Nothing Special   »   [go: up one dir, main page]

WO2006121278A1 - Method and apparatus for relaying remote access from a public network to a local network - Google Patents

Method and apparatus for relaying remote access from a public network to a local network Download PDF

Info

Publication number
WO2006121278A1
WO2006121278A1 PCT/KR2006/001729 KR2006001729W WO2006121278A1 WO 2006121278 A1 WO2006121278 A1 WO 2006121278A1 KR 2006001729 W KR2006001729 W KR 2006001729W WO 2006121278 A1 WO2006121278 A1 WO 2006121278A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
tunneling
connection information
server
agent
Prior art date
Application number
PCT/KR2006/001729
Other languages
French (fr)
Inventor
Kyung Ju Lee
Yu Kyoung Song
Original Assignee
Lg Electronics Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lg Electronics Inc. filed Critical Lg Electronics Inc.
Publication of WO2006121278A1 publication Critical patent/WO2006121278A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/2818Controlling appliance services of a home automation network by calling their functionalities from a device located outside both the home and the home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/2847Home automation networks characterised by the type of home appliance used
    • H04L2012/2849Audio/video appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets

Definitions

  • the present invention relates to method and apparatus for relaying remote access from a public network to a local network such as a home network.
  • the UPnP Universal Plug and Play
  • every home network requires a device for assigning addresses to elements or nodes connected to the network.
  • the device is assigned a public IP address and thus additionally acts as a gateway to a public network to enable devices on the home network to communicate with external networks (e.g., the Internet).
  • Such a device is called an Internet gateway device (IGD) .
  • IGD Internet gateway device
  • the IGD can be a stand-alone device or embedded within another apparatus such as a PC or refrigerator.
  • each of devices on the home network is generally assigned a private IP address available only on the home network instead of a public IP address.
  • the user of the home network can request query or control for a device on the home network using a device on the home network.
  • the user may also want to request remote query or control for a device on the home network.
  • a terminal which has a public IP address should communicate with a home network device which has a private IP address via the Internet; therefore an address conversion between public IP addresses and private IP addresses is required for exchanging messages. Such a conversion is called the IP tunneling.
  • the virtual private network (VPN) client-server system is one method for tunneling.
  • a VPN client is executed on a remote device which requests a remote access to a device on the home network and the target device or a gateway device of the home network is equipped with a VPN server, between which the address conversion is performed.
  • the remote terminal can communicate with a device on the local network via the public network as if the remote device were directly connected to the local network, as shown in FIG. 1.
  • the remote terminal accesses the home network via the Internet as shown in FIG. 1.
  • data packets may be lost or a significant amount of data transmission delay may occur on the Internet.
  • the probability of data loss and data transmission delay increase in proportion to the length of the path across which data packets travel. Therefore, the data loss and data transmission delay may become critical when the home network is accessed from a remote site which is distant from the home network.
  • a method for relaying remote access to a local network selects one tunneling agent from among a plurality of tunneling agents and provides connection information for the tunneling agent if a request for connection information for remote access is received and converts a tunneling message created for remote access and received via a first network to a tunneling message for a second network, and relays the tunneling message to a gateway device of the local network, connected to the second network.
  • Another method for relaying remote access to a local network establishes a first tunnel for VPN on a public network and a second tunnel for VPN on a proprietary network built by an ISP which provides Internet service for the local network and relays messages exchanged between a device connected to the public network and a device connected to the local network with tunneling via the first tunnel and the second tunnel .
  • a method for supporting remote access to a local network stores connection information for a server connected to a first or a second network and provides the stored connection information if there is a request from a remote device, the server storing connection information for a plurality of tunneling agents.
  • a method for remote access to a local network obtains connection information for a tunneling agent by connecting to a server connected to a first network using connection information for the server, connects to the tunneling agent using the obtained connection information, and connects to a gateway device of the local network via a proprietary network built by an ISP which provides Internet service for the local network through the tunneling agent.
  • the first network is the Internet and the second network is a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network.
  • ISP Internet service provider
  • the tunneling agent which is closet in location to the device attempting remote access to the local network or has the shortest message path from the device is selected from among the plurality of tunneling agents.
  • connection information for the server is stored in the gateway device of the local network and provided for a device attempting remote access to the local network.
  • connection information for the server is stored in a device attempting remote access to the local network or a program running thereon.
  • FIG. 1 illustrates a typical network structure on which the data path for a remote access to a home network is marked
  • FIG. 2 illustrates a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon;
  • FIG. 3 illustrates an address conversion process for tunneling performed during the relay of a remote access in accordance with one embodiment of the present invention. 5. Best Mode for Carrying Out the Invention
  • FIG. 2 shows a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon.
  • the network includes a tunneling managing server 10 and a tunneling agent 11 for performing the tunneling of messages.
  • the tunneling agent 11 is one of a plurality of tunneling agents connected to the backbone network of the ISP which provides the Internet service for the home network.
  • the tunneling managing server 10 is also built up by the ISP.
  • the tunneling managing server 10 a server built by the ISP, is connected to a public network but the tunneling managing server 10 can also be connected to the backbone network of the ISP.
  • the backbone network of the ISP is a proprietary network (e.g., a nationwide individual network) , on which the packet transmission delay is very small and QoS (quality of service) which does not yield data loss is provided, which is a general property of common ISP backbone networks.
  • a VPN client is executed on a remote terminal 2 and a VPN server is executed on an internet gateway device (IGD) 1 of the home network to which a plurality of devices are connected.
  • IGD internet gateway device
  • the address information of the tunneling managing server 10 e.g., the IP address thereof
  • the IP address of the tunneling managing server 10 may be set in the remote terminal 2 or the VPN client running thereon.
  • a user first invokes the VPN client on the remote terminal 2.
  • the VPN client transmits information provided by the user to the tunneling managing server 10 with requesting tunneling information (SOl) .
  • the information provided by the user comprises a unique ID assigned to the home network or a user of the home network and a password. If necessary, the information may further comprise location information indicative of the current remote site.
  • Address information for accessing the tunneling managing server 10 is set in the VPN client. If the VPN client does not have the address information, the VPN client obtains the address information from the IGD 1 after connecting to the IGD 1.
  • the tunneling managing server 10 determines the tunneling information after authentification if necessary based on the information provided by the VPN client (S02) and provides the tunneling information for the VPN client (S03) .
  • the provided tunneling information includes address information of the tunneling agent to which the VPN client will connect (e.g., the IP address of the tunneling agent) .
  • the tunneling managing server 10 selects one tunneling agent from among the plurality of tunneling agents connected to the backbone network of the ISP to which the tunneling managing server 10 belongs and provides the address information of the selected tunneling agent. The selection is based on the shortest path across the public network GN (e.g., the Internet) from the VPN client which requests the tunneling information. This guarantees that messages travel across the backbone network of the ISP as much as possible rather than the public network.
  • GN e.g., the Internet
  • the tunneling agent which is closest, in location, to the VPN client which requests the tunneling information is selected as the tunneling agent having the shortest path across the public network GN.
  • the tunneling managing server 10 has location information about every tunneling agent connected to the backbone network of the ISP to which it belongs. To determine the tunneling agent closest in location, the tunneling managing server 10 utilizes either the location information which is received by the VPN client from the user and then transmitted by the VPN client or the information stored in an IGD (not illustrated here) for relaying data packets to the tunneling managing server 10.
  • the IP address of the sender of the data packet transmitted from the VPN client may be utilized.
  • an IP address assignment scheme which assigns IP addresses according to location is required and the tunneling managing server 10 stores information on the IP address assignment scheme.
  • a tunneling agent which the message for requesting the tunneling information reaches via the minimum number of links on the public network is selected based on information about various data routes of major remote access zones across the public network GN if the information about the various data routes is available in advance.
  • the VPN client running on the remote terminal 2 connects to the tunneling agent 11, which is specified to be closest, in location, to the VPN client by the tunneling information (S04) , thereby establishing a first VPN tunnel. If the first VPN tunnel is established, the tunneling agent 11 executes a VPN client (S05) and requests a connection to the VPN server running on the IGD 1 (S06) .
  • the information required to specify the IGD 1, which may be either the IP address or the domain name thereof, can be provided by the user via the VPN client running on the remote terminal 2 after the first VPN tunnel is established.
  • the VPN client running on the tunneling agent 11 connects to the VPN server running on the IGD 1, thereby establishing a second VPN tunnel.
  • the second VPN tunnel is established on the backbone network BN built by the ISP.
  • the second VPN tunnel can take advantage of the high quality services (e.g., small delay time, no loss of data packets, etc) available on the backbone network BN.
  • the tunneling 5 agent 11 creates address mapping information required between the VPN server for the first VPN tunnel and the VPN client for the second VPN tunnel .
  • the address mapping information is created based on socket information for establishing each of the tunnels.
  • FIG. 3 shows the steps required for exchanging messages between the remote terminal 2 (e.g., PDA) having a public IP address and a media server Ia having a private IP address available only on the home network HN.
  • the remote terminal 2 e.g., PDA
  • a media server Ia having a private IP address available only on the home network HN.
  • domain names such as private .m_server and public. IGD are used for brevity
  • the domain names can be regarded as IP addresses, private. xxx and public. xxx denote a private IP address and a public IP address, respectively.
  • the remote terminal 2 When transmitting data 31c to the media server Ia, the remote terminal 2 sets the destination and source (Dest/Src) of the data 31c to private .m_server and public. PDA 31b, respectively. Because the media server Ia cannot be identified by its private address, private .m_server, on the public
  • the tunneling message 31 arrives at the tunneling agent 11 via the public network GN.
  • the VPN server running on the tunneling agent 11 hands over the received tunneling message
  • the VPN client changes the source of the received message 31b + 31c to the address assigned to it, i.e., public . Tnl_agent , and appends an IP address header 3Ix for setting the destination of the message 31b + 31c to the IGD 1 on which the corresponding VPN server executes to the front thereof.
  • the IP address header 31a transmitted from the VPN client running on the remote terminal 2 is converted to the IP address header 3Ix to be transmitted to the IGD 1 (S31) .
  • the created address mapping information is utilized during the address conversion process.
  • the tunneling message initially transmitted by the remote terminal 2 is converted to a tunneling message for the backbone network built by the ISP by the address conversion process and received by the IGD 1 via the backbone network.
  • the IGD 1 removes the IP address header 3 Ix from the received message so that the sub-address header 31b for specifying the real destination on the home network appears first and thereby the data 31c of the original tunneling message is finally received by the media server Ia.
  • the media serer Ia responsive to the received message, creates a response message 32 by appending a header 32a having the source contained in the received message, public .tnl_agent, as the destination and its private IP address as the source to the front of data and transmits the response message 32 to the home network.
  • the transmitted response message 32 is received by the IGD 1 because the destination thereof is a public IP address. Because the source thereof is not a public IP address, the IGD 1 creates a new IP address header 33 and appends the created new IP address header to the front of the received message 32. In the new IP address header 33, the destination of the received response message 32 is copied to the destination and the public IP address of the IGD 1, public.
  • the constructed tunneling message 32+33 reaches the tunneling agent 11 via the backbone network of the ISP.
  • the tunneling agent 11 changes the sub-address having the IP address thereof as the destination to the public IP address of the remote terminal 2, public. PDA, and converts the IP address header 33 into another IP address header 34 destined for the remote terminal 2 (S32) .
  • the data 32b transmitted by the media server Ia is finally received by the remote terminal 2 via the public network.
  • the tunneling agent 11 which is closest in location to the remote terminal 2 or has the shortest path from the remote terminal 2 over the public network, so that the shortest possible path is formed on the public network and most of the path is formed on the backbone network of the ISP for relaying the messages.
  • the backbone network of the ISP guarantees QoS, the remote user does not have to wait for a long time before a response to a request message is received.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to method and apparatus for relaying remote access from a public network to a local network, e.g., home network. In a method in accordance with the present invention, a first tunnel for VPN (Virtual Private Network) is set up on a public network, e.g., Internet such that its path becomes short thereon as possible as it can, and a second tunnel for VPN is also set up on an individual backbone network built by an ISP (Internet Service Provider) who provides Internet service for a home network. Afterwards, messages between a device on the public network and another device on the home network are relayed therebetween by tunneling on the first and the second tunnel.

Description

D E S C R I P T I O N
METHOD AND APPARATUS FOR RELAYING REMOTE ACCESS FROM A PUBLIC NETWORK TO A LOCAL NETWORK
1 . Technical Field The present invention relates to method and apparatus for relaying remote access from a public network to a local network such as a home network.
2. Background Art
As an increasing number of electronic appliances such as video or audio apparatuses or PCs have been used in a home and digital techniques have become dominant in video and audio signal processing, the need for communication between home electronic appliances or communication with other networks is also increasing. In addition, the demand for controlling home electronic appliances through a single mobile apparatus such as a PDA is also increasing.
To meet the demand, home networking technology has emerged for connecting home electronic appliances such as digital TVs or DVD players. The UPnP (Universal Plug and Play) is a key technology required for implementing the home network.
According to the UPnP specification, every home network requires a device for assigning addresses to elements or nodes connected to the network. The device is assigned a public IP address and thus additionally acts as a gateway to a public network to enable devices on the home network to communicate with external networks (e.g., the Internet). Such a device is called an Internet gateway device (IGD) . The IGD can be a stand-alone device or embedded within another apparatus such as a PC or refrigerator. To utilize limited public IP addresses efficiently, each of devices on the home network is generally assigned a private IP address available only on the home network instead of a public IP address.
The user of the home network can request query or control for a device on the home network using a device on the home network. The user may also want to request remote query or control for a device on the home network. In this case, a terminal which has a public IP address should communicate with a home network device which has a private IP address via the Internet; therefore an address conversion between public IP addresses and private IP addresses is required for exchanging messages. Such a conversion is called the IP tunneling. The virtual private network (VPN) client-server system is one method for tunneling. In the VPN client-server system, a VPN client is executed on a remote device which requests a remote access to a device on the home network and the target device or a gateway device of the home network is equipped with a VPN server, between which the address conversion is performed. As a result, the remote terminal can communicate with a device on the local network via the public network as if the remote device were directly connected to the local network, as shown in FIG. 1.
It is common that the remote terminal accesses the home network via the Internet as shown in FIG. 1. However, data packets may be lost or a significant amount of data transmission delay may occur on the Internet. The probability of data loss and data transmission delay increase in proportion to the length of the path across which data packets travel. Therefore, the data loss and data transmission delay may become critical when the home network is accessed from a remote site which is distant from the home network.
3. Disclosure of the Invention
It is an object of the present invention to provide method and apparatus for relaying remote access from a public network to a local network via the network of the Internet service provider (ISP) which provides the Internet service for the local network such that the network of the ISP is utilized as much as possible. A method for relaying remote access to a local network according to the invention selects one tunneling agent from among a plurality of tunneling agents and provides connection information for the tunneling agent if a request for connection information for remote access is received and converts a tunneling message created for remote access and received via a first network to a tunneling message for a second network, and relays the tunneling message to a gateway device of the local network, connected to the second network. Another method for relaying remote access to a local network according to the invention establishes a first tunnel for VPN on a public network and a second tunnel for VPN on a proprietary network built by an ISP which provides Internet service for the local network and relays messages exchanged between a device connected to the public network and a device connected to the local network with tunneling via the first tunnel and the second tunnel .
A method for supporting remote access to a local network according to the invention stores connection information for a server connected to a first or a second network and provides the stored connection information if there is a request from a remote device, the server storing connection information for a plurality of tunneling agents.
A method for remote access to a local network according to the invention obtains connection information for a tunneling agent by connecting to a server connected to a first network using connection information for the server, connects to the tunneling agent using the obtained connection information, and connects to a gateway device of the local network via a proprietary network built by an ISP which provides Internet service for the local network through the tunneling agent.
In one embodiment of the invention, the first network is the Internet and the second network is a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network.
In one embodiment of the invention, the tunneling agent which is closet in location to the device attempting remote access to the local network or has the shortest message path from the device is selected from among the plurality of tunneling agents.
In one embodiment of the invention, the connection information for the server is stored in the gateway device of the local network and provided for a device attempting remote access to the local network.
In another embodiment of the invention, the connection information for the server is stored in a device attempting remote access to the local network or a program running thereon.
4. Brief Description of the Drawings
FIG. 1 illustrates a typical network structure on which the data path for a remote access to a home network is marked;
FIG. 2 illustrates a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon; and
FIG. 3 illustrates an address conversion process for tunneling performed during the relay of a remote access in accordance with one embodiment of the present invention. 5. Best Mode for Carrying Out the Invention
In order that the invention may be fully understood, preferred embodiments thereof will now be described with reference to the accompanying drawings.
FIG. 2 shows a network structure in accordance with one embodiment of the present invention and the steps for relaying a remote access performed thereon. The network includes a tunneling managing server 10 and a tunneling agent 11 for performing the tunneling of messages. The tunneling agent 11 is one of a plurality of tunneling agents connected to the backbone network of the ISP which provides the Internet service for the home network. The tunneling managing server 10 is also built up by the ISP. In FIG. 2, the tunneling managing server 10, a server built by the ISP, is connected to a public network but the tunneling managing server 10 can also be connected to the backbone network of the ISP. The backbone network of the ISP is a proprietary network (e.g., a nationwide individual network) , on which the packet transmission delay is very small and QoS (quality of service) which does not yield data loss is provided, which is a general property of common ISP backbone networks.
A VPN client is executed on a remote terminal 2 and a VPN server is executed on an internet gateway device (IGD) 1 of the home network to which a plurality of devices are connected. In one embodiment of the invention, the address information of the tunneling managing server 10 (e.g., the IP address thereof) is set in the IGD 1. In another embodiment of the invention, the IP address of the tunneling managing server 10 may be set in the remote terminal 2 or the VPN client running thereon.
The method for relaying remote access in accordance with one embodiment of the invention will now be described in detail .
A user first invokes the VPN client on the remote terminal 2. When invoked, the VPN client transmits information provided by the user to the tunneling managing server 10 with requesting tunneling information (SOl) . The information provided by the user comprises a unique ID assigned to the home network or a user of the home network and a password. If necessary, the information may further comprise location information indicative of the current remote site. Address information for accessing the tunneling managing server 10 is set in the VPN client. If the VPN client does not have the address information, the VPN client obtains the address information from the IGD 1 after connecting to the IGD 1.
The tunneling managing server 10 determines the tunneling information after authentification if necessary based on the information provided by the VPN client (S02) and provides the tunneling information for the VPN client (S03) . The provided tunneling information includes address information of the tunneling agent to which the VPN client will connect (e.g., the IP address of the tunneling agent) . The tunneling managing server 10 selects one tunneling agent from among the plurality of tunneling agents connected to the backbone network of the ISP to which the tunneling managing server 10 belongs and provides the address information of the selected tunneling agent. The selection is based on the shortest path across the public network GN (e.g., the Internet) from the VPN client which requests the tunneling information. This guarantees that messages travel across the backbone network of the ISP as much as possible rather than the public network.
In one embodiment of the invention, the tunneling agent which is closest, in location, to the VPN client which requests the tunneling information is selected as the tunneling agent having the shortest path across the public network GN. To this end, the tunneling managing server 10 has location information about every tunneling agent connected to the backbone network of the ISP to which it belongs. To determine the tunneling agent closest in location, the tunneling managing server 10 utilizes either the location information which is received by the VPN client from the user and then transmitted by the VPN client or the information stored in an IGD (not illustrated here) for relaying data packets to the tunneling managing server 10.
In another embodiment of the invention, the IP address of the sender of the data packet transmitted from the VPN client may be utilized. In this case, an IP address assignment scheme which assigns IP addresses according to location is required and the tunneling managing server 10 stores information on the IP address assignment scheme.
In another embodiment of the invention, instead of the tunneling agent which is closest in location, a tunneling agent which the message for requesting the tunneling information reaches via the minimum number of links on the public network is selected based on information about various data routes of major remote access zones across the public network GN if the information about the various data routes is available in advance. Receiving the tunneling information, the VPN client running on the remote terminal 2 connects to the tunneling agent 11, which is specified to be closest, in location, to the VPN client by the tunneling information (S04) , thereby establishing a first VPN tunnel. If the first VPN tunnel is established, the tunneling agent 11 executes a VPN client (S05) and requests a connection to the VPN server running on the IGD 1 (S06) . The information required to specify the IGD 1, which may be either the IP address or the domain name thereof, can be provided by the user via the VPN client running on the remote terminal 2 after the first VPN tunnel is established.
The VPN client running on the tunneling agent 11 connects to the VPN server running on the IGD 1, thereby establishing a second VPN tunnel. As shown in FIG. 2, the second VPN tunnel is established on the backbone network BN built by the ISP. As a result, the second VPN tunnel can take advantage of the high quality services (e.g., small delay time, no loss of data packets, etc) available on the backbone network BN.
If the second VPN tunnel is established, the tunneling 5 agent 11 creates address mapping information required between the VPN server for the first VPN tunnel and the VPN client for the second VPN tunnel . The address mapping information is created based on socket information for establishing each of the tunnels.
10 FIG. 3 shows the steps required for exchanging messages between the remote terminal 2 (e.g., PDA) having a public IP address and a media server Ia having a private IP address available only on the home network HN. In FIG. 3, domain names such as private .m_server and public. IGD are used for brevity
15 of explanation. Because there is one-to-one correspondence between the domain names and IP addresses, the domain names can be regarded as IP addresses, private. xxx and public. xxx denote a private IP address and a public IP address, respectively.
20 When transmitting data 31c to the media server Ia, the remote terminal 2 sets the destination and source (Dest/Src) of the data 31c to private .m_server and public. PDA 31b, respectively. Because the media server Ia cannot be identified by its private address, private .m_server, on the public
25 network, the remote terminal 2 creates a tunneling message 31 by appending an IP address header 31a for the public network GN (Dest/Src=public. tnl_agent/public . PDA) to the front of the data 31c having the source and destination information 31b. This process is required to send the data 31c destined for the
30 media server Ia to the tunneling agent 11 having the corresponding VPN server first via the public network GN.
The tunneling message 31 arrives at the tunneling agent 11 via the public network GN. The VPN server running on the tunneling agent 11 hands over the received tunneling message
35 31 to the VPN client after removing the IP address header 31a thereof. The VPN client changes the source of the received message 31b + 31c to the address assigned to it, i.e., public . Tnl_agent , and appends an IP address header 3Ix for setting the destination of the message 31b + 31c to the IGD 1 on which the corresponding VPN server executes to the front thereof. As a consequence, the IP address header 31a transmitted from the VPN client running on the remote terminal 2 is converted to the IP address header 3Ix to be transmitted to the IGD 1 (S31) . The created address mapping information is utilized during the address conversion process.
The tunneling message initially transmitted by the remote terminal 2 is converted to a tunneling message for the backbone network built by the ISP by the address conversion process and received by the IGD 1 via the backbone network. The IGD 1 removes the IP address header 3 Ix from the received message so that the sub-address header 31b for specifying the real destination on the home network appears first and thereby the data 31c of the original tunneling message is finally received by the media server Ia.
To sends a response to the remote terminal 2, the media serer Ia, responsive to the received message, creates a response message 32 by appending a header 32a having the source contained in the received message, public .tnl_agent, as the destination and its private IP address as the source to the front of data and transmits the response message 32 to the home network. The transmitted response message 32 is received by the IGD 1 because the destination thereof is a public IP address. Because the source thereof is not a public IP address, the IGD 1 creates a new IP address header 33 and appends the created new IP address header to the front of the received message 32. In the new IP address header 33, the destination of the received response message 32 is copied to the destination and the public IP address of the IGD 1, public. IGD, is stored as the source. The constructed tunneling message 32+33 reaches the tunneling agent 11 via the backbone network of the ISP. The tunneling agent 11 changes the sub-address having the IP address thereof as the destination to the public IP address of the remote terminal 2, public. PDA, and converts the IP address header 33 into another IP address header 34 destined for the remote terminal 2 (S32) . As a consequence, the data 32b transmitted by the media server Ia is finally received by the remote terminal 2 via the public network. According to the aforementioned procedure, messages exchanged between the remote terminal 2 on the public network and another device on the home network are relayed therebetween by the tunneling agent 11, which is closest in location to the remote terminal 2 or has the shortest path from the remote terminal 2 over the public network, so that the shortest possible path is formed on the public network and most of the path is formed on the backbone network of the ISP for relaying the messages. As the backbone network of the ISP guarantees QoS, the remote user does not have to wait for a long time before a response to a request message is received.
The present invention described in detail with reference to the preferred embodiments can reduce the time required for remote access to a home network using VPN significantly, thereby improving the convenience of the home network. While the invention has been disclosed with respect to a limited number of embodiments, those skilled in the art, having the benefit of this disclosure, will appreciate numerous modifications and variations therefrom. It is intended that all such modifications and variations fall within the spirit and scope of the invention.

Claims

C LA I M S
1. A method for relaying remote access to a local network using tunneling, comprising the steps of:
(a) selecting one tunneling agent among a plurality of tunneling agents and notifying connection information for the tunneling agent, if a request for connection information for remote access is received; and
(b) converting a tunneling message created for remote access and received via a first network to a tunneling message for a second network, and relaying the tunneling message to a gateway device of the local network, connected to the second network.
2. The method of claim 1, wherein the step (a) selects, among the plurality of tunneling agents, the tunneling agent which has the shortest message path from the device which transmitted the request for connection information.
3. The method of claim 1, wherein the step (a) selects, among the plurality of tunneling agents, the tunneling agent which is closest, in location, to the device which transmitted the request for connection information.
4. The method of claim 1, wherein the first network is Internet and the second network is a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network.
5. The method of claim 1, wherein the selected tunneling agent acts as a VPN server for the device which transmitted the request for connection information and also acts as a VPN client for the gateway device.
6. A method for supporting remote access to a local network using tunneling, comprising the steps of:
(a) receiving connection information for a server connected to a public network or a proprietary network built by an ISP (Internet service provider) and storing the received connection information; and
(b) if there is a request from a remote device, providing the stored connection information for the device, wherein the server stores connection information for a plurality of tunneling agents.
7. The method of claim 6, wherein the plurality of tunneling agents are connected to a proprietary network built by an ISP.
8. A method for remote access to a local network using tunneling, comprising the steps of:
(a) obtaining connection information for a tunneling agent by connecting to a server connected to a public network or a proprietary network built by an ISP (Internet service provider) using connection information for the server;
(b) connecting to the tunneling agent using the obtained connection information; and (c) connecting to a gateway device of the local network via the proprietary network through the tunneling agent.
9. The method of claim 8, wherein the connection information for the server is obtained from the gateway device.
10. The method of claim 8, wherein the connection information for the server is stored in a device performing the step (a) .
11. A method for relaying remote access to a local network using tunneling, comprising the steps of:
(a) establishing a first tunnel for VPN on a public network and establishing a second tunnel for VPN on a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network; and
(b) relaying messages exchanged between a device connected to the public network and a device connected to the local network by tunneling via the first tunnel and the second tunnel .
12. The method of claim 11, wherein the step (a) establishes the first and second tunnels such that the message path over the first tunnel is shorter than the message path over the second tunnel .
13. An apparatus constituting a network, comprising: a plurality of tunneling agents connected to both a first network and a second network; and a server for storing connection information for the plurality of tunneling agents and for selecting one tunneling agent closest to a device which makes a request for connection information and providing connection information for the selected tunneling agent for the device if the device makes a request for connection information, the server being connected to both the first and the second networks.
14. The apparatus of claim 13, further comprising a gateway device acting as a gateway for a local network, the gateway device being connected to the second network.
15. The apparatus of claim 14, wherein each of the plurality of tunneling agents acts as a VPN client for the gateway device and acts as a VPN server for a device which is connected to the first network and attempts to access the local network.
16. The apparatus of claim 14, wherein the gateway device stores connection information for the server.
17. The apparatus of claim 16, wherein the device which makes the request for connection information obtains the connection information for the server from the gateway device.
18. The apparatus of claim 14, wherein the first network is Internet and the second network is a proprietary network built by an ISP (Internet service provider) which provides Internet service for the local network.
19. An apparatus constituting a network, comprising: a plurality of devices; and a gateway device for relaying messages and managing addresses for the plurality of devices, wherein the gateway device stores connection information for a server which stores connection information for a plurality of tunneling agents performing tunneling.
20. The apparatus of claim 19, wherein the plurality of tunneling agents and the gateway device are connected to a proprietary network built by an ISP.
PCT/KR2006/001729 2005-05-10 2006-05-09 Method and apparatus for relaying remote access from a public network to a local network WO2006121278A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US67986705P 2005-05-10 2005-05-10
US60/679,867 2005-05-10

Publications (1)

Publication Number Publication Date
WO2006121278A1 true WO2006121278A1 (en) 2006-11-16

Family

ID=37396746

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/001729 WO2006121278A1 (en) 2005-05-10 2006-05-09 Method and apparatus for relaying remote access from a public network to a local network

Country Status (1)

Country Link
WO (1) WO2006121278A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008088259A1 (en) * 2007-01-18 2008-07-24 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for remote access to a home network
WO2008090519A2 (en) * 2007-01-23 2008-07-31 Nokia Corporation Relaying a tunneled communication to a remote access server in a upnp environment
WO2008133555A1 (en) * 2007-04-27 2008-11-06 Telefonaktiebolaget Lm Ericsson (Publ) Universal plug and play extender
WO2010057120A2 (en) * 2008-11-17 2010-05-20 Qualcomm Incorporated Remote access to local network
EP2273722A1 (en) * 2008-03-31 2011-01-12 Samsung Electronics Co., Ltd. Upnp device for preventing network address conflict in consideration of remote access and method thereof
JP2013192221A (en) * 2008-11-17 2013-09-26 Qualcomm Inc Remote access to local network via security gateway
FR3031258A1 (en) * 2014-12-31 2016-07-01 Bull Sas METHOD OF COMMUNICATION BETWEEN A REMOTE ACTION MANAGER AND A COMMUNICATION UNIT

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040037296A1 (en) * 2002-08-21 2004-02-26 Kim Mi Hui Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040037296A1 (en) * 2002-08-21 2004-02-26 Kim Mi Hui Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SHIRAISHI Y. ET AL.: "Port randomized VPN by mobile codes", CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE. CCNC. FIRST IEEE, 5 January 2004 (2004-01-05) - 8 January 2004 (2004-01-08), pages 671 - 673, XP010696985 *
YANADA T. ET AL.: "Mobile multimedia amtropolitan area network", WIRELESS COMMUNICATIONS AND NETWORKING, vol. 3, 16 March 2003 (2003-03-16) - 20 June 2003 (2003-06-20), pages 2047 - 2052, XP010640083 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008088259A1 (en) * 2007-01-18 2008-07-24 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for remote access to a home network
CN101627601B (en) * 2007-01-18 2013-03-13 艾利森电话股份有限公司 A method and apparatus for remote access to a home network
WO2008090519A2 (en) * 2007-01-23 2008-07-31 Nokia Corporation Relaying a tunneled communication to a remote access server in a upnp environment
WO2008090519A3 (en) * 2007-01-23 2008-11-27 Nokia Corp Relaying a tunneled communication to a remote access server in a upnp environment
WO2008133555A1 (en) * 2007-04-27 2008-11-06 Telefonaktiebolaget Lm Ericsson (Publ) Universal plug and play extender
JP2010525483A (en) * 2007-04-27 2010-07-22 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Universal plug and play extension
EP2273722A1 (en) * 2008-03-31 2011-01-12 Samsung Electronics Co., Ltd. Upnp device for preventing network address conflict in consideration of remote access and method thereof
EP2273722A4 (en) * 2008-03-31 2014-01-22 Samsung Electronics Co Ltd Upnp device for preventing network address conflict in consideration of remote access and method thereof
US20100124228A1 (en) * 2008-11-17 2010-05-20 Qualcomm Incorporated Remote access to local network
CN102217243A (en) * 2008-11-17 2011-10-12 高通股份有限公司 Remote access to local network
WO2010057120A3 (en) * 2008-11-17 2010-08-12 Qualcomm Incorporated Remote access to local network
JP2013192221A (en) * 2008-11-17 2013-09-26 Qualcomm Inc Remote access to local network via security gateway
WO2010057120A2 (en) * 2008-11-17 2010-05-20 Qualcomm Incorporated Remote access to local network
KR101358846B1 (en) 2008-11-17 2014-02-06 퀄컴 인코포레이티드 Remote access to local network
US8996716B2 (en) 2008-11-17 2015-03-31 Qualcomm Incorporated Remote access to local network via security gateway
CN102217243B (en) * 2008-11-17 2015-05-20 高通股份有限公司 Method and device for remote access to local network
US9345065B2 (en) 2008-11-17 2016-05-17 Qualcomm Incorporated Remote access to local network
US10142294B2 (en) 2008-11-17 2018-11-27 Qualcomm Incorporated Remote access to local network
FR3031258A1 (en) * 2014-12-31 2016-07-01 Bull Sas METHOD OF COMMUNICATION BETWEEN A REMOTE ACTION MANAGER AND A COMMUNICATION UNIT
WO2016107997A1 (en) * 2014-12-31 2016-07-07 Bull Sas Method of communication between a remote action manager and a communication box
US11329841B2 (en) 2014-12-31 2022-05-10 Bull Sas Method of communication between a remote action manager and a communication box

Similar Documents

Publication Publication Date Title
EP2273722B1 (en) Upnp device for preventing network address conflict in consideration of remote access and method thereof
EP2148518B1 (en) Packet communication method using node identifier and locator
JP4598859B2 (en) Relay network system and terminal adapter device
JP5368459B2 (en) Support for triple operation services in user equipment
KR101510103B1 (en) Method for remote access in network environment comprising NAT device
TW200847715A (en) Method and system of providing IP-based packet communications in a utility network
WO2006121278A1 (en) Method and apparatus for relaying remote access from a public network to a local network
JP2006229985A (en) Automatic discovery of pseudo-wire peer address in ethernet-based network
US20070165603A1 (en) Access network system, subscriber station device, and network terminal device
JP2007104440A (en) Packet transmission system, its method, and tunneling device
EP1419587B1 (en) Dynamic power line access connection
JP3970857B2 (en) Communication system, gateway device
WO2003103210A2 (en) Maintaining routing information in a passive optical network
JP4344336B2 (en) Multihoming authentication communication system, multihoming authentication communication method, and management server
JP2007049503A (en) Packet communication service system, packet communication service method, edge side gateway device, and center side gateway device
KR100581087B1 (en) Method for expanding address for internet protocol version 4 in internet edge router
JP2011217174A (en) Communication system, packet transfer method, network exchange apparatus, and program
JP6424740B2 (en) Packet relay device and packet relay method
KR100662941B1 (en) Method for converting network address on data relay between a public network and a private network
JP4911570B2 (en) Priority communication method and system for power line network
KR101002811B1 (en) Method and apparatus for providing ip multicasting packet ternaling
JP2009206876A (en) Service release system, communication repeater, and service release device
JP2011166375A (en) Device, method, program and system for setting access control, and access control device
KR20070061036A (en) Apparatus and method for sharing media inter homenetworks
JP2006042044A (en) Tunneling method, device, its program, and recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06732911

Country of ref document: EP

Kind code of ref document: A1