技术领域technical field
本发明涉及互联网网络技术在税控行业中的应用技术领域,具体地说是一种实用性强、基于P2P技术的税控设备互联方法。The invention relates to the technical field of application of Internet network technology in the tax control industry, in particular to a P2P technology-based tax control equipment interconnection method with strong practicability.
背景技术Background technique
现有的大部分税控设备已经实现网络化,但通常采用C/S结构,已实现的功能包括发票数据报送、在线发票验旧、设备状态收集在内的多项基础服务,在这些功能中,税控设备始终处于客户端的位置,所有功能均由服务器进行响应处理,缺乏设备间的直接管理、通信功能。Most of the existing tax control equipment has been networked, but usually adopts a C/S structure. The realized functions include many basic services such as invoice data submission, online invoice inspection, and equipment status collection. Among these functions Among them, the tax control device is always in the position of the client, and all functions are responded to by the server, which lacks direct management and communication functions between devices.
由于IPv4所支持的网络地址数量有限,目前大量联网设备均通过NAT(NetworkAddressTranslator)技术实现地址复用,NAT可将局域网中多台设备的私有地址转换为一个可由Internet所识别的互联网地址,局域网中的设备通过该互联网地址对Internet进行访问。NAT设备在互联网与局域网中间实现了地址转换及内网保护的作用。但是通过NAT访问Internet的网络设备无法对外提供服务,即外部网络设备(包括处于其他NAT子网中的设备)无法直接访问NAT内部的网络设备。要建立一个P2P对等网络,必须穿透NAT设备实现网络互联。Due to the limited number of network addresses supported by IPv4, a large number of networked devices currently implement address multiplexing through NAT (NetworkAddressTranslator) technology. NAT can convert the private addresses of multiple devices in the LAN into an Internet address that can be recognized by the Internet. The device accesses the Internet through this Internet address. The NAT device realizes the function of address translation and intranet protection between the Internet and the LAN. However, network devices accessing the Internet through NAT cannot provide external services, that is, external network devices (including devices in other NAT subnets) cannot directly access network devices inside the NAT. To establish a P2P peer-to-peer network, it is necessary to penetrate the NAT device to realize network interconnection.
目前NAT技术按照形态可分为两类:At present, NAT technology can be divided into two types according to the form:
锥形NAT(ConeNAT)。Cone NAT (ConeNAT).
锥形NAT网络中的某内网IP及端口向外发送请求时,会被NAT映射到互联网地址的一个端口上,通过对该地址的访问限制不同,又分为3个小类:When a certain intranet IP and port in the cone-shaped NAT network sends out a request, it will be mapped to a port of the Internet address by NAT. According to the different access restrictions on the address, it is divided into three subcategories:
完全锥形NAT(FullConeNAT)。Full cone NAT (FullConeNAT).
外网对任何经完全锥形NAT转换后的互联网地址及端口的发送的数据包,均会发送到对应的内网设备,NAT不会对其进行阻拦。Any data packets sent by the external network to any Internet address and port converted by the full cone NAT will be sent to the corresponding internal network device, and NAT will not block it.
受限锥形NAT(RestrictedConeNAT)。Restricted cone NAT (RestrictedConeNAT).
与完全锥形NAT处理不同,NAT在会话中记录向外访问的IP地址,NAT仅允许由该IP地址发送的数据包通过,其他IP地址发送到该转换后的互联网地址及端口的数据包会被丢弃。Different from full cone NAT processing, NAT records the outgoing IP address in the session, NAT only allows the data packets sent by this IP address to pass, and the data packets sent by other IP addresses to the converted Internet address and port will be blocked. thrown away.
端口受限锥形NAT(PortRestrictedConeNAT)。Port restricted cone NAT (PortRestrictedConeNAT).
与受限锥形NAT类似,但在会话中不仅保留了向外访问的IP地址,还保留了其端口信息,NAT仅允许该IP地址与端口发送的数据包通过,若IP地址不同或端口不同,发送到该转换后的互联网地址及端口的数据包将会被丢弃。Similar to restricted cone NAT, but not only the outgoing IP address is reserved in the session, but also its port information is reserved. NAT only allows the data packets sent by the IP address and port to pass through, if the IP address or port is different , packets sent to the converted Internet address and port will be discarded.
对称NAT(SymmetricNAT)。Symmetric NAT (SymmetricNAT).
对称NAT把每一个来自相同内部IP地址与端口的请求到一个特定目的地的IP地址和端口,映射到一个独特的外部来源的IP地址和端口。NAT不仅校验来源地址,还需要校验目的地址。若原内部IP地址与端口向另一个目的IP地址与端口创建连接时,会重新映射为新的端口号。Symmetric NAT maps every request from the same internal IP address and port to a specific destination IP address and port to a unique external source IP address and port. NAT not only verifies the source address, but also verifies the destination address. If the original internal IP address and port establishes a connection to another destination IP address and port, it will be remapped to a new port number.
目前NAT穿透技术大致遵循如下两种方式:At present, NAT traversal technology roughly follows the following two methods:
STUN(SimpleTraversalofUDPThroughNAT,简单的使用UDP穿透NAT)。STUN (Simple Traversal of UDP Through NAT, simply use UDP to traverse NAT).
STUN是个轻量级的协议,是基于UDP的完整的穿透NAT的解决方案。它允许应用程序发现它们与公共互联网之间存在的NAT和防火墙及其他类型。它也可以让应用程序确定NAT分配给它们的公网IP地址和端口号。通过STUN无法穿透对称NAT模式的路由设备。STUN is a lightweight protocol and a complete solution for traversing NAT based on UDP. It allows applications to discover NATs and firewalls, among other types, that exist between them and the public internet. It also allows applications to determine the public IP address and port number assigned to them by NAT. Routing devices in symmetric NAT mode cannot be penetrated by STUN.
TURN(TraversalUsingRelaysaroundNAT:RelayExtensionstoSessionTraversalUtilitiesforNAT,STUN的扩展:使用中继穿透NAT)。TURN (TraversalUsingRelaysaroundNAT: RelayExtensionstoSessionTraversalUtilitiesforNAT, extension of STUN: use relay to penetrate NAT).
TURN是对STUN的扩展,简单的说,TURN与STUN的共同点都是通过修改应用层中的私网地址达到NAT穿透的效果,异同点是TURN是通过两方通讯的“中间人”方式实现穿透。如果一个主机位于NAT的后面,在某些情况下它不能够与其他主机点对点直接连接。在这些情况下,它需要使用中间网点提供的中继连接服务。TURN协议就是用来允许主机控制中继的操作并且使用中继与对端交换数据。TURN与其他中继控制协议不同的是它能够允许一个客户端使用一个中继地址与多个对端连接。TURN is an extension of STUN. To put it simply, what TURN and STUN have in common is to achieve the effect of NAT penetration by modifying the private network address in the application layer. The similarities and differences are that TURN is realized through the "middleman" method of communication between two parties. penetrate. If a host is behind a NAT, in some cases it cannot connect directly to other hosts point-to-point. In these cases, it needs to use the relay connection service provided by the intermediate network point. The TURN protocol is used to allow the host to control the operation of the relay and use the relay to exchange data with the peer. TURN differs from other relay control protocols in that it allows a client to connect to multiple peers using one relay address.
基于此,现提供一种基于P2P技术的税控设备互联方法。Based on this, a method for interconnecting tax control equipment based on P2P technology is now provided.
发明内容Contents of the invention
本发明的技术任务是针对以上不足之处,提供一种实用性强、基于P2P技术的税控设备互联方法。The technical task of the present invention is to provide a P2P-based tax control equipment interconnection method with strong practicability aiming at the above deficiencies.
一种基于P2P技术的税控设备互联方法,包括以下步骤:通过NAT子网穿透功能,经位于公网的辅助服务器提供的辅助连接功能,建立由税控设备及管理节点组成的对等网络,已建立通道的设备或管理节点之间进行直接通信,提高各节点之间通信的灵活度及实时性。A method for interconnecting tax control equipment based on P2P technology, comprising the following steps: establishing a peer-to-peer network composed of tax control equipment and management nodes through the NAT subnet penetration function and the auxiliary connection function provided by an auxiliary server located in the public network , Direct communication between devices or management nodes that have established channels, improving the flexibility and real-time performance of communication between nodes.
在网络税控设备中添加P2P功能模块,并在公网搭建实现STUN服务、TRUN服务及设备关联关系服务的辅助服务器辅助下创建P2P对等网络,通过设备关联关系服务取得访问权限,通过STUN服务获取设备自身及目标设备的网络情况,若可以创建对等连接,则直接创建连接,若不能创建对等连接,则通过TRUN服务进行中继连接。Add a P2P function module to the network tax control equipment, and create a P2P peer-to-peer network with the assistance of an auxiliary server that implements STUN service, TRUN service, and device association service on the public network, obtain access rights through the device association service, and use the STUN service Obtain the network conditions of the device itself and the target device. If a peer-to-peer connection can be established, the connection will be established directly. If the peer-to-peer connection cannot be established, the relay connection will be performed through the TRUN service.
所述辅助服务器定时或实时由税控管理系统获取设备关联关系,设备关联关系遵循如下约定:管理被管理关系或对等互联关系,其中,The auxiliary server obtains the equipment association relationship from the tax control management system at regular intervals or in real time, and the equipment association relationship follows the following agreement: manage managed relationship or peer-to-peer interconnection relationship, wherein,
管理被管理关系是指:管理节点与被管理节点进行连接,实现管理功能,受管理节点访问管理节点的公开资源;The relationship between management and management refers to: the management node is connected with the managed node to realize the management function, and the managed node accesses the public resources of the management node;
对等互联关系是指:处于对等互联关系的各节点互相建立连接来访问各节点的公开资源,加入对等网络的税控设备已在管理系统中注册,且当前状态正常;辅助服务器仅对成功登录的税控设备提供对等网络连接辅助功能;发起通信的税控设备登录辅助服务器时,辅助服务器将把与该设备相关联的已登录设备信息发送给该设备。The peer-to-peer relationship means that each node in the peer-to-peer relationship establishes a connection with each other to access the public resources of each node, and the tax control equipment that has joined the peer-to-peer network has been registered in the management system and the current status is normal; The successfully logged-in tax control device provides the auxiliary function of peer-to-peer network connection; when the tax control device that initiates communication logs in to the auxiliary server, the auxiliary server will send the logged-in device information associated with the device to the device.
所述辅助服务器定时或实时从税控管理系统中获取设备关联关系信息;实现STUN服务模块,提供两个物理地址、四个端口用于提供网络环境侦测功能,根据设备的唯一编号区分UDP测试包的来源,通过测试步骤号进行步骤区分,使用数据库保存当前设备信息,这里的设备信息包括源地址、源端口、转换后的地址、转换后的端口、TURN服务连接地址、URN服务连接端口、网络状态、时间戳;实现TURN服务模块,提供两个互联的税控设备的中继互联功能。The auxiliary server obtains equipment association relationship information from the tax control management system regularly or in real time; realizes the STUN service module, provides two physical addresses and four ports for providing network environment detection functions, and distinguishes UDP tests according to the unique number of the equipment The source of the package is distinguished by the test step number, and the current device information is saved in the database. The device information here includes source address, source port, converted address, converted port, TURN service connection address, URN service connection port, Network status, time stamp; realize the TURN service module, and provide the relay interconnection function of two interconnected tax control devices.
所述互联的税控设备为税控设备A与税控设备B,该税控设备A与税控设备B定时向辅助服务器中的STUN服务模块进行登录、网络类型测试及会话保持操作;The interconnected tax control equipment is tax control equipment A and tax control equipment B, and the tax control equipment A and tax control equipment B regularly log in to the STUN service module in the auxiliary server, perform network type testing and session maintenance operations;
当税控设备A要与税控设备B创建连接,且经上一步测试双方均不在对称NAT子网中时,首先向辅助服务器发送包含税控设备A信息的连接辅助请求,辅助服务器向税控设备B发送包含源设备信息的连接辅助命令;税控设备B收到连接辅助命令,解析命令中的消息来源地址,反向发起请求连接,在子网NAT设备上创建一个税控设备A的会话信息;税控设备A向税控设备B发起请求,此时成功创建连接,并将信息发送给税控设备B;When the tax control device A wants to establish a connection with the tax control device B, and both parties are not in the symmetric NAT subnet after the test in the previous step, first send a connection assistance request containing the information of the tax control device A to the auxiliary server, and the auxiliary server sends the tax control device A Device B sends a connection auxiliary command containing source device information; tax control device B receives the connection auxiliary command, parses the message source address in the command, initiates a reverse connection request, and creates a session of tax control device A on the subnet NAT device Information; tax control device A initiates a request to tax control device B, and successfully establishes a connection at this time, and sends the information to tax control device B;
当税控设备A或税控设备B存在于对称NAT子网中时,则两者通过辅助服务器中TURN服务模块提供的中继功能实现互联。When tax control device A or tax control device B exists in the symmetric NAT subnet, the two are interconnected through the relay function provided by the TURN service module in the auxiliary server.
税控设备A通过P2P功能模块访问辅助服务器,经过如下测试流程判断该设备的网络类型:Tax control device A accesses the auxiliary server through the P2P function module, and judges the network type of the device through the following test process:
步骤1:设备A向辅助服务器的STUN服务的地址A端口1发送一个UDP数据包,辅助服务器记录设备A的地址为该包的来源IP与端口号,网络类型记录为公网,并将信息写入UDP包中,通过地址A端口1发送给设备A。设备A收到该数据包,判断IP与端口是否与本机一致,若一致,则证明设备A位于公网地址;若不一致,则继续以下测试;Step 1: Device A sends a UDP data packet to port 1 of STUN service address A of the auxiliary server, and the auxiliary server records the address of device A as the source IP and port number of the packet, records the network type as public network, and writes the information to into a UDP packet and send it to device A through port 1 of address A. Device A receives the data packet and judges whether the IP and port are consistent with the local machine. If they are consistent, it proves that device A is located in the public network address; if they are not consistent, continue the following test;
步骤2:设备A向辅助服务器的STUN服务的地址A端口1发送一个UDP数据包,辅助服务器更新设备A的地址为该包的来源IP与端口号,网络类型更新为锥形NAT,并将信息写入UDP包中,通过地址B端口1发送给设备A,设备A判断是否能收到该数据包,若可以收到,则证明设备A位于完全锥形NAT子网内;若不能收到,则继续以下测试;Step 2: Device A sends a UDP packet to port 1 of address A of the STUN service of the auxiliary server, and the auxiliary server updates the address of device A to the source IP and port number of the packet, updates the network type to cone NAT, and sends the information Write it into a UDP packet and send it to device A through port 1 of address B. Device A judges whether it can receive the data packet. If it can receive it, it proves that device A is in the complete cone NAT subnet; if it cannot receive it, Then continue the following test;
步骤3:设备A向辅助服务器的STUN服务的地址B端口2发送一个UDP数据包,辅助服务器更新设备A的地址为该包的来源IP与端口号,网络类型更新为对称NAT,并将信息写入UDP包中,通过地址B端口2发送给设备A,设备A收到该数据包,判断包中的端口与步骤20中返回的端口号是否一致;若不一致,则证明设备A位于对称NAT子网中,仅通过STUN服务无法进行穿透,需要依靠TRUN服务器实现中继通讯;若一致,则继续以下测试;Step 3: Device A sends a UDP packet to port 2 of STUN service address B of the auxiliary server, and the auxiliary server updates the address of device A to the source IP and port number of the packet, updates the network type to symmetric NAT, and writes the information to Into a UDP packet, send it to device A through address B port 2, and device A receives the data packet, and judges whether the port in the packet is consistent with the port number returned in step 20; if not, it proves that device A is located in a symmetric NAT subnet. In the network, only through the STUN service can not penetrate, need to rely on the TRUN server to achieve relay communication; if consistent, continue the following test;
步骤4:设备A向辅助服务器的STUN服务的地址B端口1发送一个UDP数据包,辅助服务器更新设备A的地址为该包的来源IP与端口号,网络类型更新为锥形NAT,并将信息写入UDP包中,通过地址B端口2发送给设备A,设备A判断能否收到该数据包,若可以收到,则证明设备A位于受限锥形NAT子网中;若不能收到,则证明设备A位于端口受限锥形NAT子网中;Step 4: Device A sends a UDP packet to port 1 of address B of the STUN service of the auxiliary server, and the auxiliary server updates the address of device A to the source IP and port number of the packet, updates the network type to cone NAT, and sends the information Write it into a UDP packet and send it to device A through port 2 of address B. Device A judges whether it can receive the data packet. If it can receive it, it proves that device A is in the restricted cone NAT subnet; if it cannot receive it , it proves that device A is located in the port-restricted cone NAT subnet;
步骤5:税控设备B通过P2P功能模块访问辅助服务器,同样执行步骤1至步骤4的判断流程,这样服务器同样记录了设备B的IP地址与端口,以及其网络类型;Step 5: Tax control device B accesses the auxiliary server through the P2P function module, and also executes the judgment process from step 1 to step 4, so that the server also records the IP address and port of device B, as well as its network type;
步骤6:当税控设备A要发起对税控设备B的连接时,首先判断设备之间的关联关系,若允许连接,再判断设备A与设备B是否处于对称NAT子网中,若税控设备A与税控设备B都未处于对称NAT子网中,则税控设备A向辅助服务器发送连接税控设备B的连接命令,在辅助服务器的协助下完成网络连接创建;若税控设备A或税控设备B处于对称NAT子网中,则通过辅助服务器TURN服务模块所提供的中继功能进行通信;Step 6: When tax control device A wants to initiate a connection to tax control device B, first determine the relationship between the devices. If the connection is allowed, then determine whether device A and device B are in a symmetric NAT subnet. Neither device A nor tax control device B is in the symmetric NAT subnet, then tax control device A sends a connection command to the auxiliary server to connect to tax control device B, and completes the network connection creation with the assistance of the auxiliary server; if tax control device A Or if the tax control device B is in the symmetric NAT subnet, it communicates through the relay function provided by the auxiliary server TURN service module;
步骤7:创建连接之后,税控设备A与税控设备B进行包括通信、资源共享的网络功能;Step 7: After the connection is established, tax control device A and tax control device B perform network functions including communication and resource sharing;
步骤8:管理节点对税控设备进行管理时,连接方式同上面步骤所述。Step 8: When the management node manages the tax control equipment, the connection method is the same as the above steps.
