CN101106580B

Movatterモバイル変換

Info

Publication number: CN101106580B
Application number: CN2007101177850A
Authority: CN
Inventors: 王文渊; 付强
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2007-06-22
Filing date: 2007-06-22
Publication date: 2010-12-08
Anticipated expiration: 2027-06-22
Also published as: CN101106580A

Abstract

The invention discloses a system of dynamic cross firewall/ network address translation realization of calling center and is used to the next generation network. The system includes a seat module used to inquire and acquire the outer net address with correspondence to FW/NAT to a STUN server module and exchange information with a calling control module; a STUN server module used to return the outer net address of the set module with correspondence to FW/NAT to the seat module; a calling control module used to accept the outer net address with correspondence to FW/NAT of the recording seat module and carry out calling control processing towards the user terminal and the seat module. The invention also provides a method of dynamic cross firewall/network address translation realization of calling center correspondingly. The invention realizes the combination of STUN technique and the next generation calling center and the dynamic cross of FW/NAT with no alteration to the current FW/NAT equipment and obviously improves the user satisfaction and market competitiveness.

Description

System and method for realizing firewall/network address passing conversion by call center

Technical Field

The invention relates to the technical field of Network communication, in particular to a system and a method for realizing dynamic Firewall and/or Network Address Transfer (FW/NAT) traversal by a next generation call center.

Background

A Call Center (Call Center), such as 1860 in the telecommunication industry, 95555 in the financial industry, also called a customer service system, is a Call processing information system integrating various technologies, such as Computer Telephony Integration (CTI), Automatic Call Distribution (ACD), and database. The user can access the call center through various access modes such as telephone, fax, e-mail and the like. When the user terminal is connected to the call center, it can receive the task prompt tone of the call center, and according to the voice prompt of the call center, it can be connected to the database or seat to obtain the required information service, such as request, question, complaint, suggestion and inquiry.

With the evolution of Next Generation Networks (NGNs), it is required to build Next Generation call centers oriented towards new telecommunication Network architectures. The next generation call center largely adopts the seats of non-Session Initiation Protocol (SIP) terminals, and directly sends and receives Real Time Transport Protocol (RTP) packets by using Internet Protocol (IP) addresses and User Datagram Protocol (UDP) ports. The agent does not use a subordinate SIP protocol any more, is simple and efficient in signaling control and logic processing, and completely conforms to and utilizes a standard computer supported telecommunication Application service (CSTA) protocol, and has the disadvantages that the agent can only be used in a network range, and a UDP-based RTP packet cannot dynamically traverse a network with a firewall and an NAT, because a traditional firewall can only process applications with fixed ports, and a port determined by a dynamic negotiation mechanism lacks a good mechanism for discovering and opening and closing the port.

Typically, the network in which the call center is located includes a firewall and a NAT. The firewall is used for protecting network resources from being damaged maliciously by the outside and forbidding the internal network from accessing certain preset IP addresses or port numbers, the NAT is arranged on the boundary between the internal networks based on the Internet standard, the function of the firewall is to map the IP addresses visible by the external network with the addresses used by the internal network, each protected internal network can reuse the IP addresses in a specific range, the IP addresses are not used in the public network, a data packet containing public network address information from the external network arrives at the NAT before arriving at the internal network, the NAT modifies the data packet according to a preset rule and forwards the data packet to an internal network target receiving point, and the data packet flowing out of the internal network also needs to be correspondingly converted by the NAT and then is sent to the external network, so that the network security is improved and the IP addresses are saved.

In order to dynamically traverse the FW/NAT, the prior art upgrades the FW/NAT device, for example, an Application Level Gateway (ALG) is set on an Application module of the device, an address and a port negotiated in a control flow message are automatically recorded, the port is dynamically opened and closed on a firewall, and an address in an RTP protocol is mapped into an IP address and a port number on a public network. The drawbacks of this technique are: upgrading and modifying the FW/NAT equipment is high in cost, so that improvement is needed.

