Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, node device and system for traversing firewall

A firewall and node technology, applied in the field of communication, to achieve the effect of reducing complexity, reducing network delay, and avoiding signaling overhead

Active Publication Date: 2012-05-23
HUAWEI TECH CO LTD +1
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0037] 2) It is invalid for some types of firewalls (such as stateful firewalls), and has limitations in practical applications;
[0038] 3) The premise that this solution can discover the firewall is that the configured firewall policy allows UDP-encapsulated packets to pass through, which will bring security problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, node device and system for traversing firewall
  • Method, node device and system for traversing firewall
  • Method, node device and system for traversing firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0109] After the MN moves, it needs to traverse the firewall between the MN and the HA, where the HA is protected by the firewall.

[0110] In this embodiment, the MN is the signaling initiator NI, and the HA is the signaling receiver NR. see Figure 6 , the flow chart is the process of forward discovery and reverse traversal of the firewall. The specific signaling process is as follows:

[0111] 1) When the signaling initiator NI needs to initiate firewall traversal signaling, it first sends the GIST-query message with the firewall information object extended by the NTLP layer, and establishes the NTLP signaling state on the signaling path hop by hop through the three-way handshake ;

[0112] 2) After receiving the GIST-query message, the node NF having a firewall on the path records the address of the node in the firewall information object;

[0113] 3) After receiving the GIST-Query message, NR, the signaling receiver, checks that there is a FW Information Object and nee...

Embodiment 2

[0115] see Figure 7 , is a signaling flowchart of firewall traversal provided by the embodiment of the present invention. In this embodiment, the MN is the signaling initiator NI, and the HA is the signaling receiver NR. This flow chart is the process of forward discovery and forward traversal through the firewall. The specific signaling process is as follows:

[0116] 1) When the signaling initiator NI needs to initiate firewall traversal signaling, it first sends the GIST-query message with the firewall information object extended by the NTLP layer, and establishes the NTLP signaling state on the signaling path hop by hop through the three-way handshake ;

[0117] 2) After receiving the GIST-query message, the node NF having a firewall on the path records the address of the node in the firewall information object;

[0118] 3) When the signaling receiver NR receives the GIST-Query message, checks that there is a FW Information Object, and needs to initiate the firewall tra...

Embodiment 3

[0120] see Figure 8 , taking the process of sending a BU from the MN to the HA as an example, where there is no firewall between the MN and the HA, but the MN does not know whether the firewall exists. Basically similar to the previous process, the difference is that the HA informs the MN in the ActionCode of the Firewall Detection Notification message that there is no firewall on the path, and firewall traversal is not required.

[0121] After the signaling initiator MN receives the Firewall Detection Notification message sent by the HA, it checks the Firewall Detection Notification message. If there is no firewall on the path, the NSIS firewall discovery and traversal signaling operations are terminated.

[0122] In this embodiment, after the firewall discovery process is performed at the NTLP layer, if there is no firewall on the communication path, the NSIS signaling process is terminated, which avoids the signaling waste of the existing NSIS-based firewall traversal mech...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, a node device and a system for traversing firewall, belonging to the field of communication. The method includes the steps as follows: after receiving inquiring information, a node with a firewall records the firewall information of the node in the inquiring information and retransmits the inquiring information to the downstream; after receiving the inquiring information transmitted from the upstream, a target node confirms if the firewall exists on the path according to the firewall information in the inquiring information and returns integral information ofthe firewall on the path to an initiating node of the inquiring information; and the target node or the initiating node initiates firewall traversal when the firewall exists on the path. The node device comprises a transmitting module, a receiving module and a processing module. The system comprises the initiator node, the intermediate node and the target node. The invention can seamlessly combine with the existing NSIS-based firewall traversal mechanism, thereby avoiding extra signaling spent by using the firewall discovery mechanism which is not based on NSIS and further reducing the network delay.

Description

technical field [0001] The present invention relates to the communication field, in particular to a firewall traversal method, node equipment and system. Background technique [0002] With the rapid development of network technology and wireless communication equipment, people are eager to obtain information from the Internet anytime and anywhere. Aiming at this situation, the prior art provides a protocol supporting mobile Internet, that is, a mobile IP protocol. The mobile IP protocol is a network layer solution that provides mobile functions on the Internet, so that the ongoing communication will not be interrupted when nodes switch links. Simply put, Mobile IP provides a routing mechanism at the network layer that enables a mobile node (MN, Mobile Node) to connect to any link with a permanent IP address, with the purpose of routing data packets to those that may have been on On mobile nodes that change location rapidly. [0003] In order to better support the mobility...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 张琳禹可李欣王斌斌温兴华彭炎
Owner HUAWEI TECH CO LTD