WO2009114995A1

WO2009114995A1 - Application-oriented name registration system and service method in multi-layer nat environment

Info

Publication number: WO2009114995A1
Application number: PCT/CN2009/000298
Authority: WO
Inventors: 傅川; 王迪; 张国清; 秦卓琼
Original assignee: 中国科学院计算技术研究所
Priority date: 2008-03-19
Filing date: 2009-03-19
Publication date: 2009-09-24
Also published as: CN101242421A; CN101242421B

Abstract

An application-oriented name registration system in multi-layer NAT environment is disclosed, including system terminal device and registration service unit which comprises top-layer registration service unit connected to public network and basic registration service unit connected to private network; the registration service unit is used to receive login request message from the system terminal device and record the user login information of the system terminal device, and the user login information includes at least the user identification, the user login point of the system terminal device used by the user in the network to which the registration service unit is connected, and the system terminal device access point of the system terminal device used by the user in the network to which the registration service unit is connected. The invention can locate the position through the identification in the multi-layer NAT network environment, and make the service in the private network visible to the external network and irrelevant to specific applications. A system and a method that provide more proper access route for the external network nodes are also disclosed.

Description

Multi-layer NAT environment to register the name of the application and its service method

The invention belongs to the technical field of computer networks, in particular to a method for registering names of applications under the NAT environment. Background technique

1. Service access problems caused by NAT deployment

It is well known that due to the limited IP address space and the uneven distribution of the network, the network address is seriously lacking. From the perspective of practical application and deployment, NAT (Network Addres s Trans lator) technology is to solve the problem of Internet users accessing the Internet when the IP address is insufficient. Important method. With the increase of personal information devices, the popularity of network access devices, and the development of network technologies, more and more companies, groups, and families hope to organize these devices in a networked manner and access the Internet. Security considerations, how to hide high-security nodes on the network is a problem faced by more than 4 companies. In the case of such a serious lack of IP addresses, urgent need for network interconnection, and a large number of security risks, NAT technology is formed. Single-layer or multi-layer private network access to the Internet has become more and more popular and popular in actual deployment (refer to Ford B, Sr i suresh P, Kegel D. Peer-to-peer communica t ion acros s network addres s trans lator s. USENIX annua l technica l Conf erence, 2005 ).

The NAT device provides the address translation function for the private network address of the NAT. The host in the private network can transparently access the external network address. Otherwise, the private network address of the host in the NAT is not routable on the external network. The host cannot directly access the host located in the private network. Therefore, a large number of services deployed in the private network, such as Web services, instant messages, and FTP services nodes, cannot be directly accessed by the external network of the private network.

2. Prior art solutions and their problems

Currently, various services on the Internet generally have a globally uniform IP address. Services on the private IP address of the NAT (such as a Web service node and an FTP service node) are generally only visible inside the private network, and outside the private network. Other host domains cannot know about the service and access it. The peer-to-peer communication services (such as instant messaging, file sharing, and media transmission) deployed on the private network IP in the NAT can generally use the protocol of the RFC standard such as the ST volume, TURN, and ICE to relay through the public network service node. NAT tunneling, reverse join and other technologies provide services to hosts on the Internet. It is not difficult to find that these implementations are specific Closely related, it is embedded in the application as a function module, and for the host node under the same multi-layer NAT with the service, it is also required to provide services through the public network service node relay, which is obviously unreasonable. of. How to provide a unified solution, making the services in the private network visible to its external network, independent of the specific application, and providing a more reasonable access path for the external network node is a problem to be solved by the present invention.

Summary of the invention

Therefore, the task of the present invention is to provide a system and method for making a service in a private network visible to its external network, independent of a specific application, and providing a more reasonable access path for an external network node in a multi-layer NAT environment. .

To achieve the above object, the multi-layer NAT environment provided by the present invention registers a system with an application name, the multi-layer NAT environment has a public network and at least one private network, and the private network accesses the public network through the address translation unit or Other private network; the application-oriented name registration system includes a system terminal device for transmitting a login request and a registration service unit for receiving a login request, the registration service unit including a top-level registration service unit accessing the public network and connecting a basic registration service unit of the private network; the registration service unit is configured to receive a login request message of the system terminal device, and record user login information of the system terminal device, where the user login information includes at least a user identifier and a system terminal used by the user The user access point of the device in the network accessed by the registration service unit and the system terminal device access point used by the system terminal device used by the user in the network accessed by the registration service unit.

In the above technical solution, the registration service unit is further configured to perform an inquiry according to the recorded user login information, and determine a forwarding node between the system terminal devices.

In the above technical solution, the user login point is a network address and port of the registration service unit or the system terminal device, or may be converted into a network address and a port of the registration service unit or the system terminal device.

In the above technical solution, the query is to find the user login point with the shortest distance from the called party to the calling party NAT in all the user login points of the called party according to the user login information.

In the foregoing technical solution, the access point of the system terminal device is a network address and a port of the NAT device, or may be converted into a network address and an identifier of the port of the NAT device.

In the above technical solution, the top-level registration service unit accesses the public network through the top-level service bus, the basic registration service unit accesses the private network through the service bus, and the top-level registration service unit uses the network address of the public network for addressing, The basic The registration service unit is addressed using the network address of the connected private network.

In the above technical solution, the registration service unit includes: a registration service logic control unit, a basic configuration information record table, a hierarchical information record, a target registration server record, a sub-registration server record table, a user login information record table, and a user registration information record table. , message buffer and communication unit;

The registration service logic control unit is configured to control execution of the registration service; the basic configuration information record table is used to record the identity of the unit, the host address of the unit, and the service port of the unit; the hierarchical information record is used for recording hierarchy information; the target registration server record Used to record the network address and port of the ancestor registration server; the sub-registration server record table is used to record the network address, port, identifier, and network address and port of the corresponding NAT device of the sub-registration service unit; the user login information record table is used for recording User identification, user login point and system terminal device access point; user registration information record table is used to record user account opening information; message buffer area is used for temporarily storing information in the received data packet and forwarding relationship record table; communication unit with top level The service bus device or the service bus device is connected and is responsible for transmitting and receiving data.

In the above technical solution, the interaction relationship between the components of the registration service unit is as follows:

The registration service logic control unit reads the unit identifier, the unit host address, the unit service port from the basic configuration information record table according to the execution requirement, reads the level information from the hierarchical information record, and reads the ancestor registration server from the target registration server record. The network address, the port, the network address, the port, the identifier, and the network address and port of the corresponding NAT device are read from the sub-registration server record table, and the user ID and the user login point are read from the user login information record table. a system terminal device access point, reading the user identifier from the user registration information record table; reading from the message buffer area temporarily storing the information and the forwarding relationship in the received data packet, and reading the received data from the communication unit; The registration service logic control unit writes the unit identifier, the unit host address, and the unit service port to the basic configuration information record table according to the execution requirement, records the network address and port of the ancestor login server, and registers with the target registration server. Server record table Write the network address, port, identifier, and network address and port of the corresponding NAT device of the record sub-registration service unit, and write the user ID, the user login point, and the corresponding system terminal device access point to the user login information record table. The user registration information record table writes the user identifier; writes to the message buffer area to temporarily store the information in the received data packet, and forwards the relationship, and writes the data to be sent to the communication unit.

In the above technical solution, the system terminal device includes: a terminal device control unit, a basic configuration information record table, a target registration service device record, a message buffer area, and a communication list. The terminal device control unit is configured to control execution of the terminal device; the basic configuration information record table is used to record the user identifier, the network address and port of the terminal device; and the target registration service device records the network address used to record the registration service device. And a port; the message buffer is used to temporarily store received or sent messages; the communication unit is used to connect to a public network or a private network;

In the above technical solution, the terminal device control unit reads and writes information in the basic configuration information record table, the target registration service device record, and the message buffer area; and the terminal device control unit further transmits and receives data from the network through the communication unit.

The method provided by the present invention for performing user login to the name registration system of the application under the multi-layer NAT environment includes the following steps:

1) The system terminal device obtains a service entry of the basic registration service unit, and the service entry is a network address and a port or an identifier that can be converted into a network address and a port;

2) The system terminal device sends a user login message to the basic registration service unit according to the service portal, where the user login message carries the user login information; the user login information described in this step includes at least the user identifier and the network address of the terminal device using the system. And the user login point defined by the port;

The registration service unit records the user login information, and the registration service unit of the upper layer network forwards the user login message carrying the user login information; the user login information described in this step includes at least the user identifier;

4) After receiving the forwarded user login message, the registration service unit of the upper layer network repeats the operation of step 3) until the user login message is forwarded to the top-level registration service unit of the access public network.

In the foregoing technical solution, in the step 2), the user login point is a network address and a port, or may be converted into an identifier of a network address and a port; in the step 3), the user login point is a network address. And a port, or an identifier that can be translated into a network address and port; the system terminal device access point is a network address and port, or can be converted to an identifier for the network to the address and port.

In the above technical solution, in the step 3), after receiving the user login message directly sent by the system terminal device, the registration service unit returns a response message to the system terminal device.

In the above technical solution, an initialization step is further performed before the step 1), the initialization step is: firstly, starting a top-level registration service unit accessing the public network, and then starting the basic registration service unit of the private network to start layer by layer and Register with the name registration system to join the name registration system. In the above technical solution, the step 1) includes the following sub-steps:

110) the system terminal device sends a service entry query message to a global service portal known to the name registration system;

111) The registration service unit of the global service entry mapping determines whether it can directly serve as a service entry for providing service to the terminal device of the system. If the determination is yes, a success message is returned; if the determination is no, the system returns a redirect to the system terminal device. a message, the redirect message carries a service entry of a registration service unit of a lower layer network of a network to which the registration service unit to which the global service portal is mapped;

112) the system terminal device sends a service entry query message to the registration service unit provided by the redirect message;

113) The registration service unit determines whether it can directly serve as a service entry for providing service to the terminal device of the system. If the determination is yes, a success message is returned; if the determination is no, a redirect message is returned to the system terminal device, the weight The directed message carries a service entry of a registration service unit that accesses a lower layer network of a network to which the current registration service unit belongs;

114) Repeat steps 112) and 113) until the system terminal device receives the success message to obtain the final service entry.

In the above technical solution, in the step 110), the global service entry is a network address and a port of a top-level registration service unit.

In the above technical solution, the step 1) includes the following sub-steps:

120) the registration service unit broadcasts a broadcast message containing the local login service entry in the network to which it belongs;

121) The system terminal device listens to the broadcast message to obtain a service entry.

In the above technical solution, in the step 120), the registration service unit may send the broadcast message by using a registration service unit proxy.

In the foregoing technical solution, in the step 3), the processing method after the registration service unit receives the user login message includes the following steps:

31) determining, according to the user login point in the message, whether the sender of the message is a lower layer registration service unit, if yes, go to step 32), if not, go to step 34);

32) The user identifier in the message is used as the user identifier, the source address and the source port point of the data packet carrying the message are used as the system terminal device access point, the unit identifier is used as the user login point, and the user information record table stored in the unit is stored. In, go to step 38);

34) according to the source address of the data packet carrying the message and the system terminal device in the message The network address determines whether the user terminal is behind the NAT, if not, go to step 35), if yes, go to step 36);

35) using the user identifier in the message as the user identifier, using the user login point as the user login point, and storing it in the user information record table of the unit; going to step 37); 36) using the user identifier in the message as the user identifier, The source address and the source port of the data packet carrying the message are used as the system terminal device access point, and the identity of the unit is used as the user login point, and is stored in the user information record table of the unit; 37) returning a success response message to the message sender;

38) Determine whether the unit is a top-level registration service unit, if not, go to step 39); if yes, the registration process ends;

39) sending the user login information to the upper layer registration service unit according to the local target login server record; the operation ends;

30) Return a failure response message to the sender of the message.

In the above technical solution, between the step 32) and the step 34), step 33), step 33) is further performed as follows:

Determine whether the user can log in, if not, log in, go to step 30), if you can log in, go to step 34) ₀

In the foregoing technical solution, in the step 39), the method for sending the user login message to the upper layer registration service unit is as follows:

First, the user login point in the locally received user login message is replaced with the identifier of the local registration service unit, a new user login message is generated, and then the new user login message is sent to the upper registration service unit.

In the above technical solution, the method further includes the step 5), and the step 5) is as follows:

The registration service unit performs an inquiry according to the recorded user login information, and determines a forwarding node between the system terminal devices.

The method for performing a user login point query to the name registration system of the application under the multi-layer NAT environment is characterized in that the method includes the following steps:

50) The system terminal device sends a user login point search request message to the service portal of the name registration system, where the message includes at least the requested user identifier;

51) The registration service unit searches the local user login information record table for the presence or absence of the user identifier of the requested user, and if yes, returns the user login point of the requested user; if not, the current registration service is accessed. The registration service unit of the upper layer network of the network to which the unit is connected forwards the user login point lookup request message;

The registration service unit accessing the upper layer network searches the local user login information record table for the presence or absence of the requested user identifier, and if so, returns the user login point of the system terminal device of the requested user; if not, Access to the current registration service The registration service unit of the upper layer network of the network to which the unit is connected forwards the user login point lookup request message;

53) repeating step 52) until the user login point of the requested system terminal device is obtained;

54) After the user login point lookup request message is forwarded to the top level registration service unit, the user identification of the requested user is still not found, and a failure response message is returned.

The method for providing a forwarding service to the name registration system of the application provided by the present invention is characterized in that the registration service unit further includes a data forwarding module, and the method for providing a forwarding service includes the following steps:

60) the system terminal device sends a forwarding service request message to the service portal of the name registration system, where the message includes at least the requested user identifier;

The registration service unit searches the local user login information record table for the presence or absence of the user identifier of the requested user. If the user identifier of the requested user exists, it is determined whether the registration service unit includes a data forwarding module, such as determining that there is data. The forwarding module allocates and returns a network address and port that can forward data to the requesting user for the requesting user; if the user identifier of the requested user does not exist, or does not have a data forwarding module, accessing the current registered service unit The registration service unit of the upper layer network of the accessed network forwards the forwarding service request message;

62) The registration service unit accessing the upper layer network searches for the presence of the requested user identifier in the local user login record table. If the user identifier of the requested user exists, it is determined whether the registration service unit includes a data forwarding module, such as determining There is a data forwarding module, which allocates and returns a network address and port that can forward data to the requesting user for the requesting user; if the user identifier of the requested user does not exist, or does not have a data forwarding module, the current registration is accessed. The registration service unit of the upper layer network to which the service unit accesses the network forwards the forwarding service request message;

63) repeating step 62) until the requesting user obtains a network address and port that can forward data to the requested user;

64) After forwarding the service request message to the top-level registration service unit, if the user identifier of the requested user is not found, or there is no data forwarding module, a failure response message is returned.

In the multi-layer NAT network environment, the present invention enables applications, services, users, etc. to be located by identification, enabling the services in the private network to be visible to its external network and independent of the specific application. The present invention also provides a system and method for providing a more reasonable access path for external network nodes.

The invention utilizes the user login information saved in the system, and in the multi-layer NAT network, the system terminal device that requests the user to use finds the minimum NAT distance from the user, and can A node that forwards data to a system terminal device used by a requesting user.

The invention can realize the delivery of the call message, thereby achieving the purpose of transmitting the connection request between the terminal devices of the system. By applying the present invention, in a multi-layer NAT network environment, applications, services, and users can be located by identification. DRAWINGS

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, in which:

Figure 1 is a schematic diagram of the same-root multi-layer NAT network

Figure 2 is a schematic diagram of the structure of the application-oriented name registration system.

Figure 3a is a schematic diagram of a NAT device accessing a network

Figure 3b is a schematic diagram of the NAT device connection matrix

Figure 4a is a schematic diagram of the structure of the registration service device

Figure 4b is a schematic diagram of the structure of the registration service unit

Figure 5 is the first setup process of the registration service device.

Figure 6 is the second set up process of the registration service device

Figure 7 is the third set up process for the registration service device.

Figure 8 is a flow chart of the system service device requesting a local service entry from the registration service device based on the global service portal of the registration service device in the public network.

Figure 9 is a flow chart of obtaining a local service entry by the system terminal device by listening to the service entry including the registration service device

Figure 10 is another flow chart for the system terminal device to obtain the local service entry by listening to the service entry containing the registration service device.

Figure 11 is a process in which the system terminal device used by the user sends user registration information (user account opening information) to the registration service device.

Figure 12 is a process in which the system terminal device used by the user sends user login information to the registration service device.

Figure 13 is the process of actively requesting the user to obtain the user login point of the requested user through the registration service system.

14 is a processing method after the registration service unit receives the "service unit registration message". FIG. 15 is a method for the registration service unit to register with the registration service device.

16 is a processing method after the registration service unit receives the "service entry inquiry message". FIG. 17 is a method for the system terminal device to acquire the registration service device network address and port. FIG. 18 is a process for the registration service unit in the registration service device to receive "user". Processing method after registration message FIG. 19 is a schematic diagram of a user sending user login information to a registration service device through a system terminal device.

20 is a processing method after the registration service unit in the registration service device receives the "user login point lookup request message"

21 is a schematic diagram of a user querying a registration service device for a user login point through a system terminal device

Figure 22 is a schematic diagram of a registration service unit with a forwarding module

Figure 2 3 is the "forwarding service request" processing flow

detailed description

1. Introduction to the network environment

Figure 1 shows the same-root multi-layer NAT network, which is an example of the same-root multi-layer NAT network. Its characteristics are: Private network 4 through the NAT device 1 000 access to the public network 3, private network 4. Accessing the public network through the NAT device 1 000. The private network 4 of the private network 4 is the network controlled by the NAT device. The NAT device directly connected to the public network 3 is the root NAT device. The number of the minimum number of NAT devices that the NAT device controls from the private network to the public network 3 is the number of layers of the private network controlled by the NAT device, and the path is the shortest path from the private network controlled by the NAT device to the public network 3. The less the number of layers of the private network controlled by the NAT device to the public network 3, the higher the presentation level. If the private networks controlled by the two NAT devices each have at least one NAT device in the shortest NAT path of the public network, the private networks controlled by the two NAT devices have a common root NAT device. A multi-layer NAT network can be thought of as a combination of multiple multi-rooted NAT networks. .

Multi-layer NAT networks increase the number of users' accesses and make the relative positions of the two parties more complicated. The multi-layer NAT network turns the public network flat communication mode into a hierarchical communication mode. In a multi-layer NAT network environment, the typical relationship between the two parties is: (1) the two communicating parties are in the public network; (2) the communicating party is in the private network controlled by the NAT device and extended by the NAT device, and the other party is in the public network; The two communicating parties are in a private network controlled by the same NAT device; (4) the two communicating parties are in a private network controlled by different NAT devices, and the two NAT devices are connected to the public network through different root NATs; (5) communication Both parties are in a private network controlled by different NAT devices, and the two NAT devices are connected to the public network through the same root NAT.

The network address of the NAT device refers to the network address bound to the external network interface of the NAT device. For a large private network, the NAT device NAT router external network interface can be bound to multiple network addresses. In network management, you can enumerate addresses or enumerate network segments. The method maps multiple network addresses to one NAT device. Ordinary users can access the network through the NAT device NAT router through the terminal (the basic function). The NAT device NAT router external network interface is generally bound to a network address. In the following description of the NAT device NAT router, a NAT device NAT router external network interface is only bound to one network address. Therefore, a NAT device can be represented by a network address bound to the external network interface of the NAT device. Development designers can easily find that the method described below is also applicable to NAT routers with external network interfaces bound to multiple network addresses.

To facilitate the description of a multi-layer NAT network, the following nouns are now defined.

The network address of the NAT device is the network address bound to the NAT device's external network interface, or the NAT router address. The address can be either a public address or a private address.

The network range controlled by the NAT device: From the intranet interface of the NAT device, the network connected along the interface extends to another NAT external network interface, and the network between the two NAT devices does not exist between the two NAT devices. . The network cartridge is called a NAT-controlled network, or a network controlled by a NAT router. The NAT is the controlling NAT device of the network.

Direct upper layer network: If the external network interface of NAT device A is directly connected to the network controlled by NAT device B, the network controlled by NAT device B is the direct upper layer network of the network controlled by NAT device A; the public network is the network controlled by the root NAT device. Direct upper network.

Direct lower layer network: If the external network interface of NAT device A is directly connected to the network controlled by NAT device B, the network controlled by NAT device A is the direct lower layer network of the network controlled by NAT device B; the network controlled by the root NAT device is the public network. Directly underlying network.

NAT path length: The number of NAT devices in the reachable path from host A to B is the length of the NAT path.

The shortest NAT path: In the NAT environment, among the NAT paths of hosts A to B, the shortest NAT path is called the shortest NAT path from A to B. The number of NATs passing through is the shortest NAT path length.

Upper-layer network: The network from the direct upper-layer network of the network controlled by the current NAT device to the network controlled by each NAT device and the public network, which is the upper-layer network of the network controlled by the current NAT device.

Lower layer network: The network controlled by each NAT device from the direct network of the public network or the network directly controlled by the current NAT device, which is the lower layer network of the public network or the network controlled by the current NAT device.

Network: The network to which the device deployed on the public network belongs is a public network. The network to which the device of the network controlled by the NAT device belongs is a network controlled by the NAT device.

After NAT: The network to which the device belongs is the public network or the lower layer network of the network controlled by the current NAT device, then the device is behind the NAT.

Parent Server: The server located in the direct upper-layer network of the current NAT-controlled network is the parent server of the server in the network controlled by the current NAT device.

Subserver: A server located in the direct lower layer network of the public network or the current NAT controlled network is a subserver of the public network or the server in the current NAT controlled network.

Ancestor server: The current server and the parent server of the current server are the ancestor servers of the child servers of the current server.

2. Multi-layer NAT network below to the application name registration system overview

The multi-layer NAT network registers the system with the name of the application. A 0 is a new registration system, as shown in Figure 2. The system includes a registration service device 2001 and a system terminal device 6001. The registration service device 2001 is configured to record user registration (opening account) information, user login information, and provide user registration information and user login information query; the user uses the system terminal device 6001 to register user information with the registration service device 2001, log in to the system, and query user registration information. Query user login information. The invention can be used not only in the network environment in which the NAT device is built, but also in the network changing environment formed by other devices having the address translation function.

According to the characteristics of the multi-layer NAT network, the registration service device 2001 records the content of the user login information as: the user identifier, the user login point mapped to the public network and the related private network, and the user mapping to the public network and the related private network. System terminal access point. At the same time, the registration service device 2001 can help the user to actively request the user to log in to the user login point of the requested user to determine the user login point with the shortest NAT path of the current communication device of the requesting user according to the user login information recorded by the system. User login point: When the user is in the network controlled by the public network or NAT device, the user login point in the network is the network address and port of the system terminal device used by the user; when the user is in the network controlled by the NAT device The user login point in the upper layer network of the network controlled by the NAT device is a network address and port for receiving the user login request message by the service unit of the network controlled by the access public network or the NAT device, or may be converted into a receiving user. The network address of the login request message and the identity of the service unit of the port. System Terminal Access Point: This access point is located on the NAT device and is generated when a user login message traverses the NAT device. The access point can be represented in two ways: 1) the network address and port of the NAT device; 2) the network address and port identifier that can be calculated or converted to the NAT device.

Figure 2 shows the name registration service system. The name registration service system 1 0 includes: the registration service device 2001 is at least used for recording user registration information, user login information, and providing The user registration information and the user login information query, the registration service device service portal query, etc.; the top service bus 1 is used to access the registration service device to the public network 3; the service bus 2 is used to access the registration service device to the private network 4. The registration service device 2001 is connected to the public network 3 via the top service bus 1, and is connected to the private network 4 via the service bus 2.

The public network 3 and the private network 4 are connected together through a NAT device connection matrix 1001. The system terminal device 6001 and the service device 2001 are connected to the public network 3 and the private network 4.

Figure 3 shows the connection mode of the NAT device connection matrix 1001. NAT device connection matrix The relationship between NAT devices within the 1001 is determined by the private network and the public network connected to the NAT device connection matrix 1001. The connection rules between the private network and the public network and the NAT device are: The NAT device connection matrix 1001 has at least one line 5 accessing the public network; each private network has at least one line 6 that accesses the NAT device connection matrix 1001; each private The network may not have, and there may be multiple lines 7 that are connected to the private network by the NAT device connection matrix 1001. Taking the three-level NAT network structure shown in a of FIG. 3 as an example, b of FIG. 3 is a schematic diagram of a NAT device connection matrix 1001 connection. The public network 3, the private network 4, the NAT device connection matrix 1001 access to the public network line 5, the private network access the NAT device connection matrix 1001 line 6; the NAT device is connected to the matrix 1001 to access the private network line 7. The problem of overlapping between segments needs to be considered when deploying a multi-layer NAT network. The system must have the ability to discriminate and deal with overlapping problems between network segments.

Figure 4 shows the structure of the registration service device. The registration service device 2001 shown in Fig. 4a is composed of a top-level registration service unit 2011 and a plurality of basic registration service units 2021. The top-level registration service unit 2011 is connected to the public network 3 through the top-level service bus device 1, and is addressed using the network address of the public network; the basic registration service unit 2021 is connected to the private network 4 through the service bus device 2, and uses the connected private network. The network address is addressed. The registration service unit is a general term for the top-level registration service unit 2011 and the basic registration service unit 2021. The registration service unit 2801 is the basic functional structure of the top-level registration service unit 2011 and the basic registration service unit 2021. The registration service unit 2801 as shown in FIG. 4b at least includes: a registration service logic control unit 2100, a basic configuration information record table 2101, a hierarchy information record table 2102, a target registration server record table 2103, a child registration service unit record table 2104, and user login information. A function module such as a record table 2105, a user registration information record table 2106, a message buffer area 2109, and a communication unit 2110.

The registration service logic control unit 2100 is configured to control the execution of the registration service; the basic configuration information record table 2101 is used to record the identity of the unit, the host address of the unit, and the service port of the unit; the hierarchical information record 2102 is used to record hierarchical information; the target registration server Record 2103 is used to record the network address and port of the ancestor registration server; sub-registration service The device record table 2104 is used to record the network address, port, identifier of the sub-registration service unit and the network address and port of the corresponding NAT device, as shown in Table la; the user login information record table 2105 is used to record the user ID, the user login point, and the system. The terminal device access point is shown in the table lb; the user registration information record table 2106 records at least the account opening information such as the user identifier of the account opening user; the message buffer area 2109 is used for temporarily storing the information in the received data packet and the forwarding relationship record table, see the table. Lc, the communication unit 2110 is connected to the top service bus device or the service bus device, and is responsible for transmitting and receiving data.

Table la

Table lb

The registration service logic control unit 2100 reads the unit identifier, the unit unit address, and the unit service port from the basic configuration information record table 2101 according to the execution requirement, reads the record level information from the hierarchical information record 2102, and reads from the target registration server record 2103. The network address and port of the registration service device are read, and the network address, port, identifier, and network address and port of the corresponding NAT device are read from the sub-registration server record table 2104, and read from the user login information record table 2105. The user identifier, the user login point, and the system terminal device access point are read, the user identifier is read from the user registration information record table 2106, and the information and the forwarding relationship in the temporarily stored received data packet are read from the message buffer 2109, and the communication is performed. The unit 2110 reads the received data; at the same time, the registration service logic control unit writes the unit identifier, the unit host address, the unit service port, and the target registration server record 2103 to the basic configuration information record table 2101 according to the execution requirement. Register the service device's network address, To the sub-registration server record table 2104, write the network address, port, identifier, and network address and port of the corresponding NAT device of the record sub-registration service unit, and write the user ID, user login point, system to the user information record table 2105. The terminal device access point writes the user identifier to the user registration information record table 2106, and writes to the message buffer 2109 to temporarily save the received data packet. The information and forwarding relationship are written to the communication unit 21 1 0 to be sent.

Service unit agent, a special service unit. It is mainly used to expand the coverage of the service unit being served, or to provide a unified service portal to the system terminal equipment. The service unit agent can be deployed on the network or public network controlled by the same NAT device as the agent, or in the direct lower layer network of the network controlled by the NAT device to which the agent belongs. The service unit agent may broadcast the service entry of the agent or forward the message between the requester of the service device and the proxy service device.

For convenience of description, the network address and port that receive various messages in the service unit are hereinafter referred to as the monthly service portal.

The system terminal device is at least configured to exchange information with the registration service device: obtaining a service entry from the registration service device, transmitting a user registration message to the registration service device, querying the registration service device for the user login point, and requesting the registration service device for the service unit having the forwarding capability .

The terminal device includes at least the following: a terminal device control unit, a basic configuration information record table, a target registration service device record, a message buffer area, a communication unit, and the like. The terminal device control unit is configured to control the execution of the terminal device; the basic configuration information record table is used to record the user identifier, the network address of the terminal device, the port, and the like; the target registration service device records the network address and port used to record the registration service device. The message buffer is used to temporarily store received or sent messages; the communication unit is used for public or private network connections.

The terminal device control unit reads and writes information from the basic configuration information record table, the target registration service device record, and the message buffer area. The terminal device control unit transmits and receives data from the network through a function module such as a communication unit.

Data or messaging relationships are complex in multi-level NAT networks. The most single data or message delivery form is: without the NAT device, the system terminal device and the service unit communicate directly; after the NAT device, the system terminal device communicates with the service unit; without the NAT device, the service unit and the service unit communicate directly; After NAT equipment, service unit and service unit communication. In the above data or message delivery form, from the perspective of the data receiver, if the data is directly transferred between the system terminal device and the service unit, the service unit, and the service unit, the system terminal device and the service unit are data senders or message transmissions. If the data passes through the NAT device, the NAT device is a data sender or a message sender, and the NAT device receives data from the system terminal device and the service unit. Since the NAT device has a data transmission and reception relationship mapping table, the response message can be automatically forwarded.

3. Multi-layer NAT network environment registration service device construction process and method

In a multi-layer NAT network environment, the registration service device stores user registration and login information. At the same time, the user registration and login information is returned for the user information finder. The process of registering the service unit to join the registration service device: Starting by the top-level registration service unit, the registration service device is initially recognized, that is, the user information registration, the user login, the user registration and the login information inquiry service, and the service entry point inquiry service can be provided; The basic registration service unit in the network controlled by the root NAT device registers with the registration service device to join the system; again, the second layer NAT basic registration service unit registers with the registration service device to join the system; again, the third layer NAT basic registration service unit The registration service device is registered to join the system. In the above manner, the basic registration service unit sequentially joins the registration service device to provide services for the name registration service system 10 as needed. There is only one top-level registration service unit in the public network; there is only one basic registration service unit in each private network. In the following description of the registration service unit, each registration service unit runs on a server. When the registration service unit is composed of multiple servers, at least the existing user registration information and the content of the user login information are required, and the characteristics of the distributed system need to be expanded based on the existing information content to maintain the multi-service portal. The mapping relationship with the NAT device and the access relationship between the registered units. When the registration service unit is composed of multiple servers, the developer is not difficult to extend the spirit of the method, and the features of the distributed system are extended in registration, login, query, and the like.

Figure 5 shows the process of establishing a registration service device. This process is an example of a registration service unit joining a registration service device. The registration service device 2001 performs initial recognition by the top-level registration server 201 1 installed in the public network. The top level registration service unit 201 1 is provided with a public network network address, which is a well-known service portal within the system, or can be obtained by a system defined method. The NAT device 1 01 0 directly accesses the public network and is the root NAT device. The registration service unit 2021 is deployed in a network controlled by the root NAT device. The NAT device modifies the source or destination address of the traversed data packet. The description of the modification of the data packet by the NAT device is ignored in the figure.

The registration service unit 2021 in the network controlled by the root NAT device sends a "service unit registration message" to the top-level registration service unit 201 1; the message includes the network address, port, identity, and pre-fabricated level information of the registration service unit 2021. It indicates that the registration service unit 2021 is the first layer registration service unit, and the shortest distance of the network controlled by the belonging NAT device to the public network is 1.

• The top-level registration service unit 201 1 receives the "service unit registration message, and then, according to the network address of the data packet carrying the message and the registration service carried in the message Whether the network address of the service unit is the same, whether the message is converted by the NAT device; if the NAT device converts, extracts the hierarchical information in the registration request, if the level is greater than the current registered service unit, then in the sub-registration service unit record table Recording the network address, port, identity, and network address and port of the corresponding NAT device, and sending the message to return a registration success message; if the level of the hierarchy is less than 1 at the level of the currently registered service unit, The registration service unit record table does not have a record of the registration service unit corresponding to the NAT device, and returns a registration failure message; if the NAT device is not converted, a registration failure message is returned.

Figure 6 shows the process of establishing a registration service device. This process is an example of a registration service unit joining a registration service device. The top-level registration service unit 201 1 is provided with a public network network address, which is a well-known service portal within the system, or can be obtained by a system-defined method. The first NAT device 1 01 0 directly accesses the public network and is the root NAT device. The first registration service unit 2021 is deployed in a network controlled by the root NAT device 1000-1. The second NAT device 1 020 directly accesses the root NAT device 1 01 0 controlled network, and the second registration service unit 2031 is deployed in the network controlled by the second NAT device 1 020. The networked host and the networked device in the network controlled by the second NAT device 1 020 can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the passed data packet source or destination address. The description of the data packet modification by the NAT device is ignored in the figure.

• The second registration service unit 2031 in the network controlled by the second NAT device 1 020 sends a "service unit registration message" to the top-level registration service unit 201 1 , the message including the network address, port, identity of the registration service unit 2031, The prefabricated level information is 2, indicating that the registration service unit 2031 belongs to the shortest distance 2 of the network controlled by the NAT device 1 020 to the public network.

• The top-level registration service unit 201 1 receives the service unit registration message, and then determines whether the message passes through the NAT device according to whether the network address of the data packet carrying the message and the registration server network address carried in the registration application message are the same. Converting; if the NAT device converts, extracts the hierarchical information in the registration request, if the level difference between the level and the current registered service unit is greater than 1, the sub-registration service unit record table searches for the registration service unit corresponding to the NAT device, If the registration service unit exists, a redirect response message including the network address and port of the registration service unit corresponding to the NAT device 101 is returned to the second registration service unit 2031.

After receiving the redirect response message of the registration service device, the second registration service unit 2031 sends a "service unit registration message" to the registration service device according to the network address and port information of the registration service unit included in the message; the message includes The network address, port, and prefabricated level information of the second registration service unit 2031 is 2, indicating the shortest distance of the network controlled by the NAT device 1 020 to the public network to which the registration service unit 2031 belongs.

After receiving the "service unit registration message", the first registration service unit 2021 determines whether the message is converted by the NAT device according to whether the network address of the data packet carrying the message and the network address of the registration server carried in the registration application message are the same. If the NAT device converts, the hierarchical information in the registration request is extracted, and if the hierarchy is greater than the current registered service unit, the network address, port, and corresponding NAT of the registration service unit 2031 are recorded in the sub-registration service unit record table. The network address and port of the device 1 020 return a registration success message to the second registration service unit 2031; if the level difference between the level and the current registration service unit is greater than 1, the sub-registration service unit record table does not have the corresponding NAT device. Register the record of the service unit and return the registration failure message; if the NAT device has not been converted, return the registration failure message.

Figure 7 shows the registration service device assembly process. This process is an example of a registration service unit joining a registration service device. The top-level registration service unit 201 1 is provided with a public network network address, which is a well-known service portal within the system, or can be obtained by a system-defined method. The first NAT device 101 0 directly accesses the public network and is a root NAT device. The first registration service unit 2021 is deployed in the network controlled by the root NAT device 1010-1; the second NAT device 1 020 directly accesses the network controlled by the root NAT device 101, the first registration service unit agent 2032 and the second registration service. The unit 2031 is deployed in a network controlled by the second NAT device 1 020. The networked host and the networked device in the network controlled by the second NAT device 1 020 can access the networked host and the networked device in the network controlled by the root NAT device. The source or destination of the data packet passed by the NAT device The address is modified, and the description of the data packet modification by the NAT device is ignored in the figure.

• The first registration service unit agent 2032 broadcasts a message containing the first registration service device network address and port in the network controlled by the second NAT device 1 020.

• The second registration service unit 2031 listens for a message containing the first registration service device network address and port broadcast in the network controlled by the second NAT device 1 020.

After receiving the message including the registration service device network address and port, the second registration service unit 2031 sends a "service unit registration message" to the registration service device according to the network address and port of the registration service device provided in the message, and the message includes The network address, port, and prefabricated level information 2 of the second registration service unit 2031 indicate the shortest distance of the network controlled by the NAT device 1 020 to which the registration service unit 2031 belongs to the public network.

After receiving the "service unit registration message", the first registration service unit 2021 determines whether the message passes through the NAT device according to whether the network address of the data packet carrying the message and the registration server network address carried in the registration application message are the same; If the level information in the registration request is extracted by the NAT device, if the level is greater than the current registered service unit, the network address, the port, and the corresponding NAT device 1 of the registration service unit 2031 are recorded in the sub-registration service unit record table. The network address and port of 020 return a registration success message to the second registration service unit 2031; if the level difference between the level and the current registration service unit is greater than 1, the registration service unit record table does not have the registration service corresponding to the NAT device. The unit's record returns a registration failure message; if the NAT device is not passed, a registration failure message is returned.

The second registration service unit agent shown in Figure 7 does not provide message forwarding. If necessary, it is not difficult for developers to develop a registration server proxy with message forwarding capabilities.

In addition, the broadcast mode can use wired, wireless or wired and wireless, etc. depending on the network environment in which the various service agents are located.

In addition, it is not difficult for developers to implement the registration service device in a multi-layer NAT network with reference to the examples in Figures 5-7.

In addition, registration messages can be fully or partially encrypted for security reasons.

Figure 14 is a registration service unit in the registration service device receives a "service unit registration message" Post processing method

S1000: Start

S1001: waiting to receive data packets

S1002: Whether the data packet is received, if no data packet is received, go to S1001, if the data packet is received, go to S1003;

S1003: extract a message in a data packet;

S1004: Determine whether it is "service unit registration message", if not, go to S1200, if yes, go to S1100;

S1100: Determine whether the message passes through the NAT device according to the source address of the data packet carrying the message and the network address of the service unit in the message. If not, go to S1130, and if yes, go to S1120.

S 1120: Extract the hierarchical information in the message

S 1121: determining whether the difference between the level information of the layer and the current service unit is equal to 1, if not, transferring to S1140, if yes, to S1122;

S1122: Record the service unit identifier, the network address, the port, the network address and port of the corresponding NAT in the sub-registration server record table,

S1123: Returning the message of successful registration to the sender of the message, and returning to S1001;

S1130: Returning the message that the registration failed to the message sender, and returning to S1001;

S1140: determining whether there is a sub-registration server in the network controlled by the NAT device corresponding to the source address of the data packet in the sub-registration server record, if not, transferring to S1130, if yes, to S1141;

SI 141: return a redirect message containing the network address and port of the sub-registration server to the sender of the message, and return to S1001;

S1200: discriminate whether it is a system response message, if not, go to S1300, if yes, go to S1201;

S1201: Whether it is a failure message, if not, go to S1210, if yes, go to S1202; S1202: end

S1210: Determine whether it is a redirect message, if not, go to S1220, if yes, go to S1211;

S1211: trigger a redirect message processing process corresponding to the "service unit registration message", and return to S1001;

S1220: whether it is a success message, if yes, go to S1221, if not, go to S1001; S1221: trigger the successful message processing flow corresponding to the "service unit registration message", and return to S1001; Figure 15 is a method of registering a registration service unit with a registration service device. In order to maintain the data transmission and reception mapping relationship in the NAT device, the registration service unit needs to perform this method periodically.

S1800: Start

S1801: Initialize the target registration server record as a top-level registry service unit service entry on the public network, and send a "service unit registration message" to the top-level registration service unit deployed on the public network.

S1802: Waiting for a trigger reply of the feedback message;

S1803: Determine whether the received information is a failure, if yes, go to S1804, if not, go to S1810;

S1810: Determine whether the received information is successful. If yes, go to S1804. If not, go to S1820;

S1820: Determine whether the received information is a redirect, if not, go to S1802, and if yes, go to S1821;

S1821: Extract a service entry in the redirect message and store it in the target registration server record;

S1822: Send the registration service device according to the network address and port in the redirect message.

"Service Unit Registration Message", and returns to S1802;

S1804: End

4. Basic functions of the registration service system

4. 1 Get the workflow and processing method of the registration service device network address and port

The network address and port of the registration service device 2001 serves as a service entry for the registration service device 2001. In a multi-layer NAT network environment, the name registration service device 2001 has different service entries for the public network and the private network. The service portal of the public network can be accessed by the system terminal device in the network controlled by the public network and each NAT device without special restrictions. This type of port is a global service entry; otherwise, the port can only be accessed by some system terminal devices. For local service entrances. After the terminal system 6001 obtains the service entry, it can make a request for registration, login, and inquiry to the registration service device 2001.

8 is based on the registration service device global service entry in the public network, and the system terminal device 6001 requests the local service portal from the registration service device 2001. The flowchart is an example in which the system terminal device obtains a registration service device service entry. The top-level registration service unit 2011 is equipped with a public network network address, which is a well-known service portal within the system, or can be obtained by a system-defined method. First NAT device 1010 Direct access to the public network, which is the root NAT device. The first basic registration service unit 2021 is deployed in the network controlled by the root NAT device 101; the second NAT device 1 020 directly accesses the network controlled by the root NAT device 101, and the second basic registration service unit 2022 is deployed in the second. In the network controlled by the NAT device 1 020, the system terminal device 6001 is deployed in the network controlled by the second NAT device 1 020. The networked host and the networked device in the network controlled by the second NAT device 1 020 can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the source or destination address of the data packet that has passed. The description of the modification of the data packet by the NAT device is ignored in the figure.

• System terminal device 6001 global service portal "Service Portal Query Message" to the registration service device;

• After receiving the "Service Entry Query Message", the top-level registration service unit 201 1 determines whether it can be executed according to logic (see Figure 16). If the return success message can be executed, if it cannot be executed, it is determined whether it can be redirected to the sub-registration service unit. , if a redirect message can be returned; (in this example, a redirect message containing the first basic registration service unit 2021 network address and port is returned)

• After receiving the redirect response message, the system terminal device 6001 sends a “service portal query message” to the registration service device according to the service portal of the registration service device included in the message;

• After receiving the "service entry query message", the first basic registration service unit 2021 determines whether it can be executed according to logic. If the return success message can be executed, if it cannot be executed, it is determined whether it can be redirected to the child registration service unit, if it can be returned Redirect message; (Redirect message containing the second basic registration service unit 2022 network address and port is returned in this example)

• After receiving the redirect response message, the system terminal device 6001 sends a "service portal query message" to the registration service device according to the service portal of the registration service device included in the message; • the second basic registration service unit 2022 receives the "service portal query" After the message ", according to the logic to determine whether it can be executed, if the return success message can be executed, if it can not be executed, it is judged whether it can be redirected to the sub-registration service unit, if the redirect message can be returned, (the success response message is returned in this example)

• After receiving the success response message, the system terminal device 6001 stores the service entry of the registered service device included in the message in the local target registration service device record.

The request message in Figure 8 can be sent or received via wired or / and wireless

Figure 9 shows the flow of the local terminal entry by the system terminal device 6001 by listening to the service entry containing the registration service device. The flowchart is an example in which the system terminal device obtains a registration service device service entry. The top registration service unit 201 1 is equipped with a public network network address, The address and the port providing the service are well-known service portals within the system or can be obtained by a system defined method. The first NAT device 101 0 directly accesses the public network and is a root NAT device. The first basic registration service unit 2021 is deployed in the network controlled by the root NAT device 101 Q; the second NAT device 1 020 directly accesses the network controlled by the root NAT device 101, and the second basic registration service unit 2022 is deployed in the second In the network controlled by the NAT device 1 020, the system terminal device 6001 is deployed in the network controlled by the second NAT device 1 020. The networked host and the networked device in the network controlled by the second NAT device 1 020 can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the passed data packet source or destination address. The description of the data packet modification by the NAT device is ignored in the figure.

• The second basic registration service unit 2022 broadcasts a message containing the registration service device network address and port in the network to which the NAT is controlled;

• The system terminal device 6001 is listening for a broadcast message containing a message registering the service device network address and port;

• After receiving the broadcast message, the system terminal device 6001 stores the service entry of the registration service device included in the message in the record of the local target registration service device.

In addition, the manner in which the service portal is published in the form of a broadcast as described in FIG. 9 can be replaced by means of publicity, pre-notification of the user, etc., and the system terminal device 6001 is manually configured by the user.

Figure 10 shows the process of obtaining a local service entry by the system terminal device 6001 by listening to the service entry containing the registration service device. The flow chart is an example of a system terminal device obtaining a registration service device service entry. The top-level registration service unit 201 1 is provided with a public network network address, which is a well-known service portal within the system, or can be obtained by a system-defined method. The first NAT device 1 01 0 directly accesses the public network and is the root NAT device. The first basic registration service unit 2021 is deployed in the network controlled by the root NAT device 101. The second NAT device 1 020 directly accesses the network controlled by the root NAT device 100. The first basic registration service unit agent 202 3 is deployed in the network. In the network controlled by the second NAT device 1 020, the system terminal device 6001 is deployed in the network controlled by the second NAT device 1 020. The networked host and the networked device in the network controlled by the second NAT device 1 020 can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the source or destination address of the data packet that has passed. The description of the modification of the data packet by the NAT device is ignored in the figure. There may be a private communication interface between the service unit agent and the agent service unit for information exchange between the service unit agent and the agent service unit.

• The first basic registration service unit agent 2023 broadcasts a message containing the registration service device network address and port in the network to which the NAT is controlled; • The system terminal device 6001 is listening for a broadcast message containing a message registering the service device network address and port;

Figure 10 The first registration service unit agent does not provide a message forwarding function. If necessary, it is not difficult for developers to develop a registration server proxy with message forwarding capabilities.

In addition, in a multi-layer NAT network, it is not difficult for developers to propose related processes according to this process. The execution of the process can be wired or / and wireless.

Further, the manner in which the service portal is published by broadcast in Fig. 10 can be replaced by means of publicity, advance notice to the user, and the like. The service client is manually configured by the user.

Figure 16 shows the processing method after the registration service unit in the registration service device receives the "service entry inquiry message".

S2000: Start

S2001: waiting to receive data packets

S2002: Whether the data packet is received, if no data packet is received, go to S2001, if the data packet is received, go to S2003;

S2003: extracting a message in a data packet;

S2004: Determine whether it is "service entry query message", if not, go to S2005, if yes, go to S2100;

S2100: determining, according to the source address of the data packet carrying the message and the network address of the system terminal device in the message, whether the terminal device of the system is after the NAT, if not, then transferring to S2101, if yes, to S2200;

S2200: Whether there is a sub-registration server in the network controlled by the NAT device corresponding to the source address of the data packet in the sub-registration server record table. If not, go to S2101, if yes, go to S2201;

S2201: Return, to the message sender, a redirect message including the network address and port of the sub-registration service unit, and return to S2001;

S2101: returning a success response message to the sender of the message, including the network address and port of the available registration service unit, and returning to S2001;

S2005: Perform other processing and return to S2001;

Figure 17 shows how the system terminal device obtains the network address and port of the registration service device. In order to maintain the data transmission and reception mapping relationship in the NAT device, the system terminal device needs to perform the method periodically. S2800: Start

S2801: Listening to broadcast messages

S2802: Whether a broadcast message containing the service entry of the registration service device is received, if yes, go to S2806, if not, go to S2803;

S2806: Recording the network address and port in the broadcast message in the local target registration service device record

S2807: End

S2803: Send a "service portal query message" to a top-level registration service unit deployed on the public network, and initialize a local target registration service device record with a service portal of a top-level registration service unit deployed on the public network;

S2804: waiting for a reply;

S2805: Determine whether the received information is successful. If yes, go to S2807. If not, go to S2810.

S2810: Determine whether the received information is a redirect, if not, go to S2804, if yes, go to S2811;

S2811: The network address and port of the registration service device in the redirect message are stored in the local target registration service device record, and the service entry query message is sent to the registration service device according to the network address and port in the redirect message, and is returned. S2804;

4. 2 user information registration process and method

11 is a process of transmitting user registration information (user account opening information) to a registration service device by a system terminal device used by a user. This flowchart is an example in which the system terminal device used by the user transmits user registration information to the registration service device. The top-level registration service unit 2011 is equipped with a public network network address, which is a well-known service portal within the system, or can be obtained by a system-defined method. The first NAT device 1010 directly accesses the public network and is a root NAT device. The first basic registration service unit 2021 is deployed in the network controlled by the root NAT device 1010; the second NAT device 1020 directly accesses the network controlled by the root NAT device 1010, and the second basic registration service unit 2031 is deployed in the second NAT device 1020. In the network, the system terminal device 6001 is deployed in the network controlled by the second NAT device 1020; the system terminal device 6001 has obtained the service portal of the registration service device. The networked host and the networked device in the network controlled by the second NAT device 1020 can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the source or destination address of the passed data packet. In this figure, the NAT device pair data is ignored. Description of group modification

• The system terminal device 6001 sends a “user registration message” to the top-level registration service unit 201 1 , where the message includes at least the user identifier and the network address of the user-used terminal; • the top-level registration service unit 201 1 registers with the user after receiving the user registration message. If the same user identifier is found in the information record table, if the same user identifier is not added to the user registration information record table, it is determined whether the "user registration message" passes through the NAT device (for example, according to the carrying) The user registration message "the source address of the data packet and the user in the message use the network address of the terminal to determine whether the message passes through the NAT device", and if the NAT device passes, look up the sub-registration associated with the NAT device in the sub-registration server record a service unit, if the sub-registration service unit exists, returning a redirect response message including the service entry of the registration service unit; if the NAT device is not passed, or the NAT device does not have an associated registration service unit, a successful registration message is returned ; if the user is marked Presence, failed to return a reply message.

• After receiving the response message, the system terminal device ends the registration if it is a failure response message or a success response message. If it is a redirect response message, it sends a "user registration message" according to the registration service unit service entry in the message. The message includes at least User ID, the network address of the user using the terminal;

After the first registration service unit 2021 receives the user registration message, it searches for the same user identifier in the user registration information record table, and if the same user identifier does not add the user identifier and related information of the user to the user registration information record table, Determining whether the "user registration message" passes through the NAT device (for example, according to the source address of the data packet carrying the "user registration message" and the network address of the user using the terminal in the message to determine whether the message passes through the NAT device), if NAT is passed The device searches for a sub-registration service unit associated with the NAT device in the sub-registration server record, and if the sub-registration service unit exists, returns a redirect response message, where the message includes the service entry of the registration service unit; if not through NAT The device, or the NAT device does not have an associated sub-registration service unit, returns a successful registration message; if the user identification exists, a failure response message is returned.

• After the second registration service unit 2031 receives the user registration message, the user registration letter If the same user identifier is not found in the information record table, if the user ID and related information are not added to the user registration information record table, it is determined whether the "user registration message" passes through the NAT device (for example, according to the carrying) The user registration message "the source address of the data packet and the user in the message use the network address of the terminal to determine whether the message passes through the NAT device", and if the NAT device passes, look up the sub-registration associated with the NAT device in the sub-registration server record a service unit, if the sub-registration service unit exists, returning a redirect response message including the service entry of the registration service unit; if the NAT device is not passed, or the NAT device does not have an associated sub-registration service unit, the successful registration is returned Message; if the user ID exists, a failure reply message is returned.

• After receiving the response message, the system terminal device ends the registration if it is a failure response message or a success response message. If it is a redirect response message, it sends a "user registration message" according to the registration service unit service entry in the message. The message includes at least User ID, network address of the user's use terminal; Since the user registration information exists in a hierarchical manner in a multi-level NAT network, when the registration service unit receives the "user registration information query message", it can use multiple policies to query. For example, first look up in the local user registration record table, if the user exists, return a success message to the query requester; if the user does not exist, query the top-level registration service unit, if receiving the success message returned by the top-level registration service unit, The query requester returns a success message; if a failure message returned by the top-level registration service unit is received, a failure message is returned to the query requester.

4. 3 User Login Process and Method

Figure 1 2 shows the process in which the system terminal device used by the user sends user login information to the registration service device. This flowchart is an example in which the system terminal device used by the user transmits user login information to the registration service device. The top-level registration service unit 201 1 is provided with a public network network address, which is a well-known service portal within the system, or can be obtained by a system-defined method. The first NAT device 101 0 directly accesses the public network and is a root NAT device. The first basic registration service unit 2021 is deployed in the network controlled by the root NAT device 101. The second NAT device 1 020 directly accesses the network controlled by the root NAT device 101, and the second basic registration service unit 2031 is deployed in the second. In the network controlled by the NAT device 1 020, the system terminal device 6001 is deployed in the network controlled by the second NAT device 1 020; the system terminal device 6001 has obtained the service portal of the registration service device. Second NAT device 1 020 The networked host and networked device in the controlled network can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the source or destination address of the passed data packet. The description of the modification of the data packet by the NAT device is ignored in the figure.

• The system terminal device 6001 sets the user login status to not registered, and sends a “user login message” to the registration service device according to the service portal of the locally stored registration service device, where the message includes at least a user identifier, a user login point, and the user login point. The network address and port of the system terminal device used by the user • After receiving the user login message, the second basic registration service unit 2031 determines whether to record the user identification and related information according to logic, and decides whether to return the response message and return the response. Message; After recording the user login information, if the unit is not a top-level registration service unit, the user login message forwarded to the registration service device is recorded according to the local target registration server.

• After receiving the success response message, the system terminal device sets the user login status to login.

After receiving the user login message, the first basic registration service unit 2021 determines whether to record the user identification and related information according to logic, and determines whether to return the response message and return the response message; after recording the user login information, if the unit is recorded Not a top-level registration service unit, according to the local target registration server records the user login message forwarded to the registration service device,

• After the top-level registration service unit 2011 user registration message, it is logically determined whether to record the user's identification and related information, and decide whether to return the response message and return the response message; after recording the user login information, if the unit is not the top registration service The unit records the user login message forwarded to the registration service device according to the local target registration server.

In addition, the user needs to periodically send a user login message to the registration service device to ensure that the user status in the registration service device is online. If the registration service device does not receive a user login message for a certain user within a certain period of time, the registration service device sets the user's status to offline. If the system terminal device moves, the system terminal device needs to resend the user login message.

18 is a processing method after the registration service unit in the registration service device receives the "user login message".

S3000: Getting started

S3001: Waiting to receive data packets

S3002: Whether to receive the data packet, if no data packet is received, go to S3001, such as Received data packet, go to S3003

S3003: extracting a message in a data packet;

S3004: Determine whether it is "user login message". If not, go to S3005. If yes, go to S3100.

S 3100: determining, according to the user login point in the message, whether the sender of the message is a child registration server, and if so, transferring to S3101, if not, to S3200;

S3101: the user identifier in the message is used as the user identifier, the data packet source address and the source port carrying the message are the system terminal device access point, and the unit identifier is used as the user login point, and is stored in the user login information record table. S3300 is executed sequentially;

S 3200: Find whether the user is registered in the system. If there is no registration, go to S 3290, if already registered, go to S3201,

S 3201: Determine whether the system terminal device is behind the NAT according to the source address of the data packet carrying the message and the network address of the system terminal device used by the user in the message. If not, go to S3202, and if yes, go to S3203; S 3202: The user identifier in the message is used as the user identifier, and the user login point is used as the user login point, and is stored in the user login information record table;

S3203: The user identifier in the message is used as the user identifier, the data packet source address and the source port carrying the message are the system terminal device access point, and the unit identifier is used as the user login point, and is stored in the user login information record table; S3204: return a success response message to the message sender;

S3300: Determine whether the unit is a top-level registration server. If yes, go to S 3001, if not, go to S3301;

S 3301: Generate a new user registration message by using the identifier of the unit instead of the user login point of the received message;

S3302: Send a new user login message to the registration service device according to the local target registration server record, and return to S3001.

S3290: Returning a failure response message to the sender of the message, and returning to S3001;

S3005: Perform other processing;

In addition, when the user login message is forwarded between the registration service units, the sub-registration service unit record of the registration service unit stores the registration service unit identifier and the NAT device-related information in the subordinate network, and therefore uses the registration service unit identifier as the system terminal device. When accessing a point, it can be mapped to a network address and port on the NAT device. FIG. 19 is a diagram in which a user sends user login information to a registration service device through a system terminal device. S3800: Start

S 3802: setting a timeout period, setting the terminal to an unregistered state;

S3803: Send a "user login message" to the registration service device according to the record of the local target registration service device,

S3804: Waiting for a reply;

S3805: Determine whether it times out; if yes, go to S3809, if not, go to S3806 S3806: judge whether it is a success message, if not, go to S3808, if yes, go to S3807; S3807: set the terminal status to login;

S3809: End

S3808: Determine whether it is a failure message. If yes, go to S 3809. If not, go to S 3804. It is not difficult for the developer to improve according to the user login method described above and the user registration requirements, to complete the user registration and account opening tasks.

4. 4 user login point acquisition process and method of the requested user

FIG. 13 is a process of actively requesting a user to acquire a user login point of a requested user through a registration service system, and the process is an example of a process of acquiring a user login point of a requested user. The top-level registration service unit 2011 is equipped with a public network network address, which is a well-known service portal within the system or can be obtained by a system-defined method. The first NAT device 1010 directly accesses the public network and is the root NAT device. The first basic registration service unit 2021 is deployed in the network controlled by the root NAT device 1010; the second NAT device 1020 directly accesses the network controlled by the root NAT device 1010, and the second basic registration service unit 2031 is deployed in the second NAT device 1020. In the network, the system terminal device 6001 is deployed in the network controlled by the second NAT device 1020; the system terminal device 6001 has obtained the service portal of the registration service device. The networked host and the networked device in the network controlled by the second NAT device 1020 can access the networked host and the networked device in the network controlled by the root NAT device. The NAT device modifies the passed data packet source or destination address. The description of the data packet modification by the NAT device is ignored in the figure.

The system terminal device 6001 sends a "user login point lookup request message" to the registration service device according to the locally stored target registration service device record port, and the message includes at least the requested user identifier and the random serial number.

After receiving the "user login point lookup request message", the second registration service unit 2031 extracts the requested user identifier in the message, and searches in the user login information record table, if the requested user identifier exists in the user login information record table. Returning to the message sender a success message containing the current user login point of the requested user, including the pair The random sequence number in the original request message; if the requested user identifier does not exist in the user login information record table, and the service node is not the top-level registration service unit, the mapping relationship between the message and the message sender is established according to the random sequence number in the message. And saving the mapping relationship in the message buffer, and forwarding the "user login point lookup request message" to the registration service device according to the local registration server record;

After receiving the "user login point lookup request message", the first registration service unit 2021 extracts the requested user identifier in the message, and searches in the user login information record table, if the requested user identifier exists in the user login information record table. Returning a success message including the current user login point of the requested user to the message sender, where the message includes a random sequence number in the corresponding original request message; if the requested user identifier does not exist in the user login information record table, and the service node It is not the top-level registration service unit, and the mapping relationship between the message and the sender of the message is established according to the random sequence number in the message, and the mapping relationship is saved in the message buffer area, and the user login point search is forwarded to the registration service device according to the local registration server record. Request message";

• After receiving the "user login point lookup request message", the top-level registration service unit 201 1 extracts the requested user identifier in the message, and searches in the user login information record table, if the requested user identifier exists in the user login information record table. Returning a success message including the current user login point of the requested user to the message sender, where the message includes a random sequence number in the corresponding original request message; if the requested user identifier does not exist in the user login information record table, and the service node Is a top-level registration service unit, and returns a failure message to the message sender, where the message includes a random sequence number in the corresponding original request message;

After receiving the response message, the first registration service unit 2021 finds the corresponding sender node lookup request message sender according to the random number in the response message, and forwards the response message to the sender.

After receiving the response message, the second registration service unit 2022 finds the corresponding sender node lookup request message sender according to the random number in the response message, and forwards the response message to the sender.

• After receiving the response message, the system terminal device 6001 records the user login point of the requested user in the message if it is a success response message; if it is a failure response message, it ends. The above process is the basic process of finding a user login point that satisfies the condition. It is not difficult for developers to extend, change, and find the above processes based on the needs of specific applications. After the user logs in, the subsequent execution process is changed. However, it does not affect the nature of the process of querying the user's login point based on the requested user ID. 20 is a processing method after the registration service unit in the registration service device receives the "user login point lookup request message"

S4000: Start

S4001: Waiting to receive data packets

S4002: Whether to receive the data packet, if no data packet is received, go to S4001, if the data packet is received, go to S4003;

S4003: extracting a message in a data packet;

S4004: Determine whether it is "user login point lookup request message", if not, go to S4005, if yes, go to S4100;

S4100: extracting a random sequence in the message;

S4101: Find the corresponding sender in the forwarding relationship list, if any, go to S4106, if not, go to S4102;

S 4102: presenting the requested user identifier in the message;

S4103: Query whether the requested user identifier exists in the user login information record table, if yes, go to S4200, if not, go to S4104;

S4104: Determine whether the unit is a top-level registration server, if yes, go to S4107, if not, go to S4105;

S 4105: Establish a correspondence between the sender of the message and the message according to the random sequence in the message, and store the information in the forwarding relationship table.

S4106: Forward a "user login point lookup request message" to the registration service device according to the local target registration server record, and return to S4001;

S4107: returning a failure message to the sender of the message, and returning to S4001;

S4200: returning a success message to the sender of the message, where the message includes the user login point of the requested user in the user login information record table, and returns to S4001;

S4005: Determine whether it is a response message of "user login point lookup request message", if not, go to S4006, if yes, go to S4300;

S4300: extracting a random sequence in the message;

S4301: Find the corresponding sender in the forwarding relationship list, if any, go to S4302, if not, go to S4001;

S4302: Forward the response message to the sender of the message corresponding to the random sequence, and delete the related items in the forwarding relationship list, and return to S4001; 21 is a user querying a registration service device for a user login point through a system terminal device.

S4800: Start;

S4801: setting a timeout period;

S4802: generate a random serial number;

S4803: Send a “user login point lookup request message” to the registration service device according to the record of the local target registration server, where the message includes a random serial number;

S4804: Waiting for a reply;

S4805: Determine whether it times out, if yes, go to S4806, if not, go to S4810; S4810: Determine whether the random numbers in the message are the same, if different, go to S4804; S4820: Whether it is a success message, if not, go to S4830, if yes , to S4821; S4821: extract the network address and port in the message;

S4822: End

S4830: Is it a failure, if yes, go to S4822, if not, go to S4804;

S4806: Send a "user login point lookup request message" to the registration service device according to the record of the local target registration server, and the message includes a random serial number, and returns to S4804.

5. Basic message format

The basic message formats of the present invention are shown in Table 2.

Table 2 Message Name Purpose Message Basics Additional Notes

Service unit to registration service message type, network

Registration message device registration address, port, standard

Knowledge, prefabricated level letter

Interest

Broadcast message to registration service message type, broadcast

Unit broadcast registration service

Book service device

Service entrance

Service entry Query registration month good message type

Query message service device

Executive entrance

User registration Add user Message type, user Add a message to the system Identify a new user User registration Find a user is a message type, user

Message query is not identified in the system Message opening user login user login message type, user user login point can message identification, user login is network address and end

Occupy, or can be transformed

ID for the address and port for the network

User login query is requested message type, user

Click to find the user's user ID, requested

Request message login point household identification, random order

number

Successful response To the message, the message type identifier, for the "user login point message return success, the response message pair lookup request message" package

Information request message, including user login point,

Type Machine serial number.

For "ingress query messages" include the network address and port.

For the response of other requests, see the relevant algorithm requirements. Failure response Send a message type identifier to the message.

The messager returns a failure. The response message is paired.

Information request message

Types of

The redirected outgoing message is sent with a message type identifier, and the redirected message returns one of the respondent messages including the corresponding reply for the respondent. Correct

Register service request message type Query the registration device's network location Service entry message, address and port Return to the corresponding network

Address and port.

Responses to other requests, see related algorithm requirements

6. Forwarding service acquisition method

Figure 22 is a registration service unit with a forwarding module. The registration service unit with the data forwarding module is an example in which the registration service device provides a forwarding service for the user. The data forwarding service unit 2108 is for forwarding data between system terminal devices. The flow of the registration service device processing the forwarding service request is as shown in FIG. 23. "Forwarding Service Request" submitted by the system terminal device The message includes at least: the message type, the random number, and the identifier of the requester.

S5000: Getting started

S5001: Waiting to receive data packets

S5002: Whether to receive data packets

S5003: Extracting messages in a data packet

S5004: Determine whether it is "forwarding service request". If yes, go to S5100, if not, go to S5005

S5005: Perform other processing

S5100: Extract the sequence number in the message, and find in the corresponding table whether the sequence number exists. If it exists, go to S5202. If it does not exist, go to S5101.

S5101: Determine whether the service unit has a forwarding service module. If yes, go to S5102. If not, go to S5200.

S5102: determining whether the requested identifier is in the user login information record table, if yes, go to S5103, if not, go to S5200;

S5103: Allocating a network address and a port that can forward data to the requester according to the requester information;

S5104: Returning a success response message to the message sender, where the message includes a network address and port that can provide a forwarding service, and returns to S5001;

S5200: Determine whether the unit is a top-level service unit. If yes, go to S5203. If not, go to S5201.

S5201: Extract a random sequence number in the message, and establish a forwarding correspondence relationship with the message sender based on the sequence number, and store in the forwarding correspondence table;

S5202: According to the local target registration server record, forward the "forwarding service request" to the registration service device, and return to S5001;

S5203: Returning a failure response message to the message sender, returning to S5001;

For the processing flow of the response message, refer to the processing flow of the response message in the processing method of the "user login point lookup request message" in the registration service unit of FIG.

Claims

Rights request

A multi-layer NAT environment, wherein the multi-layer NAT environment has a public network and at least one private network, and the private network accesses a public network or other private network through an address translation unit; The application-oriented name registration system includes a system terminal device for transmitting a login request and a registration service unit for receiving a login request, the registration service unit including a top-level registration service unit accessing the public network and a basic registration for accessing the private network a service unit; the registration service unit is configured to receive a login request message of the system terminal device, and record user login information of the system terminal device, where the user login information includes at least a user identifier, and the system terminal device used by the user is in the registration service. The user login point in the network accessed by the unit and the system terminal device used by the user are the system terminal device access point in the network accessed by the registration service unit.

The application-oriented name registration system according to claim 1, wherein the registration service unit is further configured to perform query according to the recorded user login information, and determine a forwarding node between system terminal devices. .

3. The application-oriented name registration system according to claim 1, wherein the user login point is a network address and a port of a registration service unit or a system terminal device, or may be converted into a registration month service unit or The network address and port identification of the system terminal device.

The application-oriented name registration system according to claim 2, wherein the query is to find that the called party has the shortest distance to the calling party NAT according to the user login information in all the user login points of the called party. User login point.

5. The application-oriented name registration system according to claim 1, wherein the system terminal device access point is a network address and a port of the NAT device, or may be converted into a network address and a port identifier of the NAT device. .

6. The application-oriented name registration system according to claim 1, wherein the top-level registration service unit accesses a public network through a top-level service bus, and the basic registration service unit accesses a private network through a service bus. The top-level registration service unit is addressed using the network address of the public network, which is addressed using the network address of the connected private network.

7. The application-oriented name registration system according to claim 1, wherein the registration service unit comprises: a registration service logic control unit, a basic configuration information record table, a hierarchical information record, a target registration server record, and a sub-registration. Server record table, user login information record table, user registration information record table, message buffer and pass Letter unit

8. The application-oriented name registration system according to claim 7, wherein the interaction relationship of each component of the registration service unit is as follows:

The application-oriented name registration system according to claim 1, wherein the system terminal device comprises: a terminal device control unit, a basic configuration information record table, a target registration service device record, a message buffer area, and a communication unit. The terminal device control unit is configured to control execution of the terminal device; the basic configuration information record table is used to record the user identifier, the network address and port of the terminal device; and the target registration service device records the network address used to record the registration service device and Port; message buffer for temporary storage receipt Or a message sent; the communication unit is used to connect to a public or private network.

10. The application-oriented name registration system according to claim 1, wherein the terminal device control unit reads and writes information in a basic configuration information record table, a target registration service device record, and a message buffer; and the terminal device control unit Data is also transmitted and received from the network through the communication unit.

The method for performing user login to the name registration system of the application under the multi-layer NAT environment of claim 1 is characterized in that it comprises the following steps:

The user login method according to claim 1 , wherein in the step 2), the user login point is a network address and a port, or may be converted into an identifier of a network address and a port; In step 3), the user login point is a network address and a port, or may be converted into an identifier of a network address and a port; the system terminal device access point is a network address and port, or may be converted into a network The identifier of the address and port.

The method of user login according to claim 1 , wherein in the step 3), after receiving the user login message directly sent by the system terminal device, the registration service unit sends the user login message to the system. The terminal device returns a response message.

14. The method for logging in to a user according to claim 1 , wherein an initialization step is further performed before the step 1), the initializing step is: first starting to access a top-level registration service unit of the public network, The basic registration service unit accessing the private network then initiates layer by layer and registers with the name registration system to join the name registration system.

15. The method of user login according to claim 11, wherein The step 1) includes the following sub-steps:

113) The registration service unit determines whether it can directly serve as a service entry for providing service to the system terminal device, and if the determination is yes, returning a success message; if the determination is no, returning a redirect message to the system terminal device, the weight The directed message carries a service entry of a registration service unit that accesses a lower layer network of a network to which the current registration service unit belongs;

114) Steps 112) and 113) are continuously repeated until the system terminal device receives the success message to obtain the final service entry.

The method for logging in to a user according to claim 15, wherein in the step 110), the global service portal is a network address and a port of a top-level registration service unit.

17. The method of user login according to claim 11, wherein the step 1) comprises the following sub-steps:

The method of user login according to claim 17, wherein in the step 120), the registration service unit may send the broadcast message by using a registration service unit proxy.

The method for logging in to a user according to claim 11, wherein in the step 3), the processing method after the registration service unit receives the user login message includes the following steps:

31) according to the user login point in the message to determine whether the message sender is the underlying registration service unit, and if so, go to step 32), if not, go to step 34);

32) using the user identifier in the message as the user identifier, the source address and the source port point of the data packet carrying the message as the system terminal device access point, and the unit The identifier is stored as a user login point in the user information record table of the unit, and is transferred to step 38);

34) determining, according to the source address of the data packet carrying the message and the network address of the system terminal device in the message, whether the user terminal is after the NAT, if not, proceeding to step 35), if yes, proceeding to step 36);

30) Return a failure response message to the sender of the message.

The user login method according to claim 19, wherein between step 32) and step 34), step 33) is further performed, step 33) is as follows: determining whether the user can log in, If you can't log in, go to step 30). If you can log in, go to step 34) ₀

The method for logging in to a user according to claim 19, wherein in the step 39), the method for sending the user login message to the upper layer registration service unit is as follows:

The method for logging in to a user according to claim 11, further comprising the step 5), wherein the step 5) is as follows:

The method for performing a user login point query to the application name registration system by using the multi-layer NAT environment of claim 1 is characterized in that the method includes the following steps:

50) the system terminal device sends a user login point lookup request message to the service portal of the name registration system, where the message includes at least the requested user identifier; 51) The registration service unit searches the local user login information record table for the presence or absence of the user identifier of the requested user, and if yes, returns the user login point of the requested user; if not, the current registration service is accessed. The registration service unit of the upper layer network of the network to which the unit is connected forwards the user login point lookup request message;

The registration service unit accessing the upper layer network searches the local user login information record table for the presence or absence of the requested user identifier, and if so, returns the user login point of the system terminal device of the requested user; if not, And forwarding a user login point lookup request message to a registration service unit of an upper layer network accessing the network accessed by the current registration service unit;

The method for providing a forwarding service to the name registration system of the application in the multi-layer NAT environment of claim 1, wherein the registration service unit further includes a data forwarding module, and the method for providing the forwarding service includes the following Steps:

63) repeating step 62) until the requesting user obtains a network address and port that can forward data to the requested user; 64) After forwarding the service request message to the top-level registration service unit, if the user identifier of the requested user is not found, or there is no data forwarding module, a failure response message is returned.