CN106411742A - Message transmission method and device - Google Patents

Message transmission method and device Download PDF

Info

Publication number
CN106411742A
CN106411742A CN201610949027.4A CN201610949027A CN106411742A CN 106411742 A CN106411742 A CN 106411742A CN 201610949027 A CN201610949027 A CN 201610949027A CN 106411742 A CN106411742 A CN 106411742A
Authority
CN
China
Prior art keywords
address
message
port
white list
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610949027.4A
Other languages
Chinese (zh)
Other versions
CN106411742B (en
Inventor
孙策
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dt Dream Technology Co Ltd
Original Assignee
Hangzhou Dt Dream Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dt Dream Technology Co Ltd filed Critical Hangzhou Dt Dream Technology Co Ltd
Priority to CN201610949027.4A priority Critical patent/CN106411742B/en
Publication of CN106411742A publication Critical patent/CN106411742A/en
Application granted granted Critical
Publication of CN106411742B publication Critical patent/CN106411742B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a message transmission method and a message transmission device. The message transmission method comprises the steps of: querying a pre-maintained mapping relation table through a source IP address of a message after receiving the message from terminal equipment, so as to obtain a white list port corresponding to the source IP address, wherein the mapping relation table is used for recording corresponding relations between IP addresses of the terminal equipment and white list ports; modifying the source IP address to be a public network address of equipment, modifying a source port of the message to be the white list port, and modifying a target IP address of the message to be an IP address of a real server; and sending the modified message to the real server, so that the real server obtains the IP address of the terminal equipment by utilizing the white list port carried in the received message. By adopting the message transmission method and the message transmission device, a control policy can be queried according to the IP address of the terminal equipment, the terminal equipment is controlled based on the control policy, and the precise control capability of the real server is realized.

