技术领域technical field
本发明涉及视频监控领域,尤其涉及一种IPC的远程访问方法和系统。The invention relates to the field of video monitoring, in particular to an IPC remote access method and system.
背景技术Background technique
随着网络视频监控的发展,以民用视频监控为代表的广域网视频监控需求日益增加。在广域网视频监控系统中,监控设备一般通过SOHO路由器接入运营商网络,用户希望可以随时随地通过客户端访问监控设备。With the development of network video surveillance, the demand for wide area network video surveillance represented by civilian video surveillance is increasing. In the WAN video surveillance system, the monitoring equipment is generally connected to the operator's network through the SOHO router, and users hope that they can access the monitoring equipment through the client anytime and anywhere.
在目前通用的广域视频监控组网图中,监控设备厂商在公网布置网站服务器,用户在家中布置1台NVR(Network Video Recorder,网络硬盘录像机)和多台IPC(IP Camera,网络摄像机),用户外出时通过网站客户端远程管理NVR和IPC。其中,网站服务器、网站客户端、NVR可以同属一家监控设备厂商,以相互配合实现穿越NAT(Network Address Translation,网络地址转换)的流程,用户可以通过网站客户端远程管理NVR。In the current general-purpose wide-area video surveillance network diagram, surveillance equipment manufacturers deploy website servers on the public network, and users deploy one NVR (Network Video Recorder, network hard disk video recorder) and multiple IPCs (IP Camera, network cameras) at home. , users remotely manage NVR and IPC through the website client when they go out. Among them, the website server, website client, and NVR can belong to the same monitoring equipment manufacturer, so as to cooperate with each other to realize the process of traversing NAT (Network Address Translation, Network Address Translation), and users can remotely manage the NVR through the website client.
然而,由于目前IPC多为第三方设备,无法与网站服务器和网站客户端配合实现穿越NAT的流程,因此用户不能通过网站客户端来远程管理第三方IPC。为了实现让用户通过网站客户端远程访问第三方IPC,在现有技术中,可以通过NVR来间接访问第三方IPC,然后在该方案中网站客户端访问每台IPC都需要经过NVR进行中转,会增加NVR的性能压力,而且一旦NVR出现单点故障,将会导致所有IPC都无法被网站客户端访问。However, since the current IPC is mostly a third-party device, it cannot cooperate with the website server and the website client to realize the process of traversing NAT, so the user cannot remotely manage the third-party IPC through the website client. In order to allow users to remotely access the third-party IPC through the website client, in the existing technology, the third-party IPC can be accessed indirectly through the NVR, and then in this solution, the website client needs to access each IPC through the NVR for transit, which will Increase the performance pressure of NVR, and once the NVR has a single point of failure, all IPCs will be unable to be accessed by website clients.
发明内容Contents of the invention
有鉴于此,本发明提出一种小IPC的远程访问方法,应用于视频监控系统中,所述视频监控系统包括网络硬盘录像机NVR、客户端主机、网站服务器以及与所述NVR绑定的若干IPC,包括:In view of this, the present invention proposes a remote access method of a small IPC, which is applied in a video surveillance system, and the video surveillance system includes a network hard disk video recorder NVR, a client host, a website server, and several IPCs bound to the NVR ,include:
NVR与绑定的IPC协商用于为客户端主机提供远程访问的第一IP地址和第一端口号;The NVR negotiates with the bound IPC to provide a first IP address and a first port number for remote access to the client host;
网站服务器通过所述第一IP地址和第一端口号为所述NVR与所述客户端主机之间建立连接;The website server establishes a connection between the NVR and the client host through the first IP address and the first port number;
当所述连接建立后,NVR将所述第一IP地址和第一端口号下发给所述绑定的IPC,并在所述第一IP地址和第一端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机;After the connection is established, the NVR sends the first IP address and the first port number to the bound IPC, and sends the first IP address and the first port number to the bound IPC After the above takes effect, the MAC address of the bound IPC is notified to the client host through the website server;
客户端主机向所述NVR一侧的出口路由设备发送远程访问报文,所述远程访问报文中包括MAC转发标识以及待访问IPC的MAC地址,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,在判断出所述远程访问报文中携带有MAC转发标识时,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。The client host sends a remote access message to the egress routing device on the NVR side, and the remote access message includes the MAC forwarding identifier and the MAC address of the IPC to be accessed, so that the egress routing device on the NVR side receives After receiving the remote access message, when it is determined that the remote access message carries a MAC forwarding identifier, the message is forwarded to the IPC corresponding to the MAC address to complete the remote access for the IPC.
本发明还提出一种IPC的远程访问系统,所述系统包括NVR、客户端主机、网站服务器以及与所述NVR绑定的若干IPC,其中:The present invention also proposes a remote access system for an IPC, the system includes an NVR, a client host, a website server, and several IPCs bound to the NVR, wherein:
NVR用于与绑定的IPC协商用于为客户端主机提供远程访问的第一IP地址和第一端口号;The NVR is used to negotiate with the bound IPC to provide a first IP address and a first port number for remote access of the client host;
网站服务器用于通过所述第一IP地址和第一端口号为所述NVR与所述客户端主机之间建立连接;The website server is used to establish a connection between the NVR and the client host through the first IP address and the first port number;
当所述连接建立后,NVR进一步用于将所述第一IP地址和第一端口号下发给所述绑定的IPC,并在所述第一IP地址和第一端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机;After the connection is established, the NVR is further used to issue the first IP address and the first port number to the bound IPC, and send the first IP address and the first port number to the bound IPC. After the specified IPC takes effect, the MAC address of the bound IPC is notified to the client host through the website server;
客户端主机用于向所述NVR一侧的出口路由设备发送远程访问报文,所述远程访问报文中包括MAC转发标识以及待访问IPC的MAC地址,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,在判断出所述远程访问报文中携带有MAC转发标识时,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。The client host is used to send a remote access packet to the egress routing device on the NVR side, and the remote access packet includes the MAC forwarding identifier and the MAC address of the IPC to be accessed, so that the egress routing device on the NVR side After receiving the remote access message, when it is determined that the remote access message carries a MAC forwarding identifier, the message is forwarded to the IPC corresponding to the MAC address to complete the remote access for the IPC.
本发明方案通过NVR与其绑定的IPC协商出用于为客户端主机提供远程访问的IP地址和端口号,网站服务器通过所述IP地址和端口号为所述NVR和所述客户端主机之间建立连接,当该连接建立完成后,NVR将所述IP地址和端口号下发给所述绑定的IPC,并在所述IP地址和端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机,客户端主机接收到网站服务器通告的MAC地址后,向所述NVR一侧的出口路由设备发送携带MAC转发标识和待访问IPC的MAC地址的远程访问报文,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,在判断出所述远程访问报文中携带有MAC转发标识时,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。在本发明方案中,由于通过NVR来代替IPC建立与客户端主机之间的连接,并在连接建立成功后,将建立连接时的IP地址和端口号下发给IPC,后续客户端主机可以通过该IP地址和端口号直接访问IPC,从而即时当网站服务器和NVR发生故障时,也不会影响客户端主机访问IPC。The solution of the present invention negotiates the IP address and port number used to provide remote access for the client host through the IPC bound to the NVR, and the website server provides a link between the NVR and the client host through the IP address and port number. Establish a connection, when the connection is established, the NVR sends the IP address and port number to the bound IPC, and after the IP address and port number take effect on the bound IPC, pass The website server notifies the MAC address of the bound IPC to the client host, and after receiving the MAC address notified by the website server, the client host sends the MAC forwarding identifier and the waiting list to the egress routing device on the NVR side. Access the remote access message of the MAC address of the IPC, so that after the egress routing device on the NVR side receives the remote access message, when it is judged that the remote access message carries the MAC forwarding identifier, it will The message is forwarded to the IPC corresponding to the MAC address to complete the remote access to the IPC. In the solution of the present invention, since the connection between the IPC and the client host is established through the NVR, and after the connection is established successfully, the IP address and port number when the connection is established are sent to the IPC, and the subsequent client host can pass The IP address and port number directly access the IPC, so even when the website server and NVR fail, it will not affect the client host's access to the IPC.
