CN106411742A - Message transmission method and device - Google Patents
Message transmission method and device Download PDFInfo
- Publication number
- CN106411742A CN106411742A CN201610949027.4A CN201610949027A CN106411742A CN 106411742 A CN106411742 A CN 106411742A CN 201610949027 A CN201610949027 A CN 201610949027A CN 106411742 A CN106411742 A CN 106411742A
- Authority
- CN
- China
- Prior art keywords
- address
- message
- port
- white list
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a message transmission method and a message transmission device. The message transmission method comprises the steps of: querying a pre-maintained mapping relation table through a source IP address of a message after receiving the message from terminal equipment, so as to obtain a white list port corresponding to the source IP address, wherein the mapping relation table is used for recording corresponding relations between IP addresses of the terminal equipment and white list ports; modifying the source IP address to be a public network address of equipment, modifying a source port of the message to be the white list port, and modifying a target IP address of the message to be an IP address of a real server; and sending the modified message to the real server, so that the real server obtains the IP address of the terminal equipment by utilizing the white list port carried in the received message. By adopting the message transmission method and the message transmission device, a control policy can be queried according to the IP address of the terminal equipment, the terminal equipment is controlled based on the control policy, and the precise control capability of the real server is realized.
Description
Technical field
The application is related to communication technical field, more particularly, to a kind of method and apparatus of message transmissions.
Background technology
As depicted in figs. 1 and 2, be load balancing networking schematic diagram.Real server 1 and real server 2 can be
User provides application, such as WEB (webpage) application etc..Real server 1 corresponds to virtual ip address A, and real server 1 is corresponding true
Real IP address 1.Real server 2 corresponds to virtual ip address B, and real server 2 corresponds to real IP address 2.In fig. 2, lead to
Cross and dispose multiple load-balancing devices, the Single Point of Faliure of a load-balancing device can be solved the problems, such as, that is, when a load is equal
During weighing apparatus device fails, can also continue to provide service by other load-balancing devices, thus ensureing that Business Processing is not interrupted.
When terminal unit accesses the application that real server 1 provides, can send purpose IP address is virtual ip address A
Message.The purpose IP address of this message, after receiving this message, can be revised as real IP ground by load-balancing device
Location 1, and forward the message to real server 1 using purpose IP address.
Under above-mentioned application scenarios, load-balancing device, after receiving message, can also carry out NAT to this message
(Network Address Translation, network address translation) is changed, you can be revised as the source IP address of this message
One public network IP address.Therefore, be sent to the message of real server for load-balancing device, the source IP address of this message and
Purpose IP address are all supported balancing equipment modification.
At present, control strategy can be configured on real server, common means are:The IP address of configurating terminal device
With the corresponding relation of control strategy, the IP address based on terminal unit just can inquire control strategy.But, in aforesaid way
Under, because the source IP address of message is no longer the IP address of terminal unit, therefore cannot find the control strategy of terminal unit, continue
And based on control strategy, terminal unit cannot be controlled.
Content of the invention
The application provides a kind of method of message transmissions, applies in load-balancing device, including:
Receiving the mapping after the message of terminal unit, safeguarded in advance by the source IP address inquiry of described message
Relation table, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for recording terminal unit
IP address and the corresponding relation of white list port;
Described source IP address is revised as the public network address of this equipment, the source port of described message is revised as described white name
Single port, and the purpose IP address of described message are revised as the IP address of real server;
Amended message is sent to described real server, so that described real server is using in the message receiving
The described white list port carrying obtains the IP address of described terminal unit.
Before the mapping table that the described source IP address inquiry by described message is safeguarded in advance, methods described is further
Including:Receive the notification message from real server, and parse IP address and white list port from described notification message
Corresponding relation, and record described corresponding relation in the mapping table safeguarded in advance;Wherein, this IP address is specified type
Terminal unit IP address;The port that NAT conversion can use is divided into reserved port and unreserved port, this white list
Port is the port in described reserved port.
Described receive after the message of terminal unit, methods described further includes:
Determine the overall white list state of the corresponding real server of described message;
If described overall situation white list state is not actuated, the source IP address of described message is revised as the public network of this equipment
Address, the source port of described message is revised as public network port, and the purpose IP address of described message are revised as described true clothes
The IP address of business device, amended message is sent to described real server;
If described overall situation white list state is to start, execution inquires about mapping table by the source IP address of described message
Process;If there is not described source IP address in mapping table, abandon described message;If existing described in mapping table
Source IP address, and the corresponding local unlatching of described source IP address, then abandon described message;If there is described source IP in mapping table
Address, and the corresponding overall situation unlatching of described source IP address, then execute the public network address that described source IP address is revised as this equipment, will
The source port of described message is revised as described white list port, and the purpose IP address of described message are revised as real server
IP address process.
The application provides a kind of method of message transmissions, applies in real server, including:
In the IP address of LMT Local Maintenance Terminal equipment and the mapping table of white list port;
Receiving after the message of load-balancing device, parsing white list port from described message;
By described white list interface querying mapping table, obtain the corresponding IP address in described white list port.
Methods described further includes:
Generate the notification message including IP address and the corresponding relation of white list port;
Send described notification message to described load-balancing device, so that described load-balancing device is in reflecting of safeguarding in advance
Penetrate the corresponding relation recording described IP address and white list port in relation table;
Wherein, this IP address is the IP address of the terminal unit of specified type;The port that NAT conversion can use is divided
For reserved port and unreserved port, this white list port is the port in described reserved port.