Description

A kind of method and apparatus of message transmissions
Technical field
The application is related to communication technical field, more particularly, to a kind of method and apparatus of message transmissions.
Background technology
As depicted in figs. 1 and 2, be load balancing networking schematic diagram.Real server 1 and real server 2 can be User provides application, such as WEB (webpage) application etc..Real server 1 corresponds to virtual ip address A, and real server 1 is corresponding true Real IP address 1.Real server 2 corresponds to virtual ip address B, and real server 2 corresponds to real IP address 2.In fig. 2, lead to Cross and dispose multiple load-balancing devices, the Single Point of Faliure of a load-balancing device can be solved the problems, such as, that is, when a load is equal During weighing apparatus device fails, can also continue to provide service by other load-balancing devices, thus ensureing that Business Processing is not interrupted.
When terminal unit accesses the application that real server 1 provides, can send purpose IP address is virtual ip address A Message.The purpose IP address of this message, after receiving this message, can be revised as real IP ground by load-balancing device Location 1, and forward the message to real server 1 using purpose IP address.
Under above-mentioned application scenarios, load-balancing device, after receiving message, can also carry out NAT to this message (Network Address Translation, network address translation) is changed, you can be revised as the source IP address of this message One public network IP address.Therefore, be sent to the message of real server for load-balancing device, the source IP address of this message and Purpose IP address are all supported balancing equipment modification.
At present, control strategy can be configured on real server, common means are:The IP address of configurating terminal device With the corresponding relation of control strategy, the IP address based on terminal unit just can inquire control strategy.But, in aforesaid way Under, because the source IP address of message is no longer the IP address of terminal unit, therefore cannot find the control strategy of terminal unit, continue And based on control strategy, terminal unit cannot be controlled.
Content of the invention
The application provides a kind of method of message transmissions, applies in load-balancing device, including:
Receiving the mapping after the message of terminal unit, safeguarded in advance by the source IP address inquiry of described message Relation table, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for recording terminal unit IP address and the corresponding relation of white list port;
Described source IP address is revised as the public network address of this equipment, the source port of described message is revised as described white name Single port, and the purpose IP address of described message are revised as the IP address of real server;
Amended message is sent to described real server, so that described real server is using in the message receiving The described white list port carrying obtains the IP address of described terminal unit.
Before the mapping table that the described source IP address inquiry by described message is safeguarded in advance, methods described is further Including:Receive the notification message from real server, and parse IP address and white list port from described notification message Corresponding relation, and record described corresponding relation in the mapping table safeguarded in advance;Wherein, this IP address is specified type Terminal unit IP address;The port that NAT conversion can use is divided into reserved port and unreserved port, this white list Port is the port in described reserved port.
Described receive after the message of terminal unit, methods described further includes:
Determine the overall white list state of the corresponding real server of described message;
If described overall situation white list state is not actuated, the source IP address of described message is revised as the public network of this equipment Address, the source port of described message is revised as public network port, and the purpose IP address of described message are revised as described true clothes The IP address of business device, amended message is sent to described real server;
If described overall situation white list state is to start, execution inquires about mapping table by the source IP address of described message Process;If there is not described source IP address in mapping table, abandon described message;If existing described in mapping table Source IP address, and the corresponding local unlatching of described source IP address, then abandon described message;If there is described source IP in mapping table Address, and the corresponding overall situation unlatching of described source IP address, then execute the public network address that described source IP address is revised as this equipment, will The source port of described message is revised as described white list port, and the purpose IP address of described message are revised as real server IP address process.
The application provides a kind of method of message transmissions, applies in real server, including:
In the IP address of LMT Local Maintenance Terminal equipment and the mapping table of white list port;
Receiving after the message of load-balancing device, parsing white list port from described message;
By described white list interface querying mapping table, obtain the corresponding IP address in described white list port.
Methods described further includes:
Generate the notification message including IP address and the corresponding relation of white list port;
Send described notification message to described load-balancing device, so that described load-balancing device is in reflecting of safeguarding in advance Penetrate the corresponding relation recording described IP address and white list port in relation table;
Wherein, this IP address is the IP address of the terminal unit of specified type;The port that NAT conversion can use is divided For reserved port and unreserved port, this white list port is the port in described reserved port.
Described receive after the message of load-balancing device, methods described further includes:
Determine the overall white list state of this real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, the mistake by described white list interface querying mapping table for the execution Journey;If there is not described white list port in mapping table, abandon described message;If existing described white in mapping table Name single port, and the corresponding local unlatching of described white list port, then abandon described message;If existing described white in mapping table Name single port, and the corresponding overall situation unlatching of described white list port, then utilize the corresponding IP address in described white list port to described Message is processed.
The application provides a kind of device of message transmissions, applies in load-balancing device, including:
Obtain module, for receiving after the message of terminal unit, by the source IP address inquiry of described message The mapping table safeguarded in advance, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for The IP address of record terminal unit and the corresponding relation of white list port;
Modified module, for described source IP address is revised as public network address, the source port of described message is revised as institute State white list port, and the purpose IP address of described message are revised as the IP address of real server;
Sending module, for amended message is sent to described real server, so that described real server is sharp Obtain the IP address of described terminal unit with the described white list port carrying in the message that receives.
Described acquisition module, is additionally operable to determine the overall white list state of the corresponding real server of described message;
Described modified module, is additionally operable to when described overall situation white list state is not actuated, then by the source IP of described message The public network address of described load-balancing device is revised as in address, and the source port of described message is revised as public network port, will be described The purpose IP address of message are revised as the IP address of described real server;
Described acquisition module, is additionally operable to when described overall situation white list state is to start, then reflect by source IP address inquiry Penetrate relation table;If there is not described source IP address in mapping table, abandon described message;If existing described in mapping table Source IP address, and the corresponding local unlatching of described source IP address, abandon described message;