本发明的一种基于P2P技术的税控设备互联方法,具有以下优点:A method for interconnecting tax control equipment based on P2P technology of the present invention has the following advantages:
该发明的一种基于P2P技术的税控设备互联方法,通过建立对等网络,可创建设备间的直接连接,除对称NAT子网内的设备需通过TURN服务中继实现的网络互联外,其余设备均可相互直连,可与现存的C/S结构网络并存,丰富了网络互联能力,对网络通信的灵活性及实时性均有提升。基于本发明,税控设备可以提供多种应用,对于服务端,可以有效提高设备对网络的利用度;对于最终用户,可以丰富基于网络的功能,提高用户体验;对于服务商,可以提供综合运维能力;通过在税控设备之间建立对等网络以实现设备间的直接通信,实现诸如公开资源共享,实时管理,实时信息采集,配置信息读取、发送,即时通讯等功能,实用性强,适用范围广泛,易于推广。A method for interconnecting tax control equipment based on P2P technology in this invention can establish a direct connection between equipment through the establishment of a peer-to-peer network. The devices can be directly connected to each other, and can coexist with the existing C/S structure network, which enriches the network interconnection capability and improves the flexibility and real-time performance of network communication. Based on the present invention, the tax control device can provide various applications. For the server, it can effectively improve the network utilization of the device; for the end user, it can enrich the functions based on the network and improve the user experience; Maintenance capabilities; through the establishment of a peer-to-peer network between tax control devices to achieve direct communication between devices, to achieve functions such as open resource sharing, real-time management, real-time information collection, configuration information reading, sending, instant messaging, etc., strong practicability , has a wide range of applications and is easy to promote.
附图说明Description of drawings
图1是本发明设计各角色的网络结构图。Fig. 1 is a network structure diagram of each role designed in the present invention.
图2是本发明税控设备通过辅助服务器创建连接的流程图。Fig. 2 is a flow chart of the tax control device establishing a connection through the auxiliary server in the present invention.
图3是本发明客户端网络类型判断的具体实现流程图。Fig. 3 is a specific implementation flow chart of client network type judgment in the present invention.
具体实施方式detailed description
下面结合附图和具体实施例对本发明作进一步说明。The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.
本发明的提供一种基于P2P技术的税控设备互联方法,如附图1、图2、图3所示,其具体实现过程为:通过NAT子网穿透功能,经位于公网的辅助服务器提供的辅助连接功能,建立由税控设备及管理节点组成的对等网络,已建立通道的设备或管理节点之间进行直接通信,提高各节点之间通信的灵活度及实时性。The present invention provides a method for interconnecting tax control equipment based on P2P technology, as shown in Figure 1, Figure 2, and Figure 3. The specific implementation process is: through the NAT subnet penetration function, through the auxiliary server located in the public network The auxiliary connection function provided establishes a peer-to-peer network composed of tax control equipment and management nodes, and direct communication between equipment or management nodes with established channels improves the flexibility and real-time performance of communication between nodes.
在网络税控设备中添加P2P功能模块,并在公网搭建实现STUN服务、TRUN服务及设备关联关系服务的辅助服务器辅助下创建P2P对等网络,通过设备关联关系服务取得访问权限,通过STUN服务获取设备自身及目标设备的网络情况,若可以创建对等连接,则直接创建连接,若不能创建对等连接,则通过TRUN服务进行中继连接。Add a P2P function module to the network tax control equipment, and create a P2P peer-to-peer network with the assistance of an auxiliary server that implements STUN service, TRUN service, and device association service on the public network, obtain access rights through the device association service, and use the STUN service Obtain the network conditions of the device itself and the target device. If a peer-to-peer connection can be established, the connection will be established directly. If the peer-to-peer connection cannot be established, the relay connection will be performed through the TRUN service.
实现方法步骤如下:The implementation method steps are as follows:
辅助服务器定时或实时由税控管理系统获取设备关联关系,设备关联关系遵循如下约定:The auxiliary server obtains the device relationship from the tax control management system at regular intervals or in real time, and the device relationship follows the following agreement:
管理-被管理关系。manage-managed relationship.
对等互联关系。peer-to-peer relationship.
其中,管理节点可与被管理节点进行连接,实现管理功能,受管理节点可访问管理节点的公开资源;处于对等互联关系的各节点可互相建立连接来访问各节点的公开资源。Among them, the management node can be connected with the managed node to realize the management function, and the managed node can access the public resources of the management node; each node in the peer-to-peer relationship can establish a connection with each other to access the public resources of each node.
加入对等网络的税控设备必须已在管理系统中注册,且当前状态正常。不允许挂失、停机的设备登录辅助服务器,辅助服务器仅对成功登录的税控设备提供对等网络连接辅助功能。发起通信的税控设备登录辅助服务器时,辅助服务器将把与该设备相关联的已登录设备信息发送给该设备。The tax control equipment joining the peer-to-peer network must have been registered in the management system, and the current status is normal. Lost and downtime devices are not allowed to log in to the auxiliary server, and the auxiliary server only provides peer-to-peer network connection auxiliary functions for successfully logged-in tax control devices. When the tax control device that initiates communication logs into the auxiliary server, the auxiliary server will send the logged-in device information associated with the device to the device.
税控设备A与税控设备B定时向辅助服务器中的STUN服务模块进行登录、网络类型测试及会话保持操作。Tax control equipment A and tax control equipment B regularly log in to the STUN service module in the auxiliary server, test the network type and maintain the session.
税控设备A要与税控设备B创建连接,且经上一步测试双方均不在对称NAT子网中,首先向辅助服务器发送包含税控设备A信息的连接辅助请求,辅助服务器向税控设备B发送包含源设备信息的连接辅助命令;税控设备B收到连接辅助命令,解析命令中的消息来源地址,反向发起请求连接,在子网NAT设备上创建一个税控设备A的会话信息;税控设备A向税控设备B发起请求,此时可以成功创建连接,并将信息发送给税控设备B。Tax control device A wants to establish a connection with tax control device B, and both parties are not in the symmetric NAT subnet after the test in the previous step. Send a connection auxiliary command containing source device information; tax control device B receives the connection auxiliary command, parses the message source address in the command, reversely initiates a connection request, and creates a session information of tax control device A on the subnet NAT device; Tax control device A initiates a request to tax control device B, at this time the connection can be successfully established and the information is sent to tax control device B.
若税控设备A或税控设备B存在于对称NAT子网中,则两者通过辅助服务器中TURN服务模块提供的中继功能实现互联。If tax control device A or tax control device B exists in the symmetric NAT subnet, the two are interconnected through the relay function provided by the TURN service module in the auxiliary server.
管理节点由税务机关或税控设备服务商使用,可根据税务机关、设备厂商等信息进行分组管理,管理节点能够主动对其分组内的设备进行管理,例如:The management node is used by tax authorities or tax control equipment service providers, and can be grouped and managed according to the information of tax authorities and equipment manufacturers. The management node can actively manage the devices in its group, for example:
查询设备实时状态(重要部件损坏、安全组件未接入、缺纸、设备时钟状态等);Query the real-time status of the device (damage of important components, failure of security components, lack of paper, device clock status, etc.);
实时消息发送;real-time messaging;
税控信息查询(仅对税务机关管理节点提供)。Tax control information query (only available to tax authority management nodes).
各节点之间通过非对称性加密算法保障数据安全性。Data security is ensured by asymmetric encryption algorithms between nodes.
税控设备及管理节点中的P2P模块需实现如下功能:P2P modules in tax control equipment and management nodes need to implement the following functions:
实现通过辅助服务器中STUN服务模块判断当前设备所属网络类型的功能,实现方法如下:Realize the function of judging the network type of the current device through the STUN service module in the auxiliary server, and the realization method is as follows:
P2P模块向辅助服务器STUN服务的IP地址A端口1发送一个UDP数据包,辅助服务器将该包的来源IP与端口号写入UDP包中,通过IP地址A端口1发送给P2P模块。P2P模块收到该数据包,判断IP与端口是否与本机一致,若一致,则证明设备A位于公网地址;若不一致,则继续以下测试;The P2P module sends a UDP data packet to the IP address A port 1 of the auxiliary server STUN service, and the auxiliary server writes the source IP and port number of the packet into the UDP packet, and sends it to the P2P module through the IP address A port 1. The P2P module receives the data packet and judges whether the IP and port are consistent with the local machine. If they are consistent, it proves that device A is located at the public network address; if they are not consistent, continue the following test;
P2P模块向辅助服务器STUN服务的IP地址A端口1发送一个UDP数据包,辅助服务器将该包的来源IP与端口号写入UDP包中,通过IP地址B端口1发送给P2P模块。P2P模块判断是否能收到该数据包,若可以收到,则证明P2P模块位于完全锥形NAT子网内;若不能收到,则继续以下测试;The P2P module sends a UDP data packet to the IP address A port 1 of the auxiliary server STUN service, and the auxiliary server writes the source IP and port number of the packet into the UDP packet, and sends it to the P2P module through the IP address B port 1. The P2P module judges whether the data packet can be received. If it can be received, it proves that the P2P module is located in the complete cone NAT subnet; if it cannot be received, continue the following test;
P2P模块向辅助服务器STUN服务的IP地址B端口2发送一个UDP数据包,辅助服务器将该包的来源IP与端口号写入UDP包中,通过IP地址B端口2发送给P2P模块,P2P模块收到该数据包,判断包中的端口与步骤20中返回的端口号是否一致,若不一致,则证明P2P模块位于对称NAT子网中,仅通过STUN服务无法进行穿透,需要依靠TRUN服务器实现中继通讯;若一致,则继续以下测试;The P2P module sends a UDP data packet to the IP address B port 2 of the auxiliary server STUN service, the auxiliary server writes the source IP and port number of the packet into the UDP packet, and sends it to the P2P module through the IP address B port 2, and the P2P module receives After receiving the data packet, judge whether the port in the packet is consistent with the port number returned in step 20. If not, it proves that the P2P module is located in a symmetric NAT subnet, which cannot be penetrated only through the STUN service. It needs to rely on the TRUN server to implement Continue the communication; if consistent, continue the following test;
P2P模块向辅助服务器STUN服务的IP地址B端口1发送一个UDP数据包,辅助服务器将该包的来源IP与端口号写入UDP包中,通过IP地址B端口2发送给P2P模块,P2P模块判断能否收到该数据包,若可以收到,则证明P2P模块位于受限锥形NAT子网中;若不能收到,则证明P2P模块位于端口受限锥形NAT子网中。The P2P module sends a UDP data packet to the IP address B port 1 of the auxiliary server STUN service, the auxiliary server writes the source IP and port number of the packet into the UDP packet, and sends it to the P2P module through the IP address B port 2, and the P2P module judges Whether the data packet can be received, if it can be received, it proves that the P2P module is located in the restricted cone NAT subnet; if it cannot be received, it proves that the P2P module is located in the port restricted cone NAT subnet.
对可直连的税控设备,需实现跨局域网进行直连的功能,实现方法如下:For the tax control equipment that can be directly connected, it is necessary to realize the function of direct connection across the local area network, and the realization method is as follows:
当税控设备要发起对另一台税控设备的连接时,首先判断设备之间的关联关系,若允许连接,再判断两台设备中是否有处于对称NAT子网之中的,若两台税控设备都未处于对称NAT子网中,则税控设备向辅助服务器发送连接另一台税控设备的连接命令,在辅助服务器的协助下完成网络连接功能;若存在处于对称NAT子网中的设备,则税控设备通过辅助服务器的TURN模块实现中继互联。When the tax control device wants to initiate a connection to another tax control device, first determine the association between the devices, and if the connection is allowed, then determine whether any of the two devices is in a symmetric NAT subnet. If none of the tax control devices is in the symmetric NAT subnet, the tax control device will send a connection command to the auxiliary server to connect to another tax control device, and complete the network connection function with the assistance of the auxiliary server; if it is in the symmetric NAT subnet equipment, the tax control equipment realizes relay interconnection through the TURN module of the auxiliary server.
实现连接辅助服务器中TURN服务模块实现中继互联的功能。Realize the function of connecting the TURN service module in the auxiliary server to realize the relay interconnection.
辅助服务器需实现如下功能:The auxiliary server needs to implement the following functions:
定时或实时从税控管理系统中获取设备关联关系信息,例如同一个纳税人下的多台关联设备,若设定了关联关系,则属于对等互联关系;某税务机关的稽查系统对其辖区内的税控设备存在管理-受管理关系。Obtain equipment association relationship information from the tax control management system regularly or in real time. For example, if multiple associated equipment under the same taxpayer has an association relationship, it is a peer-to-peer interconnection relationship; There is a management-managed relationship among the tax control devices in .
实现STUN服务模块,提供两个物理地址、四个端口用于提供网络环境侦测功能,根据设备的唯一编号区分UDP测试包的来源,通过测试步骤号进行步骤区分,使用数据库保存当前设备信息(包括源地址、源端口、转换后的地址、转换后的端口、TURN服务连接地址、URN服务连接端口、网络状态、时间戳等)。Realize the STUN service module, provide two physical addresses and four ports to provide network environment detection function, distinguish the source of UDP test packets according to the unique number of the device, distinguish the steps through the test step number, and use the database to save the current device information ( Including source address, source port, translated address, translated port, TURN service connection address, URN service connection port, network status, time stamp, etc.).
实现TURN服务模块,提供两个设备的中继互联功能。Realize the TURN service module and provide the relay interconnection function of two devices.
所述互联的税控设备为税控设备A与税控设备B,该税控设备A与税控设备B定时向辅助服务器中的STUN服务模块进行登录、网络类型测试及会话保持操作;The interconnected tax control equipment is tax control equipment A and tax control equipment B, and the tax control equipment A and tax control equipment B regularly log in to the STUN service module in the auxiliary server, perform network type testing and session maintenance operations;
当税控设备A要与税控设备B创建连接,且经上一步测试双方均不在对称NAT子网中时,首先向辅助服务器发送包含税控设备A信息的连接辅助请求,辅助服务器向税控设备B发送包含源设备信息的连接辅助命令;税控设备B收到连接辅助命令,解析命令中的消息来源地址,反向发起请求连接,在子网NAT设备上创建一个税控设备A的会话信息;税控设备A向税控设备B发起请求,此时成功创建连接,并将信息发送给税控设备B;When the tax control device A wants to establish a connection with the tax control device B, and both parties are not in the symmetric NAT subnet after the test in the previous step, first send a connection assistance request containing the information of the tax control device A to the auxiliary server, and the auxiliary server sends the tax control device A Device B sends a connection auxiliary command containing source device information; tax control device B receives the connection auxiliary command, parses the message source address in the command, initiates a reverse connection request, and creates a session of tax control device A on the subnet NAT device Information; tax control device A initiates a request to tax control device B, and successfully establishes a connection at this time, and sends the information to tax control device B;
当税控设备A或税控设备B存在于对称NAT子网中时,则两者通过辅助服务器中TURN服务模块提供的中继功能实现互联。When tax control device A or tax control device B exists in the symmetric NAT subnet, the two are interconnected through the relay function provided by the TURN service module in the auxiliary server.
税控设备A通过P2P功能模块访问辅助服务器,经过如下测试流程判断该设备的网络类型:Tax control device A accesses the auxiliary server through the P2P function module, and judges the network type of the device through the following test process:
步骤1:设备A向辅助服务器的STUN服务的地址A端口1发送一个UDP数据包,辅助服务器记录设备A的地址为该包的来源IP与端口号,网络类型记录为公网,并将信息写入UDP包中,通过地址A端口1发送给设备A。设备A收到该数据包,判断IP与端口是否与本机一致,若一致,则证明设备A位于公网地址;若不一致,则继续以下测试;Step 1: Device A sends a UDP data packet to port 1 of STUN service address A of the auxiliary server, and the auxiliary server records the address of device A as the source IP and port number of the packet, records the network type as public network, and writes the information to into a UDP packet and send it to device A through port 1 of address A. Device A receives the data packet and judges whether the IP and port are consistent with the local machine. If they are consistent, it proves that device A is located in the public network address; if they are not consistent, continue the following test;
步骤2:设备A向辅助服务器的STUN服务的地址A端口1发送一个UDP数据包,辅助服务器更新设备A的地址为该包的来源IP与端口号,网络类型更新为锥形NAT,并将信息写入UDP包中,通过地址B端口1发送给设备A,设备A判断是否能收到该数据包,若可以收到,则证明设备A位于完全锥形NAT子网内;若不能收到,则继续以下测试;Step 2: Device A sends a UDP packet to port 1 of address A of the STUN service of the auxiliary server, and the auxiliary server updates the address of device A to the source IP and port number of the packet, updates the network type to cone NAT, and sends the information Write it into a UDP packet and send it to device A through port 1 of address B. Device A judges whether it can receive the data packet. If it can receive it, it proves that device A is in the complete cone NAT subnet; if it cannot receive it, Then continue the following test;
步骤3:设备A向辅助服务器的STUN服务的地址B端口2发送一个UDP数据包,辅助服务器更新设备A的地址为该包的来源IP与端口号,网络类型更新为对称NAT,并将信息写入UDP包中,通过地址B端口2发送给设备A,设备A收到该数据包,判断包中的端口与步骤20中返回的端口号是否一致;若不一致,则证明设备A位于对称NAT子网中,仅通过STUN服务无法进行穿透,需要依靠TRUN服务器实现中继通讯;若一致,则继续以下测试;Step 3: Device A sends a UDP packet to port 2 of STUN service address B of the auxiliary server, and the auxiliary server updates the address of device A to the source IP and port number of the packet, updates the network type to symmetric NAT, and writes the information to Into a UDP packet, send it to device A through address B port 2, and device A receives the data packet, and judges whether the port in the packet is consistent with the port number returned in step 20; if not, it proves that device A is located in a symmetric NAT subnet. In the network, only through the STUN service can not penetrate, need to rely on the TRUN server to achieve relay communication; if consistent, continue the following test;
步骤4:设备A向辅助服务器的STUN服务的地址B端口1发送一个UDP数据包,辅助服务器更新设备A的地址为该包的来源IP与端口号,网络类型更新为锥形NAT,并将信息写入UDP包中,通过地址B端口2发送给设备A,设备A判断能否收到该数据包,若可以收到,则证明设备A位于受限锥形NAT子网中;若不能收到,则证明设备A位于端口受限锥形NAT子网中;Step 4: Device A sends a UDP packet to port 1 of address B of the STUN service of the auxiliary server, and the auxiliary server updates the address of device A to the source IP and port number of the packet, updates the network type to cone NAT, and sends the information Write it into a UDP packet and send it to device A through port 2 of address B. Device A judges whether it can receive the data packet. If it can receive it, it proves that device A is in the restricted cone NAT subnet; if it cannot receive it , it proves that device A is located in the port-restricted cone NAT subnet;
步骤5:税控设备B通过P2P功能模块访问辅助服务器,同样执行步骤1至步骤4的判断流程,这样服务器同样记录了设备B的IP地址与端口,以及其网络类型;Step 5: Tax control device B accesses the auxiliary server through the P2P function module, and also executes the judgment process from step 1 to step 4, so that the server also records the IP address and port of device B, as well as its network type;
步骤6:当税控设备A要发起对税控设备B的连接时,首先判断设备之间的关联关系,若允许连接,再判断设备A与设备B是否处于对称NAT子网中,若税控设备A与税控设备B都未处于对称NAT子网中,则税控设备A向辅助服务器发送连接税控设备B的连接命令,在辅助服务器的协助下完成网络连接创建;若税控设备A或税控设备B处于对称NAT子网中,则通过辅助服务器TURN服务模块所提供的中继功能进行通信;Step 6: When tax control device A wants to initiate a connection to tax control device B, first determine the relationship between the devices. If the connection is allowed, then determine whether device A and device B are in a symmetric NAT subnet. Neither device A nor tax control device B is in the symmetric NAT subnet, then tax control device A sends a connection command to the auxiliary server to connect to tax control device B, and completes the network connection creation with the assistance of the auxiliary server; if tax control device A Or if the tax control device B is in the symmetric NAT subnet, it communicates through the relay function provided by the auxiliary server TURN service module;
步骤7:创建连接之后,税控设备A与税控设备B进行包括通信、资源共享的网络功能;Step 7: After the connection is established, tax control device A and tax control device B perform network functions including communication and resource sharing;
步骤8:管理节点对税控设备进行管理时,连接方式同上面步骤所述。Step 8: When the management node manages the tax control equipment, the connection method is the same as the above steps.
本发明通过在网络税控设备中集成P2P互联功能模块,由辅助服务器负责维护税控设备关系及辅助网络穿透功能,最终实现点到点通讯。在本方法中,税控设备位于内网或公网,视为普通节点,联网通过位于公网中的辅助服务器判断本节点所在的网络环境类型,辅助服务器存储节点地址信息,并根据税控设备管理系统中维护的设备关系向设备提供与其相关设备实现P2P网络互联功能。本发明可向跨局域网的税控设备用户提供网络互联功能,继而实现资源共享、设备管理等功能;并可向税控设备运维团队提供主动获取设备的实时状态的功能,以提高其运维能力。In the present invention, the P2P interconnection function module is integrated in the network tax control equipment, and the auxiliary server is responsible for maintaining the relationship between the tax control equipment and the auxiliary network penetration function, and finally realizes point-to-point communication. In this method, the tax control equipment is located in the internal network or the public network, and it is regarded as a common node. The network environment type of the node is judged through the auxiliary server located in the public network. The auxiliary server stores the node address information, and according to the tax control equipment The device relationship maintained in the management system provides the device with the function of P2P network interconnection with its related devices. The present invention can provide the network interconnection function to tax control equipment users across local area networks, and then realize functions such as resource sharing and equipment management; and can provide the tax control equipment operation and maintenance team with the function of actively obtaining the real-time status of the equipment, so as to improve its operation and maintenance ability.
上述具体实施方式仅是本发明的具体个案,本发明的专利保护范围包括但不限于上述具体实施方式,任何符合本发明的一种基于P2P技术的税控设备互联方法的权利要求书的且任何所属技术领域的普通技术人员对其所做的适当变化或替换,皆应落入本发明的专利保护范围。The specific implementation described above is only a specific case of the present invention, and the scope of patent protection of the present invention includes but is not limited to the specific implementation described above, any claim of a tax control equipment interconnection method based on P2P technology in accordance with the present invention and any Appropriate changes or substitutions made by those skilled in the art shall fall within the scope of patent protection of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510749463.2ACN105430066A (en) | 2015-11-06 | 2015-11-06 | A P2P technology-based interconnection method for tax control equipment |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510749463.2ACN105430066A (en) | 2015-11-06 | 2015-11-06 | A P2P technology-based interconnection method for tax control equipment |
| Publication Number | Publication Date |
|---|---|
| CN105430066Atrue CN105430066A (en) | 2016-03-23 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510749463.2APendingCN105430066A (en) | 2015-11-06 | 2015-11-06 | A P2P technology-based interconnection method for tax control equipment |
| Country | Link |
|---|---|
| CN (1) | CN105430066A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254410A (en)* | 2016-02-05 | 2016-12-21 | 物联智慧科技(深圳)有限公司 | Network system and method for establishing data connection |
| CN107071039A (en)* | 2017-04-24 | 2017-08-18 | 深圳至上移动科技有限公司 | A kind of private data cloud storage system and private data cloud storage method |
| CN108989597A (en)* | 2018-08-30 | 2018-12-11 | 中国科学院上海技术物理研究所 | Medical image transmission method, transmission center and terminal |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083565A (en)* | 2006-05-29 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for detecting network types |
| CN101557388A (en)* | 2008-04-11 | 2009-10-14 | 中国科学院声学研究所 | NAT traversing method based on combination of UPnP and STUN technologies |
| CN102045409A (en)* | 2009-10-13 | 2011-05-04 | 财团法人工业技术研究院 | Network penetration method and network communication system |
| CN103957287A (en)* | 2014-04-25 | 2014-07-30 | 浙江大学城市学院 | Internet of things device P2P connection method based on NAT penetration adapter |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083565A (en)* | 2006-05-29 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for detecting network types |
| CN101557388A (en)* | 2008-04-11 | 2009-10-14 | 中国科学院声学研究所 | NAT traversing method based on combination of UPnP and STUN technologies |
| CN102045409A (en)* | 2009-10-13 | 2011-05-04 | 财团法人工业技术研究院 | Network penetration method and network communication system |
| CN103957287A (en)* | 2014-04-25 | 2014-07-30 | 浙江大学城市学院 | Internet of things device P2P connection method based on NAT penetration adapter |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254410A (en)* | 2016-02-05 | 2016-12-21 | 物联智慧科技(深圳)有限公司 | Network system and method for establishing data connection |
| CN107071039A (en)* | 2017-04-24 | 2017-08-18 | 深圳至上移动科技有限公司 | A kind of private data cloud storage system and private data cloud storage method |
| CN108063816A (en)* | 2017-04-24 | 2018-05-22 | 深圳至上移动科技有限公司 | A kind of private data cloud storage penetration access method |
| CN108063816B (en)* | 2017-04-24 | 2021-05-18 | 赵海林 | Private data cloud storage penetration type access method |
| CN108989597A (en)* | 2018-08-30 | 2018-12-11 | 中国科学院上海技术物理研究所 | Medical image transmission method, transmission center and terminal |
| Publication | Publication Date | Title |
|---|---|---|
| US11323288B2 (en) | Systems and methods for server cluster network communication across the public internet | |
| CN103957287B (en) | A kind of internet of things equipment P2P connection methods that adapter is penetrated based on NAT | |
| CN100469022C (en) | Method and system for detecting network type | |
| US8380863B2 (en) | Control of security application in a LAN from outside the LAN | |
| TWI441493B (en) | System and method for connection of hosts behind nats | |
| CN100454905C (en) | Method of Traversing Network Address Translation | |
| RU2543304C2 (en) | Packet relay method and device | |
| CN104883390B (en) | A kind of method and device accessing third party's video monitoring equipment | |
| US20190036734A1 (en) | Systems and methods for dynamic network address modification related applications | |
| Figueiredo et al. | Integrating overlay and social networks for seamless p2p networking | |
| Deri et al. | N2n: A layer two peer-to-peer vpn | |
| CN102420774B (en) | Method for realizing intranet penetration by using Internet group management protocol (IGMP) and intranet penetration system | |
| CN114363410B (en) | Application access method, cloud agent and node agent components, equipment, medium | |
| US11888818B2 (en) | Multi-access interface for internet protocol security | |
| CN104427010A (en) | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) | |
| CN102355479A (en) | Method and equipment for forwarding traffic of multi-NAT (network address translation) gateway | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
| CN101335681B (en) | Method for acquiring thru resource, peer-to-peer network node and peer-to-peer network | |
| WO2007019809A1 (en) | A method and ststem for establishing a direct p2p channel | |
| CN100464540C (en) | A method of cross-gateway communication | |
| CN105430066A (en) | A P2P technology-based interconnection method for tax control equipment | |
| Holzapfel et al. | A new protocol to determine the nat characteristics of a host | |
| CN103957152B (en) | IPv4 and IPv6 network communication method and NAT-PT gateway | |
| CN113067908B (en) | NAT (network Address translation) traversing method and device, electronic equipment and storage medium | |
| JP5084716B2 (en) | VPN connection apparatus, DNS packet control method, and program |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20160323 | |
| RJ01 | Rejection of invention patent application after publication |