Described receive after the message of load-balancing device, methods described further includes:
Determine the overall white list state of this real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, the mistake by described white list interface querying mapping table for the execution
Journey;If there is not described white list port in mapping table, abandon described message;If existing described white in mapping table
Name single port, and the corresponding local unlatching of described white list port, then abandon described message;If existing described white in mapping table
Name single port, and the corresponding overall situation unlatching of described white list port, then utilize the corresponding IP address in described white list port to described
Message is processed.
The application provides a kind of device of message transmissions, applies in load-balancing device, including:
Obtain module, for receiving after the message of terminal unit, by the source IP address inquiry of described message
The mapping table safeguarded in advance, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for
The IP address of record terminal unit and the corresponding relation of white list port;
Modified module, for described source IP address is revised as public network address, the source port of described message is revised as institute
State white list port, and the purpose IP address of described message are revised as the IP address of real server;
Sending module, for amended message is sent to described real server, so that described real server is sharp
Obtain the IP address of described terminal unit with the described white list port carrying in the message that receives.
Described acquisition module, is additionally operable to determine the overall white list state of the corresponding real server of described message;
Described modified module, is additionally operable to when described overall situation white list state is not actuated, then by the source IP of described message
The public network address of described load-balancing device is revised as in address, and the source port of described message is revised as public network port, will be described
The purpose IP address of message are revised as the IP address of described real server;
Described acquisition module, is additionally operable to when described overall situation white list state is to start, then reflect by source IP address inquiry
Penetrate relation table;If there is not described source IP address in mapping table, abandon described message;If existing described in mapping table
Source IP address, and the corresponding local unlatching of described source IP address, abandon described message;
Described modified module, is additionally operable to when there is described source IP address in mapping table, and described source IP address corresponds to
The overall situation is opened, then described source IP address is revised as public network address, the source port of described message is revised as described white list end
Mouthful, and the purpose IP address of described message are revised as the IP address of real server.
The application provides a kind of device of message transmissions, applies in real server, including:
Maintenance module, the IP address for maintenance terminal equipment and the mapping table of white list port;
Parsing module, for receiving after the message of load-balancing device, parses white name from described message
Single port;
Processing module, for by mapping table described in described white list interface querying, obtaining described white list port
Corresponding IP address.
Described processing module, is additionally operable to determine the overall white list state of described real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, by mapping table described in described white list interface querying;If
There is not described white list port in described mapping table, then abandon described message;If there is institute in described mapping table
State white list port, and the corresponding local in described white list port is opened, then abandon described message;If depositing in described mapping table
In described white list port, and the corresponding overall situation in described white list port is opened, then utilize the corresponding IP in described white list port ground
Location is processed to described message.
Based on technique scheme, in the embodiment of the present application, by the source port of message is revised as white list port, with
Make real server can determine the IP address of terminal unit by this white list port, such that it is able to based on terminal unit
IP address inquires control strategy, and based on this control strategy, terminal unit is controlled, and realizes real server and becomes more meticulous
The ability controlling.Under aforesaid way, load-balancing device does not need additionally to add the IP address of terminal unit in messages, from
And do not affect bandwidth and Message processing performance.
Brief description
In order to the embodiment of the present application or technical scheme of the prior art are clearly described, below will be to the application
In embodiment or description of the prior art the accompanying drawing of required use be briefly described it should be apparent that, below describe in
Accompanying drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to these
Accompanying drawing obtains other accompanying drawings.
Fig. 1 and Fig. 2 is the networking schematic diagram of load balancing;
Fig. 3 is the flow chart of the method for message transmissions in a kind of embodiment of the application;
Fig. 4 is the flow chart of the method for the message transmissions in the application another embodiment;
Fig. 5 is the hardware structure diagram of the load-balancing device in a kind of embodiment of the application;
Fig. 6 is the structure chart of the device of message transmissions in a kind of embodiment of the application;
Fig. 7 is the hardware structure diagram of the real server in a kind of embodiment of the application;
Fig. 8 is the structure chart of the device of message transmissions in a kind of embodiment of the application.
Specific embodiment
In term used in this application merely for the sake of the purpose describing specific embodiment, and unrestricted the application.This Shen
Please it is also intended to including most forms with " a kind of ", " described " and " being somebody's turn to do " of the singulative used in claims, unless
Context clearly shows that other implications.It is also understood that term "and/or" used herein refer to comprise one or more
Associated any or all possible combination listing project.
It will be appreciated that though various information may be described using term first, second, third, etc. in the application, but this
A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.For example, without departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, additionally, used word " if " can be construed to " and ... when " or " when ... when "
Or " in response to determining ".
A kind of method of message transmissions is proposed in the embodiment of the present application, the method can apply to including terminal unit, bears
In load balancing equipment, the system of real server, as depicted in figs. 1 and 2, it is the application scenarios schematic diagram of the embodiment of the present application.
Load-balancing device can be LVS (Linux Virtual Server, Linux virtual server), and real server 1 is corresponding empty
Intend IP address 220.67.8.10 and virtual port 5000, correspond to real IP address 192.168.10.11 and real ports 5001.
The corresponding virtual ip address 220.67.8.11 of real server 2 and virtual port 5002, corresponding real IP address
192.168.10.12 and real ports 5003.
In one example, real server can in the mapping table of local maintenance IP address and white list port,
This IP address is the IP address of the terminal unit of specified type, and for example, the terminal unit of this specified type can be to need to be based on
The terminal unit that control strategy is controlled, is not limited to this specified type.Additionally, the port that NAT conversion can use is (such as
Port 1~65535) it is divided into reserved port (as 1~32768) and unreserved port (as 32769~65535), this white name
Single port is that this reserved port (needs to remove particular port, port 5000 described above, port 5001, port 5002, port
5003 etc.) port in.