Described modified module, is additionally operable to when there is described source IP address in mapping table, and described source IP address corresponds to The overall situation is opened, then described source IP address is revised as public network address, the source port of described message is revised as described white list end Mouthful, and the purpose IP address of described message are revised as the IP address of real server.
The application provides a kind of device of message transmissions, applies in real server, including:
Maintenance module, the IP address for maintenance terminal equipment and the mapping table of white list port;
Parsing module, for receiving after the message of load-balancing device, parses white name from described message Single port;
Processing module, for by mapping table described in described white list interface querying, obtaining described white list port Corresponding IP address.
Described processing module, is additionally operable to determine the overall white list state of described real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, by mapping table described in described white list interface querying;If There is not described white list port in described mapping table, then abandon described message;If there is institute in described mapping table State white list port, and the corresponding local in described white list port is opened, then abandon described message;If depositing in described mapping table In described white list port, and the corresponding overall situation in described white list port is opened, then utilize the corresponding IP in described white list port ground Location is processed to described message.
Based on technique scheme, in the embodiment of the present application, by the source port of message is revised as white list port, with Make real server can determine the IP address of terminal unit by this white list port, such that it is able to based on terminal unit IP address inquires control strategy, and based on this control strategy, terminal unit is controlled, and realizes real server and becomes more meticulous The ability controlling.Under aforesaid way, load-balancing device does not need additionally to add the IP address of terminal unit in messages, from And do not affect bandwidth and Message processing performance.
Brief description
In order to the embodiment of the present application or technical scheme of the prior art are clearly described, below will be to the application In embodiment or description of the prior art the accompanying drawing of required use be briefly described it should be apparent that, below describe in Accompanying drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to these Accompanying drawing obtains other accompanying drawings.
Fig. 1 and Fig. 2 is the networking schematic diagram of load balancing;
Fig. 3 is the flow chart of the method for message transmissions in a kind of embodiment of the application;
Fig. 4 is the flow chart of the method for the message transmissions in the application another embodiment;
Fig. 5 is the hardware structure diagram of the load-balancing device in a kind of embodiment of the application;
Fig. 6 is the structure chart of the device of message transmissions in a kind of embodiment of the application;
Fig. 7 is the hardware structure diagram of the real server in a kind of embodiment of the application;
Fig. 8 is the structure chart of the device of message transmissions in a kind of embodiment of the application.
Specific embodiment
In term used in this application merely for the sake of the purpose describing specific embodiment, and unrestricted the application.This Shen Please it is also intended to including most forms with " a kind of ", " described " and " being somebody's turn to do " of the singulative used in claims, unless Context clearly shows that other implications.It is also understood that term "and/or" used herein refer to comprise one or more Associated any or all possible combination listing project.
It will be appreciated that though various information may be described using term first, second, third, etc. in the application, but this A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.For example, without departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, additionally, used word " if " can be construed to " and ... when " or " when ... when " Or " in response to determining ".
A kind of method of message transmissions is proposed in the embodiment of the present application, the method can apply to including terminal unit, bears In load balancing equipment, the system of real server, as depicted in figs. 1 and 2, it is the application scenarios schematic diagram of the embodiment of the present application. Load-balancing device can be LVS (Linux Virtual Server, Linux virtual server), and real server 1 is corresponding empty Intend IP address 220.67.8.10 and virtual port 5000, correspond to real IP address 192.168.10.11 and real ports 5001. The corresponding virtual ip address 220.67.8.11 of real server 2 and virtual port 5002, corresponding real IP address 192.168.10.12 and real ports 5003.
In one example, real server can in the mapping table of local maintenance IP address and white list port, This IP address is the IP address of the terminal unit of specified type, and for example, the terminal unit of this specified type can be to need to be based on The terminal unit that control strategy is controlled, is not limited to this specified type.Additionally, the port that NAT conversion can use is (such as Port 1~65535) it is divided into reserved port (as 1~32768) and unreserved port (as 32769~65535), this white name Single port is that this reserved port (needs to remove particular port, port 5000 described above, port 5001, port 5002, port 5003 etc.) port in.
For example, when needing for terminal unit 1 configuration control strategy it is determined that the IP address of terminal unit 1 10.3.18.1, and distribute white list port 795 for terminal unit 1 from reserved port, for the white name of each terminal unit distribution Single port has uniqueness.Afterwards, real server records IP address 10.3.18.1 and white list port in mapping table 795 corresponding relation.As shown in table 1, be mapping table example.
Table 1
IP address White list port
10.3.18.1 795
18.2.9.3 580
80.3.134.34 980
In one example, all real server in network are used in conjunction with reserved port range 1~32768, in order to Preferably white list port is controlled, can be the different reserved port range of different real server distribution, for example, Using reserved port 1-2000, real server 2 uses reserved port 2001-4000 to real server 1, by that analogy.So, Real server 1 for terminal unit distribution white list port when, can select from reserved port 1-2000 one available Port.Real server 2, when for terminal unit distribution white list port, can select one from reserved port 2001-4000 Individual available port.
After mapping table shown in Maintenance Table 1 for the real server, can generate including IP address and white list port Corresponding relation notification message, and send this notification message to load-balancing device.Load-balancing device receive this lead to The corresponding relation of IP address and white list port after knowing message, can be parsed from this notification message, and in this load balancing The corresponding relation of record IP address and white list port in the mapping table of equipment, the final mapping safeguarded of load-balancing device Relation table can also be as shown in table 1.
Wherein, real server can by notification message by 10.3.18.1 and 795 corresponding relation, 18.2.9.3 with 580 corresponding relation, 80.3.134.34 and 980 corresponding relation, send jointly to load-balancing device, Can by three notification messages respectively by 10.3.18.1 and 795 corresponding relation, 18.2.9.3 and 580 corresponding relation, 80.3.134.34 the corresponding relation with 980, is sent to load-balancing device.
In one example, the multiple real server including for system, each real server can safeguard one Individual mapping table.And, load-balancing device can safeguard a mapping table for each real server, and each Content in the mapping table of the corresponding real server of the content in mapping table is identical.Or, load balancing Equipment can also only safeguard a mapping table it is possible to all remember the content in the mapping table of each real server Record in this mapping table.
In one example, when the quantity of load-balancing device is multiple, then a load-balancing device reflects in maintenance After penetrating relation table, this mapping table can be synchronized to other load-balancing devices, the final maintenance of each load-balancing device Mapping table is identical, subsequently taking the process of a load-balancing device as a example.
Under above-mentioned application scenarios, shown in Figure 3, it is the flow chart of the method for message transmissions, the method can be applied On load-balancing device, and the method may comprise steps of:
Step 301, is being received after the message of terminal unit, is being safeguarded in advance by the source IP address inquiry of this message Mapping table, obtain this source IP address corresponding white list port.
Step 302, this source IP address is revised as the public network address of this load-balancing device, by the source port modification of message For this white list port, and the purpose IP address of message are revised as the IP address of real server.
Step 303, amended message is sent to this real server, so that this real server is using the report receiving This white list port carrying in literary composition obtains the IP address of terminal unit.
In one example, for step 301, when terminal unit accesses the application that real server 1 provides, terminal sets Send message for load-balancing device, the source IP address of this message is IP address 10.3.18.1 of terminal unit, source port is Arbitrary port, such as port 41006, purpose IP address are the corresponding virtual ip address 220.67.8.10 of real server 1, purpose Port is the corresponding virtual port 5000 of real server 1.Load-balancing device after receiving this message, by this message The mapping table shown in source IP address 10.3.18.1 inquiry table 1, obtain the corresponding white name of this source IP address 10.3.18.1 Single port is 795.
For step 302, the source IP address 10.3.18.1 of message is revised as this load-balancing device by load-balancing device Public network IP address, such as 192.168.1.10, the source port 41006 of message is revised as this white list port 795, rather than will The source port 41006 of message is revised as the public network port of this load-balancing device.Load-balancing device is by purpose IP of message ground Location 220.67.8.10 is revised as real IP address 192.168.10.11 of real server 1, by the destination interface 5000 of message It is revised as the real ports 5001 of real server 1.
In one example, in order to realize message transmissions, load-balancing device can be set up for each real server One IPVS (IP Virtual Server, IP virtual server) table, as shown in table 2, is the IPVS for real server 1 One example of table, the IPVS table for other real server is similar.Pro represents the protocol type of message, such as TCP (Transmission Control Protocol, transmission control protocol), UDP (User Datagram Protocol, user Datagram protocol) etc.;Expire represents the keep-alive time;State represents state;Source represents source IP address and source port, that is, The IP address of terminal unit and port;Virtual represents virtual ip address and virtual port, that is, change before purpose IP address and Destination interface;Destination represents real IP address and real ports, i.e. purpose IP address after conversion and destination interface.
Table 2
Pro Expire State Source Virtual Destination
220.67.8.10/5000 192.168.10.11/5001
In the embodiment of the present application, based on the mapping table shown in table 1, load-balancing device can be with shown in Maintenance Table 3 IPVS table.In table 3, Expire is 00:00, the expression keep-alive time is endless, and its corresponding list item will not be deleted. State is prepare, represents SBR, is currently also not received by the message for this list item.Source is only comprised in Source IP address, and do not comprise the corresponding port of this source IP address.
Table 3
Pro Expire State Source Virtual Destination
TCP 00:00 Prepare 10.3.18.1 220.67.8.10/5000 192.168.10.11/5001
TCP 00:00 Prepare 18.2.9.3 220.67.8.10/5000 192.168.10.11/5001
TCP 00:00 Prepare 80.3.134.34 220.67.8.10/5000 192.168.10.11/5001
Based on the IPVS table shown in the mapping table shown in table 1 and table 3, in step 301 and step 302, load is all Weighing apparatus equipment is after receiving message it is assumed that the source IP address of message is 10.3.18.10, by source IP address 10.3.18.10 During mapping table shown in inquiry table 1, due to there is not this source IP address 10.3.18.10 in table 1, it is therefore possible to use passing System flow process is processed.I.e. the source IP address 10.3.18.10 of message is revised as the public affairs of load-balancing device by load-balancing device Net IP address, such as 192.168.1.11, and the source port 41006 of message is revised as public network port (its of load-balancing device It is unreserved port, such as 32770), and purpose IP address 220.67.8.10 of message are revised as the true of real server 1 IP address 192.168.10.11, the destination interface 5000 of message is revised as the real ports 5001 of real server 1.Afterwards, Load-balancing device can also update the IPVS table shown in table 3, obtains the IPVS table shown in table 4, and in IPVS table, Source is not Only include source IP address 10.3.18.10, also include source port 41006.
Table 4
Pro Expire State Source Virtual Destination
TCP 00:00 Prepare 10.3.18.1 220.67.8.10/5000 192.168.10.11/5001
TCP 00:00 Prepare 18.2.9.3 220.67.8.10/5000 192.168.10.11/5001
TCP 00:00 Prepare 80.3.134.34 220.67.8.10/5000 192.168.10.11/5001
TCP 00:57 Established 10.3.18.10/41006 220.67.8.10/5000 192.168.10.11/5001
Based on the IPVS table shown in the mapping table shown in table 1 and table 3, in step 301 and step 302, load is all Weighing apparatus equipment is after receiving message it is assumed that the source IP address of message is 10.3.18.1, by this source IP address 10.3.18.1, during mapping table shown in inquiry table 1, obtaining corresponding white list port can be 795.Load-balancing device The source IP address 10.3.18.1 of message is revised as the public network IP address 192.168.1.10 of load-balancing device, by message Source port 41006 is revised as white list port 795, and purpose IP address 220.67.8.10 of message are revised as real service Real IP address 192.168.10.11 of device 1, and the destination interface 5000 of message is revised as the real end of real server 1 Mouth 5001.Afterwards, load-balancing device can also update the IPVS table shown in table 3, obtains the IPVS table shown in table 5, at this In IPVS table, Source not only includes source IP address 10.3.18.10, can also include source port 41006.
Table 5
Pro Expire State Source Virtual Destination
TCP 00:57 Established 10.3.18.1/41006 220.67.8.10/5000 192.168.10.11/5001
TCP 00:00 Prepare 18.2.9.3 220.67.8.10/5000 192.168.10.11/5001
TCP 00:00 Prepare 80.3.134.34 220.67.8.10/5000 192.168.10.11/5001
For step 303, amended message can be sent to real server 1 by load-balancing device, and this message Source IP address be 192.168.1.10, source port be white list port 795, purpose IP address be 192.168.10.11, purpose Port is real ports 5001.Real server 1, after receiving this message, can parse white list end from this message Mouth 795, and by the mapping table shown in the inquiry table 1 of white list port 795, obtain the corresponding IP in white list port 795 ground Location 10.3.18.1, that is, the IP address of terminal unit is 10.3.18.1.Real server 1 utilizes the IP address of terminal unit 10.3.18.1 inquire corresponding control strategy, and using control strategy, terminal unit is controlled, concrete control process is not Repeat again.Additionally, real server 1 can also be processed to message using traditional approach, concrete processing procedure repeats no more.
In one example, real server 1 can also send the response message for this message, and this response message Source IP address is 192.168.10.11, and source port is real ports 5001, and purpose IP address are 192.168.1.10, destination Mouth is white list port 795.Load-balancing device, after receiving this response message, is also based on the IPVS shown in table 5 Table, modifies to this response message, the source IP address of this response message will be revised as 220.67.8.10, source port is repaiied It is changed to 5000, purpose IP address are revised as 10.3.18.1, destination interface is revised as 41006, and amended response is reported Literary composition is sent to terminal unit.
So far, the message transmission procedure between terminal unit and real server 1 can be completed.
In one example, real server and load-balancing device, when safeguarding mapping table, can also be safeguarded complete Office's white list mark, this overall white list mark can be 0 or 1.Wherein, overall white list mark 0 represents that local is opened, entirely Office's white list mark 1 represents that the overall situation is opened.As shown in table 6, it is the mapping relations that real server and load-balancing device are safeguarded One example of table, table 6 is the example for table 1.
Table 6
IP address White list port Overall white list mark
10.3.18.1 795 1
18.2.9.3 580 1
80.3.134.34 980 0
In one example, the overall white list state notifying of itself can also be set by real server to load balancing Standby, by the corresponding relation of load-balancing device record real server and its overall white list state.Wherein, this overall white list State can be to start or not actuated.For example, load-balancing device can record real server 1 and the corresponding pass starting System, and record real server 2 and not actuated corresponding relation.
In the embodiment of the present application, can overall white list state based on real server and IP address corresponding complete Office's white list mark, controls load-balancing device to send situation to the message of real server, and controls real server pair The reception processing situation of message.Specific processing procedure is as follows:
Load-balancing device is receiving after the message of terminal unit, first determines the corresponding real service of this message The overall white list state of device.If overall white list state is not actuated, the source IP address of message is repaiied by load-balancing device It is changed to the public network address of this load-balancing device, the source port of message is revised as the public network port of this load-balancing device, will The purpose IP address of message are revised as the real IP address of real server, and the destination interface of message is revised as real server Real ports, and amended message is sent to real server.If overall white list state is to start, pass through this report The source IP address inquiry mapping table of literary composition;If there is not this source IP address in this mapping table, abandon this message;If should There is this source IP address in mapping table, and (i.e. overall white list is designated 0) is opened in the corresponding local of this source IP address, then lose Abandon this message;If there is this source IP address in this mapping table, and the corresponding overall situation of this source IP address opens (i.e. overall white list It is designated 1), then obtain this source IP address corresponding white list port, this source IP address is revised as this load-balancing device Public network address, the source port of this message is revised as this white list port, and the purpose IP address of this message is revised as truly The real IP address of server, the destination interface of message is revised as the real ports of real server, and by amended report Literary composition is sent to real server.
For example, load-balancing device is receiving after the message of terminal unit it is assumed that the purpose IP address of message are 220.67.8.11, then explanation message corresponds to real server 2.Because the overall white list state of real server 2 is not open Dynamic, therefore the source IP address of message can be revised as the public network address 192.168.1.15 of load-balancing device, by message Source port is revised as the public network port 32775 of load-balancing device, and the purpose IP address of message are revised as real server 2 Real IP address 192.168.10.12, the destination interface of message is revised as the real ports 5003 of real server 2, and will Message is sent to real server 2.
The purpose IP address of hypothesis message are 220.67.8.10, then explanation message corresponds to real server 1, real service The overall white list state of device 1 is to start.If the source IP address of message is 10.3.18.10, in mapping table, there is not source IP address 10.3.18.10, therefore abandons this message.If the source IP address of message is 80.3.134.34, in mapping table There is source IP address 80.3.134.34, but source IP address 80.3.134.34 corresponds to local unlatching, and (i.e. overall white list is designated 0), therefore abandon this message.If the source IP address of message is 10.3.18.1, in mapping table, there is source IP address 10.3.18.1, and the corresponding overall situation of source IP address 10.3.18.1 opens (i.e. overall white list is designated 1), therefore load balancing sets For source IP address 10.3.18.1 corresponding white list port 795 can be obtained, the source IP address of message is revised as load balancing The public network IP address 192.168.1.10 of equipment, the source port of message is revised as white list port 795, by purpose IP of message Real IP address 192.168.10.11 of real server 1 is revised as in address, and the destination interface of message is revised as real service The real ports 5001 of device 1, and amended message is sent to real server 1.
Real server is receiving after the message of load-balancing device, determines the white name of the overall situation of this real server Single state.If overall white list state is not actuated, using traditional approach, message can be processed, concrete processing procedure Repeat no more.If overall white list state is to start, real server parses white list port from this message, and passes through This mapping table shown in white list interface querying table 6.
If there is not this white list port in this mapping table, abandon this message.If existing in this mapping table This white list port, but (i.e. overall white list is designated 0) is opened in the corresponding local in this white list port, then abandon this message. If there is this white list port in this mapping table, and the corresponding overall situation in this white list port opens (i.e. overall white list mark For 1), then obtain this corresponding IP address in white list port (i.e. the IP address of terminal unit), and utilize this white list port pair The IP address answered is processed to this message, for example, inquires corresponding control strategy using this IP address, and using control plan Slightly terminal unit is controlled, and using traditional approach, message is processed, concrete processing procedure repeats no more.
Based on technique scheme, in the embodiment of the present application, by the source port of message is revised as white list port, with Make real server can determine the IP address of terminal unit by this white list port, such that it is able to based on terminal unit IP address inquires control strategy, and based on this control strategy, terminal unit is controlled, and realizes real server and becomes more meticulous The ability controlling.Under aforesaid way, load-balancing device does not need additionally to add the IP address of terminal unit in messages, from And do not affect bandwidth and Message processing performance.
Shown in Figure 4, it is the flow chart of the method for message transmissions proposing in the embodiment of the present application, the method can be answered For real server, and the method may comprise steps of:
Step 401, in the IP address of LMT Local Maintenance Terminal equipment and the mapping table of white list port.
Step 402, is receiving after the message of load-balancing device, is parsing white list port (i.e. from message The source port of message), this white list port is that load-balancing device is added in message.
Step 403, by this this mapping table of white list interface querying, obtains the corresponding IP in this white list port ground Location, this IP address is the IP address of terminal unit.
In one example, real server can also generate the logical of the corresponding relation including IP address and white list port Know message, and send this notification message to load-balancing device, so that load-balancing device utilizes this notification message, tie up in advance The corresponding relation of record IP address and white list port in the mapping table of shield.Wherein, this IP address is the end of specified type The IP address of end equipment;The port that NAT conversion can use is divided into reserved port and unreserved port, this white list port It is the port in reserved port.
In one example, real server is receiving after the message of load-balancing device, it may also be determined that The overall white list state of this real server;If this overall white list state is not actuated, message can be processed; If this overall white list state is to start, the process by this white list this mapping table of interface querying for the execution;If this reflects Penetrate and in relation table, there is not this white list port, then directly abandon this message;If there is this white list end in this mapping table Mouthful, and the corresponding local unlatching of this white list port, then directly abandon this message;If there is this white list end in this mapping table Mouthful, and the corresponding overall situation in this white list port opens, then can using this corresponding IP address in white list port to message at Reason.
Based on technique scheme, in the embodiment of the present application, by the source port of message is revised as white list port, with Make real server can determine the IP address of terminal unit by this white list port, such that it is able to based on terminal unit IP address inquires control strategy, and based on this control strategy, terminal unit is controlled, and realizes real server and becomes more meticulous The ability controlling.Under aforesaid way, load-balancing device does not need additionally to add the IP address of terminal unit in messages, from And do not affect bandwidth and Message processing performance.
Based on the application design same with said method, the embodiment of the present application also provides a kind of device of message transmissions, should For load-balancing device.Wherein, the device of this message transmissions can be realized by software it is also possible to pass through hardware or soft or hard The mode that part combines is realized.As a example implemented in software, as the device on a logical meaning, it is that the load being located by it is equal The processor of weighing apparatus equipment, in reading non-volatile storage, corresponding computer program instructions are formed.For hardware view, As shown in figure 5, a kind of hardware structure diagram of the load-balancing device at device place of the message transmissions proposing for the application, except Outside processor shown in Fig. 5, nonvolatile memory, this load-balancing device can also include other hardware, is such as responsible for process The forwarding chip of message, network interface, internal memory etc.;For from hardware configuration, this load-balancing device is also possible to be distributed Equipment, potentially includes multiple interface cards, to carry out the extension of Message processing in hardware view.
As shown in fig. 6, the structure chart of the device of the message transmissions proposing for the application, including:
Obtain module 11, for receiving after the message of terminal unit, looked into by the source IP address of described message Ask the mapping table safeguarded in advance, obtain described source IP address corresponding white list port;Wherein, described mapping table is used In the IP address of record terminal unit and the corresponding relation of white list port;
Modified module 12, for described source IP address is revised as public network address, the source port of described message is revised as Described white list port, the purpose IP address of described message is revised as the IP address of real server;
Sending module 13, for amended message is sent to described real server, so that described real server Obtain the IP address of described terminal unit using the described white list port carrying in the message receiving.
Described acquisition module 11, is additionally operable to determine the overall white list state of the corresponding real server of message;
Described modified module 12, is additionally operable to when described overall situation white list state is not actuated, then by the source of described message IP address is revised as the public network address of described load-balancing device, and the source port of described message is revised as public network port, by institute The purpose IP address stating message are revised as the IP address of described real server;
Described acquisition module 11, is additionally operable to when described overall situation white list state is to start, then inquire about by source IP address Mapping table;If there is not described source IP address in mapping table, abandon described message;If there is institute in mapping table State source IP address, the corresponding local of described source IP address is opened, and abandons described message;
Described modified module 12, is additionally operable to when there is described source IP address in mapping table, and described source IP address pair The overall situation should open, then described source IP address is revised as public network address, the source port of described message is revised as described white list Port, the purpose IP address of described message is revised as the IP address of real server.
Wherein, the modules of the application device can be integrated in one it is also possible to be deployed separately.Above-mentioned module can be closed And for a module it is also possible to be further split into multiple submodule.
Based on the application design same with said method, the embodiment of the present application also provides a kind of device of message transmissions, should For real server.Wherein, the device of this message transmissions can be realized by software it is also possible to pass through hardware or soft or hard The mode that part combines is realized.As a example implemented in software, as the device on a logical meaning, it is the true clothes being located by it The processor of business device, in reading non-volatile storage, corresponding computer program instructions are formed.For hardware view, such as Shown in Fig. 7, it is a kind of hardware structure diagram of the real server at device place of the message transmissions that the application proposes, except Fig. 7 Outside shown processor, nonvolatile memory, this real server can also include other hardware, as being responsible for processing message Forwarding chip, network interface, internal memory etc.;For from hardware configuration, this real server is also possible to be distributed apparatus, may Including multiple interface cards, to carry out the extension of Message processing in hardware view.
As shown in figure 8, the structure chart of the device of the message transmissions proposing for the application, including:
Maintenance module 21, the IP address for maintenance terminal equipment and the mapping table of white list port;
Parsing module 22, for receiving after the message of load-balancing device, parses white from described message Name single port;
Processing module 23, for by mapping table described in described white list interface querying, obtaining described white list end The corresponding IP address of mouth.
Described processing module 23, is additionally operable to determine the overall white list state of described real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, by mapping table described in described white list interface querying;If There is not described white list port in described mapping table, then abandon described message;If there is institute in described mapping table State white list port, and the corresponding local in described white list port is opened, then abandon described message;If depositing in described mapping table In described white list port, and the corresponding overall situation in described white list port is opened, then utilize the corresponding IP in described white list port ground Location is processed to described message.
Wherein, the modules of the application device can be integrated in one it is also possible to be deployed separately.Above-mentioned module can be closed And for a module it is also possible to be further split into multiple submodule.
Through the above description of the embodiments, those skilled in the art can be understood that the application can be by Software adds the mode of necessary general hardware platform to realize naturally it is also possible to pass through hardware, but the former is more in many cases Good embodiment.Based on such understanding, the technical scheme of the application substantially contributes to prior art in other words Partly can be embodied in the form of software product, this computer software product is stored in a storage medium, if including Dry instruction is with so that a computer equipment (can be personal computer, server, or network equipment etc.) executes this Shen Please method described in each embodiment.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, Module in accompanying drawing or flow process are not necessarily implemented necessary to the application.
It will be appreciated by those skilled in the art that module in device in embodiment can be carried out point according to embodiment description It is distributed in the device of embodiment and be disposed other than in one or more devices of the present embodiment it is also possible to carry out respective change.On The module stating embodiment can merge into a module, also can be further split into multiple submodule.Above-mentioned the embodiment of the present application Sequence number is for illustration only, does not represent the quality of embodiment.
The several specific embodiments being only the application disclosed above, but, the application is not limited to this, any ability What the technical staff in domain can think change all should fall into the protection domain of the application.

Claims (10)

1. a kind of method of message transmissions, applies in load-balancing device it is characterised in that including:
Receiving the mapping relations after the message of terminal unit, safeguarded in advance by the source IP address inquiry of described message Table, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for recording the IP ground of terminal unit Location and the corresponding relation of white list port;
Described source IP address is revised as the public network address of this equipment, the source port of described message is revised as described white list end Mouthful, and the purpose IP address of described message are revised as the IP address of real server;
Amended message is sent to described real server, so that described real server carries using in the message receiving Described white list port obtain the IP address of described terminal unit.
2. method according to claim 1 is it is characterised in that the described source IP address inquiry by described message is tieed up in advance Before the mapping table of shield, methods described further includes:
Receive the notification message from real server, and parse IP address and white list port from described notification message Corresponding relation, and record described corresponding relation in the mapping table safeguarded in advance;
Wherein, this IP address is the IP address of the terminal unit of specified type;The port that NAT conversion can use is divided into pre- Stay port and unreserved port, this white list port is the port in described reserved port.
3. method according to claim 1 it is characterised in that
Described receive after the message of terminal unit, methods described further includes:
Determine the overall white list state of the corresponding real server of described message;
If described overall situation white list state is not actuated, the source IP address of described message is revised as the public network ground of this equipment Location, the source port of described message is revised as public network port, and the purpose IP address of described message are revised as described real service The IP address of device, amended message is sent to described real server;
If described overall situation white list state is to start, execution inquires about the mistake of mapping table by the source IP address of described message Journey;If there is not described source IP address in mapping table, abandon described message;If there is described source IP in mapping table Address, and the corresponding local unlatching of described source IP address, then abandon described message;If there is described source IP ground in mapping table Location, and the corresponding overall situation unlatching of described source IP address, then execute the public network address that described source IP address is revised as this equipment, by institute The source port stating message is revised as described white list port, and the purpose IP address of described message are revised as real server The process of IP address.
4. a kind of method of message transmissions, applies in real server it is characterised in that including:
In the IP address of LMT Local Maintenance Terminal equipment and the mapping table of white list port;
Receiving after the message of load-balancing device, parsing white list port from described message;
By described white list interface querying mapping table, obtain the corresponding IP address in described white list port.
5. method according to claim 4 is it is characterised in that methods described further includes:
Generate the notification message including IP address and the corresponding relation of white list port;
Send described notification message to described load-balancing device, so that described load-balancing device closes in the mapping safeguarded in advance It is the corresponding relation recording described IP address and white list port in table;
Wherein, this IP address is the IP address of the terminal unit of specified type;The port that NAT conversion can use is divided into pre- Stay port and unreserved port, this white list port is the port in described reserved port.
6. method according to claim 4 it is characterised in that
Described receive after the message of load-balancing device, methods described further includes:
Determine the overall white list state of this real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, the process by described white list interface querying mapping table for the execution; If there is not described white list port in mapping table, abandon described message;If there is described white name in mapping table Single port, and the corresponding local unlatching of described white list port, then abandon described message;If there is described white name in mapping table Single port, and the corresponding overall situation unlatching of described white list port, then utilize the corresponding IP address in described white list port to described report Literary composition is processed.
7. a kind of device of message transmissions, applies in load-balancing device it is characterised in that including:
Obtain module, for receiving after the message of terminal unit, inquired about in advance by the source IP address of described message The mapping table safeguarded, obtains described source IP address corresponding white list port;Wherein, described mapping table is used for recording The IP address of terminal unit and the corresponding relation of white list port;
Modified module, for described source IP address is revised as public network address, the source port of described message is revised as described white Name single port, and the purpose IP address of described message are revised as the IP address of real server;
Sending module, for amended message is sent to described real server, so that described real server is using receipts To message in the described white list port that carries obtain the IP address of described terminal unit.
8. device according to claim 7 it is characterised in that
Described acquisition module, is additionally operable to determine the overall white list state of the corresponding real server of described message;
Described modified module, is additionally operable to when described overall situation white list state is not actuated, then by the source IP address of described message It is revised as the public network address of described load-balancing device, the source port of described message is revised as public network port, by described message Purpose IP address be revised as the IP address of described real server;
Described acquisition module, is additionally operable to when described overall situation white list state is to start, then close by source IP address inquiry mapping It is table;If there is not described source IP address in mapping table, abandon described message;If there is described source IP in mapping table Address, and the corresponding local unlatching of described source IP address, abandon described message;
Described modified module, is additionally operable to when there is described source IP address in mapping table, and the corresponding overall situation of described source IP address Open, then described source IP address is revised as public network address, the source port of described message is revised as described white list port, and The purpose IP address of described message are revised as the IP address of real server.
9. a kind of device of message transmissions, applies in real server it is characterised in that including:
Maintenance module, the IP address for maintenance terminal equipment and the mapping table of white list port;
Parsing module, for receiving after the message of load-balancing device, parses white list end from described message Mouthful;
Processing module, corresponds to for by mapping table described in described white list interface querying, obtaining described white list port IP address.
10. device according to claim 9 it is characterised in that
Described processing module, is additionally operable to determine the overall white list state of described real server;
If described overall situation white list state is not actuated, described message is processed;
If described overall situation white list state is to start, by mapping table described in described white list interface querying;If described There is not described white list port in mapping table, then abandon described message;If existing described white in described mapping table Name single port, and the corresponding local unlatching of described white list port, then abandon described message;If there is institute in described mapping table State white list port, and the corresponding overall situation in described white list port is opened, then utilize the corresponding IP address pair in described white list port Described message is processed.
CN201610949027.4A 2016-10-26 2016-10-26 A kind of method and apparatus of message transmissions Active CN106411742B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610949027.4A CN106411742B (en) 2016-10-26 2016-10-26 A kind of method and apparatus of message transmissions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610949027.4A CN106411742B (en) 2016-10-26 2016-10-26 A kind of method and apparatus of message transmissions

Publications (2)

Publication Number Publication Date
CN106411742A true CN106411742A (en) 2017-02-15
CN106411742B CN106411742B (en) 2019-08-16

Family

ID=58013811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610949027.4A Active CN106411742B (en) 2016-10-26 2016-10-26 A kind of method and apparatus of message transmissions

Country Status (1)

Country Link
CN (1) CN106411742B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905387A (en) * 2019-02-20 2019-06-18 网宿科技股份有限公司 A kind of data processing method and device
CN110768983A (en) * 2019-10-24 2020-02-07 新华三信息安全技术有限公司 Message processing method and device
CN111010329A (en) * 2019-03-20 2020-04-14 新华三技术有限公司 Message transmission method and device
CN111193773A (en) * 2019-12-06 2020-05-22 腾讯云计算(北京)有限责任公司 Load balancing method, device, equipment and storage medium
CN115277628A (en) * 2022-05-30 2022-11-01 紫光建筑云科技(重庆)有限公司 Method for realizing FULL NAT local IP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065713A1 (en) * 2001-02-12 2002-08-22 Polypix Inc. Udp/ip address translation for a private network
CN102006337A (en) * 2010-11-23 2011-04-06 华为技术有限公司 CGN (Carrier Grade NAT) entity based data transmission method, CGN entity, gateway and system
CN102957754A (en) * 2011-08-22 2013-03-06 中国电信股份有限公司 Operating-level network address conversion method, operating-level network address conversion equipment and network system
CN104601742A (en) * 2014-12-29 2015-05-06 杭州华三通信技术有限公司 Message transmission method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065713A1 (en) * 2001-02-12 2002-08-22 Polypix Inc. Udp/ip address translation for a private network
CN102006337A (en) * 2010-11-23 2011-04-06 华为技术有限公司 CGN (Carrier Grade NAT) entity based data transmission method, CGN entity, gateway and system
CN102957754A (en) * 2011-08-22 2013-03-06 中国电信股份有限公司 Operating-level network address conversion method, operating-level network address conversion equipment and network system
CN104601742A (en) * 2014-12-29 2015-05-06 杭州华三通信技术有限公司 Message transmission method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905387A (en) * 2019-02-20 2019-06-18 网宿科技股份有限公司 A kind of data processing method and device
WO2020168961A1 (en) * 2019-02-20 2020-08-27 网宿科技股份有限公司 Data processing method and apparatus
US11206240B2 (en) 2019-02-20 2021-12-21 Wangsu Science & Technology Co., Ltd. Method and apparatus for processing data
CN111010329A (en) * 2019-03-20 2020-04-14 新华三技术有限公司 Message transmission method and device
CN111010329B (en) * 2019-03-20 2021-09-21 新华三技术有限公司 Message transmission method and device
CN110768983A (en) * 2019-10-24 2020-02-07 新华三信息安全技术有限公司 Message processing method and device
CN110768983B (en) * 2019-10-24 2022-04-22 新华三信息安全技术有限公司 Message processing method and device
CN111193773A (en) * 2019-12-06 2020-05-22 腾讯云计算(北京)有限责任公司 Load balancing method, device, equipment and storage medium
CN115277628A (en) * 2022-05-30 2022-11-01 紫光建筑云科技(重庆)有限公司 Method for realizing FULL NAT local IP

Also Published As

Publication number Publication date
CN106411742B (en) 2019-08-16

Similar Documents

Publication Publication Date Title
CN106411742A (en) Message transmission method and device
US8982890B2 (en) Distributed virtual network gateways
CN105554179B (en) Dns resolution method, system in local area network
EP2351315B1 (en) A virtualization platform
CN105763668B (en) A kind of domain name analytic method and device
CN101136929B (en) Internet small computer system interface data transmission method and apparatus
KR20220134554A (en) Virtual private cloud communication and configuration methods, and related devices
US20180139101A1 (en) Flow sate transfer for live migration of virtual machine
CN107733670A (en) A kind of forwarding strategy collocation method and device
US11625280B2 (en) Cloud-native proxy gateway to cloud resources
US10574570B2 (en) Communication processing method and apparatus
CN103812704A (en) Public network IP (Internet Protocol) dynamic management method for virtual machine
US11451466B2 (en) Controlling route
US20100198576A1 (en) Methods and devices for communicating diagnosis data in a real time communication network
CN103618801A (en) Method, device and system for sharing P2P (Peer-to-Peer) resources
CN108418806A (en) A kind of processing method and processing device of message
CN109088957B (en) NAT rule management method, device and equipment
CN109525684A (en) Message forwarding method and device
CN108173928A (en) Method, apparatus, storage medium and the terminal device of UDP message transmission
CN108234422A (en) Resource regulating method and device
CN113676564B (en) Data transmission method, device and storage medium
CN105991442B (en) Message forwarding method and device
CN109889625A (en) Access method, equipment and the computer readable storage medium of server
CN106161115A (en) A kind of device management method being applied to VXLAN and device
CN109413224A (en) Message forwarding method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant