原理

1、NAT穿越技术,为了解决NAT设备对P2P网络的通信限制
 
2、作用:检测网络中是否存在NAT设备,并获取两个通信端点经NAT设备分配的IP地址和端口号,然后建立一条可穿越NAT的P2P链接,实现P2P通信
 
3、cwmp:依据TR111实现STUN Server功能,CPE作为STUN Client,向STUN Server发送BINDING-REQUEST,CPE 通过BINDING-RESPONSE响应消息获取设备是否在NAT之后,以及NAT类型
 
4、原理:ACS是如何主动发起连接?
ACS能够自动检测到位于NAT设备或者gateway后面的设备(与STUN bind成功),然后发送UDP connection Request到STUN server,通过STUN server进行转发到与STUN server关联的内部CPE设备,进而CPE发起tr069规范中定义的6 connection request事件(TCP连接成功),在tcp连接超时时间范围内可进行设备管理操作。如果超时,ACS再次主动发送UDP connection Request,然后对设备进行管理操作
 

CPE侧实现

流程图:

 

TR111扩展的STUN数据模型

UDPConnectionRequestAddress
string(:256)
R
Address and port to which an ACS MAY send a UDP Connection Request to the CPE (see [Annex G/TR-069a2]). This parameter is represented in the form of an Authority element as defined in [RFC3986]. The value MUST be in one of the following two forms:
  • host:port
  • host When STUNEnable is true, the host and port portions of this parameter MUST represent the public address and port corresponding to the NAT binding through which the ACS can send UDP Connection Request messages (once this information is learned by the CPE through the use of STUN). When STUNEnable is false, the host and port portions of the URL MUST represent the local IP address and port on which the CPE is listening for UDP Connection Request messages. The second form of this parameter MAY be used only if the port value is equal to “80”.
-
1.0
UDPConnectionRequestAddressNotificationLimit
unsignedInt
W
The minimum time, in seconds, between Active Notifications resulting from changes to the UDPConnectionRequestAddress (if Active Notification is enabled).
-
1.0
STUNEnable
boolean
W
Enables or disables the use of STUN by the CPE. This applies only to the use of STUN in association with the ACS to allow UDP Connection Requests.
-
1.0
STUNServerAddress
string(:256)
W
Host name or IP address of the STUN server for the CPE to send Binding Requests if STUN is enabled via STUNEnable. If an empty string and STUNEnable is true, the CPE MUST use the address of the ACS extracted from the host portion of the ACS URL.
-
1.0
STUNServerPort
unsignedInt(0:65535)
W
Port number of the STUN server for the CPE to send Binding Requests if STUN is enabled via STUNEnable. By default, this SHOULD be the equal to the default STUN port, 3478.
-
1.0
STUNUsername
string(:256)
W
If not an empty string, the value of the STUN USERNAME attribute to be used in Binding Requests (only if message integrity has been requested by the STUN server). If an empty string, the CPE MUST NOT send STUN Binding Requests with message integrity.
-
1.0
STUNPassword
string(:256)
W

The value of the STUN Password to be used in computing the MESSAGE-INTEGRITY attribute to be used in Binding Requests (only if message integrity has been requested by the STUN server).

When read, this parameter returns an empty string, regardless of the actual value.
-
1.0
STUNMaximumKeepAlivePeriod
int(-1:)
W
If STUN Is enabled, the maximum period, in seconds, that STUN Binding Requests MUST be sent by the CPE for the purpose of maintaining the binding in the Gateway. This applies specifically to Binding Requests sent from the UDP Connection Request address and port. A value of -1 indicates that no maximum period is specified.
-
1.0
STUNMinimumKeepAlivePeriod
unsignedInt
W
If STUN Is enabled, the minimum period, in seconds, that STUN Binding Requests can be sent by the CPE for the purpose of maintaining the binding in the Gateway. This limit applies only to Binding Requests sent from the UDP Connection Request address and port, and only those that do not contain the BINDING-CHANGE attribute. This limit does not apply to retransmissions following the procedures defined in [RFC3489].
-
1.0
NATDetected
boolean
R
When STUN is enabled, this parameter indicates whether or not the CPE has detected address and/or port mapping in use. A true value indicates that the received MAPPED-ADDRESS in the most recent Binding Response differs from the CPE’s source address and port. When STUNEnable is false, this value MUST be false.
-
1.0

TR069实际实现

1、UDPConnectionRequestAddressNotificationLimit和STUNPassword、STUNUsername不实现
2、UDPConnectionRequestAddress和NATDetected为只读节点,通过inform报文发送

测试配置(XACS)

测试部环境:

1、远程控制10.50.100.254
2、开启stun进程指令后加一个&,使其在后台运行

禅道测试用例:

命令行测试stun功能:

/userfs/bin/stun-client 10.50.100.215 -v -p 0 -i 10.50.100.39   -min 30 -max 30 -sp 3478

页面配置测试stun功能:

报文

stun request+response:

 
request:

response:

重新inform上报UDPConnectionRequestAddress和NATDetected节点值

 

TR069-STUN的更多相关文章

  1. CWMP开源代码研究——stun的NAT穿透

    原创作品,转载请注明出处,严禁非法转载.如有错误,请留言! email:40879506@qq.com 参考: http://www.cnblogs.com/myblesh/p/6259765.htm ...

  2. Android学习——移植tr069程序到Android平台

    原创作品,转载请注明出处,严禁非法转载.如有错误,请留言! email:40879506@qq.com 声明:本系列涉及的开源程序代码学习和研究,严禁用于商业目的. 如有任何问题,欢迎和我交流.(企鹅 ...

  3. 关于tr069网管开发系列教程

    原创作品,转载请注明出处,严禁非法转载.如有错误,请留言! email:40879506@qq.com 声明:本系列涉及的开源程序代码学习和研究,严禁用于商业目的. 如有任何问题,欢迎和我交流.(企鹅 ...

  4. webrtc进阶-信令篇-之三:信令、stun、turn、ice

    webRTC支持点对点通讯,但是webRTC仍然需要服务端:  . 协调通讯过程中客户端之间需要交换元数据,    如一个客户端找到另一个客户端以及通知另一个客户端开始通讯.  . 需要处理NAT(网 ...

  5. STUN和TURN技术浅析

    转自:http://blog.csdn.net/yu_xiang/article/details/9227023 在现实Internet网络环境中,大多数计算机主机都位于防火墙或NAT之后,只有少部分 ...

  6. 实测可用的免费STUN服务器!

    实测可用的免费STUN服务器!     以实际ping延迟排序: stun.voipbuster.com 287ms stun.wirlab.net 320ms s1.taraba.net       ...

  7. Android IOS WebRTC 音视频开发总结(十一)-- stun&turn部署

    本篇文章主要介绍webrtc里面的stun,turn服务的安装与配置(转载请说明出处: http://www.cnblogs.com/lingyunhu, RTC.Blacker) 说到STUN,TU ...

  8. [转]webrtc学习: 部署stun和turn服务器

    [转]webrtc学习: 部署stun和turn服务器 http://www.cnblogs.com/lingdhox/p/4209659.html webrtc的P2P穿透部分是由libjingle ...

  9. [转]STUN和TURN技术浅析

    [转]STUN和TURN技术浅析 http://www.h3c.com.cn/MiniSite/Technology_Circle/Net_Reptile/The_Five/Home/Catalog/ ...

  10. P2P通信标准协议(一)之STUN

    前一段时间在P2P通信原理与实现中介绍了P2P打洞的基本原理和方法,我们可以根据其原理为自己的网络程序设计一套通信规则, 当然如果这套程序只有自己在使用是没什么问题的.可是在现实生活中,我们的程序往往 ...

随机推荐

  1. 释放搜索潜力:基于ES(ElasticSearch)打造高效的语义搜索系统,让信息尽在掌握

    释放搜索潜力:基于ES(ElasticSearch)打造高效的语义搜索系统,让信息尽在掌握[1.安装部署篇--简洁版],支持Linux/Windows部署安装 效果展示 PaddleNLP Pipel ...

  2. 中文多模态医学大模型智能分析X光片,实现影像诊断,完成医生问诊多轮对话

    中文多模态医学大模型智能分析X光片,实现影像诊断,完成医生问诊多轮对话 1.背景介绍介绍 最近,通用领域的大语言模型 (LLM),例如 ChatGPT,在遵循指令和产生类似人类响应方面取得了显著的成功 ...

  3. C/C++ 获取主机网卡MAC地址

    MAC地址(Media Access Control address),又称为物理地址或硬件地址,是网络适配器(网卡)在制造时被分配的全球唯一的48位地址.这个地址是数据链路层(OSI模型的第二层)的 ...

  4. C++ STL 标准模板库(排序/集合/适配器)算法

    C++ 标准模板库STL,是一个使用模板技术实现的通用程序库,该库由容器container,算法algorithm,迭代器iterator,容器和算法之间通过迭代器进行无缝连接,其中所包含的数据结构都 ...

  5. ubuntu16.04编译安装nginx1.24.0

    环境: Distributor ID: Ubuntu Description: Ubuntu 16.04.7 LTS Release: 16.04 Codename: xenial 安装包: pcre ...

  6. MySQL8.0配置my.cnf

    环境 centos7.9 mysql  Ver 8.0.32 因为是源码安装的MySQL8.0.32,查了一下MySQL 8.0之后源码中不包含my.cnf文件和my-default.cnf文件了. ...

  7. Docker从认识到实践再到底层原理(二-3)|LXC容器

    前言 那么这里博主先安利一些干货满满的专栏了! 首先是博主的高质量博客的汇总,这个专栏里面的博客,都是博主最最用心写的一部分,干货满满,希望对大家有帮助. 高质量博客汇总 然后就是博主最近最花时间的一 ...

  8. 蓝鲸:安装SaaS组件bk_monitor失败分析解决

    使用./bk_install saas-o 安装发现bk_monitor(蓝鲸监控)组件报错"ERROR deploy failed: timeout". 单独尝试安装各个组件: ...

  9. CentOS7 卸载/home 扩大/root空间

    卸载home 备份home分区文件 # 新系统无视 tar cvf /tmp/home.tar /home 修改fstab(这一步非常重要,千万别漏了) 准备卸载/home文件系统,centos启动时 ...

  10. Libata Error Message 解析

    Libata error messages     Contents [hide]  1 Overview 2 Prefix 3 Exception line 4 Input taskfile 5 O ...