附图说明Description of drawings
图1是本发明示例性的一实施方式中示出的一种IPC的远程访问方法的流程图;FIG. 1 is a flow chart of a remote access method for an IPC shown in an exemplary embodiment of the present invention;
图2是本发明示例性的一实施方式中示出的一种视频监控系统方案的组网图;Fig. 2 is a networking diagram of a video monitoring system solution shown in an exemplary embodiment of the present invention;
图3是本发明示例性的一实施方式中示出的另一种视频监控系统方案的组网图;Fig. 3 is a networking diagram of another video surveillance system solution shown in an exemplary embodiment of the present invention;
图4是本发明示例性的一实施方式中提出的一种IPC的远程访问系统的示意图。Fig. 4 is a schematic diagram of an IPC remote access system proposed in an exemplary embodiment of the present invention.
具体实施方式Detailed ways
本发明旨在实现客户端主机可以在远端直接远程访问IPC,从而当NVR和网站服务器发生故障时,也不影响客户端主机对IPC的远程访问。The present invention aims to realize that the client host can directly and remotely access the IPC at the remote end, so that when the NVR and the website server fail, the remote access of the client host to the IPC is not affected.
本发明方案通过NVR与其绑定的IPC协商出用于为客户端主机提供远程访问的IP地址和端口号,网站服务器通过所述IP地址和端口号为所述NVR和所述客户端主机之间建立连接,当该连接建立完成后,NVR将所述IP地址和端口号下发给所述绑定的IPC,并在所述IP地址和端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机,客户端主机接收到网站服务器通告的MAC地址后,向所述NVR一侧的出口路由设备发送携带MAC转发标识和待访问IPC的MAC地址的远程访问报文,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,在判断出所述远程访问报文中携带有MAC转发标识时,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。The solution of the present invention negotiates the IP address and port number used to provide remote access for the client host through the IPC bound to the NVR, and the website server provides a link between the NVR and the client host through the IP address and port number. Establish a connection, when the connection is established, the NVR sends the IP address and port number to the bound IPC, and after the IP address and port number take effect on the bound IPC, pass The website server notifies the MAC address of the bound IPC to the client host, and after receiving the MAC address notified by the website server, the client host sends the MAC forwarding identifier and the waiting list to the egress routing device on the NVR side. Access the remote access message of the MAC address of the IPC, so that after the egress routing device on the NVR side receives the remote access message, when it is judged that the remote access message carries the MAC forwarding identifier, it will The message is forwarded to the IPC corresponding to the MAC address to complete the remote access to the IPC.
在本发明方案中,由于通过NVR来代替IPC建立与客户端主机之间的连接,并在连接建立成功后,将建立连接时的IP地址和端口号下发给IPC,后续客户端主机可以通过该IP地址和端口号直接访问IPC,从而即时当网站服务器和NVR发生故障时,也不会影响客户端主机访问IPC。In the solution of the present invention, since the connection between the IPC and the client host is established through the NVR, and after the connection is established successfully, the IP address and port number when the connection is established are sent to the IPC, and the subsequent client host can pass The IP address and port number directly access the IPC, so even when the website server and NVR fail, it will not affect the client host's access to the IPC.
为了使本发明的技术方案更加清楚明白,以下结合附图并举实施例对本发明进行详细描述。In order to make the technical solution of the present invention clearer, the present invention will be described in detail below with reference to the accompanying drawings and examples.
本发明示例性的一种实施方式中,提出一种IPC的远程访问方法,应用于视频监控系统中,所述视频监控系统包括网络硬盘录像机NVR、客户端主机、网站服务器以及与所述NVR绑定的若干IPC,请参见图1,所述方法包括:In an exemplary embodiment of the present invention, a remote access method of IPC is proposed, which is applied to a video surveillance system, and the video surveillance system includes a network hard disk video recorder NVR, a client host, a website server, and a web server tied to the NVR. Certain IPCs, please refer to Figure 1, the method includes:
步骤S101、NVR与绑定的IPC协商用于为客户端主机提供远程访问的第一IP地址和第一端口号;Step S101, the NVR and the bound IPC negotiate a first IP address and a first port number for providing remote access to the client host;
步骤S102、网站服务器通过所述第一IP地址和第一端口号为所述NVR与所述客户端主机之间建立连接;Step S102, the website server establishes a connection between the NVR and the client host through the first IP address and the first port number;
步骤S103、当所述连接建立后,NVR将所述第一IP地址和第一端口号下发给所述绑定的IPC,并在所述第一IP地址和第一端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机;Step S103, when the connection is established, the NVR sends the first IP address and the first port number to the bound IPC, and sends the first IP address and the first port number to the bound IPC After the specified IPC takes effect, the MAC address of the bound IPC is notified to the client host through the website server;
步骤S104、客户端主机向所述NVR一侧的出口路由设备发送远程访问报文,所述远程访问报文中包括MAC转发标识以及待访问IPC的MAC地址,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,在判断出所述远程访问报文中携带有MAC转发标识时,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。Step S104, the client host sends a remote access packet to the egress routing device on the NVR side, and the remote access packet includes the MAC forwarding identifier and the MAC address of the IPC to be accessed, so that the egress routing device on the NVR side After receiving the remote access message, the device forwards the message to the IPC corresponding to the MAC address to complete the remote access for the IPC when it determines that the remote access message carries a MAC forwarding identifier .
请参见图2,图2为本实施例示出的一种视频监控系统方案的组网图,以下结合该组网图对本发明方案进行详细阐述。Please refer to FIG. 2 . FIG. 2 is a network diagram of a video surveillance system solution shown in this embodiment. The solution of the present invention will be described in detail below in conjunction with the network diagram.
如图2所示,所述视频监控系统中包括一台由监控设备厂商在公网布置的网站服务器、一台NVR、多台IPC、一台安装了与所述网站服务器配合使用的网站客户端的用户主机(客户端主机),其中所述NVR以及所述IPC均支持ONVFI协议,在NVR一侧和客户端主机一侧还分别布置了一台均同时支持二三层转发的出口路由设备A和出口路由设备B。当然,在实现时,以上视频监控系统中的NVR也可以用支持网络功能的DVR(Digital Video Recorder,数字视频录像机)来替代,所述IPC也可以用支持ONVFI协议的EC编码器和前端的模拟摄像机来替代。As shown in Figure 2, the video monitoring system includes a website server arranged by the monitoring equipment manufacturer on the public network, an NVR, a plurality of IPCs, and a website client installed with the website server in cooperation with the website User host (client host), wherein the NVR and the IPC all support the ONVFI protocol, and an egress routing device A and Egress routing device B. Of course, when realizing, the NVR in the above video surveillance system can also be replaced by a DVR (Digital Video Recorder, digital video recorder) that supports the network function, and the IPC can also be used to support the EC encoder of the ONVFI protocol and the simulation of the front end. camera instead.
在组网阶段,所述NVR启动后向网站服务器发送注册报文,上报注册信息,其中所述注册信息包括NVR的IP地址、端口号、设备类型、设备序列号等信息,网站服务器在收到NVR的注册信息后,对NVR上报的注册信息进行验证,验证通过后,回应注册成功的报文给NVR,并记录NVR的IP地址和端口号以及NVR一侧的出口路由设备A的IP地址和端口号等信息。注册成功后,NVR定期向网站服务器发送保活报文,以维持NVR与网站服务器之间的连接。In the networking stage, after the NVR starts, it sends a registration message to the website server, and reports the registration information, wherein the registration information includes information such as the IP address, port number, device type, and device serial number of the NVR. After registering the NVR information, verify the registration information reported by the NVR. After the verification is passed, respond to the registration success message to the NVR, and record the IP address and port number of the NVR, as well as the IP address and port number of the egress routing device A on the NVR side. Port number and other information. After the registration is successful, the NVR periodically sends keep-alive messages to the website server to maintain the connection between the NVR and the website server.
所述网站客户端启动后也向网站服务器发送注册报文,上报注册信息,其中所述注册信息包括网站客户端的IP地址。端口号、用户名。密码等信息,网站服务器在收到网站客户端上报的注册信息后,对NVR上报的注册信息进行验证,验证通过后,回应注册成功的报文给网站客户端,并记录网站客户端的IP地址和端口号以及网站客户端一侧的出口路由设备B的IP地址和端口号等信息。注册成功后,网站客户端同样向网站服务器发送保活报文,以维持网站客户端与网站服务器之间的连接。After the website client is started, it also sends a registration message to the website server to report registration information, wherein the registration information includes the IP address of the website client. port number, username. After receiving the registration information reported by the website client, the website server verifies the registration information reported by the NVR. After the verification is passed, it responds with a successful registration message to the website client, and records the website client’s IP address and The port number and the IP address and port number of the egress routing device B on the client side of the website. After successful registration, the website client also sends a keep-alive message to the website server to maintain the connection between the website client and the website server.
当NVR向网站服务器注册成功后,可以开始在本地绑定IPC,将已绑定的IPC的信息上报给网站服务器。After the NVR successfully registers with the website server, it can start to bind the IPC locally, and report the information of the bound IPC to the website server.
其中,NVR向网站服务器上报的IPC信息中通常包括IPC的MAC地址。设备类型等信息,所述IPC的MAC地址可以通过向IPC发送ARP报文来获得。当NVR将绑定成功的IPC的信息上报到网站服务器后,网站服务器向NVR发送一个回应报文,并在本地记录IPC的MAC地址、设备类型等信息。Wherein, the IPC information reported by the NVR to the website server usually includes the MAC address of the IPC. Device type and other information, the MAC address of the IPC can be obtained by sending an ARP message to the IPC. After the NVR reports the information of the successfully bound IPC to the website server, the website server sends a response message to the NVR, and records information such as the MAC address and device type of the IPC locally.
对于绑定成功的IPC,NVR可以在本地启用一个用于为网站客户端提供远程访问的IP地址(第一IP地址)和端口号(第一端口号),其中该IP地址和端口号可以是NVR与绑定的IPC协商后获得。For the successfully bound IPC, the NVR can locally enable an IP address (the first IP address) and a port number (the first port number) for providing remote access to the website client, wherein the IP address and the port number can be Obtained after negotiation between the NVR and the bound IPC.
NVR在本地为绑定成功的IPC启用IP地址时,可以首先根据本机的IP地址、子网掩码等信息得到本网段的IP地址池,然后从本网段的IP地址池中按顺序取出一个IP地址,以该IP地址作为ARP报文内部的目的IP地址,发送ARP请求报文,如果在指定时间内没有收到针对该ARP请求报文的ARP响应报文,表明该IP地址空闲,则可以在本机上启用该空闲的IP地址。当然,如果收到了ARP响应报文,则表示该IP地址已被占用,则重复以上过程,按顺序再次取出一个IP地址,直到获取到一个空闲的IP地址,并在本地启用该IP地址。When the NVR locally enables the IP address for the successfully bound IPC, it can first obtain the IP address pool of the local network segment according to the local IP address, subnet mask and other information, and then select the IP address pool of the local network segment in order. Take out an IP address, use this IP address as the destination IP address inside the ARP message, and send an ARP request message. If no ARP response message for the ARP request message is received within the specified time, it indicates that the IP address is free , you can enable the free IP address on this machine. Of course, if an ARP response message is received, it means that the IP address has been occupied, then repeat the above process, take out an IP address again in order, until an idle IP address is obtained, and enable the IP address locally.
NVR在为绑定成功的IPC启用端口号时,可以首先从本机获取一个空闲的端口号,然后将该端口号下发给IPC,IPC检查该端口号在本机是否空闲,如果空闲,IPC回应一个指示该端口号空闲的报文给NVR,NVR在收到该报文本机启用该端口号;如果该端口已被占用,IPC回应一个指示该端口号已被占用的报文给NVR,此时该报文中携带IPC本机被占用的端口号列表及对应的协议,NVR在收到该报文后,根据IPC上报的已用端口号,结合本机的空闲端口号,获取一个在NVR和IPC上都空闲的端口号,并在本机上启用该端口号。When the NVR enables the port number for the successfully bound IPC, it can first obtain an idle port number from the local machine, and then send the port number to the IPC. The IPC checks whether the port number is free on the local machine. If it is free, the IPC Respond a message indicating that the port number is free to the NVR, and the NVR automatically activates the port number after receiving the message; if the port is already occupied, the IPC responds to the NVR with a message indicating that the port number is already occupied, At this time, the message carries the list of port numbers occupied by the IPC and the corresponding protocol. After receiving the message, the NVR obtains a Both the NVR and IPC port numbers are free, and the port numbers are enabled on this machine.
当该端口号启用后,如果NVR再次绑定了新的IPC时,为了防止已启用的端口号被新绑定的IPC占用而造成绑定失败的情况发生,NVR可以将已启用的端口号下发给该IPC,该IPC检查该端口号在本机是否空闲,如果空闲,IPC回应一个指示该端口号空闲的报文给NVR,此时不影响该IPC的正常绑定;如果该端口已被占用,IPC回应一个指示该端口号已被占用的报文给NVR,此时该报文中携带IPC本机被占用的端口号列表及对应的协议,NVR在收到该报文后,根据IPC上报的已用端口号,获取一个IPC上的空闲端口号,然后将已启用的端口号对应的协议以及该空闲端口号下发给IPC,此时NVR已启用的端口号在IPC本地被占用,NVR可以通知IPC将该已占用的端口号修改为空闲端口号,从而完成正常的绑定。After the port number is enabled, if the NVR binds a new IPC again, in order to prevent the enabled port number from being occupied by the newly bound IPC and cause the binding failure, the NVR can download the enabled port number Send it to the IPC, and the IPC checks whether the port number is free on the machine. If it is free, the IPC responds with a message indicating that the port number is free to the NVR. At this time, the normal binding of the IPC will not be affected; if the port has been Occupied, the IPC responds with a message indicating that the port number is occupied to the NVR. At this time, the message carries a list of the port numbers occupied by the IPC and the corresponding protocol. After receiving the message, the NVR will Report the used port number, obtain a free port number on the IPC, and then send the protocol corresponding to the enabled port number and the free port number to the IPC. At this time, the port number enabled by the NVR is occupied locally on the IPC. The NVR can notify the IPC to change the occupied port number to a free port number, so as to complete the normal binding.
当NVR在本地成功启用了所述用于为网站客户端提供远程访问的IP地址和端口号后,网站服务器可以根据该IP地址与端口号为所述NVR与所述网站客户端建立连接。After the NVR locally successfully enables the IP address and port number for providing remote access to the website client, the website server can establish a connection between the NVR and the website client according to the IP address and port number.
具体的,当用户通过网站客户端上提供的链接来访问某一IPC时,会触发向网站服务器发送一个IPC访问请求,网站服务器在收到该IPC访问请求后,可以在本地开启穿越NAT的流程,为NVR与IPC建立跨越公网以及穿越所述NVR一侧的出口路由设备A和网络客户端一侧的出口路由设备B的连接。Specifically, when a user accesses an IPC through a link provided on the website client, an IPC access request will be sent to the website server. After receiving the IPC access request, the website server can start the process of traversing NAT locally. , establishing a connection between the NVR and the IPC across the public network and through the egress routing device A on the NVR side and the egress routing device B on the network client side.
请继续参见图2,假设NVR新启用的用于为网站客户端提供远程访问的IP地址为A1、端口号为P1;经过NVR一侧的出口路由设备A转换后的IP地址为A1′(即所述出口路由设备A的IP地址)、经过NVR一侧的出口路由设备A转换后的端口号为P1′(即所述出口路由设备A的端口号);网站客户端的IP地址为A2、端口号为P2,经过网站客户端一侧的出口路由设备B转换后的IP地址为A2′(即所述出口路由设备B的IP地址)、经过网站客户端一侧的出口路由设备B转换后的端口号为P2′(即所述出口路由设备A的端口号)。Please continue to refer to Fig. 2, assuming that the IP address newly enabled by the NVR to provide remote access for the website client is A1, and the port number is P1; The IP address of the outlet routing device A), the port number converted by the outlet routing device A on the NVR side is P1 ' (that is, the port number of the outlet routing device A); the IP address of the website client is A2, port The number is P2, the IP address converted by the egress routing device B on the client side of the website is A2' (that is, the IP address of the egress routing device B), and the IP address converted by the egress routing device B on the client side of the website The port number is P2' (that is, the port number of the egress routing device A).
当网站服务器收到网站客户端发送的IPC访问请求后,触发向NVR发送第一通告报文,该第一通告报文中携带出口路由设备B的IP地址A2′和端口号P2′。NVR在收到该第一通告报文后,获取出口路由设备B的IP地址和端口号,向出口路由设备B发送一个连接创建请求报文,此时该连接创建请求报文的源IP地址为A1,源端口号为P1,目的IP地址为A2′、目的端口号为P2′;当出口路由设备A收到该连接创建请求报文后,可以自动学习该报文中携带的源IP地址、目的IP地址、源端口号以及目的端口号,并在本地生成源IP地址为A1、源端口号为P1、目的IP地址A2′、目的端口号为P2′的NAT表项(即第一NAT表项),后续出口路由设备A可以根据该NAT表项为来自所述客户端主机一侧的出口路由设备B的报文进行地址转换。When the website server receives the IPC access request sent by the website client, it triggers to send the first notification message to the NVR, and the first notification message carries the IP address A2' and port number P2' of the egress routing device B. After receiving the first notification message, the NVR obtains the IP address and port number of the egress routing device B, and sends a connection creation request message to the egress routing device B. At this time, the source IP address of the connection creation request message is A1, the source port number is P1, the destination IP address is A2', and the destination port number is P2'; when the egress routing device A receives the connection establishment request message, it can automatically learn the source IP address, Purpose IP address, source port number and purpose port number, and locally generate source IP address as A1, source port number as P1, purpose IP address A2 ', purpose port number as the NAT entry (i.e. the first NAT table entry), the subsequent egress routing device A can perform address translation for the message from the egress routing device B on the client host side according to the NAT entry.
当出口路由设备B在收到所述连接创建请求报文时,由于此时出口路由设备B上并未创建对应的NAT表项,无法完成地址转换,因此所述连接创建请求报文将无法被透传到网站客户端。When the egress routing device B receives the connection creation request message, because the corresponding NAT entry has not been created on the egress routing device B at this time, the address translation cannot be completed, so the connection creation request message will not be accepted. Transparently transmitted to the website client.
当NVR发送完所述连接创建请求报文后,可以通告所述网站服务器该报文已发送,以触发所述网站服务器在收到该连接请求报文后,向所述客户端主机发送携带出口路由设备A的IP地址A1′和端口号P1′的第二通告报文。此时该连接创建回应报文的源IP地址为A1,源端口号为P1,目的IP地址为A2′、目的端口号为P2′。After the NVR has sent the connection creation request message, it can notify the website server that the message has been sent, so as to trigger the website server to send a port port to the client host after receiving the connection request message. The second advertisement message of the IP address A1' and the port number P1' of the routing device A. At this time, the source IP address of the connection creation response message is A1, the source port number is P1, the destination IP address is A2', and the destination port number is P2'.
网站客户端在收到网站服务器发送的第二通告报文后,获取出口路由设备A的IP地址和端口号,向出口路由设备A发送一个连接创建回应报文,此时该连接创建回应报文的源IP地址为A2、端口号为P2,目的IP地址为A1′、目的端口号为P1′;当出口路由设备B收到该连接创建回应报文后,可以自动学习该报文中携带的源IP地址、目的IP地址、源端口号以及目的端口号,并在本地生成源IP地址为A2、源端口号为P2、目的IP地址A1′、目的端口号为P1′的NAT表项(即第二NAT表项),后续出口路由设备B可以根据该NAT表项为来自所述NVR一侧的出口路由设备A的报文进行地址转换。After the website client receives the second notification message sent by the website server, it obtains the IP address and port number of the egress routing device A, and sends a connection creation response message to the egress routing device A. At this time, the connection creation response message The source IP address is A2, the port number is P2, the destination IP address is A1′, and the destination port number is P1′; when the egress routing device B receives the connection establishment response message, it can automatically learn the source IP address, destination IP address, source port number, and destination port number, and locally generate a NAT entry whose source IP address is A2, source port number is P2, destination IP address A1′, and destination port number is P1′ (i.e. second NAT entry), the subsequent egress routing device B can perform address translation for the message from the egress routing device A on the NVR side according to the NAT entry.
当出口路由设备A收到所述连接创建回应报文,由于此时出口路由设备A上已创建了所述第一NAT表项,因此可以完成地址转换,将所述连接回应报文的目的IP地址转换为A1,将所述连接回应报文的目的端口转换为P1,从而透传到NVR。When the egress routing device A receives the connection creation response message, since the first NAT entry has been created on the egress routing device A at this time, address translation can be completed, and the destination IP address of the connection response message will be The address is converted to A1, and the destination port of the connection response message is converted to P1, so as to be transparently transmitted to the NVR.
当网站客户端发送完所述连接创建回应报文后,可以通告所述网站服务器该报文已发送,自此,NVR与网站客户端之间的连接创建完成。该连接跨越公网,并且由于出口路由设备A和出口路由设备B上已经创建了相关的NAT表项,因此该连接上承载的报文可以穿越所述NVR一侧的出口路由设备A和网络客户端一侧的出口路由设备B,在网站客户端和NVR之间实现透传。After the website client finishes sending the connection establishment response message, it can notify the website server that the message has been sent, and since then, the connection between the NVR and the website client has been established. This connection spans the public network, and because the relevant NAT entries have been created on the egress routing device A and egress routing device B, the packets carried on this connection can pass through the egress routing device A and the network client on the NVR side The egress routing device B on the terminal side realizes transparent transmission between the website client and the NVR.
在本实施例中,当NVR与网站客户端之间的所述连接创建完成后,NVR可以将已启用的所述IP地址A1和端口号P1下发给所有已经绑定的IPC,并在本地释放IP地址A1和端口号P1,此时NVR本地绑定的所有IPC共用IP地址A1和端口号P1。In this embodiment, after the connection between the NVR and the website client is established, the NVR can issue the enabled IP address A1 and port number P1 to all bound IPCs, and locally Release IP address A1 and port number P1. At this time, all IPCs bound to the NVR locally share IP address A1 and port number P1.
NVR本地绑定的各IPC在收到NVR下发的IP地址A1和端口号P1后,在本地启用IP地址A1和端口号P1(不删除原有的IP地址和端口号),并在所述IP地址A1和端口号P1生效后,发送一个响应报文给NVR,NVR在收到该响应报文后通告网站服务器IP地址A1和端口号P1已生效,此时该连接上承载的报文可以穿越所述NVR一侧的出口路由设备A和网络客户端一侧的出口路由设备B,在网站客户端和IPC之间实现透传。After receiving the IP address A1 and port number P1 issued by the NVR, each IPC locally bound to the NVR enables the IP address A1 and port number P1 locally (the original IP address and port number are not deleted), and After the IP address A1 and port number P1 take effect, a response message is sent to the NVR. After receiving the response message, the NVR notifies the website server that the IP address A1 and port number P1 have taken effect. At this time, the message carried on the connection can be Through the egress routing device A on the NVR side and the egress routing device B on the network client side, transparent transmission is realized between the website client and the IPC.
当网站服务器在得知IP地址A1和端口号已在IPC上生效后,可以将NVR上报的各绑定IPC的MAC地址通告给网站客户端,网站客户端获取到与NVR绑定的各IPC的MAC地址后,后续当用户通过点击网站客户端提供的链接访问任一IPC时,可以构造一个携带MAC转发标记和所要访问的IPC的MAC地址的远程访问报文发送给出口路由设备A。After the website server knows that the IP address A1 and the port number have taken effect on the IPC, it can notify the website client of the MAC addresses of the bound IPCs reported by the NVR, and the website client obtains the MAC addresses of the IPCs bound to the NVR. After the MAC address, when the user accesses any IPC by clicking the link provided by the website client, a remote access packet carrying the MAC forwarding flag and the MAC address of the IPC to be accessed can be constructed and sent to the egress routing device A.
其中,值得说明的是,网站客户端在构造报文时,可以将所述MAC转发标识以及MAC地址携带在报文头中来实现。例如,以所述远程访问报文为IP报文为例,网站客户端在构造报文时,可以通过改造外层IP头的结构,通过在外层IP头的扩展字段中增加一个包含MAC转发标识以及MAC地址两个字段的选项来实现。Wherein, it is worth noting that, when the website client constructs the message, the MAC forwarding identifier and the MAC address may be carried in the message header to implement. For example, taking the remote access message as an IP message as an example, when the website client constructs the message, it can modify the structure of the outer IP header and add a MAC forwarding identifier in the extension field of the outer IP header. And the options of the two fields of the MAC address to achieve.
当出口路由设备A在收到该远程访问报文时,可以根据已创建的第一NAT表项将该报文的目的IP地址转换成A1,将该报文的目的端口号转换成P1,此时由于IP地址A1和端口号P1已被NVR下发给IPC,因此网站客户端可以根据该IP地址和端口号直接访问IPC。然而,由于与NVR绑定的IPC通常为多个,并且与NVR绑定的IPC共用所述IP地址A1和端口号P1,因此出口路由设备A在对该报文进行地址转换后,可以进一步判断该报文中是否携带MAC转发标识以及MAC地址,如果是,那么出口路由设备A可以直接将该报文转发到与该MAC地址对应的IPC。When the egress routing device A receives the remote access message, it can convert the destination IP address of the message into A1 according to the created first NAT entry, and convert the destination port number of the message into P1. At this time, because the IP address A1 and port number P1 have been issued to the IPC by the NVR, the website client can directly access the IPC according to the IP address and port number. However, since there are usually multiple IPCs bound to the NVR, and the IPCs bound to the NVR share the IP address A1 and port number P1, after the egress routing device A performs address translation on the message, it can further determine Whether the message carries the MAC forwarding identifier and the MAC address, and if so, the egress routing device A can directly forward the message to the IPC corresponding to the MAC address.
当然,如果出口路由设备A判断出该报文中不携带所述MAC转发标识,或者出口路由设备A为第三方设备由于设备不兼容无法识别所述MAC转发标识时,可以查询本地的ARP表,检查是否存在对应的ARP表项;如果是,则将该报文转发到与所述ARP表项中的目的MAC所对应的IPC;如果否,可以向网站客户端所要访问的IPC发送ARP请求报文获取MAC地址,然后将该报文转发到获取到的MAC地址所对应的IPC。Of course, if the egress routing device A judges that the message does not carry the MAC forwarding identifier, or when the egress routing device A is a third-party device that cannot recognize the MAC forwarding identifier due to equipment incompatibility, it can query the local ARP table, Check whether there is a corresponding ARP table entry; if yes, forward the message to the IPC corresponding to the destination MAC in the ARP table entry; if not, send an ARP request message to the IPC to be accessed by the website client The message obtains the MAC address, and then forwards the message to the IPC corresponding to the obtained MAC address.
在本实施例中,当IPC收到来自网站客户端的远程访问报文后,可以针对该远程访问报文向网站客户端发送一个回应报文,以完成针对该IPC的远程访问;例如,当用户通过网站客户端远程点播IPC的视频流时,IPC在收到来自网站客户端的远程访问报文时,可以通过回应报文将本地的视频流发送给网站客户端。In this embodiment, after the IPC receives the remote access message from the website client, it can send a response message to the website client for the remote access message to complete the remote access to the IPC; for example, when the user When remotely ordering the video stream of the IPC through the website client, the IPC can send the local video stream to the website client through a response message when receiving a remote access message from the website client.
当出口路由设备B收到来自所述IPC的回应报文后,可以根据创建的所述第二NAT表项,将该报文的目的IP地址转换成A2,将该报文的目的端口转换成P2,从而可以将该报文透传到网站客户端,以完成针对该IPC的远程访问。After the egress routing device B receives the response message from the IPC, it can convert the destination IP address of the message into A2 and convert the destination port of the message into A2 according to the created second NAT entry. P2, so that the message can be transparently transmitted to the website client to complete the remote access to the IPC.
以下以一个具体的应用实例并结合组网环境对以上方案进行描述。The above solution is described below with a specific application example combined with a networking environment.
请参见图3,假设IPC1的MAC地址为B8-CA-3A-AF-C3-01,IPC2的MAC地址为B8-CA-3A-AF-C3-02,IPC1和IPC2共用的IP地址为192.168.1.2,端口号为80,经过IPC侧路由设备A转换后的IP地址为1.1.1.1,端口号为10000;该路由设备A上存在源IP地址为192.168.1.2,源端口号为80,目的IP地址为2.2.2.2,目的端口号为20000的NAT表项。Please refer to Figure 3, assuming that the MAC address of IPC1 is B8-CA-3A-AF-C3-01, the MAC address of IPC2 is B8-CA-3A-AF-C3-02, and the shared IP address of IPC1 and IPC2 is 192.168. 1.2, the port number is 80, the IP address converted by the routing device A on the IPC side is 1.1.1.1, and the port number is 10000; the source IP address of the routing device A is 192.168.1.2, the source port number is 80, and the destination IP NAT entry with address 2.2.2.2 and destination port number 20000.
网站客户端的IP地址为192.168.2.2,端口号为8080;经过网站客户端侧路由设备B转换后的IP地址为2.2.2.2,端口号为20000;该路由设备B上存在源IP地址为192.168.2.2,源端口号为8080,目的IP地址为1.1.1.1,目的端口号为10000的NAT表项The IP address of the website client is 192.168.2.2, and the port number is 8080; the IP address converted by the routing device B on the client side of the website is 2.2.2.2, and the port number is 20000; the source IP address of the routing device B is 192.168. 2.2, the source port number is 8080, the destination IP address is 1.1.1.1, and the destination port number is 10000 NAT entry
在实现时,网站客户端发送报文给IPC1,该报文到达IPC侧的路由设备A时,报文的源IP地址为2.2.2.2,源端口号为20000,目的IP地址为1.1.1.1,目的端口号为10000。路由设备A查询NAT表,存在对应的NAT表项,于是路由设备A转换报文的目的IP地址和目的端口号,转换后报文的目的IP地址为192.168.1.2,目的端口号为80。During implementation, the website client sends a message to IPC1. When the message reaches the routing device A on the IPC side, the source IP address of the message is 2.2.2.2, the source port number is 20000, and the destination IP address is 1.1.1.1. The destination port number is 10000. Routing device A queries the NAT table, and there is a corresponding NAT entry, so routing device A converts the destination IP address and destination port number of the packet. After the conversion, the destination IP address of the packet is 192.168.1.2, and the destination port number is 80.
地址转换后,路由设备A检查报文头部选项,报文头部选项携带了MAC转发标识,MAC地址为B8-CA-3A-AF-C3-01,此时路由设备A不查询ARP表,直接将报文发送到MAC地址为B8-CA-3A-AF-C3-01的IPC 1。After address translation, routing device A checks the packet header option, which carries the MAC forwarding identifier, and the MAC address is B8-CA-3A-AF-C3-01. At this time, routing device A does not query the ARP table. Directly send the packet to IPC 1 whose MAC address is B8-CA-3A-AF-C3-01.
当IPC1向网站客户端回应报文时,该报文到达网站客户端侧的路由设备B时,报文的源IP地址为1.1.1.1,源端口号为10000,目的IP地址为2.2.2.2,目的端口号为20000。路由设备B查询NAT表,存在对应的NAT表项,于是路由设备A转换报文的目的IP地址和目的端口号,转换后报文的目的IP地址为192.168.2.2,目的端口号为8080。When IPC1 responds to the website client with a message, when the message reaches the routing device B on the website client side, the source IP address of the message is 1.1.1.1, the source port number is 10000, and the destination IP address is 2.2.2.2. The destination port number is 20000. Routing device B queries the NAT table, and there is a corresponding NAT entry, so routing device A converts the destination IP address and destination port number of the packet. After the conversion, the destination IP address of the packet is 192.168.2.2, and the destination port number is 8080.
地址转换后,此时路由设备B将该报文发送到IP地址为192.168.2.2,端口号为8080的网站客户端。自此针对IPC1的远程访问完成。After address translation, routing device B sends the message to the website client with IP address 192.168.2.2 and port number 8080. Since then, remote access to IPC1 has been completed.
通过以上实施例的描述可知,本发明方案通过NVR与其绑定的IPC协商出用于为客户端主机提供远程访问的IP地址和端口号,网站服务器根据所述IP地址和端口号为所述NVR和所述客户端主机建立连接,当该连接建立完成后,NVR将所述IP地址和端口号下发给所述绑定的IPC,并在所述IP地址和端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机,客户端主机接收到网站服务器通告的MAC地址后,向所述NVR一侧的出口路由设备发送携带MAC转发标识和访问IPC的MAC地址的远程访问报文,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。在本发明方案中,由于通过NVR来代替IPC建立与客户端主机之间的连接,并在连接建立成功后,将建立连接时的IP地址和端口号下发给IPC,后续客户端主机可以通过该IP地址和端口号直接访问IPC,从而即使当网站服务器和NVR发生故障时,也不会影响客户端主机访问IPC。It can be seen from the description of the above embodiments that the solution of the present invention negotiates the IP address and port number for providing remote access to the client host through the IPC bound by the NVR, and the website server provides the IP address and port number for the NVR according to the IP address and port number. Establish a connection with the client host, and when the connection is established, the NVR will issue the IP address and port number to the bound IPC, and send the IP address and port number to the bound IPC After the IPC takes effect, the MAC address of the bound IPC is notified to the client host through the website server, and after the client host receives the MAC address notified by the website server, it sends a message to the egress routing device on the NVR side The remote access message carrying the MAC forwarding identifier and the MAC address of the access IPC, so that the egress routing device on the NVR side forwards the message to the IPC corresponding to the MAC address after receiving the remote access message To complete the remote access to the IPC. In the solution of the present invention, since the connection between the IPC and the client host is established through the NVR, and after the connection is established successfully, the IP address and port number when the connection is established are sent to the IPC, and the subsequent client host can pass The IP address and port number directly access the IPC, so that even when the website server and NVR fail, it will not affect the client host's access to the IPC.
同时,在本发明中,IPC不需要配合网站服务器和网站客户端实现穿越NAT的流程,通过NVR配合网站服务器和网站客户端实现NAT穿越,从而从网站客户端可以主动访问IPC,对IPC进行远程管理;而且,由于NVR替代IPC建立与网站客户端之间的网络连接,然后下发建立连接时使用的IP地址和端口号给所有IPC,所有IPC共用该IP地址和端口号,共享一条网络连接,从而网站客户端访问与NVR绑定的其它IPC时,不需要重复进行NAT穿越。At the same time, in the present invention, the IPC does not need to cooperate with the website server and the website client to realize the process of traversing NAT, and the NVR cooperates with the website server and the website client to realize NAT traversal, so that the website client can actively access the IPC and perform remote monitoring of the IPC. Moreover, since the NVR replaces the IPC to establish a network connection with the website client, and then sends the IP address and port number used to establish the connection to all IPCs, all IPCs share the IP address and port number and share a network connection , so that when the website client accesses other IPCs bound to the NVR, it does not need to perform NAT traversal repeatedly.
请参见图4,在一种示例性的实施方式中,本发明还提出一种IPC的远程访问系统,所述系统包括NVR、客户端主机、网站服务器以及与所述NVR绑定的若干IPC,所述NVR以及所述IPC均支持ONVFI协议,所述系统中在NVR一侧和客户端主机一侧还分别布置了一台均同时支持二三层转发的出口路由设备A和出口路由设备B。其中:Please refer to Fig. 4, in an exemplary embodiment, the present invention also proposes a remote access system for IPC, the system includes NVR, client host, website server and several IPCs bound to the NVR, Both the NVR and the IPC support the ONVFI protocol, and an egress routing device A and an egress routing device B that both support Layer 2 and Layer 3 forwarding are respectively arranged on the NVR side and the client host side in the system. in:
NVR用于与绑定的IPC协商用于为客户端主机提供远程访问的第一IP地址和第一端口号;The NVR is used to negotiate with the bound IPC to provide a first IP address and a first port number for remote access of the client host;
网站服务器用于通过所述第一IP地址和第一端口号为所述NVR与所述客户端主机之间建立连接;The website server is used to establish a connection between the NVR and the client host through the first IP address and the first port number;
当所述连接建立后,NVR进一步用于将所述第一IP地址和第一端口号下发给所述绑定的IPC,并在所述第一IP地址和第一端口号在所述绑定的IPC上生效后,通过网站服务器将所述绑定的IPC的MAC地址通告给所述客户端主机;After the connection is established, the NVR is further used to issue the first IP address and the first port number to the bound IPC, and send the first IP address and the first port number to the bound IPC. After the specified IPC takes effect, the MAC address of the bound IPC is notified to the client host through the website server;
客户端主机用于向所述NVR一侧的出口路由设备发送远程访问报文,所述远程访问报文中包括MAC转发标识以及待访问IPC的MAC地址,使得所述NVR一侧的出口路由设备在收到所述远程访问报文后,在判断出所述远程访问报文中携带有MAC转发标识时,将该报文转发到所述MAC地址对应的IPC以完成针对该IPC的远程访问。The client host is used to send a remote access packet to the egress routing device on the NVR side, and the remote access packet includes the MAC forwarding identifier and the MAC address of the IPC to be accessed, so that the egress routing device on the NVR side After receiving the remote access message, when it is determined that the remote access message carries a MAC forwarding identifier, the message is forwarded to the IPC corresponding to the MAC address to complete the remote access for the IPC.
在本实施例中,所述网站服务器进一步用于:In this embodiment, the website server is further used for:
接收客户端主机发送的IPC访问请求;其中所述IPC访问请求用于触发所述网站服务器在接收到该IPC访问请求后,向NVR发送第一通告报文;所述第一通告报文包括所述客户端主机一侧的出口路由设备的第二IP地址和第二端口号;Receiving an IPC access request sent by a client host; wherein the IPC access request is used to trigger the website server to send a first notification message to the NVR after receiving the IPC access request; the first notification message includes the The second IP address and the second port number of the egress routing device on the client host side;
所述NVR进一步用于:The NVR is further used to:
接收所述网站服务器发送的第一通告报文,向所述客户端主机一侧的出口路由设备发送连接创建请求报文,并在所述连接创建请求报文发送后通告所述网站服务器,以触发所述网站服务器向所述客户端主机发送第二通告报文;所述第二通告报文包括NVR一侧的出口路由设备的第三IP地址和第三端口号;receiving the first notification message sent by the website server, sending a connection creation request message to the egress routing device on the client host side, and notifying the website server after the connection creation request message is sent, to Triggering the website server to send a second notification message to the client host; the second notification message includes the third IP address and the third port number of the egress routing device on the NVR side;
所述客户端主机进一步用于:The client host is further used for:
接收所述网站服务器发送的第二通告报文,向所述NVR一侧的出口路由设备发送连接创建回应报文,并在所述连接创建回应报文发送后通告所述网站服务器。Receive the second notification message sent by the website server, send a connection establishment response message to the egress routing device on the NVR side, and notify the website server after the connection establishment response message is sent.
在本实施例中,所述连接创建请求报文的源IP地址为所述第一IP地址、源端口号为所述第一端口号、目的IP地址为所述第二IP地址、目的端口号为所述第二端口号;所述连接创建回应报文的源IP地址为客户端主机的IP地址、源端口号为客户端主机的端口号、目的IP地址为所述第三IP地址、目的端口号为所述第三端口号;In this embodiment, the source IP address of the connection creation request message is the first IP address, the source port number is the first port number, the destination IP address is the second IP address, and the destination port number is the second port number; the source IP address of the connection creation response message is the IP address of the client host, the source port number is the port number of the client host, the destination IP address is the third IP address, and the destination The port number is the third port number;
在本实施例中,所述NVR一侧的出口路由设备进一步用于:In this embodiment, the egress routing device on the NVR side is further used for:
在接收到所述连接创建请求报文后,创建用于为来自所述客户端主机一侧的出口路由设备的报文进行地址转换的第一NAT表项;After receiving the connection creation request message, create a first NAT entry for address translation for the message from the egress routing device on the client host side;
所述客户端主机一侧的出口路由设备进一步用于:The egress routing device on the side of the client host is further used for:
在接收到所述连接创建回应报文后创建用于为来自所述NVR一侧的出口路由设备的报文进行地址转换的第二NAT表项。After receiving the connection creation response message, create a second NAT entry for performing address translation on the message from the egress routing device on the NVR side.
在本实施例中,所述NVR一侧的出口路由设备进一步用于:In this embodiment, the egress routing device on the NVR side is further used for:
在收到所述客户端主机发送的远程访问报文时,根据已创建的所述第一NAT表项对该报文进行地址转换,并判断地址转换后的报文中是否携带MAC转发标识以及MAC地址;当该报文中携带MAC转发标识以及MAC地址时,将该报文转发到所述MAC地址对应的IPC;When receiving the remote access message sent by the client host, perform address translation on the message according to the created first NAT entry, and determine whether the address translated message carries a MAC forwarding identifier and MAC address; when the message carries a MAC forwarding identifier and a MAC address, forward the message to the IPC corresponding to the MAC address;
所述客户端主机一侧的出口路由设备进一步用于:The egress routing device on the side of the client host is further used for:
在收到所述IPC发送的针对所述远程访问报文的回应报文后,根据已创建的所述第二NAT表项对该报文进行地址转换后,将该报文转发到所述客户端主机,以完成所述客户端主机针对该IPC的远程访问。After receiving the response message sent by the IPC for the remote access message, after performing address translation on the message according to the created second NAT entry, forwarding the message to the client end host, to complete the remote access of the client host to the IPC.
在本实施例中,所述NVR一侧的出口路由设备进一步用于:In this embodiment, the egress routing device on the NVR side is further used for:
在判断出地址转换后的报文中未携带所述MAC转发标识时,查询ARP表,检查是否存在对应的ARP表项;如果是,将该报文转发到与所述ARP表项中的目的MAC所对应的IPC;如果否,向所述访问IPC发送ARP请求报文获取MAC地址,将该报文转发到获取到的MAC地址所对应的IPC。When it is judged that the MAC forwarding identifier is not carried in the message after the address translation, query the ARP table to check whether there is a corresponding ARP entry; if so, forward the message to the destination in the ARP entry The IPC corresponding to the MAC; if not, send an ARP request message to the visiting IPC to obtain the MAC address, and forward the message to the IPC corresponding to the obtained MAC address.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明保护的范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the present invention. within the scope of protection.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410839822.9ACN104539902B (en) | 2014-12-29 | 2014-12-29 | The remote access method and system of a kind of IPC |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410839822.9ACN104539902B (en) | 2014-12-29 | 2014-12-29 | The remote access method and system of a kind of IPC |
| Publication Number | Publication Date |
|---|---|
| CN104539902Atrue CN104539902A (en) | 2015-04-22 |
| CN104539902B CN104539902B (en) | 2018-06-05 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410839822.9AActiveCN104539902B (en) | 2014-12-29 | 2014-12-29 | The remote access method and system of a kind of IPC |
| Country | Link |
|---|---|
| CN (1) | CN104539902B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883547A (en)* | 2015-06-16 | 2015-09-02 | 浙江宇视科技有限公司 | IPC access method based on physical port of network access equipment, and NVR |
| CN105656680A (en)* | 2016-01-29 | 2016-06-08 | 浙江宇视科技有限公司 | Method and device for controlling web camera |
| CN105979405A (en)* | 2016-06-24 | 2016-09-28 | 浙江宇视科技有限公司 | Method and device for accessing video device |
| CN110557563A (en)* | 2019-08-05 | 2019-12-10 | 深圳市天视通电子科技有限公司 | Remote communication method and system for network camera |
| CN111163040A (en)* | 2018-11-08 | 2020-05-15 | 浙江宇视科技有限公司 | Renegotiated session reestablishment method and device |
| CN111432151A (en)* | 2020-01-20 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | Video data storage method, device, equipment and storage medium |
| CN113612861A (en)* | 2021-10-08 | 2021-11-05 | 深圳鼎信通达股份有限公司 | Remote access method, system and computer readable storage medium |
| CN115865864A (en)* | 2022-11-22 | 2023-03-28 | 珠海豹趣科技有限公司 | Remote network disk access method, device, electronic equipment and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006081142A (en)* | 2004-08-09 | 2006-03-23 | Megachips System Solutions Inc | Network camera, DDNS server, and video distribution system |
| CN101552804A (en)* | 2008-12-22 | 2009-10-07 | 北京大学深圳研究生院 | Network video distribution system and network video access method thereof |
| US20090313477A1 (en)* | 2006-06-30 | 2009-12-17 | Posdata Co., Ltd. | Dvr server and method for controlling access to monitoring device in network-based dvr system |
| CN102811174A (en)* | 2012-07-30 | 2012-12-05 | 浙江宇视科技有限公司 | A monitoring service processing method and NVR |
| CN104010052A (en)* | 2014-06-11 | 2014-08-27 | 浙江宇视科技有限公司 | A UPnP-based media connection method in a monitoring system |
| CN104104926A (en)* | 2014-07-30 | 2014-10-15 | 浙江宇视科技有限公司 | Universal plug and play (UPnP) monitoring terminal access method and access device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006081142A (en)* | 2004-08-09 | 2006-03-23 | Megachips System Solutions Inc | Network camera, DDNS server, and video distribution system |
| US20090313477A1 (en)* | 2006-06-30 | 2009-12-17 | Posdata Co., Ltd. | Dvr server and method for controlling access to monitoring device in network-based dvr system |
| CN101552804A (en)* | 2008-12-22 | 2009-10-07 | 北京大学深圳研究生院 | Network video distribution system and network video access method thereof |
| CN102811174A (en)* | 2012-07-30 | 2012-12-05 | 浙江宇视科技有限公司 | A monitoring service processing method and NVR |
| CN104010052A (en)* | 2014-06-11 | 2014-08-27 | 浙江宇视科技有限公司 | A UPnP-based media connection method in a monitoring system |
| CN104104926A (en)* | 2014-07-30 | 2014-10-15 | 浙江宇视科技有限公司 | Universal plug and play (UPnP) monitoring terminal access method and access device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883547B (en)* | 2015-06-16 | 2019-04-12 | 浙江宇视科技有限公司 | Method and NVR based on network access equipment physical port access IPC |
| CN104883547A (en)* | 2015-06-16 | 2015-09-02 | 浙江宇视科技有限公司 | IPC access method based on physical port of network access equipment, and NVR |
| CN105656680B (en)* | 2016-01-29 | 2019-12-13 | 浙江宇视科技有限公司 | Method and device for controlling a network camera |
| CN105656680A (en)* | 2016-01-29 | 2016-06-08 | 浙江宇视科技有限公司 | Method and device for controlling web camera |
| CN105979405A (en)* | 2016-06-24 | 2016-09-28 | 浙江宇视科技有限公司 | Method and device for accessing video device |
| CN111163040A (en)* | 2018-11-08 | 2020-05-15 | 浙江宇视科技有限公司 | Renegotiated session reestablishment method and device |
| CN111163040B (en)* | 2018-11-08 | 2022-06-14 | 浙江宇视科技有限公司 | Renegotiated session reestablishment method and device |
| CN110557563A (en)* | 2019-08-05 | 2019-12-10 | 深圳市天视通电子科技有限公司 | Remote communication method and system for network camera |
| CN111432151A (en)* | 2020-01-20 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | Video data storage method, device, equipment and storage medium |
| CN111432151B (en)* | 2020-01-20 | 2022-08-23 | 杭州海康威视数字技术股份有限公司 | Video data storage method, device, equipment and storage medium |
| CN113612861A (en)* | 2021-10-08 | 2021-11-05 | 深圳鼎信通达股份有限公司 | Remote access method, system and computer readable storage medium |
| CN113612861B (en)* | 2021-10-08 | 2022-01-11 | 深圳鼎信通达股份有限公司 | Remote access method, system and computer readable storage medium |
| CN115865864A (en)* | 2022-11-22 | 2023-03-28 | 珠海豹趣科技有限公司 | Remote network disk access method, device, electronic equipment and storage medium |
| Publication number | Publication date |
|---|---|
| CN104539902B (en) | 2018-06-05 |
| Publication | Publication Date | Title |
|---|---|---|
| CN104539902B (en) | The remote access method and system of a kind of IPC | |
| JP6001797B2 (en) | Method for managing a ZigBee network in the Internet of Things | |
| US11184842B2 (en) | Conveying non-access stratum messages over ethernet | |
| CN102594652B (en) | Migration method of virtual machine, switch and virtual machine system | |
| CN106412142B (en) | Resource equipment address obtaining method and device | |
| WO2015003566A1 (en) | Method, device and system for transmitting packet in multicast domain name system | |
| CN102790811B (en) | A kind of method and apparatus of cross-over NAT equipment in monitor network | |
| WO2011150720A1 (en) | Method, network device and system for automatically configuring network device in internet protocol version 6 network | |
| WO2011041967A1 (en) | Method for anonymous communication, method for registration, method and system for trasmitting and receiving information | |
| CN101309197B (en) | Network system and access node apparatus, IP edge apparatus and access control method | |
| WO2008151557A1 (en) | Method, equipment and proxy mobile ip system for triggering route optimization | |
| WO2015127892A1 (en) | Communication method, optical module and network device | |
| CN102984031B (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN108206783A (en) | Address configuration method and its device in a kind of software defined network system | |
| CN102710965A (en) | Video monitoring data acquisition method and system and special bearing network | |
| WO2012136006A1 (en) | Routing method and device for host in multi-homing site | |
| CN101754318B (en) | Bypass data transmission method and system, and access point network device | |
| WO2018090865A1 (en) | Method and apparatus for registering network device | |
| CN101888319A (en) | Method and device for acquiring network access information of terminal equipment | |
| CN105227334A (en) | A kind of Fabric method for discovering network topology and device | |
| CN104023206A (en) | Method and device of centralized forwarding of media stream | |
| WO2013026299A1 (en) | Address resolution method and device, and information transmission method | |
| CN1996964A (en) | Method, system, terminal, GDXS, and GDXTS for data transfer between terminals | |
| WO2011072549A1 (en) | Method, apparatus and system for communication between non-lisp sites and lisp sites | |
| CN103931218B (en) | Method and local network entity for data transfer |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |