number of the signaling control function entity, and the signaling message is forwarded to the signaling control function entity.
- Steps 704 to 705 After receiving the signaling, the signaling control function entity parses and processes the signaling packet, and obtains the user identity and the source IP address/port number.
- the source IP address is the media forwarding function.
- the IP address/port number of the entity is used to store the correspondence between the user identity and the IP address assigned by the media forwarding function entity, and the signaling message is sent to the functional entity in the network B.
- Step 706 After receiving the signaling packet, the device in the network B authenticates the user equipment according to the user identity contained therein, and if the authentication succeeds, sends a response message to the signaling control function entity. If the authentication fails, the packet is sent to the signaling function control entity.
- Steps 707 - 708 After receiving the response signaling packet, the signaling control function entity obtains the user identity identifier, and obtains the media forwarding function entity corresponding to the user identity identifier according to the corresponding relationship in step 704. IP address/port number, and then set the destination IP address of the signaling packet to the IP address/port number of the media forwarding function entity, and the source IP address/port number is the IP address of the signaling control function entity itself. The signaling message is sent to the media forwarding function entity.
- Step 709 710 After receiving the signaling packet, the media forwarding function entity obtains the source IP address of the signaling packet, that is, the IP address/port number of the signaling control function entity, and performs the signaling according to step 702.
- the NAT entry of the packet is obtained by obtaining the IP address/port number of the user equipment in the network A corresponding to the IP packet of the signaling control function entity, and then modifying the destination IP address of the signaling packet to the user equipment in the network A.
- the media forwarding function entity has a mapping relationship between the IP address/port number of the first network and the IP address/port number of the signaling control function entity, and the source IP address/port number is changed to its own media forwarding function entity at the first The IP address/port number in the network, and the signaling message is sent to the user equipment in the first network end.
- step 707 if the response signaling packet received by the signaling control function entity is a signaling message for successful authentication, the signaling control function entity needs to notify the media forwarding function entity to permanently save and maintain the user equipment.
- Corresponding NAT entry that is, the correspondence between the IP address/port number of the media forwarding function entity and the IP address/port number of the signaling control function entity, until the user logs out, the signaling control function entity notifies the media forwarding function entity to delete This entry. If the response signaling packet is a signaling packet that fails to be authenticated, the signaling control function entity notifies the media forwarding function entity to delete the NAT entry of the signaling packet corresponding to the user equipment.
- the media forwarding function entity may send a signaling message to the functional entity in the network B, and may start a timer, if the timer expires before the timer expires. If the notification packet of the authentication succeeded by the signaling control function entity is not received, the NAT entry corresponding to the user equipment is deleted after the timer expires.
- the media forwarding function entity receives the command for the user to log off sent by the signaling control function entity, the NAT entry of the signaling packet needs to be deleted.
- the session request may be further accepted or initiated, such as performing step 711 to step 715 and/or step 716 to step 719.
- the processes of step 711 to step 715 and the processes of step 716 to step 719 are independent of each other, and only one of the processes may be executed, or two processes may be executed, and there is no prioritization between them. Describe these two processes.
- Steps 711 to 715 The function entity in the network B sends signaling packets in the network through the signaling control function entity, the media forwarding function entity, and the user equipment in the network A.
- the signaling control function entity needs to obtain the media corresponding to the user identity carried in the signaling message.
- the IP address of the physical forwarding function entity In the media forwarding function entity, the signaling packet is translated according to the NAT entry of the signaling packet and then sent out. This is the same as steps 706 ⁇ 710. .
- Steps 716 ⁇ 719 After the user equipment in the network A sends the signaling message for the first time, that is, accesses the request packet, and obtains the response signaling packet for successful authentication, it needs to interact with the network B again.
- the user equipment in the medium may perform signaling interaction with the functional entity in the network B through the media forwarding function entity and the signaling control function entity.
- the source IP address/port number of the media forwarding function entity conversion signaling needs to be implemented by using a NAT entry, and the destination IP address/port number needs to be searched for the media forwarding function entity configured in the media forwarding entity in the first network.
- the IP address/port number is mapped to the IP address/port number of the signaling control function entity.
- the IP address/port number of the corresponding signaling control function entity is obtained.
- the NAT entry of the signaling packet is set to include the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the media forwarding function entity, and the first The mapping between the IP address/port number of the network and the IP address of the signaling control function entity. Then, after the user has successfully registered, the signaling message between the user equipment and the signaling control function entity in the first network reaches the media forwarding function entity, and the media forwarding function entity can use the NAT of the signaling packet. After the NAT entry is translated, the entry is sent to the signaling control function entity or the user equipment in the first network. The following is as follows: The user equipment sends a signaling message to the media forwarding function entity in the network A.
- the destination IP address/port number of the IP packet is the IP address/port number of the media forwarding function entity
- the source IP address/port number is The IP address/port number of the user equipment in the network A.
- the media forwarding function entity directly uses the NAT entry of the signaling packet to perform a static NAT address translation on the signaling packet, that is, the Transmitting the destination IP address of the packet to the IP address/port number of the signaling control function entity, converting the source IP address/port number to the IP address of the media forwarding function entity, and using the destination IP address/port number Signaling packets are forwarded to signaling control functions Can be an entity.
- the signaling control function entity After receiving the signaling packet, the signaling control function entity parses and processes the signaling packet, and determines the correspondence between the user identity identifier and the IP address/port number of the media forwarding function entity, that is, the user The device has been successfully registered, so the signaling message is sent directly to the functional entity in network B.
- the address of the SBC signaling control function entity configured by the access user is an address on the media forwarding function entity, and the access signaling flow passes through the media forwarding function entity, so the SBC letter
- the control function entity only needs to have a domain address, such as an administrative domain or an address domain address.
- the NAT entry of the signaling packet that has been established on the media forwarding function entity is used as a signaling channel to initiate or accept a call, and the network A is seen in the signaling control function entity.
- the user address/port number will also be the address/port information on the media forwarding function entity.
- the signaling static transformation entity is an independent independent entity
- the implementation process is the same as that in the foregoing embodiment, and details are not described herein again.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
L’invention concerne un procédé de transmission de paquet de signalisation dans un système de communication doté d’un module de commande de session en périphérie (SBC). Le procédé selon l’invention comprend l’envoi par un dispositif d’utilisateur d’un paquet de signalisation avec une demande de registre à une entité fonctionnelle de traduction statique de signalisation dans un premier réseau. Lorsque l’entité fonctionnelle de traduction statique de signalisation reçoit le paquet de signalisation, elle change l’adresse IP / le numéro de port de destination de ce paquet de signalisation qui devient son adresse IP / son numéro de port et change l’adresse IP / le numéro de port source qui devient l’adresse IP / le numéro de port qu’elle transmet ; elle envoie ensuite ce paquet de signalisation à une entité fonctionnelle de commande de signalisation. L’entité fonctionnelle de commande de signalisation analyse le paquet de signalisation et l’envoie à une entité fonctionnelle dans un deuxième réseau. L’invention concerne également un système de communication doté d’un module de commande de session en périphérie (SBC). L’invention permet de bloquer toute attaque malicieuse par un utilisateur de l’entité fonctionnelle de commande de signalisation, sécurise davantage le système de communication et accroît la souplesse du SBC sans imposer de limitations sur le réseau proprement dit.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200510068227.0 | 2005-04-27 | ||
CN2005100682270A CN1856163B (zh) | 2005-04-27 | 2005-04-27 | 一种具有会话边界控制器的通信系统及其传输信令的方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006114037A1 true WO2006114037A1 (fr) | 2006-11-02 |
Family
ID=37195886
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2006/000523 WO2006114037A1 (fr) | 2005-04-27 | 2006-03-28 | Systeme de communication dote d’un module de commande de session en peripherie et procede de transmission de paquet de signalisation |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN1856163B (fr) |
WO (1) | WO2006114037A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109561164A (zh) * | 2017-09-27 | 2019-04-02 | 华为技术有限公司 | Nat表项的管理方法、装置及nat设备 |
CN112615839A (zh) * | 2020-12-10 | 2021-04-06 | 帝信科技股份有限公司 | 一种数据的传输系统、传输方法及传输装置 |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212405B (zh) * | 2006-12-29 | 2011-09-21 | 中国移动通信集团公司 | 媒体路由控制方法 |
CN100546285C (zh) * | 2007-05-09 | 2009-09-30 | 华为技术有限公司 | 实现互通网关应用层路由的方法、系统及会话边界控制器 |
CN101115232B (zh) * | 2007-08-28 | 2010-12-08 | 中国联合网络通信集团有限公司 | 通过sbc接入ip多媒体子系统网络的漫游控制方法及系统 |
CN101420368B (zh) * | 2007-10-23 | 2011-07-13 | 中兴通讯股份有限公司 | Sbc实现媒体直通的方法 |
CN101222343B (zh) * | 2008-01-30 | 2011-11-30 | 中兴通讯股份有限公司 | 一种策略与计费控制系统及对媒体网关的控制方法 |
CN101715173B (zh) * | 2008-10-06 | 2013-06-05 | 华为技术有限公司 | 用户设备活动信息通知方法、系统及网元设备、服务器 |
CN102917342B (zh) * | 2008-09-28 | 2015-11-25 | 华为技术有限公司 | 用户设备活动信息通知方法、系统及网元设备、服务器 |
JP5164879B2 (ja) * | 2009-02-17 | 2013-03-21 | 沖電気工業株式会社 | 通信中継装置、プログラム及び方法、並びにネットワークシステム |
CN101980485B (zh) * | 2010-10-18 | 2015-09-16 | 中兴通讯股份有限公司 | 路由器和传输数据的方法 |
CN102957756B (zh) * | 2011-08-23 | 2017-10-17 | 中兴通讯股份有限公司 | 数据报文的处理方法及接入服务路由器 |
CN102523358A (zh) * | 2012-01-12 | 2012-06-27 | 江苏电力信息技术有限公司 | 一种基于ngn软交换网语音集中接入的呼叫中心通信接入系统 |
CN103067414A (zh) * | 2013-01-30 | 2013-04-24 | 北京天地互连信息技术有限公司 | 一种解决IMS网络中IPv4过渡到IPv6互通方法 |
CN104158806B (zh) * | 2014-08-13 | 2018-02-23 | 大唐移动通信设备有限公司 | 会话连接建立方法及设备、会话边界控制网元 |
CN106128463A (zh) * | 2016-06-07 | 2016-11-16 | 张巍 | 一种基于云计算的人工同声传译方法及系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384644A (zh) * | 2001-04-27 | 2002-12-11 | 冲电气工业株式会社 | 用于连接网络的方法和装置 |
CN1503526A (zh) * | 2002-11-26 | 2004-06-09 | ������������ʽ���� | 地址转换装置和地址转换规则的管理方法 |
CN1547354A (zh) * | 2003-12-17 | 2004-11-17 | 港湾网络有限公司 | 网络地址转换规则配置的优化方法 |
