Lu Yin,Shi Jin,Huang Hao,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386x.2007.09.003

2005-01-01

Abstract:To ensure the network security in the period of IPv4/IPv6 transition and co-existence is the key for NGI evolution.This paper proposes a novel secure gateway system model based on NAT/PT-NAPTSG,which is aimed at providing the function of high-performance access control and interconnections on the IPv4/IPv6 network border.The considerations about its design is discussed in detail.In the last part of the(paper),the working progress of prototype and testing is described.

邢飞,伍卫国,刘轶,钱德沛

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.19.037

2003-01-01

Abstract:IPSec has become a main tunneling technology in creating virtual private networks (VPN). However, it is shown that widespread network address translation (NAT) devices are becoming major barriers to the deployment of IPSec-based VPNs. In this paper, the incompatibility between IPSee and NAT/NAPT is clarified in detail, then two plausible solutions, RSFP and UDP encapsulation are introduced. After comparing these two proposals, a conclusion is drawn that the latter proposal will be a feasible and promising candidate to resolve the problem between IPSec and NAT.

Peng Wu,Yong Cui,Mingwei Xu,Jianping Wu,Xing Li,Chris Metz,Shengling Wang

DOI: https://doi.org/10.1109/glocom.2010.5683446

2010-01-01

Abstract:IPv6 transition problem has become one of the key factors which are holding up the development of the next generation Internet. Aiming to solve IPv6 transition problem, several translation and tunneling techniques have been proposed, satisfying the demand of IPv4-IPv6 interconnection and traversing respectively. However, translation techniques can't convert the semantic between IPv4 and IPv6 protocol perfectly, and they have serious limitations in operation complexity and scalability. Researchers tried to decompose, simplify these problems and improve translation techniques accordingly, but they've come to little achievement since these problems result from the very nature of translation. We propose a novel approach of choosing appropriate translation spot to solve these problems in a different angle, and hence make effective use of translation technique. Then we propose a framework for IPv4-IPv6 coexistence called PET, which integrates tunneling and translation to support both traversing and IPv4-IPv6 interconnection, and uses them properly to constitute communication models in different scenarios. Moreover, we put forward PET signaling method to achieve automatic translation spot election and translation context advertisement, as a complement to the framework.

SU Jing,ZHANG Huisheng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.20.046

2006-01-01

Abstract:With the explosion of the IP network service, such as NGN, 3G, transiting to the IPv6 network is on the agenda. Using tunnels is themost easily method to choose. However, NAT devices in the path will be a big tough thing in the transition to IPv6 network. This paper focuses onhow to across the NAT device using IPv4 UDP tunnel after analyzing the normal tunnel mechanism and Teredo tunnel, then produces the applicationmethod of fixed network and GPRS network.

Li Xiaozhan,Pan Jin-gui

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.02.057

2007-01-01

Abstract:The new version of IP protocol—IPv6 appears with the development of network,but IPSec of IPv6 conflicts with NAT of present network.In order to solve this problem,and promotes that IPv4 shifts toward IPv6 favorably.This paper introduces the basic theory of IPSec and Network Address Transform(NAT) protocol at first,then introduces the conflicts between IPSec and NAT protocol,at last,it anatomies two ways to solve these conflicts.

Jia Xuefeng,Wang Xueping,Gao Haifeng

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.06.074

2008-01-01

Abstract:With the mass deployment of NAT equipments,one of the urgent problems for P2P is that how can each client node behind NAT to find others and to establish the direct connection.This paper discusses a TCP-based NAT traversal model after the existing traversal methods being analyzed and presents the details for its realization.

包亮,潘金贵

DOI: https://doi.org/10.3969/j.issn.1002-137X.2001.07.010

2001-01-01

Computer Science

Abstract:Since Network Address Translation (NAT)systems, which will translate address between two address realms,were first introduced to solve the address shortage problem,they have been adopted in many domains. In this paper, basic principles, primary forms and application will be discussed. And some countermeasure on the co-exist with IPSec will be given.

Xiangbin Cheng,Jun Bi,Xing Li,Jianping Wu

DOI: https://doi.org/10.1109/ipc.2007.43

2007-01-01

Abstract:Along with the development of IPv6, native IPv6 networks will begin to appear. It would be helpful if we can provide an effective mechanism for existing IPv4- only applications to work in those native IPv6 networks. In this paper, we analyze the problems of some current transition methods, and present a new mechanism based on Tunnels-Between-Hosts. Our strategy is to provide the IPv4-only application with a temporary IPv4 "virtual address", which is negotiated directly between two communicating hosts using IPv6. We give a detailed description of our mechanism and compare it with some other mechanisms.

Lei Yu,Tongping Shen,Sheng Hu,Fangliang Huang

DOI: https://doi.org/10.1109/IMCEC46724.2019.8984136

2019-10-01

Abstract:The technology of NAT (Network Address Translation) efficiently relieves the shortage pressure of IPv4 address, and it plays an important role in protecting network security. The technology development of P2P (Peer to Peer) changed the traditional structure of C/S and made communication parities can exchange information and resources directly and quickly. However, the existence of NAT has certain influence to the application of NAT. Based on this condition, the P2P solution that traverses NAT was put forwarded. The program is consist of P2P Server and P2P client, and the server runs on a computer that has a public network IP, and the client runs behind two different NATs, to simulate NAT traversal by Socket program for realizing P2P communication. The experiment result shows that P2P communication between two hosts locates behind NAT can be realized without interactive data passing through the central server.

Computer Science

Liwei Yang,Kai Lei

DOI: https://doi.org/10.1109/iccsnt.2016.8070224

2016-01-01

Abstract:Internet of Things, online games and live streaming are the most popular online services today. However, they have problems dealing with Network Address Translation (NAT) since they are all based on P2P communication. Conventional NAT traversal techniques are based on STUN and TURN protocol, which classify NAT into four categories for traversal. But this classification standard of NAT is obsoleted by a new standard in RFC 5128, which means these techniques are not suitable for all the NAT devices today. In this paper, we proposed a NAT traversal solution which combines ICE and SIP protocol in the new classification standard of NAT. Then we implemented a NAT traversal system according to our solution and tested it in the real network environment. The test result shows that the system achieves high rate of traversal in different NAT networks.

Yong Cui,Xing Li,Mingwei Xu,C. Metz,Jianping Wu,Shengling Wang,Peng Wu

2010-01-01

Abstract:IPv6 offers significant advantages over IPv4. However IPv4 and IPv6 protocols are expected to coexist during a long period. Currently, there are many IPv4/IPv6 transition/coexistence technologies, which can be generally devided into two kinds: translation and tunneling. In some typical transition scenarios, both tunneling and translation are needed. However, either translation or tunneling has limitation and application scope. In addition to the IP versions of source networks and destination networks, the IP version of transport network (the middle part along end-to-end path) also plays an important role during IPv4/IPv6 transition/coexistence. Therefore, we need to decide which transition methods should be used in different typical transition scenarios and how transition and tunneling collaborate for solving transition/coexistence problems. This draft presents an IPv4-IPv6 transition/coexistence framework named PET (short for Prefixing, Encapsulation and Translation), which is a network side solution. PET includes fundamental elements needed in transition scenarios, which provides the flexibility for network operators to decide the proper transition technology. In addition, this draft also addresses how to deploy PETs and analyze the advantages and disadvantages of typical transition technologies that PET may adopt.

祝芝梅,李之棠

2004-01-01

Abstract:This article introduces the basic theory of IPSec and network address transform (NAT) protocol at first,then introduces the conflict between IPSec and NAT protocol;at last, explains the way to solve this conflict IPSec NAT-traversal by UDP encapsulation.

Yong Cui,Gang Chen,Linjian Song,Deng Hui,Bo Zhou,Mingwei Xu

2009-01-01

Abstract:For the rapid exhaustion of IPv4 address pool against the slow development of IPv6, IPv4/6 coexistence/transition proved to be a long period. In the IPv4/6 transition process, there are many NAT- like technologies existing in the internet. However the NAT boxes such as IPv4 NAT, IPv4/6 NAT is insufficient in their reliability and scalability, which might cause a single point of failure in IPv4/6 transition architecture. This document defines a reliable and scalable NAT(RS-NAT) mechanism to solve the problem.

CHEN Zhi-xiang,LU Yin,LU Sang-lu,CHEN Dao-xu

2007-01-01

Journal of Computer Applications

Abstract:This paper described the design of a security gateway based on protocol translation in IPv4-IPv6 hybrid network, and implemented a security gateway prototype system based on Linux 2.6 kernel netfilter framework. The prototype system tracks up-layer UDP/TCP connections based on protocol translation and it performs hybrid end-to-end access control policies. Experimental testing results indicate that it has small latency during end-to-end packet transmission and may satisfy the needs of enterprise networking.

Xiaoxiang Leng,Jun Bi,Miao Zhang,Jianping Wu

DOI: https://doi.org/10.1007/s10922-007-9071-z

2007-01-01

Journal of Network and Systems Management

Abstract:During the transition from IPv4 to IPv6, the IPv6 islands inside the IPv4 networks need to communicate with each other and with the native IPv6 network. The drawback of existing IPv6 transition methods is that relay gateways become potential communication bottlenecks. In this paper, a new method—PS64—is presented to connect IPv6 islands together over IPv4 network and reduce the reliance on these relays by shifting the burden to edge gateways on each island. In this method, direct tunnels are set up between the IPv6 islands, and a P2P network is maintained between edge gateways of these islands to propagate information of tunnel end points. After describing the algorithm, we analyze the connectivity of the P2P network, the scalability of this algorithm, and present the prototype and experiments. The results of our analysis and experiments show that the proposed method is reliable, scalable and effective. Obviously, this technique works for all IPvX over IPvY situations.

Yong Cui,Jianping Wu,Xing Li,Mingwei Xu,Shengling Wang

2009-01-01

Abstract:IPv6 offers significant advantages over IPv4, however it will take long time to replace IPv4 with IPv6. Therefore, these two protocols are expected to coexist during the transition period. Currently, there are many transition devices deployed to solve transition problems. Most of them only use one technology (either translation or tunneling). However, any transition technology has limitation and application scope. In transition scenarios, besides IP version of source, middle and destination network, the network characteristic (a regular edge network or a backbone) has key impact on system performance of transition methods. Therefore, we need to decide which transition method should be used in some typical transition scenarios and how the transition and tunneling devices collaborate for solving transition problems. This draft introduces a smart toolbox named PET (shortfor Prefixing, encapsulation and translation) which includes all fundamental elements needed in all transition scenarios, such as the control and data plane operations of tunneling and translation. Based on PET, we propose a network side transition solution. In this framework, there deploys only one kind of transition device, i.e. PET. Through the collaboration of PETs, the transition problems can be solved. In this draft, we give the advantages and disadvantages of all transition methods PET may adopt according to IP version of source, middle and destination network, and the network characteristic.

MA Yi-tao,XUE Zhi,WANG Yi-jun

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.04.024

2008-01-01

Abstract:The principles of both Network Address Translation(NAT) and NAT Traversal techniques based on TCP protocol are described in this paper. The paper focuses on a simple but robust NAT Traversal technique, which is known as "TCP Hole Punching". In addition, this paper analyzes some defects of the currently used "TCP Hole Punching", i.e. NATBalster[4], and provides some improved methods toward them. The success rate is increased by 5 percent.

沈燕然,张青山,王新,薛向阳

2008-01-01

Abstract:Development of IPv6 networks brought the need of secure communication between private networks and different kind of personal devices.Secure and scalable communication protection scheme is required.While IPSec-VPN is a popular solution,it has several drawbacks such as forced requirement of accessor's knowledge about VPN gateways.In this paper,we proposed a new IPSec-VPN packaging mode-hybrid mode,and gave the implementation of it using Linux kernel netfiltering scheme.Applications show that the hybrid-mode IPSec-VPN works well for different VPN topologies and makes VPN gateways transparent to users.

WANG Hai-yang,XU Ke,LI Zhao,WANG Ji-cheng,FU Li-zheng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.10.004

2006-01-01

Abstract:Interconnection of IPv4 networks over IPv6 backbones are required by the development of CNGI project as IPv6 backbones come forth. However, there are no suitable transition mechanisms available to satisfy the demand of complex routing and packets propagation at present. In this paper, we propose a mechanism, denoted 4to6,to meet the requirement abore. The 4to6 is a kind of automatic-tunnel that can help an router to discover other 4to6 routers and build an virtual-link-topology for the standard routing protocols by which the reachable routing information of IPv4 networks is spread. Based on the route information above, the packets are forwarded accordingly. They aro converted into the encapsulated IPv6 packets and then decapsulated back to the IPv4 packets at the borderland of 4over6 router. The implementation and analysis show that 4to6 mechanism is suitable for large-scale and high performance network interconnections in the complicated environments. The 4to6 is significant for the development of the automatic-tunnel mechanism in Ipv6 backbones.

Peng Wu,Yong Cui,Mingwei Xu,Jiang Dong,Chris Metz

DOI: https://doi.org/10.1007/s13119-011-0005-4

2011-01-01

Networking Science

Abstract:The IPv6 transition problem has become the most urgent and practical obstacle holding back the development of the next generation Internet. Various translation and tunneling techniques have been proposed to solve the transition problem. Tunneling satisfies the demand of IPv4-IPv6 traversing while translation achieves IPv4-IPv6 interconnection. However, translation faces several challenges including heterogeneous addressing, operation complexity and scalability issues. Although researchers have attempted to decompose and simplify these problems, little achievement has been made due to these problems being bound to the very nature of translation. In this paper we propose a novel translation spot selection approach that solves the existing issues from a new angle and hence makes effective use of translation techniques. Based on this approach, we propose a transition framework for transit and edge networks. This framework integrates tunneling and translation to support both traversing and IPv4-IPv6 interconnection, and uses them to create communication models flexibly for different demand scenarios. Moreover, we present signaling methods for both cases, to achieve automatic translation spot selection and context advertisement.