CN103442096A - NAT method and system based on mobile Internet - Google Patents
NAT method and system based on mobile Internet Download PDFInfo
- Publication number
- CN103442096A CN103442096A CN2013103774739A CN201310377473A CN103442096A CN 103442096 A CN103442096 A CN 103442096A CN 2013103774739 A CN2013103774739 A CN 2013103774739A CN 201310377473 A CN201310377473 A CN 201310377473A CN 103442096 A CN103442096 A CN 103442096A
- Authority
- CN
- China
- Prior art keywords
- address
- nat
- packet
- source
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses an NAT method and system based on the mobile Internet. The method is achieved through mixed NAT mapping of mapping of a static IP address and mapping of a dynamic port. The method includes the steps that NAT is called at the exit of an IP layer and NAT is called at the entrance of the IP layer; NAT is called at the exit of the IP layer to transmit a data package to an NAT router; whether a routing table entry comprising the destination IP address of the data package exists or not is checked; whether an NAT table entry comprising an interior local IP address and an interior global IP address exists in an NAT address mapping table of a resource pool or not is checked; NAT is called at the entrance of the IP layer to transmit the data package to the NAT router; whether the routing table entry comprising the destination IP address of the data package exists or not is checked; whether a HASH table entry comprising an interior global IP address and an interior local IP address exists in the NAT address mapping table of the resource pool or not is checked. The NAT method and system based on the mobile Internet can easily identify a mobile communication terminal user and can perform user access source tracing and analysis.
Description
Technical field
The present invention relates to a kind of NAT conversion method and system, especially a kind of NAT conversion method and system that is based on mobile Internet.Belong to moving communicating field.
Background technology
High speed development along with mobile Internet, opened to mobile communication terminal user the gate that a fan pass is crossed internet world, mobile Internet combines the convenience of mobile communication and the rich content of the Internet, become the crossing domain of communication industry and internet industry fusion development, there are huge market prospects.But because mobile communications network and the Internet are essentially different aspect user ID, identify label in mobile radio communication is cell-phone number, identify label in the Internet is the IP address, due to the mobile communication terminal mass users, caused Internet service network operator can not utilize well user's phone number to commence business, the problem that has also caused the mobile Internet user to trace to the source, can not meet the requirement of internet security management simultaneously.
NAT (Network Address Translator) is called Network address translators.A kind of data that change source address in the IP message and destination address and source port and target port are processed; Make a multiple host in local area network (LAN) use the legal " global " internet ip address" access of minority external resource; Change by NAT, can effectively hide the host IP address of internal lan, played the effect of protection internal network.
In the current network of telecom operators, the problem that the IPv4 address is used not when solving huge mobile communication terminal user colony access the Internet, adopt the IP address transition to realize the method that public network IP address is shared, but it is repetition that this user who has caused mobile Internet platform to obtain accesses the IP address, more identifying user has brought difficulty, in addition in order to improve the performance of the IP of telecom operators address transition, mostly adopt at present independently multi-core CPU to be processed, shunted and distributed by main processing CPU element, but current this processing mode can not meet the growth rate of the Internet user of telecom operators number.
Summary of the invention
The objective of the invention is in order to solve the defect of above-mentioned prior art, the NAT conversion method of a kind of movement-based the Internet is provided, the method to the mobile communication terminal user sign easily, can carry out user access and trace to the source and analyze, and be that public ip address is carried out the Internet access by the implicit IP address fixed allocation during by network firewall.
Another object of the present invention is to provide the NAT converting system of a kind of movement-based the Internet.
Purpose of the present invention can reach by taking following technical scheme:
The NAT conversion method of movement-based the Internet, it is characterized in that: described method is applied to mobile communication terminal user by APN NET access the Internet, adopt the mixing NAT Mapping implementation of static ip address mapping and dynamic port mapping, be included in IP layer exit and call NAT and call NAT in IP layer porch;
It is described that to call NAT in IP layer exit specific as follows:
To take data packet transmission that inside local IP address encapsulated as purpose IP address as source IP address, outside local IP address to the NAT router;
The NAT router checks whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is that network is dealt into the visit data bag of external network internally; If nothing, packet is dropped;
When check, to packet, be that network is dealt into the visit data bag of external network internally, in NAT address mapping table by HASH compute location inspection resource pool, whether the NAT list item that comprises inside local IP address and inner global ip address is arranged, if have, the source IP address of packet is replaced with inner global ip address, source port is replaced by inner global port; If nothing, packet is directly forwarded by the NAT router;
It is described that to call NAT in IP layer porch specific as follows:
The data packet transmission that the outside local ip address of take is encapsulated as purpose IP address as source IP address, inner global ip address is to the NAT router;
The NAT router checks whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is to be dealt into the reply data bag of internal network from external network; If nothing, packet is dropped;
When check is to be dealt into the reply data bag of internal network from external network to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the HASH list item that comprises inner global ip address and inside local IP address is arranged, if have, the purpose IP address of packet is replaced with inside local IP address, destination interface is replaced with the inside local port; If nothing, packet is directly forwarded by the NAT router.
As a kind of preferred version, call NAT in IP layer exit and also comprise:
When check, to packet, not that network is dealt into the visit data bag of external network internally, determine whether the address allowed in IP address list, if, after calculating by HASH, new HASH list item is set up in storage, after recording relevant transitional information, conversion source address and source port, if not, packet discard.
As a kind of preferred version, call NAT in IP layer exit and also comprise:
Identify a data flow according to seven tuples of source port, destination interface and protocol number after the source IP address after the source IP address in packet, conversion, purpose IP address, source port, conversion, and generate the log recording of a NAT data traffic.
As a kind of preferred version, call NAT in IP layer porch and also comprise:
When check is not to be dealt into the reply data bag of internal network from external network to packet, determine whether the address in HASH table, if, reduce purpose IP address and destination interface, if not, packet discard.
As a kind of preferred version, also comprise the resource release, specific as follows:
When the user disconnects all connections, discharge inner global ip address and inner global port resource, inner global port resource is reclaimed, and the SYSLOG daily record of transmit port resource recovery.
Another object of the present invention can reach by taking following technical scheme:
The NAT converting system of movement-based the Internet, it is characterized in that: described system applies is accessed the Internet in mobile communication terminal user by APN NET, adopt the mixing NAT Mapping implementation of static ip address mapping and dynamic port mapping, comprise IP layer exit NAT calling module and IP layer porch NAT calling module;
Described IP layer exit NAT calling module comprises:
The first data packet transmission unit, for take data packet transmission that inside local IP address encapsulated as purpose IP address as source IP address, outside local IP address to the NAT router;
The first route table items inspection unit, check for the NAT router whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is that network is dealt into the visit data bag of external network internally; If nothing, packet is dropped;
The one NAT list item inspection unit, for being that network is dealt into the visit data bag of external network internally when check to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the NAT list item that comprises inside local IP address and inner global ip address is arranged, if have, the source IP address of packet is replaced with inner global ip address, source port is replaced by inner global port; If nothing, packet is directly forwarded by the NAT router;
Described IP layer porch NAT calling module comprises:
The second data packet transmission unit, for take data packet transmission that outside local ip address encapsulated as purpose IP address as source IP address, inner global ip address to the NAT router;
Secondary route list item inspection unit, check for the NAT router whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is to be dealt into the reply data bag of internal network from external network; If nothing, packet is dropped;
The 2nd NAT list item inspection unit, when check is to be dealt into the reply data bag of internal network from external network to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the HASH list item that comprises inner global ip address and inside local IP address is arranged, if have, the purpose IP address of packet is replaced with inside local IP address, destination interface is replaced with the inside local port; If nothing, packet is directly forwarded by the NAT router.
As a kind of preferred version, described IP layer exit NAT calling module also comprises:
The first packet IP address judging unit, for not being that network is dealt into the visit data bag of external network internally when check to packet, determine whether the address allowed in IP address list, if, after calculating by HASH, new HASH list item is set up in storage, after recording relevant transitional information, and conversion source address and source port, if not, packet discard.
As a kind of preferred version, described IP layer exit NAT calling module also comprises:
Identification data stream and generation log recording unit, seven tuples for source port, destination interface and protocol number after the source IP address after the source IP address according to packet, conversion, purpose IP address, source port, conversion identify a data flow, and generate the log recording of a NAT data traffic.
As a kind of preferred version, described IP layer porch NAT calling module also comprises:
The second packet IP address judging unit, for not being to be dealt into the reply data bag of internal network from external network when check to packet, determine whether the address in HASH table, if, reduce purpose IP address and destination interface, if not, packet discard.
As a kind of preferred version, also comprise:
Resource release module, for as the user, disconnecting all connections, discharge inner global ip address and inner global port resource, inner global port resource reclaimed, and the SYSLOG daily record of transmit port resource recovery.
The present invention has following beneficial effect with respect to prior art:
1, the inventive method has efficient packet and divides stream processing mechanism, by the five-tuple to IP traffic, calculated, and result of calculation is kept in the shunting table, the five-tuple data flow of the same rule of shunting table data meeting mark IP traffic alignment processing, according to the five-tuple feature of packet, IP traffic being sent to corresponding processing unit is processed, complete inside local IP address (private network IP address) and inside local port (private network port) translation function to inner global ip address (public network IP address) and inner global port (public network port), so farthest utilized the reusability of outer net IP.
2, the inventive method realizes IP address and port translation by IP address static mappings resource pool, the resource pool packet is containing critical fielies such as IP address of internal network, Intranet port, outer net IP address, outer net port, procotols, can be distributed the outer net port resource according to user gradation like this, load the resource pool data from configuration or local file in internal memory, resource pool adopts the shared drive mode, being convenient to each independent CPU can conduct interviews, and is read and write.
3, the inventive method can be carried out high speed and inquired about IP address static mappings resource pool, through the resource pool data are carried out being stored after HASH calculating, calculate directly and position by HASH when searching online, find the information such as required IP address and port resource in resource pool.
4, the inventive method can realize High Speed IP address and port translation, find IP address and port resource from resource pool after, locate substitute I P and port by HASH, need to from all data of packet, not inquire about comparison, the data flow of mobile communication terminal access outer net, after IP address and port translation, need to be carried out mark, after data flow finishes, need to be discharged, be convenient to next data flow and continue to use.
5, the inventive method adopts the dynamic port mapping, support as user's preassignment port resource, the port resource size is: 256, 512, 1024, 2048, 4096 etc., after user's article one data flow arrives, can go out the user according to other Attribute Recognition, and the port resource configured to user assignment, follow-up other data flow of this user can not trigger port resource again and distribute, and directly use the port resource distributed for the first time to do the NAT conversion, after the user disconnects all connections, the NAT system is distributed to recovery user's port resource, and the SYSLOG daily record of transmitting terminal buccal mass recovery, can greatly reduce the daily record data amount in this way, and guarantee that whole system is to user fairness, rationally use port resource.
6, the inventive method is carried out log recording at the Way out of NAT, according to the source IP address in packet, source IP address after conversion, purpose IP address, source port, source port after conversion, seven tuples of destination interface and protocol number identify a data flow, and generate the log recording of a NAT data traffic, understand the address information of NAT conversion front and back by log information, carry out query analysis according to log information and obtain user network information, convenient some illegal network activitys and the improper operation information followed the trail of, improve availability and the fail safe of the network equipment, therefore can reach the function that IP traces to the source, met the demand of public security and security department and some public institutions.
The accompanying drawing explanation
Fig. 1 is the position of NAT in network data in the inventive method.
Fig. 2 is the schematic diagram that in the inventive method, NAT is called in IP layer exit.
Fig. 3 is the schematic diagram that in the inventive method, NAT is called in IP layer porch.
Fig. 4 is that the inventive method is applied to mobile communication terminal user and accesses the use figure of the Internet by APNNET.
Embodiment
Embodiment 1:
As shown in Figure 1, the present embodiment provides the NAT conversion method of a kind of movement-based the Internet, adopt the mixing NAT Mapping implementation of static ip address mapping and dynamic port mapping, be included in IP layer exit and call NAT, in IP layer porch, call NAT and resource release;
It is as shown in Figure 2, described that to call NAT in IP layer exit specific as follows:
1) will take data packet transmission that inside local IP address encapsulated as purpose IP address as source IP address, outside local IP address to the NAT router;
2) the NAT router checks whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is that network is dealt into the visit data bag of external network internally, if perform step 3), otherwise perform step 4); If nothing, packet is dropped;
3) in the NAT address mapping table by HASH compute location inspection resource pool, whether the NAT list item that comprises inside local IP address and inner global ip address is arranged, if have, the source IP address of packet is replaced with inner global ip address, source port is replaced by inner global port, performs step 5); If nothing, packet is directly forwarded by the NAT router;
4) determine whether the address that allows in IP address list, if after calculating by HASH, new HASH list item is set up in storage, after recording relevant transitional information, conversion source address and source port, if not, packet discard.
5) identify a data flow according to seven tuples of source port, destination interface and protocol number after the source IP address after the source IP address in packet, conversion, purpose IP address, source port, conversion, and generate the log recording of a NAT data traffic.
It is as shown in Figure 3, described that to call NAT in IP layer porch specific as follows:
1) will take data packet transmission that outside local ip address encapsulated as purpose IP address as source IP address, inner global ip address to the NAT router;
2) the NAT router checks whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is to be dealt into the reply data bag of internal network from external network, if perform step 3), if not, perform step 4); If nothing, packet is dropped;
3) in the NAT address mapping table by HASH compute location inspection resource pool, whether the HASH list item that comprises inner global ip address and inside local IP address is arranged, if have, the purpose IP address of packet is replaced with inside local IP address, destination interface is replaced with the inside local port; If nothing, packet is directly forwarded by the NAT router.
4) determine whether the address in HASH table, if, reduction purpose IP address and destination interface, if not, packet discard.
The resource release is specific as follows:
When the user disconnects all connections, discharge inner global ip address and inner global port resource, inner global port resource is reclaimed, and the SYSLOG daily record of transmit port resource recovery.
As shown in Figure 4, can see when mobile communication terminal user is accessed the packet arrival NAT router of the Internet by APNNET, by searching the NAT address mapping table shown in following table 1, the source IP address of Intranet and source port number are changed, be about to inside local address and inside local port numbers (10.1.1.3:1723, 10.1.1.2:1723, 10.1.1.1:1034) be converted to inside global address and inner global port numbers (202.168.2.2:1492, 202.168.2.2:1723, 202.168.2.2:1034), accordingly, the Outside Global Address of outer net and outside global port numbers are respectively 212.21.7.3:23, 212.21.7.3:23, 212.20.7.3:23.
Table 1NAT address mapping table
Embodiment 2:
The present embodiment provides the NAT converting system of a kind of movement-based the Internet, described system adopts the mixing NAT Mapping implementation of static ip address mapping and dynamic port mapping, comprises IP layer exit NAT calling module, IP layer porch NAT calling module and resource release module; Described IP layer exit NAT calling module comprises the first data packet transmission unit, the first route table items inspection unit, a NAT list item inspection unit, the first packet IP address judging unit and identification data stream and generates the log recording unit; Described IP layer porch NAT calling module comprises the second data packet transmission unit, secondary route list item inspection unit, the 2nd NAT list item inspection unit and the second packet IP address judging unit, wherein:
Described the first data packet transmission unit, for take data packet transmission that inside local IP address encapsulated as purpose IP address as source IP address, outside local IP address to the NAT router;
Described the first route table items inspection unit, check for the NAT router whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is that network is dealt into the visit data bag of external network internally; If nothing, packet is dropped;
A described NAT list item inspection unit, for being that network is dealt into the visit data bag of external network internally when check to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the NAT list item that comprises inside local IP address and inner global ip address is arranged, if have, the source IP address of packet is replaced with inner global ip address, source port is replaced by inner global port; If nothing, packet is directly forwarded by the NAT router;
Described the first packet IP address judging unit, for not being that network is dealt into the visit data bag of external network internally when check to packet, determine whether the address allowed in IP address list, if, after calculating by HASH, new HASH list item is set up in storage, after recording relevant transitional information, and conversion source address and source port, if not, packet discard.
Described identification data stream and generation log recording unit, seven tuples for source port, destination interface and protocol number after the source IP address after the source IP address according to packet, conversion, purpose IP address, source port, conversion identify a data flow, and generate the log recording of a NAT data traffic.
Described the second data packet transmission unit, for take data packet transmission that outside local ip address encapsulated as purpose IP address as source IP address, inner global ip address to the NAT router;
Described secondary route list item inspection unit, check for the NAT router whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is to be dealt into the reply data bag of internal network from external network; If nothing, packet is dropped;
Described the 2nd NAT list item inspection unit, when check is to be dealt into the reply data bag of internal network from external network to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the HASH list item that comprises inner global ip address and inside local IP address is arranged, if have, the purpose IP address of packet is replaced with inside local IP address, destination interface is replaced with the inside local port; If nothing, packet is directly forwarded by the NAT router.
Described the second packet IP address judging unit, for not being to be dealt into the reply data bag of internal network from external network when check to packet, determine whether the address in the HASH table, if, reduction purpose IP address and destination interface, if not, packet discard.
Described resource release module, for as the user, disconnecting all connections, discharge inner global ip address and inner global port resource, inner global port resource reclaimed, and the SYSLOG daily record of transmit port resource recovery.
One of ordinary skill in the art will appreciate that: realize that all or part of step in the various embodiments described above method is to come the hardware that instruction is relevant to complete by program, corresponding program can be stored in a computer read/write memory medium, described storage medium, as ROM/RAM, disk or CD etc.
The above; it is only patent optional embodiment of the present invention; but the protection range of patent of the present invention is not limited to this; anyly be familiar with those skilled in the art in the disclosed scope of patent of the present invention; according to the present invention, the technical scheme of patent and patent of invention design thereof are equal to replacement or are changed, and all belong to the protection range of patent of the present invention.
Claims (10)
1. the NAT conversion method of movement-based the Internet, it is characterized in that: described method is applied to mobile communication terminal user by APN NET access the Internet, adopt the mixing NAT Mapping implementation of static ip address mapping and dynamic port mapping, be included in IP layer exit and call NAT and call NAT in IP layer porch;
It is described that to call NAT in IP layer exit specific as follows:
To take data packet transmission that inside local IP address encapsulated as purpose IP address as source IP address, outside local IP address to the NAT router;
The NAT router checks whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is that network is dealt into the visit data bag of external network internally; If nothing, packet is dropped;
When check, to packet, be that network is dealt into the visit data bag of external network internally, in NAT address mapping table by HASH compute location inspection resource pool, whether the NAT list item that comprises inside local IP address and inner global ip address is arranged, if have, the source IP address of packet is replaced with inner global ip address, source port is replaced by inner global port; If nothing, packet is directly forwarded by the NAT router;
It is described that to call NAT in IP layer porch specific as follows:
The data packet transmission that the outside local ip address of take is encapsulated as purpose IP address as source IP address, inner global ip address is to the NAT router;
The NAT router checks whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is to be dealt into the reply data bag of internal network from external network; If nothing, packet is dropped;
When check is to be dealt into the reply data bag of internal network from external network to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the HASH list item that comprises inner global ip address and inside local IP address is arranged, if have, the purpose IP address of packet is replaced with inside local IP address, destination interface is replaced with the inside local port; If nothing, packet is directly forwarded by the NAT router.
2. the NAT conversion method of movement-based according to claim 1 the Internet is characterized in that: call NAT in IP layer exit and also comprise:
When check, to packet, not that network is dealt into the visit data bag of external network internally, determine whether the address allowed in IP address list, if, after calculating by HASH, new HASH list item is set up in storage, after recording relevant transitional information, conversion source address and source port, if not, packet discard.
3. the NAT conversion method of movement-based according to claim 1 the Internet is characterized in that: call NAT in IP layer exit and also comprise:
Identify a data flow according to seven tuples of source port, destination interface and protocol number after the source IP address after the source IP address in packet, conversion, purpose IP address, source port, conversion, and generate the log recording of a NAT data traffic.
4. the NAT conversion method of movement-based according to claim 1 the Internet is characterized in that: call NAT in IP layer porch and also comprise:
When check is not to be dealt into the reply data bag of internal network from external network to packet, determine whether the address in HASH table, if, reduce purpose IP address and destination interface, if not, packet discard.
5. according to the NAT conversion method of the described movement-based of claim 1-4 any one the Internet, characterized by further comprising the resource release, specific as follows:
When the user disconnects all connections, discharge inner global ip address and inner global port resource, inner global port resource is reclaimed, and the SYSLOG daily record of transmit port resource recovery.
6. the NAT converting system of movement-based the Internet, it is characterized in that: described system applies is accessed the Internet in mobile communication terminal user by APN NET, adopt the mixing NAT Mapping implementation of static ip address mapping and dynamic port mapping, comprise IP layer exit NAT calling module and IP layer porch NAT calling module;
Described IP layer exit NAT calling module comprises:
The first data packet transmission unit, for take data packet transmission that inside local IP address encapsulated as purpose IP address as source IP address, outside local IP address to the NAT router;
The first route table items inspection unit, check for the NAT router whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is that network is dealt into the visit data bag of external network internally; If nothing, packet is dropped;
The one NAT list item inspection unit, for being that network is dealt into the visit data bag of external network internally when check to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the NAT list item that comprises inside local IP address and inner global ip address is arranged, if have, the source IP address of packet is replaced with inner global ip address, source port is replaced by inner global port; If nothing, packet is directly forwarded by the NAT router;
Described IP layer porch NAT calling module comprises:
The second data packet transmission unit, for take data packet transmission that outside local ip address encapsulated as purpose IP address as source IP address, inner global ip address to the NAT router;
Secondary route list item inspection unit, check for the NAT router whether routing table has the route table items that comprises packet rs destination IP address, if having, whether the check data bag is to be dealt into the reply data bag of internal network from external network; If nothing, packet is dropped;
The 2nd NAT list item inspection unit, when check is to be dealt into the reply data bag of internal network from external network to packet, in NAT address mapping table by HASH compute location inspection resource pool, whether the HASH list item that comprises inner global ip address and inside local IP address is arranged, if have, the purpose IP address of packet is replaced with inside local IP address, destination interface is replaced with the inside local port; If nothing, packet is directly forwarded by the NAT router.
7. the NAT converting system of movement-based according to claim 6 the Internet, it is characterized in that: described IP layer exit NAT calling module also comprises:
The first packet IP address judging unit, for not being that network is dealt into the visit data bag of external network internally when check to packet, determine whether the address allowed in IP address list, if, after calculating by HASH, new HASH list item is set up in storage, after recording relevant transitional information, and conversion source address and source port, if not, packet discard.
8. the NAT converting system of movement-based according to claim 6 the Internet, it is characterized in that: described IP layer exit NAT calling module also comprises:
Identification data stream and generation log recording unit, seven tuples for source port, destination interface and protocol number after the source IP address after the source IP address according to packet, conversion, purpose IP address, source port, conversion identify a data flow, and generate the log recording of a NAT data traffic.
9. the NAT converting system of movement-based according to claim 6 the Internet, it is characterized in that: described IP layer porch NAT calling module also comprises:
The second packet IP address judging unit, for not being to be dealt into the reply data bag of internal network from external network when check to packet, determine whether the address in HASH table, if, reduce purpose IP address and destination interface, if not, packet discard.
10. according to the NAT converting system of the described movement-based of claim 6-9 any one the Internet, characterized by further comprising:
Resource release module, for as the user, disconnecting all connections, discharge inner global ip address and inner global port resource, inner global port resource reclaimed, and the SYSLOG daily record of transmit port resource recovery.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310377473.9A CN103442096B (en) | 2013-08-26 | 2013-08-26 | NAT method based on mobile Internet and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310377473.9A CN103442096B (en) | 2013-08-26 | 2013-08-26 | NAT method based on mobile Internet and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103442096A true CN103442096A (en) | 2013-12-11 |
| CN103442096B CN103442096B (en) | 2016-12-28 |
Family
ID=49695761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310377473.9A Active CN103442096B (en) | 2013-08-26 | 2013-08-26 | NAT method based on mobile Internet and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103442096B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125311A (en) * | 2014-06-18 | 2014-10-29 | 安一恒通(北京)科技有限公司 | WFP framework based data transmission method and device |
| CN106603435A (en) * | 2016-12-28 | 2017-04-26 | 北京华为数字技术有限公司 | Method and device for distributing port block resource |
| CN107018154A (en) * | 2017-05-31 | 2017-08-04 | 南京燚麒智能科技有限公司 | A kind of router and method for routing for being used to connect Intranet and outer net based on application layer |
| CN110505248A (en) * | 2019-09-29 | 2019-11-26 | 国家计算机网络与信息安全管理中心 | A kind of localization method and system of Intranet NAT flow |
| CN116170301A (en) * | 2023-03-02 | 2023-05-26 | 上海弘积信息科技有限公司 | NAT log collection method of load balancing equipment and load balancing equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030018814A1 (en) * | 2001-06-29 | 2003-01-23 | Yung-Chung Kao | Method of letting a single LAN port voice over IP device have network address translation function |
| CN1414746A (en) * | 2002-05-15 | 2003-04-30 | 华为技术有限公司 | Method of providing internal service apparatus in network for saving IP address |
| US20040098512A1 (en) * | 2002-11-19 | 2004-05-20 | Institute For Information Industry | NAPT gateway system with method capable of extending the number of connections |
| CN101150505A (en) * | 2007-07-31 | 2008-03-26 | 杭州华三通信技术有限公司 | Method and device for forwarding data stream via network address translation |
| CN101800690A (en) * | 2009-02-05 | 2010-08-11 | 北京启明星辰信息技术股份有限公司 | Method and device for realizing source address conversion by using address pool |
-
2013
- 2013-08-26 CN CN201310377473.9A patent/CN103442096B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030018814A1 (en) * | 2001-06-29 | 2003-01-23 | Yung-Chung Kao | Method of letting a single LAN port voice over IP device have network address translation function |
| CN1414746A (en) * | 2002-05-15 | 2003-04-30 | 华为技术有限公司 | Method of providing internal service apparatus in network for saving IP address |
| US20040098512A1 (en) * | 2002-11-19 | 2004-05-20 | Institute For Information Industry | NAPT gateway system with method capable of extending the number of connections |
| CN101150505A (en) * | 2007-07-31 | 2008-03-26 | 杭州华三通信技术有限公司 | Method and device for forwarding data stream via network address translation |
| CN101800690A (en) * | 2009-02-05 | 2010-08-11 | 北京启明星辰信息技术股份有限公司 | Method and device for realizing source address conversion by using address pool |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125311A (en) * | 2014-06-18 | 2014-10-29 | 安一恒通(北京)科技有限公司 | WFP framework based data transmission method and device |
| CN104125311B (en) * | 2014-06-18 | 2018-02-02 | 安一恒通(北京)科技有限公司 | Data transmission method and device based on WFP frameworks |
| CN106603435A (en) * | 2016-12-28 | 2017-04-26 | 北京华为数字技术有限公司 | Method and device for distributing port block resource |
| CN106603435B (en) * | 2016-12-28 | 2019-10-15 | 北京华为数字技术有限公司 | Distribute the method and device of port block resource |
| CN107018154A (en) * | 2017-05-31 | 2017-08-04 | 南京燚麒智能科技有限公司 | A kind of router and method for routing for being used to connect Intranet and outer net based on application layer |
| CN107018154B (en) * | 2017-05-31 | 2020-06-05 | 南京燚麒智能科技有限公司 | Router and routing method for connecting intranet and extranet based on application layer |
| CN110505248A (en) * | 2019-09-29 | 2019-11-26 | 国家计算机网络与信息安全管理中心 | A kind of localization method and system of Intranet NAT flow |
| CN116170301A (en) * | 2023-03-02 | 2023-05-26 | 上海弘积信息科技有限公司 | NAT log collection method of load balancing equipment and load balancing equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103442096B (en) | 2016-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104995880B (en) | The method and system of quantization congestion notification in virtual networking system | |
| CN105706044B (en) | Work based on ranking keeps scheduler | |
| CN104717137B (en) | Manage the method and system of the data flow in overlay network | |
| CN104350467B (en) | Elasticity for the cloud security using SDN carries out layer | |
| CN102025643B (en) | Flow table search method and device | |
| CN103442096A (en) | NAT method and system based on mobile Internet | |
| CN104052644A (en) | Method and system for packet distribution in a virtual networking system | |
| CN104780088A (en) | Service message transmission method and equipment | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| CN101789904A (en) | Method and equipment for controlling flow | |
| US20170048815A1 (en) | Location Awareness to Packet Flows using Network Service Headers | |
| CN114430394B (en) | Message processing method and device, electronic equipment and readable storage medium | |
| CN103475746A (en) | Terminal service method and apparatus | |
| CA2988283A1 (en) | Gateway and method for localization | |
| CN103036875A (en) | Processing device and recognition device for user identity | |
| US9203741B1 (en) | Managing multi-customer network traffic using lower layer protocol attributes | |
| KR20210043865A (en) | NGSI-LD API Wrapping Method | |
| CN106899500A (en) | A kind of message processing method and device across virtual expansible LAN | |
| CN106533943A (en) | Method for realizing microcode and flow table based on network switching chip | |
| CN110089078A (en) | The method and apparatus of business transponder via dynamic coverage network is provided | |
| CN104488240B (en) | Session management method, address management method and relevant device | |
| CN103067532A (en) | Method and system of unified identification management of mobile internet users | |
| CN103428310A (en) | Virtual IP (internal protocol) based non-HTTP (hyper text transport protocol) domain name guidance system and method | |
| CN103812774B (en) | Tactics configuring method, message processing method and related device based on TCAM | |
| CN103346950A (en) | Sharing method and device of load between user service boards of rack-mounted wireless controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |