CN108011986B - Method for guiding and forwarding data message, access point equipment and network equipment - Google Patents

Method for guiding and forwarding data message, access point equipment and network equipment Download PDF

Info

Publication number
CN108011986B
CN108011986B CN201610931373.XA CN201610931373A CN108011986B CN 108011986 B CN108011986 B CN 108011986B CN 201610931373 A CN201610931373 A CN 201610931373A CN 108011986 B CN108011986 B CN 108011986B
Authority
CN
China
Prior art keywords
nat
access point
message
session table
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610931373.XA
Other languages
Chinese (zh)
Other versions
CN108011986A (en
Inventor
王海洋
刘怀毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201610931373.XA priority Critical patent/CN108011986B/en
Publication of CN108011986A publication Critical patent/CN108011986A/en
Application granted granted Critical
Publication of CN108011986B publication Critical patent/CN108011986B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2557Translation policies or rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for guiding and forwarding data message, access point device and network device are disclosed. The method for guiding the data message comprises the steps that the access point equipment determines an NAT session table item of a terminal, and sends an NAT session notification message to the network equipment after the NAT session table item of the terminal is determined, so that the network equipment forwards the data message of which the destination port number is the transmission layer port number behind the NAT in the NAT session table item through a physical port for receiving the NAT session notification message, the network equipment directly sends the datagram message sent to the terminal to the access point equipment accessed by the terminal, the data message sent to the terminal does not need to be forwarded to the access point equipment accessed by the terminal through the access point equipment to which the terminal belongs, the problem of traffic roundabout is avoided, and the traffic overhead of the access point equipment to which the terminal belongs is reduced.

Description

Method for guiding and forwarding data message, access point equipment and network equipment
Technical Field
The present application relates to the field of wireless communications technologies, and in particular, to a method for guiding and forwarding a data packet, an access point device, and a network device.
Background
A Wireless Local Area Network (WLAN) may include a plurality of Access Points (APs). These APs may use the same Service Set Identifier (SSID) to provide an Extended Service Set (ESS) network. When a Station (STA) moves, the STA switches between APs. After the handoff, the STA associates with the new AP to receive and transmit data through the new AP.
As shown in fig. 1, a tunnel is established between the AP1 and the AP2, and when the STA is switched from the AP1 to the AP2 (or the STA roams from the AP1 to the AP2), the AP2 receives a message that the STA accesses the internet. If the AP2 finds that the STA is roaming from the AP1, the message of the STA accessing the Internet is sent to the AP 1. The AP1 sends a message for the STA to access the internet to the network device. And the network equipment forwards the modified message.
When a message from the internet needs to be forwarded to the STA, the network device sends the message from the internet to the AP 1. The AP1 sends messages from the internet to the AP 2. The AP2 then sends the message from the internet to the STA, thereby implementing forwarding of the message from the internet.
In the above scheme, both the message for the STA to access the internet and the message sent from the internet to the STA need to bypass the AP1 for forwarding, that is, bypass the AP to which the STA belongs for forwarding, so that the load of the AP1 is increased, and the possibility of congestion of the AP1 is also increased.
Disclosure of Invention
The application provides a method for guiding and forwarding a data message, access point equipment and network equipment, which are used for solving the problem of traffic roundabout in a roaming scene.
In a first aspect, a method for guiding a data packet is provided, including:
the access point device determines a Network Address Translation (NAT) session table entry of the terminal, where the NAT session table entry of the terminal includes a transport layer port number after NAT. And then the access point equipment sends an NAT session notification message to network equipment, wherein the NAT session notification message comprises the transport layer port number after NAT, and the NAT session notification message indicates that the network equipment forwards a data message which is sent to the terminal and has the destination port number as the transport layer port number after NAT by using a physical port for receiving the NAT session notification message.
The physical port of the network equipment for receiving the NAT session announcement message is connected with the access point equipment. Therefore, the data message forwarded by the network device through the physical port can be sent to the access point device sending the NAT session announcement message, and the problem of traffic roundabout is avoided. The access point device determines the NAT session table entry of the terminal when guiding the data message sent to the terminal to the network device, and can convert the IP address after NAT and the transmission layer port number after NAT in the destination IP address field and the destination port number field in the data message sent to the terminal into the address and the port number before NAT conversion according to the NAT session table entry of the terminal. Therefore, the access point device can correctly execute the NAT when guiding the data message sent to the terminal to the network device. In addition, the destination port number of the data message is used as granularity to distinguish the data message sent to the terminal, so that different terminals can share the same IP address after NAT, and the roaming flexibility is improved.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the ap device sends the NAT session notification packet to the network device when the terminal is connected to the ap device and the terminal is a roaming terminal.
When the access point equipment is accessed to the roaming terminal, the NAT session announcement message of the roaming terminal is sent to the network equipment, so that the network equipment can sense the port number of a transmission layer behind the NAT of the roaming terminal in time when forwarding the data message to the roaming terminal, and the physical port receiving the NAT session announcement message of the roaming terminal is used for forwarding the data message, thereby improving the efficiency of forwarding the data message by the gateway equipment.
With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the access point device is any device in a NAT virtual device group, the access point device and devices in the NAT virtual device group except the access point device use a synchronous NAT session table, and the NAT session table includes a NAT session table entry of the terminal.
With reference to the first aspect and the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the NAT virtual device group includes a master device and a slave device, and a transport layer port number after NAT of each NAT session entry in a NAT session table of the NAT virtual device group is allocated by the master device. The method for determining the NAT session table entry of the terminal by the access point device includes:
and when the access point equipment is the main equipment in the NAT virtual equipment group, the access point equipment determines the NAT session table entry of the terminal in the NAT session table of the access point equipment. When the access point equipment is the slave equipment in the NAT virtual equipment group, the access point equipment sends an NAT session table item request message to the master equipment in the NAT virtual equipment group, receives an NAT session table item response message sent by the master equipment, and generates the NAT session table item of the terminal according to the transport layer port number in the NAT session table item response message.
The access point device can directly inquire the NAT session table item of the terminal from the NAT session table of the access point device, or request the NAT session table item of the terminal stored in the main device from the main device, and can quickly send the transport layer port number after NAT in the NAT session table item of the terminal to the network device, so that the data message forwarded by the physical port of the transport layer port number after receiving the NAT of the terminal by the network device can be sent to the access point device sending the NAT session notification message, thereby avoiding the problem of traffic roundabout.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, when the access point device receives a to-be-forwarded message from the terminal and an NAT session table of the access point device lacks an NAT session table entry of the to-be-forwarded message, the access point device generates an NAT session table entry of the to-be-forwarded message for the to-be-forwarded message, and sends the NAT session notification message to the network device, where a transport layer port number after NAT is a transport layer port number after NAT in the NAT session table entry of the to-be-forwarded message.
When receiving a message to be forwarded from a terminal, the access point device does not inquire the NAT session table entry related to the message to be forwarded, and needs to newly generate the NAT session table entry of the message to be forwarded, so that the access point device can timely forward the message to be forwarded of the terminal to the network device according to the NAT session table entry of the message to be forwarded, and the problem of traffic roundabout is avoided.
With reference to the first aspect or the fourth possible implementation manner of the first aspect, in a fifth possible implementation manner of the first aspect, the access point device is any device in a NAT virtual device group, the access point device and devices in the NAT virtual device group except the access point device use a synchronous NAT session table, and the NAT session table includes a NAT session table entry of the terminal.
With reference to the first aspect and the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the NAT virtual device group includes a master device and a slave device, and a transport layer port number after NAT of each NAT session entry in a NAT session table of the NAT virtual device group is allocated by the master device. Generating an NAT session table entry of the to-be-forwarded message for the to-be-forwarded message, including:
and when the access point equipment is the main equipment in the NAT virtual equipment group, the access point equipment generates and stores the NAT session table entry of the data message to be forwarded. When the access point device is a slave device in the NAT virtual device group, the access point device sends an NAT session table entry request message to a master device in the NAT virtual device group, receives an NAT session table entry response message sent by the master device, and generates an NAT session table entry of the data message to be forwarded according to a transport layer port number in the NAT session table entry response message.
With reference to the first aspect and any one implementation manner of the first to sixth possible implementation manners of the first aspect, in a seventh possible implementation manner of the first aspect, a wireless Access point Control and configuration protocol (wap) tunnel is established between any two devices in the NAT virtual device group.
In a second aspect, a method for forwarding a data packet is provided, including:
the network equipment acquires an NAT session announcement message sent by the access point equipment, wherein the NAT session announcement message comprises a transmission layer port number after NAT. And the network equipment generates a corresponding relation between the port number of the transmission layer after the NAT and a physical port for receiving the NAT session notification message. And the network equipment receives a data message, wherein the destination port number of the data message is the port number of the transmission layer after the NAT. And the network equipment forwards the data message by using the physical port according to the corresponding relation.
After receiving a transport layer port number after NAT in an NAT session notification message sent by an access point device, a network device generates a corresponding relation between the transport layer port number after NAT and a physical port for receiving the NAT session notification message, and then forwards a data message with a destination port number being the transport layer port number after NAT by using the physical port for receiving the NAT session notification message according to the corresponding relation, so that the network device can directly forward the message sent to a terminal to the access point device accessed to the terminal without forwarding the message to the access point device accessed to the terminal through the access point device to which the terminal belongs, thereby avoiding the problem of traffic roundabout.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the access point device is any device in a NAT virtual device group, and the access point device and devices in the NAT virtual device group except for the access point device use a synchronized NAT session table.
With reference to the second aspect and the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, before the forwarding, by the network device, the data packet through the physical port according to the correspondence, the method further includes:
and the network equipment determines that the next hop of the data message points to the NAT port group of the network equipment according to the destination address of the data message.
The network device searches the NAT port group of the next hop pointing to the network device according to the destination address of the data message, can directly inquire out the physical port corresponding to the transport layer port number after NAT of the destination port number field of the data message in the NAT port group, and forwards the data message sent to the terminal through the physical port, so that the data message can be prevented from being forwarded to the access point device accessed to the terminal through the access point device to which the terminal belongs, and the problem of traffic roundabout is avoided.
In a third aspect, an access point device is provided. The access point device comprises means for performing the method of the first aspect or any implementation thereof.
In a fourth aspect, a network device is provided. The network device comprises means for performing the method of the second aspect or any implementation thereof.
In a fifth aspect, an access point device is provided, including: a transceiver and a processor. The processor is configured to perform the method provided by the first aspect or any implementation manner of the first aspect.
In a sixth aspect, a network device is provided, comprising: a transceiver and a processor. The processor is configured to execute the method provided by the second aspect or any implementation manner of the second aspect.
In a seventh aspect, a computer storage medium is provided for storing computer software instructions for execution by the processor provided in the fifth aspect, so as to perform the method provided in the first aspect and possible implementation manner of the first aspect.
In an eighth aspect, a computer storage medium is provided for storing computer software instructions for execution by the processor provided in the sixth aspect, so as to perform the method provided in the second aspect and possible implementation manner of the second aspect.
Drawings
In order to more clearly explain the technical solutions in the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below.
FIG. 1 is a schematic diagram of traffic forwarding;
FIG. 2 is a diagram illustrating a system architecture provided herein;
fig. 3 is a flowchart illustrating a method for updating an NAT session table entry according to the present application;
fig. 4 is a schematic diagram illustrating an interaction between an access point device and a master device provided in the present application;
fig. 5 is a schematic diagram illustrating an interaction between an access point device and a master device provided in the present application;
FIG. 6 is a diagram illustrating a system architecture provided herein;
fig. 7 is a schematic structural diagram of an access point device provided in the present application;
fig. 8 is a schematic structural diagram of a network device provided in the present application;
fig. 9 is a schematic structural diagram of an access point device provided in the present application;
fig. 10 is a schematic structural diagram of a network device provided in the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail with reference to the accompanying drawings and embodiments.
Fig. 2 shows a system architecture applicable to the present application, which can implement control on updating a Network Address Translation (NAT) session entry based on the system architecture, where the system architecture for updating a NAT session entry provided in the present application includes a network device, a NAT virtual device group, and a plurality of STAs.
As shown in fig. 2, the NAT virtual device group includes AP1 and AP 2. The physical port of the network device connected with the NAT virtual device group configures the NAT port group. The NAT port group of the network equipment is provided with a corresponding relation between the transport layer port number after NAT of the STA and the physical port, so that when the network equipment forwards the data message to the STA, the network equipment obtains the destination port number of the data message in the NAT port group according to the corresponding relation and forwards the destination port number of the data message as the physical port corresponding to the transport layer port number after NAT. A CAPWAP tunnel is established between AP1 and AP2 in the NAT virtual device group, which AP1 and AP2 can use to communicate, and AP1 and AP2 are APs with WLAN service capabilities.
When using the NAT virtual device group, the NAT virtual device group needs to be configured in advance, and a specific configuration method is as follows.
As shown in fig. 2, AP1 and AP2 are designated as a NAT virtual device group. And selecting the master equipment in the NAT virtual equipment group by a configuration or election mode, wherein the equipment with high priority can become the master equipment of the NAT virtual equipment group, and the rest equipment is slave equipment. The master device is used for allocating the port numbers of the transmission layer behind the NAT of each NAT session table entry in the NAT virtual device group. For example, where the AP1 is configured as a NAT master, the AP1 may assign the transport layer port number behind the NAT for each NAT session entry in the NAT session table to the AP 2. And adding the physical port of the AP connection network equipment in the NAT virtual equipment group into the NAT port group.
Based on the above description, fig. 3 shows a flow of a method for guiding and forwarding a data packet provided by the present application, and as shown in fig. 3, the flow of the method specifically includes:
step 301, the access point device determines the NAT session table entry of the terminal.
In this application, the terminal is a WLAN device. For example, the terminal may be a computer equipped with a wireless network card, or may be a mobile phone with a WLAN module.
The NAT session table entry of the terminal comprises a transmission layer port number after NAT, and when the access point equipment receives a data message to be forwarded from the terminal, the source address and the source port number of the data message to be forwarded from the terminal are converted into the source address and the source port number after NAT according to the NAT session table entry. The port number is a transport layer port number, such as a User Datagram Protocol (UDP) port number or a Transmission Control Protocol (TCP) port number. The source port number of the data packet to be forwarded from the terminal is a field in the data packet to be forwarded. The NAT session table entry includes a source Internet Protocol (IP) address, a source port number, an IP address after NAT, and a transport layer port number after NAT. Optionally, the NAT session table entry further includes a destination IP address, a destination port number, and the like. The NAT session table entry may be as shown in table 1.
TABLE 1
Source IP address Source port number IP address behind NAT Transport layer port number behind NAT
10.1.1.1 1025 1.1.1.1 19286
10.1.1.2 1001 1.1.1.1 19287
In this application, the access point device is any device in the NAT virtual device group, and the access point device and a device in the NAT virtual device group other than the access point device use a synchronous NAT session table, where the NAT session table includes a NAT session table entry of the terminal.
The access point device and the devices in the NAT virtual device group except the access point device use the synchronous NAT session table, and there are the following situations:
in the first case, the NAT session tables used by all devices in the NAT virtual device group are the same. When the NAT session table item on one device changes, the NAT session table can be actively synchronized. Alternatively, the NAT session tables on the various devices are synchronized periodically. All the devices in the NAT virtual device group can use the synchronized NAT session table.
In the second case, when the terminal roams to the access point device, the access point device sends a NAT session table entry request message to the device to which the terminal belongs, and obtains all NAT session table entries related to the terminal on the device to which the terminal belongs, so that the access point device and the device to which the terminal belongs use the synchronized NAT session table entries.
In a third case, based on the second case, when the access point device acquires all NAT session entries about the terminal on the device to which the terminal belongs, the device to which the terminal belongs may delete the NAT session entries about the terminal after a set time, where the set time may be set according to experience.
In a fourth case, based on the second case, it can be predicted in advance that the terminal may roam from its neighboring device to the access point device before the terminal roams to the access point device. The access point device requests all NAT session entries for the terminal in advance from the device to which the terminal may roam belongs. Or the controller makes the above estimation and instructs the device to which the terminal belongs to send all NAT session table entries of the terminal to the access point device.
Step 302, sending a NAT session announcement message to the network device for the access point device.
The NAT session notification message includes the transport layer port number after NAT determined in step 301, and the NAT session notification message may indicate that the physical port of the network device receiving the NAT session notification message forwards a data message, which is sent to the terminal and whose destination port number is the transport layer port number after NAT. Therefore, the network equipment directly sends the data message sent to the terminal to the access point equipment accessed by the terminal, and the data message sent to the terminal does not need to be forwarded to the access point equipment accessed by the terminal through the access point equipment to which the terminal belongs, so that the problem of traffic roundabout is avoided, and the traffic overhead of the access point equipment to which the terminal belongs is reduced.
The access point device sends NAT session announcement messages to the network device under the following two scenes.
Scene one
And the access point equipment sends an NAT session announcement message to the network equipment when the terminal is connected to the access point equipment and the terminal is determined to be a roaming terminal.
When a terminal accesses to the access point device, the access point device needs to determine whether the terminal is a new terminal or a roaming terminal that has roamed from another device. Specifically, after the terminal accesses the access point device, the access point device generates a flag bit in the terminal table, and identifies whether the accessed terminal is a new terminal or a roaming terminal roaming from another device through the flag bit. After the roaming terminal roams to the access point device, the device to which the roaming terminal belongs notifies the access point device of the information of the roaming device, so that the access point device labels the roaming terminal, for example, the access point device may label the roaming terminal as 1 and label the new terminal as 0.
Before sending the NAT session announcement message to the network device, the access point device needs to determine the NAT session entry of the terminal. Specifically, depending on whether the access point device is a master device or a slave device, the following two ways will be described:
in a first mode
When the access point device is a master device in the NAT virtual device group, the access point device may directly determine the NAT session table entry of the terminal from the NAT session table stored in the access point device. The master device can allocate the transport layer port number after NAT of each NAT session entry in the NAT session table of the NAT virtual device group, and the stored NAT session table includes the NAT session entries of all the terminals, so the access point device can directly determine the NAT session entry of the terminal.
Mode two
When the access point is a slave device in the NAT virtual device group, the flow shown in fig. 4 is:
step S401, the access point device sends an NAT session entry request message to a master device in the NAT virtual device group, where the NAT session entry request message includes the source IP address of the terminal, and is used to request the master device to query the NAT session entry of the terminal.
Step S402, after receiving the NAT session table item request message sent by the access point device, the main device inquires the NAT session table item of the terminal from the NAT session table stored in itself according to the source IP address of the terminal in the NAT session table item request message. There may be one or more NAT session entries (if any) for the terminal in the NAT session table. The NAT session table entry includes the IP address after NAT and the transport layer port number after NAT of the terminal.
Step S403, the master device sends an NAT session entry response message to the access point device, where the NAT session entry response message includes the transport layer port number after NAT of the terminal. Because the IP address after the NAT of the terminal may be a default value, the NAT session entry response packet may not include the IP address after the NAT of the terminal. If the IP address after the NAT of the terminal is not the default value, the NAT session table entry response message also comprises the IP address after the NAT of the terminal.
Step S404, after receiving the NAT session entry response message sent by the master device, the access point device generates the NAT session entry for the terminal according to the port number of the transport layer after NAT in the NAT session entry response message, and generates the NAT session entry for the terminal in the format shown in table 1.
Scene two
When the NAT session table of the access point device lacks the NAT session table entry of the message to be forwarded, which is sent by the terminal, the access point device needs to generate a new NAT session table entry for the message to be forwarded. Because the port number of the transmission layer after NAT in the new NAT session table entry is different from the port numbers of the transmission layer after NAT in other existing NAT session table entries, the access point equipment sends an NAT session announcement message to the network equipment.
The fact that the NAT session table of the access point device lacks the NAT session table entry of the message to be forwarded means that the access point device does not inquire about the NAT session table entry matched with the message to be forwarded from the NAT session table. At this time, the access point device needs to generate the NAT session table entry of the to-be-forwarded message for the to-be-forwarded message. Specifically, according to whether the access point device is a master device or a slave device, a flow of the access point device generating the NAT session table entry of the packet to be forwarded for the packet to be forwarded will be described in the following two ways.
In a first mode
When the access point device is a master device in the NAT virtual device group, the access point device may directly generate an NAT session entry for the data packet to be forwarded, and the access point device may allocate a transport layer port number after NAT to the data packet to be forwarded, and then generate an NAT session entry for the data packet to be forwarded according to the transport layer port number after NAT. The access point equipment stores the NAT session table item of the data message to be forwarded in the access point equipment after generating the NAT session table item of the data message to be forwarded.
Mode two
When the access point is a slave device in the NAT virtual device group, the flow shown in fig. 5 is:
step S501, the access point device sends an NAT session entry request message to a master device in the NAT virtual device group, where the NAT session entry request message includes a source IP address of the data packet to be forwarded, and is used to request the master device to generate an NAT session entry of the terminal.
Step S502, after receiving the NAT session table entry request message sent by the access point device, the master device allocates a transport layer port number after NAT to the data message to be forwarded according to the source IP address of the data message to be forwarded in the NAT session table entry request message, then generates the NAT session table entry of the data message to be forwarded according to the transport layer port number after NAT, and forwards the NAT session table entry of the data message.
Step S503, the master device sends an NAT session entry response message to the access point device, where the NAT session entry response message includes the transport layer port number after NAT of the data packet to be forwarded.
Step S504, after the access point device receives the NAT session table entry response message sent by the main device, the NAT session table entry of the data message to be forwarded is generated according to the port number of the transport layer after NAT in the NAT session table entry response message.
Step 303, the network device receives the NAT session announcement packet sent by the access point device. The NAT session announcement message includes the transport layer port number after NAT. Because the IP address after the NAT of the terminal may be a default value, the NAT session notification packet may not include the IP address after the NAT of the terminal. If the IP address of the terminal after NAT is not the default value, the NAT session announcement message also includes the IP address of the terminal after NAT.
Step 304, the network device generates the corresponding relation between the port number of the transmission layer after the NAT and the physical port for receiving the NAT session announcement message. The network device generates a corresponding relationship between the transport layer port number after the NAT and the physical port receiving the NAT session notification message according to the transport layer port number after the NAT received in step 302 and the physical port receiving the NAT session notification message, and stores the corresponding relationship in the NAT port group of the network device. The correspondence between the transport layer port number after NAT and the physical port that receives the NAT session notification packet may be as shown in table 2.
TABLE 2
Figure GDA0002251946740000121
Step 305, the network device receives the data packet. The destination address of the data message is the IP address after NAT of the terminal. The destination port number included in the data packet is the transport layer port number after NAT. And the network equipment obtains a corresponding NAT port group according to the destination address of the data message. Specifically, the network device may determine, according to the destination address of the data packet, that the next hop of the data packet points to the NAT port group of the network device, so as to query that the destination port number of the data packet in the NAT port group is the transport layer port number after NAT as the corresponding physical port. The network device uses the destination port number to inquire a physical port which is used for sending the data message and corresponds to the port number of the transmission layer after the NAT in the NAT port group. The data message is a message from the network to the terminal. When the network device obtains the corresponding NAT port group according to the destination address of the data packet, multiple destination addresses may correspond to one NAT port group, the NAT port group is determined by the destination address, and then the physical port for transmitting the data packet corresponding to the transport layer port number after NAT is queried from the determined NAT port group according to the destination port number. Or one destination address corresponds to one NAT port group, the network device queries the NAT port group according to the destination address of the data message, and directly queries the physical port for sending the data message corresponding to the transport layer port number after NAT.
Step 306, the network device forwards the data packet through the physical port.
After inquiring the physical port, the network device sends the data message by using the physical port, and then the data message can be directly sent to the access point device accessed by the terminal without being forwarded to the access point device accessed by the terminal through the access point device to which the terminal belongs, thereby avoiding the problem of traffic roundabout.
In the above embodiment, the physical port of the network device that receives the NAT session notification packet is connected to the access point device. Therefore, the data message forwarded by the network device through the physical port can be sent to the access point device sending the NAT session announcement message, and the problem of traffic roundabout is avoided. The access point device determines the NAT session table entry of the terminal when guiding the data message sent to the terminal to the network device, and can convert the IP address after NAT and the transmission layer port number after NAT in the destination IP address field and the destination port number field in the data message sent to the terminal into the address and the port number before NAT conversion according to the NAT session table entry of the terminal. Therefore, the access point device can correctly execute the NAT when guiding the data message sent to the terminal to the network device. In addition, the destination port number of the data message is used as granularity to distinguish the data message sent to the terminal, so that different terminals can share the same IP address after NAT, and the roaming flexibility is improved.
In order to better explain the technical solution of the present application, the following describes the flow of guiding and forwarding the data packet through a specific implementation scenario.
Scene one
As shown in fig. 2, after the STA1 goes online at the AP1, it needs to access internet resources and send a message for accessing the internet, the AP1 queries and finds that an NAT session entry corresponding to the message for accessing the internet is not found, and at this time, it needs to generate an NAT session entry, and when the AP1 finds that it is the master device of the NAT virtual device group, it directly allocates a transport layer port number after NAT, where the message for accessing the internet as shown in fig. 2 is Src:10.1.1.1:1025 is allocated with a transport layer port number after NAT as 19286, where 10.1.1.1 is a source IP address, 1025 is a source port number, 1.1.1.1 is an IP address after NAT, and 19286 is a transport layer port number after NAT, and then generates and stores the NAT session entry of the message for accessing the internet. The AP1 forwards the internet access message of the STA2 to the network device based on the NAT session table entry of the internet access message, and sends a NAT session notification message to the network device.
After the STA2 is online at the AP2, to access the internet resource, it needs to send a message for accessing the internet, and the AP2 finds that there is no NAT session entry corresponding to the message for accessing the internet, and at this time, it needs to generate a NAT session entry. Because the AP1 is a master device, the AP2 initiates a NAT session table entry request message to the AP1, the AP1 allocates a transport layer port number 19287 after NAT to an internet access message of the STA2, generates and stores a NAT session table entry of the internet access message, and sends the NAT session table entry to the AP2, and the AP2 forwards the internet access message of the STA2 to a network device based on the NAT session table entry of the internet access message, and sends a NAT session notification message to the network device.
When the network device receives the NAT session notification messages sent by the AP1 and the AP2, the network device generates a corresponding relationship between the transport layer port number after NAT and the physical port receiving the NAT session notification message according to the received NAT session notification message, and stores the corresponding relationship in the NAT port group, as specifically shown in table 3.
TABLE 3
Figure GDA0002251946740000141
Figure GDA0002251946740000151
After the above steps are completed, the STA can normally access the internet network resources, and the relevant forwarding path is: the message of STA1 accessing the internet is NAT converted on AP1, and replaced by the message with IP address of 1.1.1.1 after NAT and transport layer port number of 19286 after NAT, and the message is transmitted to the network equipment and forwarded. After a message sent from the internet to STA1 arrives at the network device, the network device finds that the next hop points to the NAT port group, queries a physical port corresponding to a transport layer port number after NAT with a port number 19286 in the NAT port group based on a destination port number 19286 of the message sent from the internet to STA1, queries that the physical port is port1, sends the message from port1 to AP1, and sends the message to STA1 by AP 1.
Scene two
As shown in fig. 6, when STA1 roams to AP2, AP2 will actively send NAT session table entry request message to the main device AP1 of the NAT virtual device group to request the NAT session table entry related to STA1, send the NAT-backed transport layer port number in the NAT session table entry related to STA1 to AP2 after query, and generate the same NAT session table entry at AP2, as shown in table 4. The AP2 sends an NAT session notification message to the network device, the STA notifying the NAT-backed transport layer port number with the port number 19286 has already switched to the AP2 device, and after receiving the NAT session notification message, the network device generates a new correspondence between the NAT-backed transport layer port number and the physical interface receiving the NAT session notification message, as shown in table 5.
TABLE 4
Figure GDA0002251946740000152
TABLE 5
Figure GDA0002251946740000153
Figure GDA0002251946740000161
When a message sent from the internet to STA1 arrives at the network device, the network device finds that the next hop points to the NAT port group, queries a physical port corresponding to a transport layer port number after NAT with port number 19286 in the NAT port group based on the destination port number 19286 of the message sent from the internet to STA1, queries that the physical port is port2, sends the message from port2 to AP2, and sends the message to STA1 by AP 2.
Fig. 7 illustrates that the present application provides an access point device that may perform the flow of bootstrap data messages.
As shown in fig. 7, the access point device specifically includes: a processing unit 701, a transmitting/receiving unit 702;
a processing unit 701, configured to determine an NAT session entry of a terminal, where the NAT session entry of the terminal includes a transport layer port number after NAT;
the transceiving unit 702 is configured to send, to a network device, the NAT session notification packet determined by the processing unit 701, where the NAT session notification packet includes the transport layer port number after NAT, and the NAT session notification packet indicates that the network device forwards, using a physical port that receives the NAT session notification packet, a data packet that is sent to the terminal and has a destination port number that is the transport layer port number after NAT.
The specific processes executed by the processing unit 701 and the transceiver unit 702 have been described in detail in the above embodiments, and are not described again.
Based on the same technical concept, fig. 8 shows that the present application provides a network device, and the network device may execute the above-mentioned flow of forwarding a data packet.
As shown in fig. 8, the network device specifically includes: a transceiver unit 801 and a processing unit 802;
a transceiver unit 801, configured to receive an NAT session notification message sent by an access point device, where the NAT session notification message includes a transport layer port number after NAT;
a processing unit 802, configured to generate a correspondence between the transport layer port number after the NAT and a physical port that receives the NAT session notification packet;
the transceiver unit 801 is further configured to receive a data packet, where a destination port number of the data packet is a port number of a transport layer after the NAT; and forwarding the data message by using the physical port according to the corresponding relation.
The specific processes executed by the processing unit 802 and the transceiver unit 801 are described in the above embodiments, and are not described again.
Based on the same concept, referring to fig. 9, an access point device 900 is provided for the present application. The access point device 900 may perform the steps performed or the functions performed by the access point device in the embodiments described above. The access point device 900 may include: a transceiver 901, a processor 902 and a memory 903. Processor 902 is configured to control the operation of access point device 900; the memory 903 may include both read-only memory and random access memory that store instructions and data that may be executed by the processor 902. The components of the transceiver 901, the processor 902, and the memory 903 are connected by a bus 909, where the bus 909 may include a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various buses are labeled as bus 909 in the figure. The transceiver 901 may be a transceiver and may include a transmitter and a receiver. The access point device 900 may communicate with other devices, such as routers, repeaters, etc., through a wired port or a wireless port.
The method for directing data packets disclosed herein may be implemented in the processor 902, or implemented by the processor 902.
The processor 902 is configured to read code from the memory 903 for performing a flow of the bootstrap data packet.
Based on the same concept, referring to fig. 10, a network device 1000 is provided for the present application. The network device 1000 may perform the steps implemented or the functions performed by the access point device in the embodiments described above. The network device 1000 may include: a transceiver 1001, a processor 1002, and a memory 1003. The processor 1002 is configured to control the operation of the network device 1000; the memory 1003 may include both read-only memory and random-access memory, and stores instructions and data that may be executed by the processor 1002. The transceiver 1001, processor 1002 and memory 1003 are coupled via a bus 1009, where the bus 1009 may include a power bus, a control bus and a status signal bus in addition to a data bus. But for clarity of illustration the various busses are labeled in the figures as bus 1009. The transceiver 1001 may be a transceiver and may include a transmitter and a receiver. The network device 1000 may communicate with other devices, such as routers, repeaters, etc., through wired or wireless ports. The network device 1000 may implement the process of querying the table from the NAT port group through the processor 1002, or may also implement the process of querying the table from the NAT port group through one querying device.
The method for forwarding the data packet disclosed by the present application may be applied to the processor 1002, or implemented by the processor 1002.
The processor 1002 is configured to read codes in the memory 1003 for executing a process of forwarding a data packet.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications can be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (20)

1. A method for directing data packets, comprising:
the access point equipment determines a Network Address Translation (NAT) session table entry of a terminal, wherein the NAT session table entry of the terminal comprises a transmission layer port number after NAT;
the access point equipment sends an NAT session notification message to network equipment, wherein the NAT session notification message comprises a transport layer port number after NAT, and the NAT session notification message indicates that the network equipment forwards a data message which is sent to the terminal and has a target port number as the transport layer port number after NAT by using a physical port for receiving the NAT session notification message.
2. The method of claim 1, wherein the ap device sends the NAT session announcement packet to the network device when the terminal is connected to the ap device and the terminal is a roaming terminal.
3. The method of claim 1 or 2, wherein the access point device is any one of a group of NAT virtual devices, and the access point device and devices in the group of NAT virtual devices other than the access point device use a synchronized NAT session table that includes NAT session entries for the terminal.
4. The method of claim 3, wherein the NAT virtual device group includes a master device and a slave device, and the transport layer port number after NAT of each NAT session entry in the NAT session table of the NAT virtual device group is allocated by the master device; wherein the content of the first and second substances,
the method for determining the NAT session table entry of the terminal by the access point equipment comprises the following steps:
when the access point equipment is the main equipment in the NAT virtual equipment group, the access point equipment determines the NAT session table item of the terminal in the NAT session table of the access point equipment;
when the access point device is a slave device in the NAT virtual device group, the access point device sends an NAT session table entry request message to a master device in the NAT virtual device group, receives an NAT session table entry response message sent by the master device, and generates an NAT session table entry of the terminal according to a transport layer port number after NAT in the NAT session table entry response message.
5. The method according to claim 1, wherein when the access point device receives a to-be-forwarded message from the terminal and an NAT session table of the access point device lacks an NAT session table entry of the to-be-forwarded message, the access point device generates an NAT session table entry of the to-be-forwarded message for the to-be-forwarded message, and sends the NAT session notification message to the network device, wherein a transport layer port number after NAT is a transport layer port number after NAT in the NAT session table entry of the to-be-forwarded message.
6. The method of claim 5, wherein the access point device is any one of a group of NAT virtual devices, and wherein the access point device and devices in the group of NAT virtual devices other than the access point device use a synchronized NAT session table, the NAT session table including NAT session table entries for the terminal.
7. The method of claim 6, wherein the NAT virtual device group includes a master device and a slave device, and wherein the transport layer port number after NAT of each NAT session entry in the NAT session table of the NAT virtual device group is allocated by the master device; wherein the content of the first and second substances,
generating the NAT session table entry of the message to be forwarded for the message to be forwarded, including:
when the access point device is a master device in the NAT virtual device group, the access point device generates and stores an NAT session table entry of the message to be forwarded;
when the access point device is a slave device in the NAT virtual device group, the access point device sends an NAT session table entry request message to a master device in the NAT virtual device group, receives an NAT session table entry response message sent by the master device, and generates an NAT session table entry of the message to be forwarded according to a transport layer port number after NAT in the NAT session table entry response message.
8. A method for forwarding data packets, comprising:
the network equipment receives a Network Address Translation (NAT) session announcement message sent by the access point equipment, wherein the NAT session announcement message comprises a transmission layer port number after NAT; the network equipment generates a corresponding relation between the port number of the transmission layer after the NAT and a physical port for receiving the NAT session notification message;
the network equipment receives a data message, and the destination port number of the data message is the port number of the transmission layer after the NAT;
and the network equipment forwards the data message by using the physical port according to the corresponding relation.
9. The method of claim 8, wherein the access point device is any one of a group of NAT virtual devices, and wherein the access point device uses a synchronized NAT session table with devices in the group of NAT virtual devices other than the access point device.
10. The method according to claim 9, wherein before the network device forwards the data packet through the physical port according to the correspondence, the method further comprises:
and the network equipment determines that the next hop of the data message points to the NAT port group of the network equipment according to the destination address of the data message.
11. An access point device, comprising:
the processing unit is used for determining a Network Address Translation (NAT) session table entry of the terminal, wherein the NAT session table entry of the terminal comprises a transmission layer port number after NAT;
and the receiving and sending unit is used for sending the NAT session notification message determined by the processing unit to network equipment, wherein the NAT session notification message comprises the transport layer port number after NAT, and the NAT session notification message indicates that the network equipment forwards a data message which is sent to the terminal and has the destination port number of the transport layer port number after NAT and is transmitted by using a physical port for receiving the NAT session notification message.
12. The access point device of claim 11, wherein the transceiver unit is further to:
and when the terminal is connected with the access point equipment and is a roaming terminal, the terminal sends the NAT session announcement message to the network equipment.
13. The access point device of claim 11 or 12, wherein the access point device is any device in a NAT virtual device group, and the access point device and devices in the NAT virtual device group other than the access point device use a synchronized NAT session table that includes NAT session table entries for the terminal.
14. The access point device of claim 13, wherein the NAT virtual device group includes a master device and a slave device, and the transport layer port number after NAT of each NAT session entry in the NAT session table of the NAT virtual device group is allocated by the master device; wherein the content of the first and second substances,
the processing unit is specifically configured to:
when the access point equipment is the main equipment in the NAT virtual equipment group, determining an NAT session table item of a terminal in an NAT session table of the access point equipment;
when the access point equipment is the slave equipment in the NAT virtual equipment group, sending an NAT session table entry request message to the master equipment in the NAT virtual equipment group through the receiving and sending unit, receiving an NAT session table entry response message sent by the master equipment through the receiving and sending unit, and generating the NAT session table entry of the terminal according to the transmission layer port number after NAT in the NAT session table entry response message.
15. The access point device of claim 11, wherein the processing unit is further to:
when a message to be forwarded from the terminal is received and the NAT session table entry of the message to be forwarded is absent, generating the NAT session table entry of the message to be forwarded for the message to be forwarded, and sending the NAT session notification message to the network device through the transceiving unit, wherein the port number of the transmission layer after NAT is the port number of the transmission layer after NAT in the NAT session table entry of the message to be forwarded.
16. The access point device of claim 15, wherein the access point device is any device in a NAT virtual device group, and wherein the access point device and devices in the NAT virtual device group other than the access point device use a synchronized NAT session table that includes NAT session table entries for the terminal.
17. The access point device of claim 16, wherein the NAT virtual device group includes a master device and a slave device, and wherein the transport layer port number after NAT for each NAT session entry in the NAT session table of the NAT virtual device group is allocated by the master device; wherein the content of the first and second substances,
the processing unit is specifically configured to:
when the access point device is a main device in the NAT virtual device group, generating and storing an NAT session table entry of the message to be forwarded;
when the access point device is a slave device in the NAT virtual device group, sending an NAT session table entry request message to a master device in the NAT virtual device group through the receiving and sending unit, receiving an NAT session table entry response message sent by the master device through the receiving and sending unit, and generating an NAT session table entry of the message to be forwarded according to a transmission layer port number after NAT in the NAT session table entry response message.
18. A network device, comprising:
the device comprises a receiving and sending unit, a processing unit and a processing unit, wherein the receiving and sending unit is used for receiving a Network Address Translation (NAT) session announcement message sent by access point equipment, and the NAT session announcement message comprises a transmission layer port number after NAT;
the processing unit is used for generating the corresponding relation between the port number of the transmission layer after the NAT and the physical port for receiving the NAT session notification message;
the receiving and sending unit is further configured to receive a data packet, where a destination port number of the data packet is a transport layer port number after the NAT; and forwarding the data message by using the physical port according to the corresponding relation.
19. The network device of claim 18, wherein the access point device is any device in a set of NAT virtual devices, and wherein the access point device uses a synchronized NAT session table with devices in the set of NAT virtual devices other than the access point device.
20. The network device of claim 19, wherein the processing unit is further to:
before the transceiver unit forwards the data message through the physical port according to the corresponding relationship, determining that the next hop of the data message points to an NAT port group of the network equipment according to the destination address of the data message.
CN201610931373.XA 2016-10-31 2016-10-31 Method for guiding and forwarding data message, access point equipment and network equipment Active CN108011986B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610931373.XA CN108011986B (en) 2016-10-31 2016-10-31 Method for guiding and forwarding data message, access point equipment and network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610931373.XA CN108011986B (en) 2016-10-31 2016-10-31 Method for guiding and forwarding data message, access point equipment and network equipment

Publications (2)

Publication Number Publication Date
CN108011986A CN108011986A (en) 2018-05-08
CN108011986B true CN108011986B (en) 2020-04-03

Family

ID=62047202

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610931373.XA Active CN108011986B (en) 2016-10-31 2016-10-31 Method for guiding and forwarding data message, access point equipment and network equipment

Country Status (1)

Country Link
CN (1) CN108011986B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005008996A1 (en) * 2003-07-03 2005-01-27 Sinett Corporation Method of supporting mobility and session persistence across subnets in wired and wireless lans
US7672264B2 (en) * 2006-06-21 2010-03-02 International Business Machines Corporation Method of pausing keep-alive messages and roaming for virtual private networks on handheld devices to save battery power
CN105792174A (en) * 2014-12-26 2016-07-20 华为技术有限公司 Wireless local area network roaming method, access point and wireless controller
CN104702713B (en) * 2015-03-26 2018-09-04 新华三技术有限公司 A kind of data message forwarding method and device
CN105591941B (en) * 2015-07-23 2018-12-25 新华三技术有限公司 A kind of wireless roaming method and device

Also Published As

Publication number Publication date
CN108011986A (en) 2018-05-08

Similar Documents

Publication Publication Date Title
EP3993347A1 (en) Method and device for application migration
US11102170B2 (en) Route delivery method and device
US9438555B2 (en) Communicating with a distribution system via an uplink access point
US20140241266A1 (en) Systems and methods for reduced latency when establishing communication with a wireless communication system
US10291695B2 (en) Method and apparatus and computer readable record media for communication on wi-fi direct multi-group network
EP2858313B1 (en) Method, device, and system for routing function activation and data transmission
WO2017024909A1 (en) Method and device for data transmission
US20150163656A1 (en) Wireless local area network system based on an access point (ap) supporting wireless terminal roaming
CN104468866A (en) Fast roaming method for multi-gateway terminal in wireless local area network
US7921458B2 (en) Packet routing method, computer system, and computer product
US20150312208A1 (en) Adaptive dynamic host configuration protocol assignment with virtual local area network pool
CN111093211A (en) Control signaling transmission method, device and storage medium
EP2466954A1 (en) Method, system and access gateway router for handoff management and user data management when handing off
KR20170063067A (en) Method and apparatus for relay link establish in wireless communication system
CN101208908A (en) Access point and method for delivering information on media independent handover protocol
US11546222B2 (en) Mapping between wireless links and virtual local area networks
KR20160050483A (en) Method for traffic path diversity in wireless communication system
US10681751B2 (en) Operation method of communication node in communication network
US10050930B2 (en) Multi-radio single internet protocol address wireless local area network apparatus and method
WO2019015453A1 (en) Method and apparatus for establishing communication route, and computer storage medium and system
US8773990B1 (en) Detecting unauthorized tethering
WO2015054129A1 (en) Enabling internet protocol connectivity across multi-hop mobile wireless networks via a service oriented architecture
US10368388B2 (en) Method for peer to peer communication and related communication device
US9307391B2 (en) Method and system for management of the mobility of a mobile network
CN108011986B (en) Method for guiding and forwarding data message, access point equipment and network equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant