原理

1、NAT穿越技术,为了解决NAT设备对P2P网络的通信限制
 
2、作用:检测网络中是否存在NAT设备,并获取两个通信端点经NAT设备分配的IP地址和端口号,然后建立一条可穿越NAT的P2P链接,实现P2P通信
 
3、cwmp:依据TR111实现STUN Server功能,CPE作为STUN Client,向STUN Server发送BINDING-REQUEST,CPE 通过BINDING-RESPONSE响应消息获取设备是否在NAT之后,以及NAT类型
 
4、原理:ACS是如何主动发起连接?
ACS能够自动检测到位于NAT设备或者gateway后面的设备(与STUN bind成功),然后发送UDP connection Request到STUN server,通过STUN server进行转发到与STUN server关联的内部CPE设备,进而CPE发起tr069规范中定义的6 connection request事件(TCP连接成功),在tcp连接超时时间范围内可进行设备管理操作。如果超时,ACS再次主动发送UDP connection Request,然后对设备进行管理操作
 

CPE侧实现

流程图:

 

TR111扩展的STUN数据模型

UDPConnectionRequestAddress
string(:256)
R
Address and port to which an ACS MAY send a UDP Connection Request to the CPE (see [Annex G/TR-069a2]). This parameter is represented in the form of an Authority element as defined in [RFC3986]. The value MUST be in one of the following two forms:
  • host:port
  • host When STUNEnable is true, the host and port portions of this parameter MUST represent the public address and port corresponding to the NAT binding through which the ACS can send UDP Connection Request messages (once this information is learned by the CPE through the use of STUN). When STUNEnable is false, the host and port portions of the URL MUST represent the local IP address and port on which the CPE is listening for UDP Connection Request messages. The second form of this parameter MAY be used only if the port value is equal to “80”.
-
1.0
UDPConnectionRequestAddressNotificationLimit
unsignedInt
W
The minimum time, in seconds, between Active Notifications resulting from changes to the UDPConnectionRequestAddress (if Active Notification is enabled).
-
1.0
STUNEnable
boolean
W
Enables or disables the use of STUN by the CPE. This applies only to the use of STUN in association with the ACS to allow UDP Connection Requests.
-
1.0
STUNServerAddress
string(:256)
W
Host name or IP address of the STUN server for the CPE to send Binding Requests if STUN is enabled via STUNEnable. If an empty string and STUNEnable is true, the CPE MUST use the address of the ACS extracted from the host portion of the ACS URL.
-
1.0
STUNServerPort
unsignedInt(0:65535)
W
Port number of the STUN server for the CPE to send Binding Requests if STUN is enabled via STUNEnable. By default, this SHOULD be the equal to the default STUN port, 3478.
-
1.0
STUNUsername
string(:256)
W
If not an empty string, the value of the STUN USERNAME attribute to be used in Binding Requests (only if message integrity has been requested by the STUN server). If an empty string, the CPE MUST NOT send STUN Binding Requests with message integrity.
-
1.0
STUNPassword
string(:256)
W

The value of the STUN Password to be used in computing the MESSAGE-INTEGRITY attribute to be used in Binding Requests (only if message integrity has been requested by the STUN server).

When read, this parameter returns an empty string, regardless of the actual value.
-
1.0
STUNMaximumKeepAlivePeriod
int(-1:)
W
If STUN Is enabled, the maximum period, in seconds, that STUN Binding Requests MUST be sent by the CPE for the purpose of maintaining the binding in the Gateway. This applies specifically to Binding Requests sent from the UDP Connection Request address and port. A value of -1 indicates that no maximum period is specified.
-
1.0
STUNMinimumKeepAlivePeriod
unsignedInt
W
If STUN Is enabled, the minimum period, in seconds, that STUN Binding Requests can be sent by the CPE for the purpose of maintaining the binding in the Gateway. This limit applies only to Binding Requests sent from the UDP Connection Request address and port, and only those that do not contain the BINDING-CHANGE attribute. This limit does not apply to retransmissions following the procedures defined in [RFC3489].
-
1.0
NATDetected
boolean
R
When STUN is enabled, this parameter indicates whether or not the CPE has detected address and/or port mapping in use. A true value indicates that the received MAPPED-ADDRESS in the most recent Binding Response differs from the CPE’s source address and port. When STUNEnable is false, this value MUST be false.
-
1.0

TR069实际实现

1、UDPConnectionRequestAddressNotificationLimit和STUNPassword、STUNUsername不实现
2、UDPConnectionRequestAddress和NATDetected为只读节点,通过inform报文发送

测试配置(XACS)

测试部环境:

1、远程控制10.50.100.254
2、开启stun进程指令后加一个&,使其在后台运行

禅道测试用例:

命令行测试stun功能:

/userfs/bin/stun-client 10.50.100.215 -v -p 0 -i 10.50.100.39   -min 30 -max 30 -sp 3478

页面配置测试stun功能:

报文

stun request+response:

 
request:

response:

重新inform上报UDPConnectionRequestAddress和NATDetected节点值

 

TR069-STUN的更多相关文章

  1. CWMP开源代码研究——stun的NAT穿透

    原创作品,转载请注明出处,严禁非法转载.如有错误,请留言! email:40879506@qq.com 参考: http://www.cnblogs.com/myblesh/p/6259765.htm ...

  2. Android学习——移植tr069程序到Android平台

    原创作品,转载请注明出处,严禁非法转载.如有错误,请留言! email:40879506@qq.com 声明:本系列涉及的开源程序代码学习和研究,严禁用于商业目的. 如有任何问题,欢迎和我交流.(企鹅 ...

  3. 关于tr069网管开发系列教程

    原创作品,转载请注明出处,严禁非法转载.如有错误,请留言! email:40879506@qq.com 声明:本系列涉及的开源程序代码学习和研究,严禁用于商业目的. 如有任何问题,欢迎和我交流.(企鹅 ...

  4. webrtc进阶-信令篇-之三:信令、stun、turn、ice

    webRTC支持点对点通讯,但是webRTC仍然需要服务端:  . 协调通讯过程中客户端之间需要交换元数据,    如一个客户端找到另一个客户端以及通知另一个客户端开始通讯.  . 需要处理NAT(网 ...

  5. STUN和TURN技术浅析

    转自:http://blog.csdn.net/yu_xiang/article/details/9227023 在现实Internet网络环境中,大多数计算机主机都位于防火墙或NAT之后,只有少部分 ...

  6. 实测可用的免费STUN服务器!

    实测可用的免费STUN服务器!     以实际ping延迟排序: stun.voipbuster.com 287ms stun.wirlab.net 320ms s1.taraba.net       ...

  7. Android IOS WebRTC 音视频开发总结(十一)-- stun&turn部署

    本篇文章主要介绍webrtc里面的stun,turn服务的安装与配置(转载请说明出处: http://www.cnblogs.com/lingyunhu, RTC.Blacker) 说到STUN,TU ...

  8. [转]webrtc学习: 部署stun和turn服务器

    [转]webrtc学习: 部署stun和turn服务器 http://www.cnblogs.com/lingdhox/p/4209659.html webrtc的P2P穿透部分是由libjingle ...

  9. [转]STUN和TURN技术浅析

    [转]STUN和TURN技术浅析 http://www.h3c.com.cn/MiniSite/Technology_Circle/Net_Reptile/The_Five/Home/Catalog/ ...

  10. P2P通信标准协议(一)之STUN

    前一段时间在P2P通信原理与实现中介绍了P2P打洞的基本原理和方法,我们可以根据其原理为自己的网络程序设计一套通信规则, 当然如果这套程序只有自己在使用是没什么问题的.可是在现实生活中,我们的程序往往 ...

随机推荐

  1. 人工智能创新挑战赛:海洋气象预测Baseline[4]完整版(TensorFlow、torch版本)含数据转化、模型构建、MLP、TCNN+RNN、LSTM模型训练以及预测

    人工智能创新挑战赛:海洋气象预测Baseline[4]完整版(TensorFlow.torch版本)含数据转化.模型构建.MLP.TCNN+RNN.LSTM模型训练以及预测 1.赛题简介 项目链接以及 ...

  2. 6.2 Windows驱动开发:内核枚举SSSDT表基址

    在Windows内核中,SSSDT(System Service Shadow Descriptor Table)是SSDT(System Service Descriptor Table)的一种变种 ...

  3. SpringBoot分布式任务中间件开发 附视频讲解 (手把手教你开发和使用中间件)

    作者:小傅哥 博客:https://bugstack.cn 沉淀.分享.成长,让自己和他人都能有所收获! 分布式任务DcsSchedule中间件,Github地址:https://github.com ...

  4. node版本控制工具nvm安装教程

    一.安装nvm 查看node对应NPM:https://nodejs.org/en/about/previous-releases 1.卸载node,后删除node文件夹里的所有内容 2:安装nvm管 ...

  5. Linux下开发基于.NET的三维绘图程序

    很多人可能知道使用.NET Core可以开发跨平台(包括Windows,Linux.MacOS)的App,但知道在Linux下使用.NET Core可以开发三维程序的恐怕就很少了.本文通过借助.NET ...

  6. 俄大神 lopatkin Windows 精简优化系统 - 工具软件

    昨天有个网友邮件我,说是想找个Tiny7 Rev2的ISO操作系统文件,但是我找了下,以前的那些文件有些已经删除了,所以就在网上搜到了俄大神 lopatkin Windows 精简优化系统,特此放到网 ...

  7. java的char类型,只有两个字节,为什么可以存储汉字?java中 char详解

    我自己出了一道面试题,如下: public static void main(String[] args) { char a = '9'; char b = 9; char c = '我'; Syst ...

  8. .NET Core 在 K8S 上的开发实践--学习笔记

    摘要 本主题受众是架构师,开发人员,互联网企业 IT 运维人员.大纲:1. K8S 对应用的要求:2. .NET Core 上 K8S 的优势:3. K8S 下的 .NET Core 配置:4. .N ...

  9. NVME(学习笔记三)—PMR

    PMR(Persistent Memory Region)持久性内存区域 NVM Express在2019年完成了NVMe 1.4规范的制定,新的NVMe协议带来了大量的全新特性,尤其在纠错.强化性能 ...

  10. 阿里数据库SRE(转)

    SRE的职责划分却不尽相同,那么SRE究竟在做什么? SRE的职责 SRE主要负责Google所有核心业务系统的可用性.性能.容量相关的事情,根据<Site Reliability Engine ...