Disclosure of Invention

In view of the above-mentioned drawbacks, a first object of the present invention is to provide a system for a call center to implement dynamic traversal of firewalls and/or network address translation without modifying existing firewalls and/or network address translation devices.

The second objective of the present invention is to provide a method for implementing dynamic traversal of firewall and/or network address translation by a call center, which can implement dynamic traversal of firewall and/or network address translation without modifying the existing firewall and/or network address translation equipment.

In order to achieve the first object, the present invention provides a system for a call center to implement dynamic firewall traversal/network address translation, which is used in a next generation network and at least comprises:

the seat module is used for inquiring and acquiring the corresponding external network address of the STUN server module in firewall/network address conversion and carrying out information interaction with the call control module;

the STUN server module is used for returning the external network address corresponding to the firewall/network address conversion of the seat module to the seat module; and

and the call control module is used for receiving and recording the corresponding external network address converted by the seat module in the firewall/network address and carrying out call control processing on the user terminal and the seat module.

According to the system of the invention, the seat module generates the session description protocol information containing the external network address after acquiring the external network address corresponding to the firewall/network address conversion and sends the session description protocol information to the call control module.

According to the system of the invention, after the call control module acquires the session description protocol information of the user terminal, the call control module matches and/or negotiates the session description protocol information generated by the seat module and notifies the seat module and the user terminal of the matched and/or negotiated session description protocol information.

According to the system of the invention, the call control module informs the session description protocol information of the matched and/or negotiated seat module to the user terminal through the session initiation protocol message, and informs the session description protocol information of the matched and/or negotiated user terminal to the seat module through the telecommunication application service protocol message supported by the computer.

According to the system of the invention, in the process of conversation, if the generated session description protocol information containing the external network address changes, the seat module re-matches and/or negotiates the session description protocol information with the session description protocol information of the user terminal, notifies the session description protocol information of the user terminal after re-matching and/or negotiation to the seat module, and notifies the session description protocol information of the seat module after re-matching and/or negotiation to the user terminal.

According to the system of the invention, the seat module periodically and dynamically inquires and acquires the corresponding external network address of the firewall/network address conversion from the STUN server module.

According to the system of the invention, the seat module and the user terminal establish a connection channel according to the received session description protocol information, and send and receive the real-time transmission protocol packet.

In order to achieve the second object, the present invention provides a method for a call center to implement dynamic firewall traversal and/or network address translation, which at least includes the following steps:

A. the seat module sends an external network address query request corresponding to firewall/network address conversion to the STUN server module;

B. the STUN server module returns the corresponding external network address of the seat module in the firewall/network address conversion to the seat module;

C. the seat module sends the external network address corresponding to the firewall/network address conversion to the call control module;

D. the call control module receives and records the corresponding external network address of the seat module in the firewall/network address conversion, and performs call control processing on the user terminal and the seat module.

According to the method of the invention, in the step B, after the seat module obtains the corresponding external network address of the firewall/network address conversion, the seat module generates the session description protocol information containing the external network address and sends the session description protocol information to the call control module.

According to the method of the present invention, said step D further comprises:

d1, when the user terminal calls and accesses, the call control module obtains the session description protocol information of the user terminal;

d2, the call control module matches and/or negotiates the session description protocol information generated by the seat module, and informs the seat module and the user terminal of the matched and/or negotiated session description protocol information.

The invention comprises a seat module in a next generation call center system, which is used for inquiring and acquiring the corresponding external network address of the STUN server module in firewall/network address conversion and carrying out information interaction with a call control module; the STUN server module is used for returning the external network address corresponding to the firewall/network address conversion of the seat module to the seat module; and the call control module is used for receiving and recording the external network address corresponding to the firewall/network address translation of the seat module, and performing call control processing on the user terminal and the seat module, so that the combination of the STUN technology and a next generation call center is realized, the dynamic crossing of the firewall and/or network address translation is realized without changing the conventional firewall and/or network address translation equipment, the call control module can be used in a network environment with a plurality of network address translations connected in series, and the satisfaction degree and market competitiveness of a user are obviously improved.

Drawings

FIG. 1 is a system architecture diagram of a next generation call center implementing dynamic firewall traversal/NAT provided by the present invention;

FIG. 2 is a flow chart of a method for implementing dynamic firewall traversal/NAT in a next generation call center according to the present invention;

FIG. 3 is a flowchart of an embodiment of a method for implementing dynamic firewall traversal/NAT for a next generation call center.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The invention realizes the dynamic traversing firewall/network Address translation (FW/NAT) of the next generation call center by the Simple Traversal of UDP through network Address translations (STUN) technology of UDP to NAT.

STUN is a Client-Server (Client-Server) network protocol, defined in RFC 3489, that allows a Client located behind an NAT (or multiple NATs) to find out its public network address, what type of NAT it is located behind and the Internet port to which the NAT is bound for a local port. This information is used to establish UDP communication between two hosts that are simultaneously behind the NAT router. The specific working principle is as follows:

the application program (namely STUN Client) sends a request message to the STUN server outside the NAT through UDP, the request message is an address after inquiring self conversion, the STUN server receives the request message and generates a response message, the response message carries a source port of the request message, namely an external port corresponding to the STUN Client on the NAT, then the response message is sent to the STUN Client through NAT, the STUN Client learns the external address corresponding to the STUN Client on the NAT through the content in the response message body and fills the external address into UDP load of a calling protocol later to inform the opposite terminal, and the converted public IP address can be directly registered when the terminal is registered, so that the problem of establishing communication when UDP passes through NAT is solved. The receiving address and port number of the local terminal are the address and port number outside the NAT. Because the NAT mapping table item of the media stream is pre-established on the NAT through the STUN protocol, the media stream can smoothly pass through the NAT.

It should be noted that, Network Address Translation/Port Address Translation (NAT/PAT) has a certain lifetime for the Address Translation relationship, and after a certain Address Translation is not used for a certain period of time, it will be cleared, and when this traffic flow occurs again, a new Address Translation relationship will be established, which means that both the inquiry process of STUN and the registration process of the terminal need to be executed again to ensure the correct communication. One popular solution to this problem is to maintain the NAT/PAT translation relationship in some way, such as repeatedly registering once during the NAT/PAT lifetime, for example, if the NAT/PAT lifetime is 3 minutes, then the registration repetition period is set to 2 minutes.

The system for implementing dynamic firewall traversal/network address translation in the next generation call center provided by the invention is shown in fig. 1, and comprises: a seat module 101, a firewall/network address translation (FW/NAT)102, a STUN server module 103, a call control module 104, a public network 105, a user terminal 106. Wherein,

the seat module 101 is located in the call center internal network with the FW/NAT102, completes STUNClient function, and is used for inquiring and acquiring the corresponding foreign network address of the STUN server module 103 in the FW/NAT102, and performing information interaction with the call control module 104. The seat module 101 periodically and dynamically queries and acquires the corresponding extranet address of the FW/NAT102 from the STUN server module 103 to maintain the NAT/PAT translation relationship. The extranet address contains an IP address and port number that traverses the FW/NAT 102.

And the STUN server module 103 is positioned on the public network 105 side, namely on the public network side crossing the FW/NAT102, and is used for returning the extranet address corresponding to the FW/NAT102 of the seat module 101 to the seat module. The public network 105 is typically the Internet (Internet). After receiving the address acquisition request message sent by the seat module 101, the STUN server module 103 returns the external network address to the seat module 101 according to the format specified by the STUN protocol.

The method for implementing the system for dynamically traversing firewall/network address translation of the next generation call center in the invention is shown in fig. 2, and comprises the following steps:

step S201, the seat module starts and/or logs in, and sends the external network address inquiry request message corresponding to FW/NAT to the STUN server module.

In this step, after the seat module is started and logged in, it periodically sends the external network address query request message corresponding to FW/NAT to STUN server module to keep the normal operation of NAT/PAT conversion relation and conversation.

Step S202, the STUN server module returns the corresponding external network address to the seat module according to the external network address query request message. The external network address comprises an IP address and a port number corresponding to the external network address in FW/NAT.

Step S203, the seat module generates SDP information including the external network address and sends the SDP information to the call control module. The seat module sends CSTA login information to the call control module, wherein the login information carries the external network address generated by the seat module and related SDP information.

Step S204, the call control module receives and records the external network address and SDP information, and carries out call control processing on the user terminal and the seat module. And if the SDP message updated by the seat module is received in the subsequent process, the SDP message of the seat module recorded in the call control module is immediately refreshed.

The method further comprises the following steps:

step S301, the user terminal calls and accesses, and the call control module acquires SDP information of the user terminal from the SIP protocol.

Step S302, the call control module matches and/or negotiates the SDP message of the user terminal with the SDP message generated by the seat module, and informs the SDP message of the matched and/or negotiated user terminal to the seat module through CSTA message, and sends the SDP message of the matched and/or negotiated seat module to the user terminal through SIP message, so as to ensure that the seat module and the user terminal establish a connection channel between the seat module and the user terminal according to the received SDP message, and normally send and receive RTP packet, thus realizing that the next generation call center successfully passes through NAT/FW.

In this step, when the seat module and the user terminal are in a call process, if the session description protocol information generated by the seat module changes, the session description protocol information needs to be re-matched and/or negotiated with the SDP information of the user terminal, then the SDP information of the matched and/or negotiated user terminal is sent to the seat module, and the SDP information of the matched and/or negotiated seat module is sent to the user terminal.

Fig. 3 is a flowchart of an embodiment of a system implementation method for dynamically traversing a firewall/network address translation in a next generation call center according to the present invention, which is specifically as follows:

step S401, the seat module starts, and sends request information for obtaining external network address passing through FW/NAT to the STUN server module. The extranet address includes an IP address and port number traversing the FW/NAT.

Step S402, the STUN server module returns the corresponding external network address according to the request message.

Step S403, the seat module generates SDP information according to the received external network address, and sends a setFeature message to the call control module, where the message carries the SDP information containing the external network address.

Step S404, the User terminal calls the seat module through SIP protocol, and sends Invite (SDP _ User) request message to the call control module, and the message carries SDP message of the User terminal.

Step S405, the call control module sends a Trying message to the user terminal, which indicates that the call is in progress, and simultaneously records the SDP message of the user terminal.

Step S406, the call control module queries an available seat module, and sends Ringing message to the user terminal if the available seat module is found, so as to notify the user terminal of Ringing.

Step S407, the call control module sends an e _ delivered message to the seat module to prompt that a call enters.

Step S408, after the seat module receives the e _ terminated message, if agreeing to put through the call, the seat module sends an answer message to the call control module.

Step S409, after receiving the answer call message, the call control module matches and negotiates the SDP information obtained by the seat module with the SDP information of the user terminal, and simultaneously informs the SDP information of the seat module after matching and/or negotiation to the user terminal by sending a 200OK (SDP _ agent) message. Wherein the SDP information of the seating module contains the IP address and port number traversing the FW/NAT.

Step S410, the call control module notifies the seat module of the SDP information of the matched and/or negotiated user terminal by sending an e _ peerSdp message.

Step S411, after receiving 200OK (sdp _ agent) message, the user terminal sends ACK message to the call control module for confirmation.

Step 412, after receiving the ACK message, the call control module sends an e _ establish message to the seat module, and requests the seat module and the user terminal to establish a channel according to the received SDP information, and send and receive RTP messages.

The user terminal sends RTP packet to the IP address and UDP port of the external network of the user terminal according to the SDP message of the seat module, after the FW/NAT receives the RTP packet from the user terminal of the external network, the external IP is converted into the IP address and UDP port of the internal network, namely the real IP address and UDP port of the seat module, so that the seat module can receive the port from the user terminal, and the seat module and the user terminal pass through the firewall/NAT to communicate.

Step S413, in the process of communication, the seat module periodically sends a request message for obtaining an external network address traversing FW/NAT to the STUN server module.

In step 414, the STUN server module returns the corresponding external network address according to the request message.

Step S415, the seat module generates SDP information according to the received external network address, and sends a self SDP message to the call control module, where the message carries the changed SDP information including the external network address.

Step S416, the call control module sends an Invite (SDP _ User) request message to the User terminal, where the message carries the SDP information of the seat module.

In step S417, the user terminal returns a 200OK (sdp _ agent) message to the call control module. The message carries SDP information of the user terminal.

Step S418, the call control module matches the SDP information of the seat module and the SDP information of the user terminal and performs media negotiation, and sends an e _ peerSdp message to the seat module, where the message carries the matched SDP information of the user terminal.

Step S419, the call control module sends ACK message to the user terminal for confirmation, the message carries SDP information of the matched seat module.

To sum up, the call center system comprises a seat module, which is used for inquiring and acquiring the external network address corresponding to the firewall/network address conversion from the STUN server module, and performing information interaction with the call control module; the STUN server module is used for returning the external network address corresponding to the firewall/network address conversion of the seat module to the seat module; and the call control module is used for receiving and recording the external network address corresponding to the firewall/network address translation of the seat module, and performing call control processing on the user terminal and the seat module, so that the combination of the STUN technology and a next generation call center is realized, the dynamic crossing of the firewall and/or network address translation is realized without changing the conventional firewall and/or network address translation equipment, the call control module can be used in a network environment with a plurality of network address translations connected in series, and the satisfaction degree and market competitiveness of a user are obviously improved.

The present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof, and it should be understood that various changes and modifications can be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.

Claims

1. A system for a call center to implement dynamic traversal of firewalls/network address translations for next generation networks, comprising:

2. The system of claim 1, wherein the agent module generates session description protocol information including the corresponding external network address after acquiring the external network address corresponding to the firewall/network address translation, and sends the session description protocol information to the call control module.

3. The system of claim 2, wherein the call control module matches and/or negotiates session description protocol information generated by the agent module after acquiring the session description protocol information of the user terminal, and notifies the agent module and the user terminal of the matched and/or negotiated session description protocol information.

4. The system of claim 3, wherein the call control module notifies the session description protocol information of the matched and/or negotiated seat module to the user terminal through a session initiation protocol message, and notifies the session description protocol information of the matched and/or negotiated user terminal to the seat module through a computer-supported telecom application service protocol message.

5. The system according to claim 4, wherein the agent module re-matches and/or negotiates the session description protocol information of the user terminal with the session description protocol information of the user terminal if the session description protocol information including the external network address generated by the agent module changes during the call, notifies the agent module of the session description protocol information of the user terminal after re-matching and/or negotiation, and notifies the user terminal of the session description protocol information of the agent module after re-matching and/or negotiation.

6. The system of claim 1, wherein the agent module periodically dynamically queries and retrieves the corresponding extranet address at firewall/network address translation from the STUN server module.

7. The system of claim 1, wherein the agent module and the user terminal establish a connection channel to send and receive real-time transport protocol packets according to the received session description protocol information.

8. A method for implementing a system according to any one of claims 1 to 7, comprising at least the following steps:

9. The method according to claim 8, wherein in step B, the agent module generates the session description protocol information including the corresponding external network address after acquiring the external network address corresponding to the firewall/network address translation, and sends the session description protocol information to the call control module.

10. The method of claim 9, wherein step D further comprises: