TIAN LI GANG (CN)
HONG JIE (CN)
TIAN LI GANG (CN)
| WO2000049769A1 | 2000-08-24 | |||
| WO2006005991A1 | 2006-01-19 |
| US20030195984A1 | 2003-10-16 | |||
| DE19504078A1 | 1996-08-14 |
Claims
1. A type of management method for network equipment in which the network equipment includes at least one network element manager, at least one master network element and at least one slave network element with a private address, characterized by the inclusion of the following steps:
(1) The slave network element notifies the master network element connected to the slave network element of its status information .
(2) The master network element constructs a status information table.
(3) The master network element sends this status information table to the network element manager connected to the master network element.
2. The cluster management method for network equipment as claimed in claim 1, characterized in that said status information table includes the private address of the slave network element and the port on the master network element which corresponds to the slave network element.
3. The cluster management method for network equipment as claimed in claim 2, characterized in that the status information table also includes the protocol used by the network element manager to communicate with the slave network elements and the corresponding port numbers of the slave network elements .
4. The cluster management method for network equipment as claimed in claim 3, characterized in that the port numbers corresponding to the slave network elements are
TCP or UDP port numbers .
5. The cluster management method for network equipment as claimed in any of claims 1 to 3, characterized in that in step (1), the slave network element notifies the master network element connected to the slave network element of its status information when it is turned on.
6. The cluster management method for network equipment as claimed in any of claims 1 to 3, characterized in that before step (1), the network element manager is authenticated by the slave network elements.
7. The cluster management method for network equipment in any of claims 1 to 3, characterized in that in step (3) , the master network element sends the status information table to the network element manager connected to the master network element in a synchronized manner.
8. The cluster management method for network equipment in any of claims 1 to 3, characterized in that said master network element is a gateway device.
9. A type of management device for network equipment in which the network equipment includes at least one network element manager, at least one master network element and at least one slave network element with a private address, characterized as follows: said master network element includes a receiver element, a construction element and a sender element; the receiver element receives the status information sent to the master network element by the slave network elements, the construction element constructs a status information table and the sender element sends the status information table to the network element manager.
10. The management device for network equipment as claimed in claim 9, characterized in that said status information table includes the private address of the slave network element and the port on the master network element which corresponds to the slave network element.
11. The management device for network equipment as claimed in claim 9, characterized in that the status information table also includes the protocol used by the network element manager to communicate with the slave network elements and the corresponding port numbers of the slave network elements . |
A type of management method and device for network equipment
Description
Technical field
This invention involves a type of management method for network equipment, specifically a management method for network equipment on the internet, and a device which corresponds to this method.
Technical background
As the internet has developed, the number of computers connected to the net has continually increased. In order to distinguish between computers on the net, the TCP/IP protocol specifies that each computer on the net must have an IP address which is similar to a telephone number. As the internet network connects large numbers of local area networks (LAN) , if a LAN is connected via the TCP/IP protocol, each machine in that LAN must have an IP address . However, IP address resources are extremely limited, and with the enormous growth in the scale of the internet and the explosion in the number of users continuing unabated, IP addresses will soon be completely used up. The International Internet Assigned Numbers Authority (IANA) classifies IP addresses into two categories for convenience: private addresses and public addresses.
Private addresses indicate server addresses within intranets (within LANs) which are address domains independent of their external addresses; they are not unique across the global internet
and may be used on the internet in any location around the world. Public addresses refer to the external addresses of LANs, and are globally unique IP addresses on the internet. In accordance with IANA regulations, private addresses are not assigned on the internet, but are used within a single business (on a LAN) . Businesses can choose a suitable network address on the basis of the number of servers needed in the foreseeable future. The internet network addresses of different businesses may be identical.
As private addresses do not appear on the internet, servers using private addresses cannot connect directly to the internet, nor can such servers be accessed from the internet. If computers within a LAN need to access the internet, they must use public addresses rather than private addresses . However, public IP address resources are extremely limited and many computers within LANs are only able to use private addresses. Network Address Translation (NAT) technology was developed as a solution to this problem.
NAT technology is a method of mirroring IP addresses from one address domain to another address domain, and includes outbound NAT (traditional NAT) , bidirectional NAT, dual NAT and multi-port NAT. Outbound NAT is usually used to resolve translation problems between internal and external addresses, and usage outside the network which is illegal due to security or addresses. NAT works on the principle that while servers (computers) within a LAN retain their private addresses, when a server needs to access the internet, NAT technology is used to assign a temporary IP address (public address) to the server, enabling the server to access the internet. It is therefore not necessary for each server within a LAN to have a legitimate IP address in order to access the internet, and this
consequently significantly reduces the need for legitimate IP addresses .
However, the process required is sometimes precisely the opposite of the process described above, whereby a network element manager (management server) located on the public network is required to directly access network equipment with a private address, a goal which cannot be achieved using existing network structures with NAT.
Content of the invention
The main object of this invention is therefore to provide a type of management method for network equipment, whereby this method enables a network element manager located on a public network to directly access network equipment with private addresses.
In order to achieve this object, the specific technical solution for this invention is implemented as follows: A type of management method for network equipment, in which the network equipment includes at least one network element manager, at least one master network element and at least one slave network element with a private address, and which includes the following steps:
(1) The slave network element notifies the master network element connected to the slave network element of its status information .
(2) The master network element constructs a status information table.
(3) The master network element sends this status information table to the network element manager connected to the master network element.
Said status information table includes the private address of the slave network element and the port on the master network element which corresponds to the slave network element. The status information table also includes the protocol used by the network element manager to communicate with the slave network elements and the corresponding port numbers of the slave network elements. The port numbers corresponding to the slave network elements are generally TCP or UDP port numbers.
Before step (1), the network element manager is authenticated by the slave network elements. In step (1), the slave network element notifies the master network element connected to the slave network element of its status information when it is turned on.
In step (3) , the master network element sends the status information table to the network element manager connected to the master network element in a synchronized manner.
Said master network element is generally a gateway device.
This invention also includes a type of management device for network equipment in which the network equipment includes at least one network element manager, at least one master network element and at least one slave network element with a private address, characterized as follows: said master network element includes a receiver element, a construction element and a sender element; the receiver element receives the status information sent to the master network element by the slave network elements, the construction element constructs a status information table and the sender element
sends the status information table to the network element manager.
Said status information table includes the private address of the slave network element and the port on the master network element which corresponds to the slave network element . In addition to this, the status information table also includes the protocol used by the network element manager to communicate with the slave network elements and the corresponding port numbers of the slave network elements .
It is therefore evident that the management method and device for network equipment in this invention have the following advantages and characteristics:
(1) The method according to this invention enables network element managers located on public networks to directly access network equipment with private addresses. Consequently, large numbers of servers with private addresses can be used within a local area network without the need for public addresses, thereby reducing the need for public IP addresses.
(2) The method according to this invention requires modifications to the software of the network equipment, but requires no modifications to the hardware components of the network equipment, and is therefore easy to implement and can be incorporated into hardware manufacturing at an extremely low cost.
Description of drawings
More detailed descriptions of exemplary embodiments of the invention are given below with the aid of the following diagrams:
Figure 1 is a structural schematic diagram of an exemplary embodiment of the invention.
Figure 2 is a schematic diagram of a status information table for an exemplary embodiment of this invention.
Description of exemplary embodiments
Figure 1 is a structural schematic diagram of an exemplary embodiment of the invention. The network equipment in the diagram includes the two element manager servers Element Manager 1 (EMl) and Element Manager 2 (EM2) , a gateway and three internal LAN servers . The element managers EMl and EM2 connect respectively to the gateway through the gateway. The identifiers of the three LAN internal servers are SNEl, SNE2 and SNE 3 respectively, with respective IP addresses 192.168.0.1, 192.168.0.2 and 192.168.0.3, and these are connected respectively to the gateway through gateway ports 81, 82 and 83; the port number through which TCP or UDP communication is carried out is 80 for all three servers.
If element managers EM1-EM2 wish to access servers within the LAN they must first undergo security authentication by the server, after which the element managers will be authorized to access the servers within the LAN. Common internet authentication methods may be used for authentication, such as message encryption authentication, message discrimination authentication or hash function authentication. After authentication, EMl and EM2 will respectively be able to access servers SNE1-SNE3 within the LAN.
When an internal LAN server such as the server with the address 192.168.0.1 is started up, the internal server sends a message to the gateway connected to the internal server, in other words the router for this machine with a public address. This message carries certain status information, such as the fact that the private IP address of this internal LAN server is 192.168.0.1, the identifier SNEl for the server, and so on. Once the gateway receives this message it creates a status information table composed of the appropriate domain, including the private address domain of the server, the port domain used by the server to send the message, the corresponding port domain of the server on the gateway and the communication protocol domain permitted by the server (e.g. if only UDP packets are allowed to pass) . For convenience, the status information table may also include a server identifier domain. The status information table created is shown in Figure 2.
Immediately after the gateway creates the status information table, the status information table is sent to the element managers EMl and EM2 to which it is connected, so that the status information tables on EMl and EM2 are synchronized with the management information table on the gateway.
If element manager EMl wishes to access internal LAN server SNEl, the element manager will notify the gateway of the information which is to be accessed. The gateway will then ascertain from the status information table that the UDP packets for accessing the internal server with private address 192.168.0.1 must be relayed through port 81, and the UDP packets will therefore be relayed through port 81, thereby achieving the goal of accessing servers within a LAN.
If the element manager sends TCP packets, these will not be sent to the internal server because the protocol domain of the status information table specifies that TCP packets may not be relayed, and it is therefore impossible to access these servers.
The management device for network equipment in an exemplary embodiment of this invention is also shown in Figure 1, and is composed of two management elements, a gateway and three servers with private addresses; the gateway also includes a receiver element, a construction element and a sender element; the receiver element receives the status information sent to the gateway by the servers with private addresses, the construction element constructs a status information table and the sender element sends the status information table to the element manager.
The status information table created by the construction element is composed of the appropriate domain, including the private address domain of the server, the port domain used by the server to send the message, the corresponding port domain of the server on the gateway and the communication protocol domain permitted by the server (e.g. if only UDP packets are allowed to pass) . For convenience, the status information table may also include a server identifier domain.
The method according to this invention enables network element managers located on public networks to directly access network equipment with a private address, allowing the use of large numbers of servers with private addresses within LANs without the need for public addresses, thereby reducing the need for public IP addresses .
In addition, the method according to this invention requires modifications to the software of the network equipment, but requires no modifications to the hardware components of the network equipment, and is therefore easy to implement and can be incorporated into hardware manufacturing at an extremely low cost.