US6862267B1 (en) * | 2000-05-08 | 2005-03-01 | Nortel Networks Limited | Determining network addresses and ports using table from a description file |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1516409A (zh) * | 2003-08-26 | 2004-07-28 | 中兴通讯股份有限公司 | 一种使媒体流穿越网络地址转换器的方法 |
-
2005
- 2005-04-27 CN CN2005100682270A patent/CN1856163B/zh not_active Expired - Fee Related
-
2006
- 2006-03-28 WO PCT/CN2006/000523 patent/WO2006114037A1/fr not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6862267B1 (en) * | 2000-05-08 | 2005-03-01 | Nortel Networks Limited | Determining network addresses and ports using table from a description file |
CN1384644A (zh) * | 2001-04-27 | 2002-12-11 | 冲电气工业株式会社 | 用于连接网络的方法和装置 |
CN1503526A (zh) * | 2002-11-26 | 2004-06-09 | ������������ʽ���� | 地址转换装置和地址转换规则的管理方法 |
CN1547354A (zh) * | 2003-12-17 | 2004-11-17 | 港湾网络有限公司 | 网络地址转换规则配置的优化方法 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109561164A (zh) * | 2017-09-27 | 2019-04-02 | 华为技术有限公司 | Nat表项的管理方法、装置及nat设备 |
CN109561164B (zh) * | 2017-09-27 | 2021-02-09 | 华为技术有限公司 | Nat表项的管理方法、装置及nat设备 |
CN112615839A (zh) * | 2020-12-10 | 2021-04-06 | 帝信科技股份有限公司 | 一种数据的传输系统、传输方法及传输装置 |
CN112615839B (zh) * | 2020-12-10 | 2023-08-22 | 帝信科技股份有限公司 | 一种数据的传输系统、传输方法及传输装置 |
Also Published As
Publication number | Publication date |
---|---|
CN1856163A (zh) | 2006-11-01 |
CN1856163B (zh) | 2011-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006114037A1 (fr) | Systeme de communication dote d’un module de commande de session en peripherie et procede de transmission de paquet de signalisation | |
KR101280281B1 (ko) | 일련의 경계 게이트웨이들을 통하는 ip 멀티미디어 베어러 경로 최적화를 위한 개선된 방법 및 시스템 | |
US6801528B2 (en) | System and method for dynamic simultaneous connection to multiple service providers | |
JP6884818B2 (ja) | Vxlan実装方法、ネットワークデバイス、および通信システム | |
CN100586138C (zh) | 在安全网络和非安全网络之间连接分组电话呼叫的方法和装置 | |
US7366894B1 (en) | Method and apparatus for dynamically securing voice and other delay-sensitive network traffic | |
EP1876754B1 (fr) | Procede, systeme et serveur pour mettre en oeuvre l'attribution de securite d'adresse dhcp | |
US9112909B2 (en) | User and device authentication in broadband networks | |
CN102036227B (zh) | 一种数据业务的用户标识获取方法、系统及装置 | |
KR101454502B1 (ko) | 종단 대 종단 미디어 경로를 식별하는 방법 및 시스템 | |
EP2235913B1 (fr) | Procédé et dispositif pour commander une passerelle multimédia comprenant un isim | |
US9756011B2 (en) | System and method for logging communications | |
WO2007045157A1 (fr) | Procede de prestation de service et systeme de celui-ci | |
WO2009129707A1 (fr) | Procédé, appareil et système de communication pour envoyer et recevoir des informations entre réseaux locaux | |
US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
WO2012075768A1 (fr) | Procédé et système de contrôle de réseau de séparation de localisateur/identifiant | |
WO2010054561A1 (fr) | Procédé avec agent de flux multimédia, échangeur vocal et système de communication | |
JP5261432B2 (ja) | 通信システム、パケット転送方法、ネットワーク交換装置、アクセス制御装置、及びプログラム | |
WO2008003214A1 (fr) | Procédé, dispositif et système de passage de flux multimédia à travers la traduction d'adresse de réseau | |
WO2012075770A1 (fr) | Procédé et système de blocage dans un réseau de séparation d'identité et de localisation | |
WO2012075779A1 (fr) | Procédé et système pour garantir la qualité de service de noeud mobile | |
CA2502321C (fr) | Procede de gestion de la securite pour un dispositif d'acces integre du reseau |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: RU |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06722175 Country of ref document: EP Kind code of ref document: A1 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 6722175 Country of ref document: EP |