Peer-to-Peer (P2P) technology, also called P2P Internet technology, equally connects nodes of a network to each other, and each host node functions as both to client and server. At present, in the P2P technology, symmetrical Network Address Translation (NAT) traversal is mainly realized by relay. By deploying a relay server on the Internet, a public network address-port (IP-Port) pair of a session is acquired before this session is actually initialized and the public network IP-Port pair is taken as the address information of a user of the session.
FIG. 1 shows a schematic structure diagram of a network for solving symmetrical NAT traversal according to related art. The User Equipment (UE) 101 is a terminal device used by a user; the NAT 102 is located between the UE and the Internet and responsible for shielding the access to this UE; the media relay control server 103 is responsible for allocating the media relay device 104 for a user session and controlling the media relay device 104 to reserve resource for the user session; the media relay device 104 is responsible for forwarding communication data for two parties of the communication. Generally, the media relay control server 103 and the media relay device 104 are located in a public Internet.
If a UE A and a UE B are to perform media communication therebetween, they need to perform session negotiation first, then establish a P2P connection between the UE A and the UE B and notify each other of their public IP-Port pairs. FIG. 2 shows a flowchart of a process of solving NAT traversal based on a relay technology and establishing a P2P connection between user nodes, wherein the process mainly comprises the following steps.
Step 201: before a session is initialized, both UE A and UE B need to register in a media relay control server. When establishing the session, the UE A transmits a session request to the media relay control server, wherein the request carries a first destination address-port pair A1 of the UE A for receiving response information from the UE B.
Step 202: the relay control server requests a media relay device to reserve media resource for this session. The media resource allocated by the media relay device includes a first public IP-Port pair used for receiving a media data packet transmitted from the UE A and a second public IP-Port pair used for receiving a media data packet transmitted from the UE B, and then a binding relationship of data forwarding between the first public IP-Port pair and the second public IP-Port pair is established.
Step 203: the media relay device returns the reserved media resource information to the media relay control server; meanwhile, the media relay device begins monitoring data on the reserved resource, that is, on the first public IP-Port pair and the second public IP-Port pair.
Step 204: the media relay control server replaces the first destination IP-Port pair A1 in the session request message with the first public IP-Port pair.
Step 205: the media relay control server forwards the replaced session request message to the UE B.
Step 206: the UE B receives the session request, extracts the first public IP-Port pair from the session request message as the communication address information of the UE A, and returns an acknowledgement response message to the media relay control server; wherein the response message includes a second destination IP-Port pair B1 of the UE B for receiving response information from the UE A.
Step 207: the media relay control server replaces the second destination IP-Port pair B1 in the acknowledgement response message with the second public IP-Port pair.
Step 208: the UE A receives a session acknowledgment response message, extracts the second public IP-Port pair from the acknowledgment response message as the communication address information of the UE B.
Step 209 to Step 210: the UE A and the UE B establish a media channel therebetween through the media relay device to perform media communication.
FIG. 3 shows a flowchart of establishing a media channel between a UE A, a UE B and a media relay device according to a related art, wherein the process mainly comprises the following steps.
Step 301: after receiving a session acknowledgement response message from the UE B, the UE A transmits a first media data packet to the UE B; since the UE A extracts the second public IP-Port pair from the acknowledgment response message as the communication address of the UE B, the media data packet of the UE A is transmitted to the second public IP-Port pair of the media relay device.
Step 302: the media relay device receives the first media data packet from the UE A, establishes a binding relationship between a first destination IP-Port pair A2 (that is, a media plane address-port pair of the UE A) and the second public IP-Port pair, and caches the media data packet transmitted from the UE A until a media data packet from the UE B is received.
Step 303: the UE B transmits a first media data packet to the UE A, wherein the media data packet is transmitted to the first public IP-Port pair of the media relay device.
Step 304: the media relay device receives the first media data packet from the UE B, establishes a binding relationship between a second destination IP-Port pair B2 (that is, a media plane address-port pair of the UE B) and the first public IP-Port pair, and caches the media data packet transmitted from the UE B until a media data packet from the UE A is received.
Step 305 to Step 306: after receiving the first media data packet from the UE A and the UE B respectively, the media relay device establishes an association relationship among the first destination IP-Port pair A2, the second public IP-Port pair, the first public IP-Port pair and the second destination IP-Port pair B2, forwards the data received by the second public IP-Port pair to the UE B through the first public IP-Port pair and forwards the data received by the first public IP-Port pair to the UE A through the second public IP-Port pair based on the association relationship.
Step 307 to Step 308: subsequent media data packets between the UE A and the UE B are forwarded through the media relay device based on the association relationship.
Step 301 to Step 302 and Step 303 to Step 304 can be executed simultaneously; however, Step 305 and the following steps only can be executed after Step 301 to Step 304 is executed.
From the processes shown in FIG. 2 and FIG. 3, it can be seen that, in the related art, after pre-allocating two public IP-Port pairs, the media relay device begins monitoring the two ports; when a first media data packet is received on a public IP-Port pair, the media relay device binds the source IP-Port of the media data packet with this public IP-Port and forwards the media data packet to the final destination IP-Port through the other public IP-Port pair. Therefore, when the first media data packet received by the media relay device on a public IP-Port pair is malicious, the establishment of the media channel would fail.