CN103167049B - Demand assigned method for network address translation, equipment and system - Google Patents
Demand assigned method for network address translation, equipment and system Download PDFInfo
- Publication number
- CN103167049B CN103167049B CN201110412819.5A CN201110412819A CN103167049B CN 103167049 B CN103167049 B CN 103167049B CN 201110412819 A CN201110412819 A CN 201110412819A CN 103167049 B CN103167049 B CN 103167049B
- Authority
- CN
- China
- Prior art keywords
- port block
- network address
- standby
- basic
- block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of method for network address translation, equipment and system, the network address after changing for the network address distribution before conversion is unique, and it is attached to the basic port block of the network address after conversion.When basic port block exhausts, increase standby port block for basic port block.When the standby port block free time, reclaim standby port block.Method for network address translation disclosed by the invention, equipment and system can distribute port according to the demand that port uses, it is achieved carry out dispatch ports according to the demand of user, meet the demand of user, also can improve the efficiency that port uses.
Description
Technical field
The present invention relates to NAT technology field, particularly relate to a kind of network address translation side
Method, equipment and system.
Background technology
Network address translation (NAT, Network Address Translation) is that one will belong to
The IP address (typically private address) of certain network segment is converted into another one network segment address (generally
Publicly-owned address) switch technology, be widely used in all kinds Internet access way and
In various types of networks.NAT technology not only solves the problem of 1P address shortage, but also
The attack from network-external can be effectively prevented from, hide and protect the computer of network internal,
At present, large-scale NAT technology is disposed in the operator network.In order to safeguard user
Use the justice of network, need the port number after the conversion that user is used to limit, it is stipulated that
Each user uses the quantity of port, so that it is guaranteed that the use of a user does not interferes with another one
User.User's available port can be limited to the mode of user's distribution end buccal mass although using
System, but there is the problem that cannot continue online after user exhausts port block in which.User exhausts end
The reason of buccal mass has a lot, it may be possible to the concurrent substantial amounts of session of some application program, or
Subscriber computer has suffered virus, produces a large amount of junk traffic and causes, or owing to port block is arranged
Very few cause.Owing to the demand of each user is not consistent, if giving the unification of all user setups
Available port block is too small, and some users can be caused cannot to meet demand, if port arranges excessive,
Easily cause again the waste of port.It is therefore desirable to have a kind of technology, the need according to user can be realized
Seek dispatch ports size, accomplish farthest to meet the demand of user, port can be improved again and make
Efficiency.
Summary of the invention
In view of this, the technical problem that the invention solves the problems that is to provide a kind of network address translation
Method, it is possible to the demand used according to port distributes port.
A kind of method for network address translation, after the unique conversion of network address distribution before conversion
The network address, and it is attached to the basic port block of the network address after described conversion;When described base
When local terminal buccal mass exhausts, increase standby port block for described basic port block;When described standby port
During the block free time, reclaim described standby port block;Wherein, described port block is one section of continuous print port
Serial Number Range.An embodiment according to the inventive method, needs to carry out the network address turn each
IPv4 address before the conversion changed, IPv4 address and port after the conversion of described network address translation apparatus
The distribution method of block includes: when receiving the message that the network address before conversion sends, check whether
The network address before described conversion is assigned with the network address after the conversion of correspondence;Without dividing
Join, by hash algorithm obtain from network address translation address pond with described conversion before network ground
Unique outside network address that location value is corresponding, distributes to described conversion by described outside network address
The front network address, and the unique basic port block being attached to described outside network address is distributed to
The network address before described conversion.
An embodiment according to the inventive method, described when described basic port block exhausts, be
Described basic port block increases the method for standby port block and includes: record making of described basic port block
By situation, when monitoring described basic port block and exhausting, increase standby for described basic port block
Port block 1, and record the service condition of standby port block 1;When monitoring described standby port block
After 1 exhausts, then it is that described basic port block increases standby port block 2, and records standby port block
The service condition of 2;When monitoring after described standby port block N-1 exhausts, then it it is described basic end
Buccal mass increase standby port block N, and record the service condition of standby port block N, n=3,
4 ... n;Wherein, the size of described standby port block is fixing or on-fixed.
An embodiment according to the inventive method, when distributing port for newly-built session session
Time, the preferential idle port distributing described basic port block;Described basic port block multiple standby
Port block has different priority, after described basic port block exhausts, for newly-built
The idle port of session height distribution standby port block according to priority.
An embodiment according to the inventive method, described when the described standby port block free time,
Reclaim described standby port block to include: multiple standby port blocks of described basic port block have difference
Priority;When the standby end that multiple standby port block medium priorities of described basic port block are minimum
After all session on buccal mass are the most aging, by standby port block minimum for described priority
Reclaim;The standby port block of described basic port block waits priority standby port block lower than it all
Reclaim complete and himself all session the most aging after, be recovered.
An embodiment according to the inventive method, the network address after distribution conversion and basic
Port block, increase standby port block for basic port block or regain after standby port block, to supporting system
System reports Operation Log information.An embodiment according to the inventive method, described to support system
Biography Operation Log information is reported to include: to use the Accounting-start message of Radius agreement
Reporting Operation Log information, the information carried in Accouting-start message includes: conversion
Before the network address, conversion after the network address, basic port block and standby port block.
Described reporting to support system passes Operation Log information and includes: use Radius agreement
Accounting-start information reporting Operation Log information, in Accouting-start message
In the information carried include: the network address before conversion, the network address after conversion, basic port
Block and standby port block.The technical problem that the invention solves the problems that is to provide a kind of network address and turns
Exchange device, it is possible to the demand used according to port distributes port.
A kind of network address translation apparatus, network address allocation unit, the network before being conversion
The network address after the unique conversion of address distribution, and it is attached to the network address after described conversion
Basic port block;Standby port block increases unit, is used for when described basic port block exhausts,
Standby port block is increased for described basic port block;Standby port block recovery unit, for when described
During the standby port block free time, reclaim described standby port block;Wherein, described port block is one section of company
Continuous port numbering scope.
An embodiment according to present device, the report that the network address before receiving conversion sends
Wen Shi, described network address allocation unit checks whether and is assigned with the network address before described conversion
The corresponding network address after conversion;Without distribution, described network address allocation unit is passed through
Hash algorithm obtains corresponding with the network address before described conversion from network address translation address pond
Unique outside network address, described outside network address is distributed to the network before described conversion
Address, and before the basic port block being attached to described outside network address is distributed to described conversion
The network address.
An embodiment according to present device, described port block service condition record unit, use
Service condition in record port block;When monitoring described basic port block and exhausting, described standby
It is that described basic port block increases standby port block 1 that port block increases unit;Described standby when monitoring
After exhausting by port block 1, it is that described basic port block increases again that described standby port block increases unit
Standby port block 2;When monitoring after described standby port block N-1 exhausts, described standby port block
Increasing unit is that described basic port block increases standby port block N again, and records standby port block N
Service condition, n=3,4 ... n;Wherein, the standby port block of described basic port block is big
Little for fixing or on-fixed.
An embodiment according to present device, described session allocation unit is for newly-built session
Session distributes port;When distributing port for newly-built session session, described session divides
Join unit and preferentially distribute the idle port of described basic port block;Described basic port block multiple standby
Having different priority by port block, after described basic port block exhausts, described session distributes
Unit is the idle port of newly-built session height distribution standby port block according to priority.
An embodiment according to present device, multiple standby port blocks of described basic port block
There is different priority;When multiple standby port block medium priorities of described basic port block are minimum
Standby port block on all session the most aging after, described standby port block reclaims single
Standby port block minimum for described priority is reclaimed by unit;The standby port block of described basic port block
Wait that priority standby port block lower than it all reclaims complete and himself all session all
After aging, reclaimed by described standby port block.
An embodiment according to present device, described log information reports unit, for dividing
Join the network address after changing and basic port block, increase into basic port block standby port block or
After regaining standby port block, report Operation Log information to support system.
An embodiment according to present device, described log information reports unit to use
The Accounting-start information reporting Operation Log information of Radius agreement,
The information carried in Accouting-start message includes: after the network address before conversion, conversion
The network address, basic port block and standby port block.
The technical problem that the invention solves the problems that is to provide a kind of network address transfer system, including
Above-mentioned network address translation apparatus.
The device, method of the present invention is by distributing the net after unique conversion for the network address before conversion
Network address and basic port block, be that basic port block increases standby port when basic port block exhausts
Block;When the standby port block free time, reclaim standby port block, the demand that can use according to port
Distribute port, and the efficiency that port uses can be improved.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will
The accompanying drawing used required in embodiment or description of the prior art is briefly described, aobvious and easy
Insight, the accompanying drawing in describing below is only some embodiments of the present invention, common for this area
From the point of view of technical staff, on the premise of not paying creative work, it is also possible to according to these accompanying drawings
Obtain other accompanying drawing.
Fig. 1 is the flow chart of an embodiment of the method for network address translation according to the present invention;
Fig. 2 is the port distributed in an embodiment of the method for network address translation according to the present invention
The schematic diagram of block;
Fig. 3 is the schematic diagram of an embodiment of the network address translation apparatus according to the present invention;
Fig. 4 is the schematic diagram of another embodiment of the network address translation apparatus according to the present invention;
Fig. 5 is the signal of the embodiment using inventive network address conversion method in a network
Figure.
Detailed description of the invention
With reference to the accompanying drawings the present invention is described more fully, the example of the present invention is wherein described
Property embodiment.Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the skill in the embodiment of the present invention
Art scheme is clearly and completely described, it is clear that described embodiment is only the present invention one
Section Example rather than whole embodiments.Based on the embodiment in the present invention, this area is general
The every other embodiment that logical technical staff is obtained under not making creative work premise, all
Belong to the scope of protection of the invention.
The method for network address translation of the present invention is by turning for the network address distribution before conversion is unique
The network address after changing and basic port block, be that basic port block increases when basic port block exhausts
Standby port block.When the standby port block free time, reclaim standby port block, can make according to port
Demand distribute port, can realize carrying out dispatch ports size according to the demand of user, accomplish
The demand meeting user of big degree, can improve again the efficiency that port uses.Below in conjunction with each figure
With embodiment, technical scheme is carried out many descriptions.
Fig. 1 is the flow chart of an embodiment of the method for network address translation according to the present invention.As
Shown in Fig. 1:
Step 102, the network address after changing for the network address distribution before conversion is unique, with
And it is attached to the basic port block of the network address after conversion.
Step 103, when basic port block exhausts, increases standby port block for basic port block.
Step 104, when the standby port block free time, reclaims standby port block.
Port block in the present invention is one section of continuous print port numbering scope.Basic port block is attached
Unique continuous print port numbering scope of the network address after conversion, port in the present invention
Scope is referred to as port block.The network address before conversion and after change the network address be IPv4
Location, it is also possible to for IPv6 address.
The method for network address translation of the present invention distributes port according to the demand that port uses, can be real
Now carry out dispatch ports size according to the demand of user, accomplish farthest to meet the demand of user,
The efficiency that port uses can be improved again.
According to one embodiment of present invention, the message that the network address before receiving conversion sends
Time, check whether the network address after the conversion that the network address before conversion is assigned with correspondence.As
Fruit is not distributed, the net before being obtained by hash algorithm and change from network address translation address pond
Unique outside network address that network address value is corresponding, before distributing to conversion by outside network address
The network address, and the basic port block being attached to outside network address is distributed to the network before conversion
Address.
According to one embodiment of present invention, can by the multiple network address in LAN and
Corresponding TCP/UDP port translation becomes single outer net address and corresponding TCP/UDP port thereof,
By multiplexing legitimate ip address so that all computers in network all can independent access
Internet, the server being simultaneously in LAN only provides service for LAN, and does not allows
It is accessed by the main frame in Internet.The more legal outer net IP ground that can also provide
Location, uses multiplexed port and pooled address translation mode, both can ensure that all users can obtain
Must access the power of Internet, again will not some computer because using same IP address and quilt
Binding authority.Being the packet of TCP or UDP for the 4th layer, NAT is by change source port
Number, realize multipair few mapping.Hash (hash or Hash) algorithm, random length
Input (being called again preliminary mapping, pre-image), by hashing algorithm, is transformed into regular length
Output, this output is exactly hashed value.Hash algorithm provides the side of a kind of RAD
Method, it sets up the corresponding relation between key assignments and actual value with a kind of algorithm, and (each actual value is only
Can have a key assignments, but key assignments can corresponding multiple actual values, will Data Discretization,
To facilitate access), so quickly can access data in the data structures such as array.When needs turn
When changing the front network address, before obtaining by hash algorithm and change from network address translation address pond
Unique outside network address corresponding to network address, outside network address has unique correspondence
Basic port block, using outside network address as conversion after the network address, together with basic port
Block distributes to the network address before conversion together.
According to one embodiment of present invention, the internal address before each conversion is with different
Outer net address corresponding, the internal address before multiple conversions can also be with same outer net address
Corresponding.By hash algorithm, using the internal address before conversion as actual value, it is thus achieved that before conversion
A key assignments corresponding to internal address, outer net address, i.e. internal address correspondence before conversion are only
The outer net address of one, and outer net address can also internal address before corresponding multiple conversions.In
Net address and an outer net address corresponding relation, and the basic port block being attached to outer net address can
To configure in advance.
Fig. 2 is the port distributed in an embodiment of the method for network address translation according to the present invention
The schematic diagram of block.As shown in Figure 2:
When user accesses outer net, network address translation apparatus receives the network address before user's conversion
The message sent, checks whether the network after the conversion that the network address before conversion is assigned with correspondence
Address.Without distribution, obtained from network address translation address pond by hash algorithm and turn
Unique outside network address that network address before changing is corresponding, distributes to outside network address
The network address before conversion, reserved one piece of standby port numbering scope is used for serving as standby, and will
The basic port block 211 being attached to outside network address distributes to the network address before changing, this
Time, user's access end buccal mass 21 only has basic port block 211.
Record the service condition of basic port block 211, when monitoring basic port block and exhausting, dynamic
From standby port block, mark off to state a segment limit as its standby port block 1 212, for substantially
Port block increases standby port block 1 212, and records the service condition of standby port block 1 212.
When monitoring after standby port block 1 212 exhausts, then it is that basic port block increases standby port block 2
213, and record the service condition of standby port block 2 213.The process of follow-up newly-increased port block with
This analogizes, and when monitoring after standby port block N-1 exhausts, then is that basic port block increases standby end
Buccal mass N 214, and record the service condition of standby port block N214, N=3,4 ... n.Base
The size of each standby port block of local terminal buccal mass is fixing or on-fixed.
According to one embodiment of present invention, Session in a computer, especially should at network
In with, it is referred to as " session ".It specifically refers to the process of the communication that two terminal processes are carried out,
Usual triplet information (source IP address, source port, transport layer protocol on network layer device
Type) or five-tuple information (source IP address, source port, purpose IP address, destination
Mouthful, transport layer protocol type) distinguish different sessions.When for newly-built session distribution end
During mouth, the preferential idle port distributing basic port block.Multiple standby port blocks of basic port block
There is different priority, after basic port block exhausts, for newly-built session according to priority
Height distribution standby port block idle port.Multiple standby port blocks of basic port block have
Different priority.
Institute on the standby port block that multiple standby port block medium priorities of basic port block are minimum
After having session the most aging, standby port block minimum for priority is reclaimed.Basic port
The standby port block of block wait priority standby port block lower than it all reclaim complete and himself
After all session are the most aging, it is recovered.
According to one embodiment of present invention, occurring that multiple users compete residue standby port block
Time, multiple competition mechanism agreement can be used to have decided the user of preferential use.For newly-built session
During distribution port, the preferential idle port using basic port block, the priority of standby port block 1
Taking second place, third, the process of follow-up newly-increased port block is with this type of for the priority of standby port fast 2
Push away.Set up the session on basic port block, standby port block in certain ageing time
Aging, and the ageing time of both can equally can also be different.Distribute to same user
In all of the port block used, on the standby port block that priority is minimum, all session are the most aging
After, this standby port block is reclaimed by network address translation apparatus according to take-back strategy.Its
The port block that isopreference level is lower than him of only having remaining standby port block all reclaims complete and self owns
After session is the most aging, could by network address translation apparatus according to take-back strategy by its time
Receive.The built-in take-back strategy of network address translation apparatus must assure that will not be due to user session
Number is in critical condition and causes increasing continually, reclaiming the situation appearance of standby port block, thus
Avoid exporting substantial amounts of log information to associated support system, support system is impacted.Network
Address-translating device all session in the basic port block of user the most aging complete time, reclaim should
Basic port block.The network address after distribution change and substantially port block, into basic port block
After increasing standby port block or regaining standby port block, report Operation Log information to support system.
Use the Accounting-start information reporting Operation Log information of Radius agreement,
The information carried in Accouting-start message includes: after the network address before conversion, conversion
The network address, basic port block and standby port block etc..IPv4 address and port block after conversion
Distribution, increase and reclaim and realized by algorithm on link switch equipment.Multiple users are occurring
During competition residue standby port block, multiple competition mechanism agreement can be used to have decided the use of preferential use
Family, competition mechanism therein can be by order of priority by service priority or user gradation etc.
Rule has decided preferential use.
Fig. 3 is the schematic diagram of an embodiment of the network address translation apparatus according to the present invention.As
Shown in Fig. 3:
Network address translation apparatus 31 includes: network address allocation unit 311, standby port block increase
Add unit 312 and standby port block recovery unit 313.Network address allocation unit 311 is conversion
The front network address after the unique conversion of network address distribution, and it is attached to the network after conversion
The basic port block of address.When basic port block exhausts, standby port block increases unit 312 and is
Basic port block increases standby port block.When the standby port block free time, standby port block reclaims single
Unit 313 reclaims standby port block.Port block is one section of continuous print port numbering scope.
According to one embodiment of present invention, the message that the network address before receiving conversion sends
Time, network address allocation unit 311 checks whether and the network address before conversion is assigned with correspondence
The network address after conversion.Without distribution, network address allocation unit 311 is calculated by Hash
Method obtain from network address translation address pond with change before corresponding unique of network address outside
The network address, portion, distributes to the network address before conversion by outside network address, and outside being attached to
The basic port block of the network address, portion distributes to the network address before conversion.Support system preserves relevant
Log information.Consider the problem traced to the source of address, each distribution end buccal mass, increase port block or return
After receiving end buccal mass, all correlation log information will be uploaded to support system, but be intended to reduce net as far as possible
Mutual between network address-translating device and other equipment.This support system can be with AAA system collection
Become together.
Fig. 4 is the schematic diagram of another embodiment of the network address translation apparatus according to the present invention.
As shown in Figure 4:
Network address translation apparatus 41 includes: network address allocation unit 411, standby port block increase
Add unit 412 and standby port block recovery unit 413.Port block service condition record unit 414
The service condition of record port block.When monitoring basic port block and exhausting, standby port block increases
Unit 412 is that basic port block increases standby port block 1.Exhaust when monitoring standby port block 1
After, it is that basic port block increases standby port block 2 again that standby port block increases unit 412.Follow-up
The process of newly-increased port block by that analogy, when monitoring after standby port block N-1 exhausts, standby end
It is that basic port block increases standby port block N again that buccal mass increases unit 412, and records standby port
The service condition of block N, N=3,4 ... n;The size of the standby port block of basic port block is solid
Determine or on-fixed.
Session allocation unit 415 is that newly-built session session distributes port.When for newly-built meeting
When words session distributes port, session allocation unit 415 preferentially distributes the free time of basic port block
Port.Multiple standby port blocks of basic port block have different priority, when basic port block
After exhausting, session allocation unit 415 is that newly-built session height distribution according to priority is standby
The idle port of port block.Multiple standby port blocks of basic port block have different priority.
When owning on the standby port block that multiple standby port block medium priorities of basic port block are minimum
After session is the most aging, standby port block recovery unit 413 is by minimum for priority standby
Port block reclaims.The standby port block of basic port block waits the standby port block that priority is lower than it
All reclaim complete and himself all session the most aging after, by standby port block 413
Reclaim.
Log information report the unit 416 network address after distribution conversion and basic port block,
After increasing standby port block for basic port block or regain standby port block, report behaviour to support system
Make log information.Log information reports unit 416 can use Radius agreement
Accounting-start information reporting Operation Log information, in Accouting-start message
In the information carried include: the network address before conversion, the network address after conversion, basic port
Block and standby port block.
Fig. 5 is the signal of the embodiment using inventive network address conversion method in a network
Figure.As shown in Figure 5.
Gateway 53 as network address translation apparatus be Intranet user 51,52 arrange home address with
Dynamic mapping relationship between publicly-owned address, port block.When user 51 reaches the standard grade, completes certification and ground
After the distribution of location, gateway 53 reports accounting-by internet to support system 54
Start message, carries the attribute informations such as station address, publicly-owned address, port block.
User 51 reaches the standard grade, and completes user authentication and address distribution.This process completes the user of standard
Access process.Gateway 53 is that the home address of user 51 randomly chooses publicly-owned address, port block,
Create user 51 address mapping relation, and be that user increases, reclaims standby end according to set algorithm
Buccal mass.The selection algorithm that gateway 53 uses can be hash algorithm, it is ensured that for different user address
Select different publicly-owned addresses, port block.Gateway 53 in accounting-start message to
Distribution corresponding to the home address of support system 54 report of user 51, increase, recovery end buccal mass letter
Breath.This report method requires that Radius protocol attribute is supported.In support system 54
Radius server obtains the distribution corresponding to home address of user 51, increase, recovery end buccal mass
Information, and the address request of tracing to the source of response and user information correlation.Report in pattern at gateway 53
Use Radius extended attribute, accouting-start message is carried station address corresponding
Distribution, increase, recovery port block message.Gateway 53 dynamically selects communally for station address
Location, basic port block, standby port block, support hash algorithm determines that station address is corresponding
The parameters such as publicly-owned address, port block.Management equipment 55 can access support system 54, joins
Put management.
Description of the invention is given for the sake of example and description, and is not exhaustive
Or limit the invention to disclosed form.May be achieved in many ways the present invention's
Method and system.Such as, software, hardware, firmware or software, hardware can be passed through, consolidate
Any combination of part realizes the method and system of the present invention.Step above-mentioned for method
Order is merely to illustrate, and the step of the method for the present invention is not limited to described in detail above
Order, unless specifically stated otherwise.Additionally, in certain embodiments, also may be used
The present invention is embodied as the program recorded in the recording medium, and these programs include for realizing
The machine readable instructions of the method according to the invention.Thus, the present invention also covers storage and is used for
Perform the record medium of the program of the method according to the invention.Many modifications and variations are for ability
It is obvious for the those of ordinary skill in territory.Selecting and describing embodiment is in order to this is more preferably described
The principle of invention and actual application, and make those of ordinary skill in the art it will be appreciated that the present invention
Thus design is suitable to the various embodiments with various amendments of special-purpose.
Claims (13)
1. a method for network address translation, it is characterised in that including:
The network address after changing for the network address distribution before conversion is unique, and it is attached to institute
State the basic port block of the network address after conversion;
Wherein, when receiving the message that the network address before conversion sends, check whether described conversion
The front network address is assigned with the network address after the conversion of correspondence;Without distribution, by breathing out
Uncommon algorithm obtains corresponding only with the network address before described conversion from network address translation address pond
The outside network address of one, distributes to the ground of the network before described conversion by described outside network address
Location, and the unique basic port block being attached to described outside network address is distributed to described conversion
The front network address;
When described basic port block exhausts, increase standby port block for described basic port block;
Wherein, multiple standby port blocks of described basic port block have different priority;When for newly-built
Session session distribute port time, after described basic port block exhausts, for newly-built session
The idle port of height distribution standby port block according to priority;
When the described standby port block free time, reclaim described standby port block;Wherein, described substantially
The standby port block of port block wait priority standby port block lower than it all reclaim complete and its
After self all session is the most aging, just it is recovered;
Wherein, described basic port block is one section of continuous print port numbering scope.
Method the most as defined in claim 1, it is characterised in that described when described substantially
Increase standby port block when port block exhausts, for described basic port block to include:
Record the service condition of described basic port block, exhaust when monitoring described basic port block
Time, increase standby port block 1 for described basic port block, and record the use of standby port block 1
Situation;
When monitoring after described standby port block 1 exhausts, then it is standby to be that described basic port block increases
Port block 2, and record the service condition of standby port block 2;
When monitoring after described standby port block N-1 exhausts, then it is standby to be that described basic port block increases
Using port block N, and record the service condition of standby port block N, N is the integer more than or equal to 3;
Wherein, the size of each standby port block that described basic port block increases is for fixing or non-solid
Fixed.
3. method as claimed in claim 2, it is characterised in that:
When distributing port for newly-built session session, the described basic port block of preferential distribution
Idle port.
4. the method for claim 1, it is characterised in that: described when described standby port
During the block free time, reclaim described standby port block and include:
When the standby port block that multiple standby port block medium priorities of described basic port block are minimum
On all session the most aging after, standby port block minimum for described priority is returned
Receive.
5. the method for claim 1, it is characterised in that:
In the network address distributed after changing and basic port block, increase standby into basic port block
After port block or withdrawal standby port block, report Operation Log information to support system.
6. method as claimed in claim 5, it is characterised in that described report to support system
Operation Log information includes:
Use the Accounting-start information reporting Operation Log information of Radius agreement,
The information carried in Accouting-start message includes: after the network address before conversion, conversion
The network address, basic port block and standby port block.
7. a network address translation apparatus, it is characterised in that including:
Network address allocation unit, after for the unique conversion of network address distribution before conversion
The network address, and it is attached to the basic port block of the network address after described conversion;Wherein, when
When receiving the message that the network address before conversion sends, described network address allocation unit checks whether
The network address before described conversion is assigned with the network address after the conversion of correspondence;Without dividing
Joining, described network address allocation unit is obtained from network address translation address pond by hash algorithm
The unique outside network address corresponding with the network address before described conversion, by described external network
The network address before described conversion is distributed in address, and will be attached to described outside network address only
The basic port block of one distributes to the network address before described conversion;
Standby port block increases unit, for when described basic port block exhausts, for described substantially
Port block increases standby port block;
Session allocation unit, for distributing port for newly-built session session;When for newly-built
When session session distributes port, multiple standby port blocks of described basic port block have difference
Priority, after described basic port block exhausts, described session allocation unit is newly-built
The idle port of session height distribution standby port block according to priority;
Standby port block recovery unit, for when the described standby port block free time, reclaims described standby
Use port block;Wherein, the standby port block of described basic port block waits lower than it standby of priority
With port block all reclaim complete and himself all session the most aging after, by described standby
Reclaim with port block recovery unit;
Wherein, described basic port block is one section of continuous print port numbering scope.
8. equipment as claimed in claim 7, it is characterised in that also include:
Port block service condition record unit, for recording the service condition of port block;
When monitoring described basic port block and exhausting, it is described that described standby port block increases unit
Basic port block increases standby port block 1;
When monitoring after described standby port block 1 exhausts, described standby port block increases unit and is again
Described basic port block increases standby port block 2;
When monitoring after described standby port block N-1 exhausts, described standby port block increases unit again
Increase standby port block N for described basic port block, and record the use feelings of standby port block N
Condition, N is the integer more than or equal to 3;
Wherein, the size of each standby port block that described basic port block increases is for fixing or non-solid
Fixed.
9. equipment as claimed in claim 8, it is characterised in that also include:
Session allocation unit, is used for when distributing port for newly-built session session, described meeting
Words allocation unit preferentially distributes the idle port of described basic port block.
10. equipment as claimed in claim 7, it is characterised in that:
When on the standby port block that multiple standby port block medium priorities of described basic port block are minimum
All session the most aging after, described standby port block recovery unit is by described priority
Minimum standby port block reclaims.
11. equipment as claimed in claim 7, it is characterised in that also include:
Log information reports unit, for the network address after distribution conversion and basic port
Block, increase standby port block for basic port block or regain after standby port block, in support system
Report Operation Log information.
12. equipment as claimed in claim 11, it is characterised in that
Described log information reports unit to use in the Accounting-start message of Radius agreement
Report Operation Log information, the information carried in Accouting-start message includes: before conversion
The network address, basic port block and standby port block after the network address, conversion.
13. 1 kinds of network address transfer systems, it is characterised in that:
Including the network address translation apparatus as described in any one of claim 7 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110412819.5A CN103167049B (en) | 2011-12-13 | 2011-12-13 | Demand assigned method for network address translation, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110412819.5A CN103167049B (en) | 2011-12-13 | 2011-12-13 | Demand assigned method for network address translation, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103167049A CN103167049A (en) | 2013-06-19 |
| CN103167049B true CN103167049B (en) | 2016-09-07 |
Family
ID=48589784
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110412819.5A Active CN103167049B (en) | 2011-12-13 | 2011-12-13 | Demand assigned method for network address translation, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103167049B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104427013B (en) * | 2013-09-10 | 2018-06-12 | 中国电信股份有限公司 | Working level address-translating device and its processing method to station address mapping relations |
| CN104702710B (en) * | 2013-12-09 | 2019-02-26 | 中国联合网络通信集团有限公司 | Port assignment method and device |
| CN105100297B (en) * | 2015-06-30 | 2019-01-22 | 新华三技术有限公司 | A kind of method for processing resource and device |
| CN106506724B (en) * | 2016-11-23 | 2020-10-30 | 新华三技术有限公司 | Method and device for distributing port blocks |
| CN106899710B (en) * | 2017-04-26 | 2020-11-13 | 优刻得科技股份有限公司 | IP address conversion method, IP address conversion device and gateway system |
| CN109120732B (en) * | 2018-07-18 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Service board hot-plug method, system and storage medium in distributed NAT system |
| CN114157633B (en) * | 2021-12-03 | 2023-01-10 | 北京天融信网络安全技术有限公司 | Message forwarding method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262506A (en) * | 2008-04-21 | 2008-09-10 | 杭州华三通信技术有限公司 | Allocation method and system for network address conversion port resource under distributed architecture |
| CN102223287A (en) * | 2010-04-16 | 2011-10-19 | 国基电子(上海)有限公司 | Network device and method thereof for dynamic distribution of system resources |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7752334B2 (en) * | 2002-10-15 | 2010-07-06 | Nomadix, Inc. | Intelligent network address translator and methods for network address translation |
-
2011
- 2011-12-13 CN CN201110412819.5A patent/CN103167049B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262506A (en) * | 2008-04-21 | 2008-09-10 | 杭州华三通信技术有限公司 | Allocation method and system for network address conversion port resource under distributed architecture |
| CN102223287A (en) * | 2010-04-16 | 2011-10-19 | 国基电子(上海)有限公司 | Network device and method thereof for dynamic distribution of system resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103167049A (en) | 2013-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103167049B (en) | Demand assigned method for network address translation, equipment and system | |
| CN102165741B (en) | Method for intercepting and searching host in IPV6 network | |
| CN103841024B (en) | A kind of home gateway realizes the method and home gateway of data distribution | |
| CN102447694B (en) | IPv6 network false source address data packet tracking method and device | |
| CN103441932B (en) | A kind of Host routes list item generates method and apparatus | |
| CN107438016A (en) | Network management, equipment, system and storage medium | |
| WO2015010307A1 (en) | Service path allocation method, router and service execution entity | |
| CN101047618A (en) | Method and system for acquiring network route information | |
| CN101459618A (en) | Data packet forwarding method and device for virtual machine network | |
| CN104468625B (en) | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials | |
| CN106790732A (en) | Address conversion method, apparatus and system, network identity control method and device | |
| CN101572692A (en) | Method, system and equipment for IP address assignment | |
| CN106506724B (en) | Method and device for distributing port blocks | |
| KR101358775B1 (en) | User access method, system, and access server, access device | |
| CN107046506A (en) | A kind of message processing method, flow classifier and business function example | |
| CN100352210C (en) | Method for managing network device | |
| US20120185487A1 (en) | Method, device and system for publication and acquisition of content | |
| CN102984031A (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN112217653B (en) | Strategy issuing method, device and system | |
| CN1953373A (en) | A method to filter and verify open real IPv6 source address | |
| CN105991464B (en) | Shunt method, master control borad, interface board and the gateway of network flow | |
| CN105429936B (en) | Private network router memory storage resource malice, which occupies, resists method and device | |
| CN1553341A (en) | Network address distributing method based on customer terminal | |
| CN102075588B (en) | Method and system for realizing network address translation (NAT) transversing and equipment | |
| CN103442096B (en) | NAT method based on mobile Internet and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |