首页 > 其他分享 >TR069-STUN

TR069-STUN

时间:2024-03-12 17:56:29浏览次数:24  
标签:1.0 Binding CPE TR069 Requests STUN port

原理

1、NAT穿越技术,为了解决NAT设备对P2P网络的通信限制   2、作用:检测网络中是否存在NAT设备,并获取两个通信端点经NAT设备分配的IP地址和端口号,然后建立一条可穿越NAT的P2P链接,实现P2P通信   3、cwmp:依据TR111实现STUN Server功能,CPE作为STUN Client,向STUN Server发送BINDING-REQUEST,CPE 通过BINDING-RESPONSE响应消息获取设备是否在NAT之后,以及NAT类型   4、原理:ACS是如何主动发起连接? ACS能够自动检测到位于NAT设备或者gateway后面的设备(与STUN bind成功),然后发送UDP connection Request到STUN server,通过STUN server进行转发到与STUN server关联的内部CPE设备,进而CPE发起tr069规范中定义的6 connection request事件(TCP连接成功),在tcp连接超时时间范围内可进行设备管理操作。如果超时,ACS再次主动发送UDP connection Request,然后对设备进行管理操作  

CPE侧实现

流程图:  

TR111扩展的STUN数据模型

UDPConnectionRequestAddress string(:256) R Address and port to which an ACS MAY send a UDP Connection Request to the CPE (see [Annex G/TR-069a2]). This parameter is represented in the form of an Authority element as defined in [RFC3986]. The value MUST be in one of the following two forms:
  • host:port
  • host When STUNEnable is true, the host and port portions of this parameter MUST represent the public address and port corresponding to the NAT binding through which the ACS can send UDP Connection Request messages (once this information is learned by the CPE through the use of STUN). When STUNEnable is false, the host and port portions of the URL MUST represent the local IP address and port on which the CPE is listening for UDP Connection Request messages. The second form of this parameter MAY be used only if the port value is equal to “80”.
- 1.0
UDPConnectionRequestAddressNotificationLimit unsignedInt W The minimum time, in seconds, between Active Notifications resulting from changes to the UDPConnectionRequestAddress (if Active Notification is enabled). - 1.0
STUNEnable boolean W Enables or disables the use of STUN by the CPE. This applies only to the use of STUN in association with the ACS to allow UDP Connection Requests. - 1.0
STUNServerAddress string(:256) W Host name or IP address of the STUN server for the CPE to send Binding Requests if STUN is enabled via STUNEnable. If an empty string and STUNEnable is true, the CPE MUST use the address of the ACS extracted from the host portion of the ACS URL. - 1.0
STUNServerPort unsignedInt(0:65535) W Port number of the STUN server for the CPE to send Binding Requests if STUN is enabled via STUNEnable. By default, this SHOULD be the equal to the default STUN port, 3478. - 1.0
STUNUsername string(:256) W If not an empty string, the value of the STUN USERNAME attribute to be used in Binding Requests (only if message integrity has been requested by the STUN server). If an empty string, the CPE MUST NOT send STUN Binding Requests with message integrity. - 1.0
STUNPassword string(:256) W

The value of the STUN Password to be used in computing the MESSAGE-INTEGRITY attribute to be used in Binding Requests (only if message integrity has been requested by the STUN server).

When read, this parameter returns an empty string, regardless of the actual value.

- 1.0
STUNMaximumKeepAlivePeriod int(-1:) W If STUN Is enabled, the maximum period, in seconds, that STUN Binding Requests MUST be sent by the CPE for the purpose of maintaining the binding in the Gateway. This applies specifically to Binding Requests sent from the UDP Connection Request address and port. A value of -1 indicates that no maximum period is specified. - 1.0
STUNMinimumKeepAlivePeriod unsignedInt W If STUN Is enabled, the minimum period, in seconds, that STUN Binding Requests can be sent by the CPE for the purpose of maintaining the binding in the Gateway. This limit applies only to Binding Requests sent from the UDP Connection Request address and port, and only those that do not contain the BINDING-CHANGE attribute. This limit does not apply to retransmissions following the procedures defined in [RFC3489]. - 1.0
NATDetected boolean R When STUN is enabled, this parameter indicates whether or not the CPE has detected address and/or port mapping in use. A true value indicates that the received MAPPED-ADDRESS in the most recent Binding Response differs from the CPE’s source address and port. When STUNEnable is false, this value MUST be false. - 1.0

TR069实际实现

测试配置(XACS)

命令行测试stun功能:

/userfs/bin/stun-client 10.50.100.215 -v -p 0 -i 10.50.100.39   -min 30 -max 30 -sp 3478

 

报文

stun request+response:

  request: response:

重新inform上报UDPConnectionRequestAddress和NATDetected节点值

   

标签:1.0,Binding,CPE,TR069,Requests,STUN,port
From: https://www.cnblogs.com/ameliazhou/p/18068883

相关文章

  • Docker部署ArthasTunnel
    1、下载ArthasTunnel的安装包下载地址:下载  2、部署由于官方只提供了JAR包,如果你想通过Docker方式启动的话,可以自行打包Docker镜像,打包使用的Dockerfile脚本如下:#该镜像需要依赖的基础镜像FROMopenjdk:8-jdk-alpine#将当前目录下的jar包复制到docker容器的/目录下A......
  • STUN,TURN,ICE,WebRTC
    参考:KavirajanST  : WhatisWebRTCandHowtoSetupSTUN/TURNServerforWebRTCCommunication?AndreyB. :Еnvironment:signaling,STUNandTURNserversMeddane : DemystifyingNATTraversalwithSTUNTURNandICE STUNSTUN的唯一目的是让防火墙后面的设......
  • stun 学习记录
    NAT网络拓扑NAT是将内网地址映射转换为外网地址的一种地址转换方式,这节省了有限的IP地址资源。一般来讲,分为对称型NAT和圆锥形NAT,其中圆锥形NAT又分为完全圆锥型NAT、IP限制圆锥型NAT、Port限制圆锥型NAT。1.完全圆锥型NAT完全圆锥型NAT是指同一个内网IP1+Port1向任何外网发送数据,......
  • WebRTC-STUN协议详解
    1、STUN协议概述STUN(SessionTraversalUtilitiesforNAT)NAT会话穿透工具,STUN是一个Client/Server协议,支持请求/响应类型、指示类型两种类型。STUN作为ICE(InteractiveConnectivityEstablishment,交互式连接建立)解决方案的一种工具使用,STUN协议本身没有穿透等能力,只是为穿透提供反......
  • tr069 节点模板定义c语言
    #include<stdio.h>/*Signed*/typedefsignedcharint8_t;typedefshortintint16_t;typedefintint32_t;/*Unsigned.*/typedefunsignedcharuint8_t;typedefunsignedshortintuint16_t;typedefunsignedint......
  • TR069百科
    TR069是CPE和ACS之间沟通的通讯协定。CPE可以借着这个协定完成服务开通、功能设定、档案上传下载、系统检测等等初始化及营运管理的必须动作。 [1] TR-069全名是TechnicalReport-069是由DSLForum(之后更名为BroadbandForum)的技术标准制定组织在2004年五月发......
  • 【pytest】 pytest自定义标记 PytestUnknownMarkWarning处理方式
    未注册标记会出现warningssummary-- PytestUnknownMarkWarningPytestUnknownMarkWarning:Unknownpytest.mark.demo-isthisatypo?Youcanregistercustommarkstoavoidthiswarning-fordetails,seehttps://docs.pytest.org/en/stable/how-to/mark.html@......
  • stunnel加密通道使用实践
    今天用了半天的时间把内网与外网服务器代理加密通道调通了。以后就可以以外网服务器的IP地址来访问网站了。下边是今天架设通道的经验总结,stunnel服务器端安装及设置我的服......
  • WebRTC - STUN/TURN服务器的搭建(使用coturn)
    在进行WebRTC通信时,节点间会按照如下顺序获取对方的地址:1)如果双端在同一个内网,直接用内网IP通信;2)通过STUN服务器,为双端构造可以直接访问的地址,打造一条可以穿透NAT的通路......
  • centos7上安装coturn搭建turn/stun服务-WebRTC
    coturn是一个免费的开源的TURN/STUN服务器。coturn服务器完整的实现了STUN/TURN/ICE协议,支持P2P穿透防火墙。1.STUN服务器用于获取设备的外部网络地址。2.TURN服务器是在......