As convergence of information technologies and communications technologies is continuously accelerated in recent years, a boundary between Internet communications and conventional wireless/fixed network communications has quickly faded away. To deal with challenges from Internet service carriers, global communications carriers accelerate deployment of converged communications services based on the Internet protocol (IP).
The Internet is open and access environments such as enterprises, individuals, families, and public places are complicated and diversified, so for converged communications carriers, many security and access challenges exist. In a process of promoting the converged communications services on the Internet, both protection of personal privacy or corporate secrets and how to ensure that a service smoothly reaches a core network of a converged communications carrier in various complicated network accessing environments are involved. When a converged communications service is used in an open Internet environment, a problem that some service traffic cannot reach a core network of a converged communications carrier exists, where the problem is caused by a port limit of a firewall, network address translation (NAT), application layer gateway (ALG) processing, or a limit of a proxy server, and furthermore, service data may be illegally eavesdropped or tampered because access of the Internet and the mobile Internet is dynamic and complicated. Based on the foregoing problems, how to implement secure traversing of service traffic and to ensure security and availability of converged communications services through a secure traversing solution is an essential factor for improving quality of converged communications services.
In the prior art, a network traversing solution based on a secure traversing gateway is provided, where the secure traversing gateway (STG) is deployed in a network of a carrier, an access capability of a hyper text transfer protocol (HTTP), a secure socket layer (SSL), an Internet protocol security (IPSec), a datagram transport layer security (DTLS) protocol, or a user datagram protocol (UDP) secure tunnel is provided, HTTP, SSL, IPSec, DTLS, and UDP secure tunnel client functions are implemented by a user service terminal, and various packets between a client and a converged communications server are transmitted through a negotiated HTTP, SSL, IPSec, DTLS, or UDP secure tunnel, thereby implementing traversing of network elements such as a firewall, a NAT, a proxy, a Web security gateway, and ensuring both security and a traversing capability of service data and quality of service.
However, in the prior art, the secure traversing gateway is deployed in a centralized manner in a core network of a converged communications carrier, and the converged communications carrier needs to purchase and maintain a secure traversing gateway device, so operating costs are high and expandability is poor.