For example, when needing for terminal unit 1 configuration control strategy it is determined that the IP address of terminal unit 1
10.3.18.1, and distribute white list port 795 for terminal unit 1 from reserved port, for the white name of each terminal unit distribution
Single port has uniqueness.Afterwards, real server records IP address 10.3.18.1 and white list port in mapping table
795 corresponding relation.As shown in table 1, be mapping table example.
Table 1
IP address | White list port |
10.3.18.1 | 795 |
18.2.9.3 | 580 |
80.3.134.34 | 980 |
In one example, all real server in network are used in conjunction with reserved port range 1~32768, in order to
Preferably white list port is controlled, can be the different reserved port range of different real server distribution, for example,
Using reserved port 1-2000, real server 2 uses reserved port 2001-4000 to real server 1, by that analogy.So,
Real server 1 for terminal unit distribution white list port when, can select from reserved port 1-2000 one available
Port.Real server 2, when for terminal unit distribution white list port, can select one from reserved port 2001-4000
Individual available port.
After mapping table shown in Maintenance Table 1 for the real server, can generate including IP address and white list port
Corresponding relation notification message, and send this notification message to load-balancing device.Load-balancing device receive this lead to
The corresponding relation of IP address and white list port after knowing message, can be parsed from this notification message, and in this load balancing
The corresponding relation of record IP address and white list port in the mapping table of equipment, the final mapping safeguarded of load-balancing device
Relation table can also be as shown in table 1.
Wherein, real server can by notification message by 10.3.18.1 and 795 corresponding relation,
18.2.9.3 with 580 corresponding relation, 80.3.134.34 and 980 corresponding relation, send jointly to load-balancing device,
Can by three notification messages respectively by 10.3.18.1 and 795 corresponding relation, 18.2.9.3 and 580 corresponding relation,
80.3.134.34 the corresponding relation with 980, is sent to load-balancing device.
In one example, the multiple real server including for system, each real server can safeguard one
Individual mapping table.And, load-balancing device can safeguard a mapping table for each real server, and each
Content in the mapping table of the corresponding real server of the content in mapping table is identical.Or, load balancing
Equipment can also only safeguard a mapping table it is possible to all remember the content in the mapping table of each real server
Record in this mapping table.
In one example, when the quantity of load-balancing device is multiple, then a load-balancing device reflects in maintenance
After penetrating relation table, this mapping table can be synchronized to other load-balancing devices, the final maintenance of each load-balancing device
Mapping table is identical, subsequently taking the process of a load-balancing device as a example.
Under above-mentioned application scenarios, shown in Figure 3, it is the flow chart of the method for message transmissions, the method can be applied
On load-balancing device, and the method may comprise steps of:
Step 301, is being received after the message of terminal unit, is being safeguarded in advance by the source IP address inquiry of this message
Mapping table, obtain this source IP address corresponding white list port.
Step 302, this source IP address is revised as the public network address of this load-balancing device, by the source port modification of message
For this white list port, and the purpose IP address of message are revised as the IP address of real server.
Step 303, amended message is sent to this real server, so that this real server is using the report receiving
This white list port carrying in literary composition obtains the IP address of terminal unit.
In one example, for step 301, when terminal unit accesses the application that real server 1 provides, terminal sets
Send message for load-balancing device, the source IP address of this message is IP address 10.3.18.1 of terminal unit, source port is
Arbitrary port, such as port 41006, purpose IP address are the corresponding virtual ip address 220.67.8.10 of real server 1, purpose
Port is the corresponding virtual port 5000 of real server 1.Load-balancing device after receiving this message, by this message
The mapping table shown in source IP address 10.3.18.1 inquiry table 1, obtain the corresponding white name of this source IP address 10.3.18.1
Single port is 795.
For step 302, the source IP address 10.3.18.1 of message is revised as this load-balancing device by load-balancing device
Public network IP address, such as 192.168.1.10, the source port 41006 of message is revised as this white list port 795, rather than will
The source port 41006 of message is revised as the public network port of this load-balancing device.Load-balancing device is by purpose IP of message ground
Location 220.67.8.10 is revised as real IP address 192.168.10.11 of real server 1, by the destination interface 5000 of message
It is revised as the real ports 5001 of real server 1.
In one example, in order to realize message transmissions, load-balancing device can be set up for each real server
One IPVS (IP Virtual Server, IP virtual server) table, as shown in table 2, is the IPVS for real server 1
One example of table, the IPVS table for other real server is similar.Pro represents the protocol type of message, such as TCP
(Transmission Control Protocol, transmission control protocol), UDP (User Datagram Protocol, user
Datagram protocol) etc.;Expire represents the keep-alive time;State represents state;Source represents source IP address and source port, that is,
The IP address of terminal unit and port;Virtual represents virtual ip address and virtual port, that is, change before purpose IP address and
Destination interface;Destination represents real IP address and real ports, i.e. purpose IP address after conversion and destination interface.
Table 2
Pro | Expire | State | Source | Virtual | Destination |
220.67.8.10/5000 | 192.168.10.11/5001 |
In the embodiment of the present application, based on the mapping table shown in table 1, load-balancing device can be with shown in Maintenance Table 3
IPVS table.In table 3, Expire is 00:00, the expression keep-alive time is endless, and its corresponding list item will not be deleted.
State is prepare, represents SBR, is currently also not received by the message for this list item.Source is only comprised in Source
IP address, and do not comprise the corresponding port of this source IP address.
Table 3
Pro | Expire | State | Source | Virtual | Destination |
TCP | 00:00 | Prepare | 10.3.18.1 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:00 | Prepare | 18.2.9.3 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:00 | Prepare | 80.3.134.34 | 220.67.8.10/5000 | 192.168.10.11/5001 |
Based on the IPVS table shown in the mapping table shown in table 1 and table 3, in step 301 and step 302, load is all
Weighing apparatus equipment is after receiving message it is assumed that the source IP address of message is 10.3.18.10, by source IP address 10.3.18.10
During mapping table shown in inquiry table 1, due to there is not this source IP address 10.3.18.10 in table 1, it is therefore possible to use passing
System flow process is processed.I.e. the source IP address 10.3.18.10 of message is revised as the public affairs of load-balancing device by load-balancing device
Net IP address, such as 192.168.1.11, and the source port 41006 of message is revised as public network port (its of load-balancing device
It is unreserved port, such as 32770), and purpose IP address 220.67.8.10 of message are revised as the true of real server 1
IP address 192.168.10.11, the destination interface 5000 of message is revised as the real ports 5001 of real server 1.Afterwards,
Load-balancing device can also update the IPVS table shown in table 3, obtains the IPVS table shown in table 4, and in IPVS table, Source is not
Only include source IP address 10.3.18.10, also include source port 41006.
Table 4
Pro | Expire | State | Source | Virtual | Destination |
TCP | 00:00 | Prepare | 10.3.18.1 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:00 | Prepare | 18.2.9.3 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:00 | Prepare | 80.3.134.34 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:57 | Established | 10.3.18.10/41006 | 220.67.8.10/5000 | 192.168.10.11/5001 |
Based on the IPVS table shown in the mapping table shown in table 1 and table 3, in step 301 and step 302, load is all
Weighing apparatus equipment is after receiving message it is assumed that the source IP address of message is 10.3.18.1, by this source IP address
10.3.18.1, during mapping table shown in inquiry table 1, obtaining corresponding white list port can be 795.Load-balancing device
The source IP address 10.3.18.1 of message is revised as the public network IP address 192.168.1.10 of load-balancing device, by message
Source port 41006 is revised as white list port 795, and purpose IP address 220.67.8.10 of message are revised as real service
Real IP address 192.168.10.11 of device 1, and the destination interface 5000 of message is revised as the real end of real server 1
Mouth 5001.Afterwards, load-balancing device can also update the IPVS table shown in table 3, obtains the IPVS table shown in table 5, at this
In IPVS table, Source not only includes source IP address 10.3.18.10, can also include source port 41006.
Table 5
Pro | Expire | State | Source | Virtual | Destination |
TCP | 00:57 | Established | 10.3.18.1/41006 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:00 | Prepare | 18.2.9.3 | 220.67.8.10/5000 | 192.168.10.11/5001 |
TCP | 00:00 | Prepare | 80.3.134.34 | 220.67.8.10/5000 | 192.168.10.11/5001 |
For step 303, amended message can be sent to real server 1 by load-balancing device, and this message
Source IP address be 192.168.1.10, source port be white list port 795, purpose IP address be 192.168.10.11, purpose
Port is real ports 5001.Real server 1, after receiving this message, can parse white list end from this message
Mouth 795, and by the mapping table shown in the inquiry table 1 of white list port 795, obtain the corresponding IP in white list port 795 ground
Location 10.3.18.1, that is, the IP address of terminal unit is 10.3.18.1.Real server 1 utilizes the IP address of terminal unit
10.3.18.1 inquire corresponding control strategy, and using control strategy, terminal unit is controlled, concrete control process is not
Repeat again.Additionally, real server 1 can also be processed to message using traditional approach, concrete processing procedure repeats no more.
In one example, real server 1 can also send the response message for this message, and this response message
Source IP address is 192.168.10.11, and source port is real ports 5001, and purpose IP address are 192.168.1.10, destination
Mouth is white list port 795.Load-balancing device, after receiving this response message, is also based on the IPVS shown in table 5
Table, modifies to this response message, the source IP address of this response message will be revised as 220.67.8.10, source port is repaiied
It is changed to 5000, purpose IP address are revised as 10.3.18.1, destination interface is revised as 41006, and amended response is reported
Literary composition is sent to terminal unit.
So far, the message transmission procedure between terminal unit and real server 1 can be completed.
In one example, real server and load-balancing device, when safeguarding mapping table, can also be safeguarded complete
Office's white list mark, this overall white list mark can be 0 or 1.Wherein, overall white list mark 0 represents that local is opened, entirely
Office's white list mark 1 represents that the overall situation is opened.As shown in table 6, it is the mapping relations that real server and load-balancing device are safeguarded
One example of table, table 6 is the example for table 1.
Table 6
IP address | White list port | Overall white list mark |
10.3.18.1 | 795 | 1 |
18.2.9.3 | 580 | 1 |
80.3.134.34 | 980 | 0 |
In one example, the overall white list state notifying of itself can also be set by real server to load balancing
Standby, by the corresponding relation of load-balancing device record real server and its overall white list state.Wherein, this overall white list
State can be to start or not actuated.For example, load-balancing device can record real server 1 and the corresponding pass starting
System, and record real server 2 and not actuated corresponding relation.
In the embodiment of the present application, can overall white list state based on real server and IP address corresponding complete
Office's white list mark, controls load-balancing device to send situation to the message of real server, and controls real server pair
The reception processing situation of message.Specific processing procedure is as follows:
Load-balancing device is receiving after the message of terminal unit, first determines the corresponding real service of this message
The overall white list state of device.If overall white list state is not actuated, the source IP address of message is repaiied by load-balancing device
It is changed to the public network address of this load-balancing device, the source port of message is revised as the public network port of this load-balancing device, will
The purpose IP address of message are revised as the real IP address of real server, and the destination interface of message is revised as real server
Real ports, and amended message is sent to real server.If overall white list state is to start, pass through this report
The source IP address inquiry mapping table of literary composition;If there is not this source IP address in this mapping table, abandon this message;If should
There is this source IP address in mapping table, and (i.e. overall white list is designated 0) is opened in the corresponding local of this source IP address, then lose
Abandon this message;If there is this source IP address in this mapping table, and the corresponding overall situation of this source IP address opens (i.e. overall white list
It is designated 1), then obtain this source IP address corresponding white list port, this source IP address is revised as this load-balancing device
Public network address, the source port of this message is revised as this white list port, and the purpose IP address of this message is revised as truly
The real IP address of server, the destination interface of message is revised as the real ports of real server, and by amended report
Literary composition is sent to real server.
For example, load-balancing device is receiving after the message of terminal unit it is assumed that the purpose IP address of message are
220.67.8.11, then explanation message corresponds to real server 2.Because the overall white list state of real server 2 is not open
Dynamic, therefore the source IP address of message can be revised as the public network address 192.168.1.15 of load-balancing device, by message
Source port is revised as the public network port 32775 of load-balancing device, and the purpose IP address of message are revised as real server 2
Real IP address 192.168.10.12, the destination interface of message is revised as the real ports 5003 of real server 2, and will
Message is sent to real server 2.
The purpose IP address of hypothesis message are 220.67.8.10, then explanation message corresponds to real server 1, real service
The overall white list state of device 1 is to start.If the source IP address of message is 10.3.18.10, in mapping table, there is not source
IP address 10.3.18.10, therefore abandons this message.If the source IP address of message is 80.3.134.34, in mapping table
There is source IP address 80.3.134.34, but source IP address 80.3.134.34 corresponds to local unlatching, and (i.e. overall white list is designated
0), therefore abandon this message.If the source IP address of message is 10.3.18.1, in mapping table, there is source IP address
10.3.18.1, and the corresponding overall situation of source IP address 10.3.18.1 opens (i.e. overall white list is designated 1), therefore load balancing sets
For source IP address 10.3.18.1 corresponding white list port 795 can be obtained, the source IP address of message is revised as load balancing
The public network IP address 192.168.1.10 of equipment, the source port of message is revised as white list port 795, by purpose IP of message
Real IP address 192.168.10.11 of real server 1 is revised as in address, and the destination interface of message is revised as real service
The real ports 5001 of device 1, and amended message is sent to real server 1.
Real server is receiving after the message of load-balancing device, determines the white name of the overall situation of this real server
Single state.If overall white list state is not actuated, using traditional approach, message can be processed, concrete processing procedure
Repeat no more.If overall white list state is to start, real server parses white list port from this message, and passes through
This mapping table shown in white list interface querying table 6.
If there is not this white list port in this mapping table, abandon this message.If existing in this mapping table
This white list port, but (i.e. overall white list is designated 0) is opened in the corresponding local in this white list port, then abandon this message.
If there is this white list port in this mapping table, and the corresponding overall situation in this white list port opens (i.e. overall white list mark
For 1), then obtain this corresponding IP address in white list port (i.e. the IP address of terminal unit), and utilize this white list port pair
The IP address answered is processed to this message, for example, inquires corresponding control strategy using this IP address, and using control plan
Slightly terminal unit is controlled, and using traditional approach, message is processed, concrete processing procedure repeats no more.
Based on technique scheme, in the embodiment of the present application, by the source port of message is revised as white list port, with
Make real server can determine the IP address of terminal unit by this white list port, such that it is able to based on terminal unit
IP address inquires control strategy, and based on this control strategy, terminal unit is controlled, and realizes real server and becomes more meticulous
The ability controlling.Under aforesaid way, load-balancing device does not need additionally to add the IP address of terminal unit in messages, from
And do not affect bandwidth and Message processing performance.
Shown in Figure 4, it is the flow chart of the method for message transmissions proposing in the embodiment of the present application, the method can be answered
For real server, and the method may comprise steps of:
Step 401, in the IP address of LMT Local Maintenance Terminal equipment and the mapping table of white list port.
Step 402, is receiving after the message of load-balancing device, is parsing white list port (i.e. from message
The source port of message), this white list port is that load-balancing device is added in message.
Step 403, by this this mapping table of white list interface querying, obtains the corresponding IP in this white list port ground
Location, this IP address is the IP address of terminal unit.
In one example, real server can also generate the logical of the corresponding relation including IP address and white list port
Know message, and send this notification message to load-balancing device, so that load-balancing device utilizes this notification message, tie up in advance
The corresponding relation of record IP address and white list port in the mapping table of shield.Wherein, this IP address is the end of specified type
The IP address of end equipment;The port that NAT conversion can use is divided into reserved port and unreserved port, this white list port
It is the port in reserved port.
In one example, real server is receiving after the message of load-balancing device, it may also be determined that
The overall white list state of this real server;If this overall white list state is not actuated, message can be processed;
If this overall white list state is to start, the process by this white list this mapping table of interface querying for the execution;If this reflects
Penetrate and in relation table, there is not this white list port, then directly abandon this message;If there is this white list end in this mapping table
Mouthful, and the corresponding local unlatching of this white list port, then directly abandon this message;If there is this white list end in this mapping table
Mouthful, and the corresponding overall situation in this white list port opens, then can using this corresponding IP address in white list port to message at
Reason.
Based on technique scheme, in the embodiment of the present application, by the source port of message is revised as white list port, with
Make real server can determine the IP address of terminal unit by this white list port, such that it is able to based on terminal unit
IP address inquires control strategy, and based on this control strategy, terminal unit is controlled, and realizes real server and becomes more meticulous
The ability controlling.Under aforesaid way, load-balancing device does not need additionally to add the IP address of terminal unit in messages, from
And do not affect bandwidth and Message processing performance.
Based on the application design same with said method, the embodiment of the present application also provides a kind of device of message transmissions, should
For load-balancing device.Wherein, the device of this message transmissions can be realized by software it is also possible to pass through hardware or soft or hard
The mode that part combines is realized.As a example implemented in software, as the device on a logical meaning, it is that the load being located by it is equal
The processor of weighing apparatus equipment, in reading non-volatile storage, corresponding computer program instructions are formed.For hardware view,
As shown in figure 5, a kind of hardware structure diagram of the load-balancing device at device place of the message transmissions proposing for the application, except
Outside processor shown in Fig. 5, nonvolatile memory, this load-balancing device can also include other hardware, is such as responsible for process
The forwarding chip of message, network interface, internal memory etc.;For from hardware configuration, this load-balancing device is also possible to be distributed
Equipment, potentially includes multiple interface cards, to carry out the extension of Message processing in hardware view.
As shown in fig. 6, the structure chart of the device of the message transmissions proposing for the application, including:
Obtain module 11, for receiving after the message of terminal unit, looked into by the source IP address of described message
Ask the mapping table safeguarded in advance, obtain described source IP address corresponding white list port;Wherein, described mapping table is used
In the IP address of record terminal unit and the corresponding relation of white list port;
Modified module 12, for described source IP address is revised as public network address, the source port of described message is revised as
Described white list port, the purpose IP address of described message is revised as the IP address of real server;
Sending module 13, for amended message is sent to described real server, so that described real server
Obtain the IP address of described terminal unit using the described white list port carrying in the message receiving.
Described acquisition module 11, is additionally operable to determine the overall white list state of the corresponding real server of message;
Described modified module 12, is additionally operable to when described overall situation white list state is not actuated, then by the source of described message
IP address is revised as the public network address of described load-balancing device, and the source port of described message is revised as public network port, by institute
The purpose IP address stating message are revised as the IP address of described real server;
Described acquisition module 11, is additionally operable to when described overall situation white list state is to start, then inquire about by source IP address
Mapping table;If there is not described source IP address in mapping table, abandon described message;If there is institute in mapping table
State source IP address, the corresponding local of described source IP address is opened, and abandons described message;
Described modified module 12, is additionally operable to when there is described source IP address in mapping table, and described source IP address pair
The overall situation should open, then described source IP address is revised as public network address, the source port of described message is revised as described white list
Port, the purpose IP address of described message is revised as the IP address of real server.
Wherein, the modules of the application device can be integrated in one it is also possible to be deployed separately.Above-mentioned module can be closed
And for a module it is also possible to be further split into multiple submodule.
Based on the application design same with said method, the embodiment of the present application also provides a kind of device of message transmissions, should
For real server.Wherein, the device of this message transmissions can be realized by software it is also possible to pass through hardware or soft or hard
The mode that part combines is realized.As a example implemented in software, as the device on a logical meaning, it is the true clothes being located by it
The processor of business device, in reading non-volatile storage, corresponding computer program instructions are formed.For hardware view, such as
Shown in Fig. 7, it is a kind of hardware structure diagram of the real server at device place of the message transmissions that the application proposes, except Fig. 7
Outside shown processor, nonvolatile memory, this real server can also include other hardware, as being responsible for processing message
Forwarding chip, network interface, internal memory etc.;For from hardware configuration, this real server is also possible to be distributed apparatus, may
Including multiple interface cards, to carry out the extension of Message processing in hardware view.
As shown in figure 8, the structure chart of the device of the message transmissions proposing for the application, including:
Maintenance module 21, the IP address for maintenance terminal equipment and the mapping table of white list port;
Parsing module 22, for receiving after the message of load-balancing device, parses white from described message
Name single port;
Processing module 23, for by mapping table described in described white list interface querying, obtaining described white list end
The corresponding IP address of mouth.
Described processing module 23, is additionally operable to determine the overall white list state of described real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, by mapping table described in described white list interface querying;If
There is not described white list port in described mapping table, then abandon described message;If there is institute in described mapping table
State white list port, and the corresponding local in described white list port is opened, then abandon described message;If depositing in described mapping table
In described white list port, and the corresponding overall situation in described white list port is opened, then utilize the corresponding IP in described white list port ground
Location is processed to described message.
Wherein, the modules of the application device can be integrated in one it is also possible to be deployed separately.Above-mentioned module can be closed
And for a module it is also possible to be further split into multiple submodule.
Through the above description of the embodiments, those skilled in the art can be understood that the application can be by
Software adds the mode of necessary general hardware platform to realize naturally it is also possible to pass through hardware, but the former is more in many cases
Good embodiment.Based on such understanding, the technical scheme of the application substantially contributes to prior art in other words
Partly can be embodied in the form of software product, this computer software product is stored in a storage medium, if including
Dry instruction is with so that a computer equipment (can be personal computer, server, or network equipment etc.) executes this Shen
Please method described in each embodiment.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment,
Module in accompanying drawing or flow process are not necessarily implemented necessary to the application.
It will be appreciated by those skilled in the art that module in device in embodiment can be carried out point according to embodiment description
It is distributed in the device of embodiment and be disposed other than in one or more devices of the present embodiment it is also possible to carry out respective change.On
The module stating embodiment can merge into a module, also can be further split into multiple submodule.Above-mentioned the embodiment of the present application
Sequence number is for illustration only, does not represent the quality of embodiment.
The several specific embodiments being only the application disclosed above, but, the application is not limited to this, any ability
What the technical staff in domain can think change all should fall into the protection domain of the application.
Claims (10)
1. a kind of method of message transmissions, applies in load-balancing device it is characterised in that including:
Receiving the mapping relations after the message of terminal unit, safeguarded in advance by the source IP address inquiry of described message
Table, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for recording the IP ground of terminal unit
Location and the corresponding relation of white list port;
Described source IP address is revised as the public network address of this equipment, the source port of described message is revised as described white list end
Mouthful, and the purpose IP address of described message are revised as the IP address of real server;
Amended message is sent to described real server, so that described real server carries using in the message receiving
Described white list port obtain the IP address of described terminal unit.
2. method according to claim 1 is it is characterised in that the described source IP address inquiry by described message is tieed up in advance
Before the mapping table of shield, methods described further includes:
Receive the notification message from real server, and parse IP address and white list port from described notification message
Corresponding relation, and record described corresponding relation in the mapping table safeguarded in advance;
Wherein, this IP address is the IP address of the terminal unit of specified type;The port that NAT conversion can use is divided into pre-
Stay port and unreserved port, this white list port is the port in described reserved port.
3. method according to claim 1 it is characterised in that
Described receive after the message of terminal unit, methods described further includes:
Determine the overall white list state of the corresponding real server of described message;
If described overall situation white list state is not actuated, the source IP address of described message is revised as the public network ground of this equipment
Location, the source port of described message is revised as public network port, and the purpose IP address of described message are revised as described real service
The IP address of device, amended message is sent to described real server;
If described overall situation white list state is to start, execution inquires about the mistake of mapping table by the source IP address of described message
Journey;If there is not described source IP address in mapping table, abandon described message;If there is described source IP in mapping table
Address, and the corresponding local unlatching of described source IP address, then abandon described message;If there is described source IP ground in mapping table
Location, and the corresponding overall situation unlatching of described source IP address, then execute the public network address that described source IP address is revised as this equipment, by institute
The source port stating message is revised as described white list port, and the purpose IP address of described message are revised as real server
The process of IP address.
4. a kind of method of message transmissions, applies in real server it is characterised in that including:
In the IP address of LMT Local Maintenance Terminal equipment and the mapping table of white list port;
Receiving after the message of load-balancing device, parsing white list port from described message;
By described white list interface querying mapping table, obtain the corresponding IP address in described white list port.
5. method according to claim 4 is it is characterised in that methods described further includes:
Generate the notification message including IP address and the corresponding relation of white list port;
Send described notification message to described load-balancing device, so that described load-balancing device closes in the mapping safeguarded in advance
It is the corresponding relation recording described IP address and white list port in table;
Wherein, this IP address is the IP address of the terminal unit of specified type;The port that NAT conversion can use is divided into pre-
Stay port and unreserved port, this white list port is the port in described reserved port.
6. method according to claim 4 it is characterised in that
Described receive after the message of load-balancing device, methods described further includes:
Determine the overall white list state of this real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, the process by described white list interface querying mapping table for the execution;
If there is not described white list port in mapping table, abandon described message;If there is described white name in mapping table
Single port, and the corresponding local unlatching of described white list port, then abandon described message;If there is described white name in mapping table
Single port, and the corresponding overall situation unlatching of described white list port, then utilize the corresponding IP address in described white list port to described report
Literary composition is processed.
7. a kind of device of message transmissions, applies in load-balancing device it is characterised in that including:
Obtain module, for receiving after the message of terminal unit, inquired about in advance by the source IP address of described message
The mapping table safeguarded, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for recording
The IP address of terminal unit and the corresponding relation of white list port;
Modified module, for described source IP address is revised as public network address, the source port of described message is revised as described white
Name single port, and the purpose IP address of described message are revised as the IP address of real server;
Sending module, for amended message is sent to described real server, so that described real server is using receipts
To message in the described white list port that carries obtain the IP address of described terminal unit.
8. device according to claim 7 it is characterised in that
Described acquisition module, is additionally operable to determine the overall white list state of the corresponding real server of described message;
Described modified module, is additionally operable to when described overall situation white list state is not actuated, then by the source IP address of described message
It is revised as the public network address of described load-balancing device, the source port of described message is revised as public network port, by described message
Purpose IP address be revised as the IP address of described real server;
Described acquisition module, is additionally operable to when described overall situation white list state is to start, then close by source IP address inquiry mapping
It is table;If there is not described source IP address in mapping table, abandon described message;If there is described source IP in mapping table
Address, and the corresponding local unlatching of described source IP address, abandon described message;
Described modified module, is additionally operable to when there is described source IP address in mapping table, and the corresponding overall situation of described source IP address
Open, then described source IP address is revised as public network address, the source port of described message is revised as described white list port, and
The purpose IP address of described message are revised as the IP address of real server.
9. a kind of device of message transmissions, applies in real server it is characterised in that including:
Maintenance module, the IP address for maintenance terminal equipment and the mapping table of white list port;
Parsing module, for receiving after the message of load-balancing device, parses white list end from described message
Mouthful;
Processing module, corresponds to for by mapping table described in described white list interface querying, obtaining described white list port
IP address.
10. device according to claim 9 it is characterised in that
Described processing module, is additionally operable to determine the overall white list state of described real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, by mapping table described in described white list interface querying;If described
There is not described white list port in mapping table, then abandon described message;If existing described white in described mapping table
Name single port, and the corresponding local unlatching of described white list port, then abandon described message;If there is institute in described mapping table
State white list port, and the corresponding overall situation in described white list port is opened, then utilize the corresponding IP address pair in described white list port
Described message is processed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610949027.4A CN106411742B (en) | 2016-10-26 | 2016-10-26 | A kind of method and apparatus of message transmissions |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610949027.4A CN106411742B (en) | 2016-10-26 | 2016-10-26 | A kind of method and apparatus of message transmissions |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106411742A true CN106411742A (en) | 2017-02-15 |
CN106411742B CN106411742B (en) | 2019-08-16 |
Family
ID=58013811
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610949027.4A Active CN106411742B (en) | 2016-10-26 | 2016-10-26 | A kind of method and apparatus of message transmissions |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106411742B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109905387A (en) * | 2019-02-20 | 2019-06-18 | 网宿科技股份有限公司 | A kind of data processing method and device |
CN110768983A (en) * | 2019-10-24 | 2020-02-07 | 新华三信息安全技术有限公司 | Message processing method and device |
CN111010329A (en) * | 2019-03-20 | 2020-04-14 | 新华三技术有限公司 | Message transmission method and device |
CN111193773A (en) * | 2019-12-06 | 2020-05-22 | 腾讯云计算(北京)有限责任公司 | Load balancing method, device, equipment and storage medium |
CN115277628A (en) * | 2022-05-30 | 2022-11-01 | 紫光建筑云科技(重庆)有限公司 | Method for realizing FULL NAT local IP |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002065713A1 (en) * | 2001-02-12 | 2002-08-22 | Polypix Inc. | Udp/ip address translation for a private network |
CN102006337A (en) * | 2010-11-23 | 2011-04-06 | 华为技术有限公司 | CGN (Carrier Grade NAT) entity based data transmission method, CGN entity, gateway and system |
CN102957754A (en) * | 2011-08-22 | 2013-03-06 | 中国电信股份有限公司 | Operating-level network address conversion method, operating-level network address conversion equipment and network system |
CN104601742A (en) * | 2014-12-29 | 2015-05-06 | 杭州华三通信技术有限公司 | Message transmission method and device |
-
2016
- 2016-10-26 CN CN201610949027.4A patent/CN106411742B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002065713A1 (en) * | 2001-02-12 | 2002-08-22 | Polypix Inc. | Udp/ip address translation for a private network |
CN102006337A (en) * | 2010-11-23 | 2011-04-06 | 华为技术有限公司 | CGN (Carrier Grade NAT) entity based data transmission method, CGN entity, gateway and system |
CN102957754A (en) * | 2011-08-22 | 2013-03-06 | 中国电信股份有限公司 | Operating-level network address conversion method, operating-level network address conversion equipment and network system |
CN104601742A (en) * | 2014-12-29 | 2015-05-06 | 杭州华三通信技术有限公司 | Message transmission method and device |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109905387A (en) * | 2019-02-20 | 2019-06-18 | 网宿科技股份有限公司 | A kind of data processing method and device |
WO2020168961A1 (en) * | 2019-02-20 | 2020-08-27 | 网宿科技股份有限公司 | Data processing method and apparatus |
US11206240B2 (en) | 2019-02-20 | 2021-12-21 | Wangsu Science & Technology Co., Ltd. | Method and apparatus for processing data |
CN111010329A (en) * | 2019-03-20 | 2020-04-14 | 新华三技术有限公司 | Message transmission method and device |
CN111010329B (en) * | 2019-03-20 | 2021-09-21 | 新华三技术有限公司 | Message transmission method and device |
CN110768983A (en) * | 2019-10-24 | 2020-02-07 | 新华三信息安全技术有限公司 | Message processing method and device |
CN110768983B (en) * | 2019-10-24 | 2022-04-22 | 新华三信息安全技术有限公司 | Message processing method and device |
CN111193773A (en) * | 2019-12-06 | 2020-05-22 | 腾讯云计算(北京)有限责任公司 | Load balancing method, device, equipment and storage medium |
CN115277628A (en) * | 2022-05-30 | 2022-11-01 | 紫光建筑云科技(重庆)有限公司 | Method for realizing FULL NAT local IP |
Also Published As
Publication number | Publication date |
---|---|
CN106411742B (en) | 2019-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106411742A (en) | Message transmission method and device | |
US8982890B2 (en) | Distributed virtual network gateways | |
CN105554179B (en) | Dns resolution method, system in local area network | |
EP2351315B1 (en) | A virtualization platform | |
CN105763668B (en) | A kind of domain name analytic method and device | |
CN101136929B (en) | Internet small computer system interface data transmission method and apparatus | |
KR20220134554A (en) | Virtual private cloud communication and configuration methods, and related devices | |
US20180139101A1 (en) | Flow sate transfer for live migration of virtual machine | |
CN107733670A (en) | A kind of forwarding strategy collocation method and device | |
US11625280B2 (en) | Cloud-native proxy gateway to cloud resources | |
US10574570B2 (en) | Communication processing method and apparatus | |
CN103812704A (en) | Public network IP (Internet Protocol) dynamic management method for virtual machine | |
US11451466B2 (en) | Controlling route | |
US20100198576A1 (en) | Methods and devices for communicating diagnosis data in a real time communication network | |
CN103618801A (en) | Method, device and system for sharing P2P (Peer-to-Peer) resources | |
CN108418806A (en) | A kind of processing method and processing device of message | |
CN109088957B (en) | NAT rule management method, device and equipment | |
CN109525684A (en) | Message forwarding method and device | |
CN108173928A (en) | Method, apparatus, storage medium and the terminal device of UDP message transmission | |
CN108234422A (en) | Resource regulating method and device | |
CN113676564B (en) | Data transmission method, device and storage medium | |
CN105991442B (en) | Message forwarding method and device | |
CN109889625A (en) | Access method, equipment and the computer readable storage medium of server | |
CN106161115A (en) | A kind of device management method being applied to VXLAN and device | |
CN109413224A (en) | Message forwarding method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |