CN111698346A - Private network address conversion method and device, private network gateway and storage medium - Google Patents

Private network address conversion method and device, private network gateway and storage medium Download PDF

Info

Publication number
CN111698346A
CN111698346A CN202010530952.XA CN202010530952A CN111698346A CN 111698346 A CN111698346 A CN 111698346A CN 202010530952 A CN202010530952 A CN 202010530952A CN 111698346 A CN111698346 A CN 111698346A
Authority
CN
China
Prior art keywords
address
communication
communication device
conversion
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010530952.XA
Other languages
Chinese (zh)
Other versions
CN111698346B (en
Inventor
雷思源
刘金帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202010530952.XA priority Critical patent/CN111698346B/en
Publication of CN111698346A publication Critical patent/CN111698346A/en
Application granted granted Critical
Publication of CN111698346B publication Critical patent/CN111698346B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the application discloses a private network address conversion method, a private network address conversion device, a private network gateway and a storage medium, which relate to the technical field of cloud computing and comprise the following steps: acquiring a pre-stored private network address mapping relation; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC; configuring a target conversion IP address for the communication object according to the private network address mapping relation; and establishing communication connection between the VPC and the IDC according to the target translation IP address. The embodiment of the application can meet the requirement of special line communication between the VPC and the IDC.

Description

Private network address conversion method and device, private network gateway and storage medium
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a cloud computing technology.
Background
The private line service has the characteristics of direct connection, higher speed, higher reliability, better service and the like, and is mostly oriented to enterprises, governments and other customers with higher data access/interconnection requirements and higher service requirements. The private line service generally has a fixed network IP (Internet Protocol, Protocol for interconnection between networks) address, and does not need access authentication; according to the customer requirements, not only the access layer has requirements on bandwidth and access service types, but also more detailed and detailed requirements on the whole-course whole-network service quality of the service are provided. The VPC (Virtual Private Cloud) is a logic isolation network space customized on a public Cloud, and is a network space that can be customized by a user, and service resources of the user on a Private Cloud, such as a Cloud host, load balancing, a Cloud database, and the like, are hosted in the VPC. The IDC (Internet Data Center) can provide large-scale, high-quality, safe and reliable professional server hosting, space renting, network wholesale bandwidth and other services for Internet content providers, enterprises, media and various websites. The special line service can provide a quick and reliable connection mode between the IDC and the VPC for a user, and when the VPC is communicated with the IDC through the special line, the user needs to perform address planning by himself when building a mixed cloud, so that network address space conflict between the IDC and the VPC is avoided. However, in some scenarios, even if a dedicated wire is set up between the VPC and the IDC, communication between the VPC and the IDC may be disabled due to address space conflict problems.
Disclosure of Invention
The embodiment of the application provides a private network address conversion method, a private network address conversion device, a private network gateway and a storage medium, so as to meet the private network communication requirement between a VPC and an IDC.
In a first aspect, an embodiment of the present application provides a method for address translation of a private network, which is applied to a private gateway, and includes:
acquiring a pre-stored private network address mapping relation; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC;
configuring a target conversion IP address for the communication object according to the private network address mapping relation;
and establishing communication connection between the VPC and the IDC according to the target translation IP address.
In a second aspect, an embodiment of the present application provides a private network address translation device configured in a private gateway, including:
the private network address mapping relation acquisition module is used for acquiring a pre-stored private network address mapping relation; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC;
the IP address configuration module is used for configuring a target conversion IP address for the communication object according to the private network address mapping relation;
and the communication connection establishing module is used for establishing communication connection between the VPC and the IDC according to the target translation IP address.
In a third aspect, an embodiment of the present application provides a private line gateway, including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to perform the private network address translation method provided by the embodiment of the first aspect.
In a fourth aspect, the present application further provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the private network address translation method provided in the first aspect.
According to the embodiment of the application, the pre-stored private network address mapping relation is obtained, the VPC or the IDC is configured with the target conversion IP address on the private network gateway according to the obtained private network address mapping relation, so that the communication connection between the VPC and the IDC is established according to the configured target conversion IP address, the problem of address space conflict between the VPC and the IDC is solved, the hiding of the address space of the VPC and the IDC is realized, and the private network communication requirement between the VPC and the IDC is met.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:
fig. 1 is a flowchart of a private network address translation method according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a private network address translation method according to an embodiment of the present disclosure;
FIG. 3 is a diagram illustrating a private network address translation method according to an embodiment of the present disclosure;
fig. 4 is a block diagram of a private network address translation apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a private gateway for implementing the private network address translation method according to the embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In an example, fig. 1 is a flowchart of a private network address translation method provided in an embodiment of the present application, which may be applicable to solve the address space conflict and address space hiding problem between a VPC and an IDC, and which may be performed by a private network address translation apparatus, which may be implemented by software and/or hardware, and may be generally integrated in a private gateway. Accordingly, as shown in fig. 1, the method comprises the following operations:
s110, acquiring a pre-stored private network address mapping relation; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC.
Wherein, the communication object can be an object communicating through a private gateway. The first communication object may be a VPC and the second communication object may be an IDC. For example, the IDC may be various types of data centers such as a financial institution or a media institution, and the embodiments of the present application do not limit the specific types of the VPC and the IDC. The translated IP address may be an IP address obtained by IP-translating the IP address. Optionally, the IP address of the communication object may include a first IP address of the VPC and a second IP address of the IDC, and correspondingly, the translated IP address may include a first translated IP address corresponding to the first IP address and a second translated IP address corresponding to the second IP address. The first IP address may be an IP address of a resource in the VPC, and the first converted IP address may be an IP address having a mapping relationship with the first IP address. The second IP address may be an IP address of a resource within the IDC and the second translated IP address may be an IP address having a mapping relationship with the second IP address.
In the embodiment of the application, when the VPC and the IDC communicate with each other, and when a data message sent by a resource in the VPC and/or the IDC reaches the private gateway, the private gateway may obtain a pre-stored private network address mapping relationship from the private gateway controller.
Optionally, the private line gateway controller may implement functions of managing a call state, or controlling resources borne by the private line gateway. The private line gateway can convert the type of the data stream from one format to another format, for example, convert media information in the circuit switching network into a real-time Transport protocol (RTP) data stream in the IP network, and implement functions of establishing, modifying, releasing, and resource management of the data stream under the control of the signaling of the private line gateway controller. Meanwhile, the private line gateway may also have a Network Address Translation (NAT) function. The network address conversion needs to have a corresponding network address mapping relation, so that before the network address conversion is carried out on the IP address of the VPC or the IDC, the private line gateway can request the private line gateway controller to obtain the private line network address mapping relation configured in advance by the private line gateway controller.
S120, configuring a target conversion IP address for the communication object according to the private network address mapping relation.
The target converted IP address may be an IP address obtained by IP-converting an IP address of a communication object according to a private network address mapping relationship.
Correspondingly, when the VPC and the IDC are communicated through the private line gateway, the target conversion IP address can be configured for the VPC and/or the IDC according to the acquired private line network address mapping relation. Specifically, the private line gateway may configure the first IP address as the first converted IP address or configure the second IP address as the second converted IP address according to the obtained private line network address mapping relationship. Alternatively, the first IP address may be configured as the first converted IP address, and the second IP address may be configured as the second converted IP address. The network address conversion of the private line gateway to the VPC or the IDC may be set according to a specific application scenario, and the embodiment of the present application does not limit a configuration object of the private line gateway.
S130, establishing communication connection between the VPC and the IDC according to the target conversion IP address.
Correspondingly, after the private line gateway completes the network address conversion of the VPC and/or the IDC, the VPC and/or the IDC can communicate with each other through the target conversion IP address converted by the private line gateway.
According to the embodiment of the application, the pre-stored private network address mapping relation is obtained, the VPC or the IDC is configured with the target conversion IP address on the private network gateway according to the obtained private network address mapping relation, so that the communication connection between the VPC and the IDC is established according to the configured target conversion IP address, the problem of address space conflict between the VPC and the IDC is solved, the hiding of the address space of the VPC and the IDC is realized, and the private network communication requirement between the VPC and the IDC is met.
In an example, fig. 2 is a flowchart of a private network address translation method provided in the embodiment of the present application, and the embodiment of the present application performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments, and provides a plurality of specific implementation manners for configuring the first translation IP address and/or the second translation IP address according to the private network address mapping relationship.
A private network address translation method as shown in fig. 2 includes:
and S210, acquiring a pre-stored private network address mapping relation.
In an optional embodiment of the present application, the private network address mapping relationship may include: mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address; mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address; mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool; mapping relation between original conversion address and conversion network address of each first communication device in the first communication object; the original translation address comprises an original IP address and a designated port, and the translation network address comprises a translation IP address and a designated port.
The first communication device may be a resource in the VPC, and the number of the first communication devices may be one or more, and the second communication device may be a resource in the IDC, and the number of the first communication devices may also be one or more. The resource may be a device such as a host, a load balancer, or a database, and the embodiment of the present application does not limit the specific device types and numbers of the first communication device and the second communication device. The conversion IP pool may be one or more VPC-NIP pools set for a private line gateway. Each VPC-NIP pool can correspond to a network segment. The designated port may be one of the ports designated by the first communication device from the protocol ports, and the first communication device may form the original translated address by binding the designated port with the original IP address. The translated network address may be an IP address with a specified port that has a mapping relationship with the original translated address.
Optionally, the private network address mapping relationship may be set according to the mutual access requirement of the VPC and the IDC, and may include, but is not limited to, four types. Wherein: the first private network address mapping relationship may be a mapping relationship between the IP addresses of the first communication devices in the first communication object and the first converted IP addresses. The second private network address mapping relationship may be a mapping relationship between the IP addresses of the second communication devices in the second communication object and the second converted IP addresses. The third private network address mapping relationship may be a mapping relationship between an IP address of each of the first communication devices in the first communication object and an IP address of the translation IP pool. Wherein, the IP address of the conversion IP pool can be a random IP address or a designated IP address. Wherein the random IP address may be a randomly selected one of the IP addresses in the translation IP pool. The specified IP address may be a uniquely specified one of the IP addresses in the translated IP pool. The fourth private network address mapping relationship may be a mapping relationship between the original translation address and the translation network address of each first communication device in the first communication object.
The problems of address space conflict and address space mapping of the VPC and the IDC under various scenes can be effectively solved by setting different types of private network address mapping relations according to the mutual access requirements of the VPC and the IDC.
S220, mapping the IP address of each of the first communication devices to each of the first converted IP addresses according to a mapping relationship between the IP address of each of the first communication devices in the first communication object and each of the first converted IP addresses.
Wherein the first converted IP addresses corresponding to the IP addresses of the first communication devices are different; the first converted IP address is used for the first communication device and the second communication device in the second communication object to access each other.
In this embodiment, the IP address of each first communication device may be mapped to each first converted IP address according to a first private network address mapping relationship.
Illustratively, the IP address of each first communication device within the VPC (which may be referred to as VPC-IP for short) may be mapped to a new VPC-NIP and mutually accessed with the IDC via the VPC-NIP identity. The VPC-NIP does not distinguish the source direction and the destination direction, and can actively access the IDC and can also be actively accessed by the IDC. That is, the VPC-NIP may be understood as the identity of the first communication device in the VPC within the IDC, and may hide the VPC-IP within the VPC. The first communication device may access the second communication device in the IDC through the VPC-NIP. When one VPC is connected with a plurality of IDCs, corresponding VPC-NIPs can be respectively set for different IDCs, and the VPC-NIPs of the same VPC in different IDCs can be repeated.
In a specific implementation, the source IP address (i.e., VPC-IP) of the first communication device may be mapped to VPC-NIP on the postoutputting (source address translation) of the private line gateway, and the destination IP address may be mapped to VPC-IP on the forwarding (destination address translation) of the private line gateway. In the embodiment of the present application, a behavior that a first communication device in a VPC accesses a second communication device is regarded as a behavior that an external network resource is accessed.
In the first private network address mapping relationship, the following rule restrictions may also be set:
1) VPC-IP must be in the VPC network segment range, and can be limited by a special gateway controller;
2) the VPC-NIP can not be in the network segment range of the VPC where the private line gateway is located, and can be limited by a private line gateway controller;
3) VPC-IP can only not be repeated, namely 1 VPC-IP in the VPC can only be uniquely mapped into 1 VPC-NIP;
4) VPC-NIP can not be repeated only, namely a plurality of VPC-IPs can not be mapped into the same 1 VPC-NIP;
5) VPC-IP and VPC-NIP do not support broadcast addresses (255.255.255.255.255), class D addresses (224.0.0.0-239.255.255.255) and class E addresses (240.0.0.0-255.255.255.254).
In the above scheme, according to the first private network address mapping relationship, the IP address of each first communication device is mapped to each first converted IP address, so that the problem of address space conflict between the VPC and the IDC when both the VPC and the IDC are already constructed can be solved.
S230, mapping the IP address of each second communication device to each second converted IP address according to the mapping relationship between the IP address of each second communication device in the second communication object and each second converted IP address.
Wherein the second converted IP addresses corresponding to the IP addresses of the second communication devices are different; the second converted IP address is used for the second communication device to access the first communication device in the first communication object.
In this embodiment, the IP address of each second communication device may be mapped to each second converted IP address according to a second private network address mapping relationship.
For example, the IP address of each second communication device in the IDC (which may be abbreviated as IDC-IP) may be mapped to a new IDC-NIP and may be mutually accessed with the VPC through the IDC-NIP identity. IDC-NIP does not distinguish the source and destination directions, and can actively access the VPC and can be actively accessed by the VPC. That is, the IDC-NIP may be understood as the identity of the second communication device in the IDC within the VPC, and may hide the IDC-IP within the IDC. The second communication device may access the first communication device in the VPC through the IDC-NIP.
In a specific implementation, the source IP address (i.e., IDC-IP) of the second communication device may be mapped to IDC-NIP on the forwarding of the private line gateway, and the destination IP address may be mapped to IDC-IP on the post routing of the private line gateway.
In the second private network address mapping relationship, the following rule restrictions may also be set:
1) the IDC-NIP can not be in the network segment range of the VPC where the private line gateway is located, and can be limited by a private line gateway controller;
2) the IDC-IP can only not be repeated, namely 1 IDC-IP can only be uniquely mapped into 1 IDC-NIP;
3) the IDC-NIP can not be repeated only, namely a plurality of IDC-IPs can not be mapped into the same 1 IDC-NIP;
4) IDC-IP and IDC-NIP do not support broadcast addresses (255.255.255.255.255), class D addresses (224.0.0.0-239.255.255.255) and class E addresses (240.0.0.0-255.255.255.254).
In the above scheme, according to the second private network address mapping relationship, the IP address of each second communication device is mapped to each second converted IP address, so that the problem of address space conflict between the VPC and the IDC when both the VPC and the IDC are already constructed can be solved.
S240, mapping the IP address of each first communication device to the IP address of the translation IP pool according to the mapping relationship between the IP address of each first communication device in the first communication object and the IP address of the translation IP pool.
Wherein the IP addresses of the converted IP pools corresponding to the IP addresses of the first communication devices are different; and the IP address of the conversion IP pool is used for the first communication equipment to actively access the second communication equipment in the second communication object through a random port.
In this embodiment, the IP address of each first communication device may be mapped to the IP address of the converted IP pool according to a third private network address mapping relationship.
In an alternative embodiment of the present application, the random IP address of the translation IP pool may be a random IP address or a combination of a designated IP address and a random port.
The random port may be any one of the protocol ports, that is, one of 65536 ports of the IP address.
Illustratively, when a first communication device in the VPC actively accesses the IDC through the private line gateway, a random IP address in the VPC-NIP pool or a random port of the designated IP address can be designated to access the IDC of the private line opposite end.
In specific implementation, an NAT instance can be created through a private network gateway controller, one or more VPC-NIP pools are bound, and the destination IP addresses of different IDCs accessed by the VPC are mapped to the corresponding VPC-NIP pools. That is, when the first communication device in the VPC accesses the IDC, only the VPC-NIP pool will be exposed to the accessed IDC, and only the route of the corresponding VPC-NIP pool needs to be added to the accessed IDC.
The specific application process of the third private network address mapping relationship may be: the cloud network corresponding to the private line gateway needs to contain VPC-NIP, and IDC-VIP also needs to be added to the network parameters of the private line channel. The IDC-VIP means that when the VPC actively accesses the IDC, the IDC provides only one private IP address for the VPC to access, that is, the second communication device can access the designated access IP address of the first communication device. IDCs-VIPs can be independently distributed by each IDC, and IDCs-VIPs of different IDCs can be repeated, belonging to one of IDCs-NIPs. Meanwhile, an NAT gateway needs to be created, and the VPC-NIP pool is bound to the NAT gateway. Finally, VPC routes need to be added. VPC routing may include three types:
1) and requesting, VM-NAT, wherein VM represents a virtual machine or a cloud server and the like, and NAT can represent a private line gateway. In the routing type, a source IP address is a network segment or a subnet network segment of a VPC, a target IP address is IDC-VIP and belongs to NAT routing;
2) request, NAT- > EVR, where EVR represents a certain functional module in the router, and optionally, may be a functional module that manages the router forwarding table. In the route type, a source IP address is VPC-NIP, a destination IP address is IDC-VIP and belongs to a special route;
3) and back packaging, EVR- - - > NAT, wherein the source IP address is IDC-VIP, the destination IP address is VPC-NIP, and the source IP address belongs to NAT routing.
In the third private network address mapping relationship, the following rule restrictions may also be set:
1) the VPC-NIP pool can not be in the network segment range of the VPC where the private line gateway is located, and can be limited by a private line gateway controller;
2) IDC destination network segments corresponding to a plurality of VPC-NIP pools cannot be overlapped, otherwise, network address conversion conflict can be caused;
3) IP addresses included in each VPC-NIP pool cannot be overlapped;
4) the VPC-NIP pool only supports single IP or continuous IP, and the/24 network segments of the continuous IP need to be kept consistent. For example, support "192.168.0.1-192.168.0.6", do not support "192.168.0.1-192.168.1.2";
5) the VPC-NIP pool does not support broadcast addresses (255.255.255.255), class D addresses (224.0.0.0-239.255.255.255) and class E addresses (240.0.0.0-255.255.255.254).
In the above scheme, according to the third private network address mapping relationship, the IP address of each first communication device is mapped to the IP address of the conversion IP pool, so that the problem that address conflicts may exist when different IDCs communicate with VPCs when a plurality of IDCs are connected to the same VPC, and the problem that address spaces between VPCs and IDCs at two ends of a private line do not conflict, but the private line cannot be intercommunicated with respective identities (IP addresses) by following address planning of one party (e.g., IDC) is solved.
S250, mapping the original translation address of each of the first communication devices to the translation network address according to the mapping relationship between the original translation address and the translation network address of each of the first communication devices in the first communication object.
The original conversion address comprises an original IP address and a designated port, and the conversion network address comprises a conversion IP address and a designated port; the IP addresses of the first communication equipment are different in corresponding conversion IP address; the converted network address is used for the second communication device in the second communication object to actively access the first communication device through a designated port.
In this embodiment, the original translation address of each first communication device may be mapped to a translation network address according to a fourth private network address mapping relationship.
The fourth private line network address mapping relation is suitable for a scene that the IDCs actively access the VPCs. For example, when the IDC actively accesses the VPC and specifies a specific specified PORT, the original translation address IP + PORT (PORT) in the VPC may be mapped to a new IP + PORT, abbreviated as VPC-DPNIP. The VPC-DPNIP can be understood as a destination IP used when the IDC actively accesses the VPC, belongs to one of the VPC-NIPs, and is a mapping of a VPC service endpoint (a terminal address for specifying received data) in the IDC. The IDCs can communicate with corresponding IP + PORTs in the VPC by accessing the VPC-DPNIP, while other types of PORTs are not exposed to the IDCs.
In specific implementation, the destination IP address (i.e., VPC-DPNIP) may be mapped to an IP + PORT of the first communication device in the VPC on the forwarding of the private line gateway, and the source IP address (i.e., VPC-DPNIP) may be mapped to a new conversion network address IP + PORT on the post output of the private line gateway.
In the fourth private network address mapping relationship, the following rule restrictions may also be set:
1) the VPC-IP is required to be within the VPC network segment range of the private line gateway and can be limited by a private line gateway controller;
2) the IP assigned port of the VPC-IP is unique, namely the same assigned IP port in the VPC can only be uniquely mapped into a VPC-DPNIP port;
3) the designated port corresponding to the VPC-DPNIP cannot be in the range of the VPC network segment;
4) the VPC-DPNIP designated ports may not be duplicated, i.e., there is no IP designated port to map multiple VPC-IP ports.
5) VPC-IP and VPC-DPNIP do not support broadcast addresses (255.255.255.255.255), D-class addresses (224.0.0.0-239.255.255.255) and E-class addresses (240.0.0.0-255.255.255.254).
In the above scheme, according to the fourth private network address mapping relationship, the original translation address of each first communication device is mapped to the translation network address, so that the requirement that the IDC specifies a port to communicate with the VPC through a private line can be met.
S260, establishing communication connection between the VPC and the IDC according to the target translation IP address.
It should be noted that fig. 2 is only a schematic diagram of an implementation manner, the steps S220 to S250 are not executed in sequence, and the steps S220 to S250 may be executed in parallel.
By adopting the technical scheme, the IP address mapping mode of the resources in the VPC or the IDC is processed according to the address mapping relations of the private networks of different types, the problem of address space conflict between the VPC and the IDC under various private line application scenes can be effectively solved, the hiding of the address space of the VPC and the IDC is realized, and the private line communication requirement between the VPC and the IDC is met.
In one example, a specific application scenario is described in which a VPC actively accesses IDCs.
In an optional embodiment of the present application, configuring the first converted IP address according to the private network address mapping relationship may include: when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device does not belong to a network segment of the first communication object, directly mapping the IP address of the first communication device to one of random IP addresses of the conversion IP pool; and the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object.
In an optional specific example, in an application scenario where a first communication device in the VPC actively accesses a second communication device in the IDC, and an access IP address of the first communication device accessing the second communication device does not belong to a network segment of the VPC, for example, the network segment of the IDC is 192.168.0.0/16, the IP address of the IDC-VIP is 192.168.1.1, the network segment of the VPC is 172.16.0.0/16, and the VPC-NIP pool is 7.1.1.1/32. Optionally, a third private network address mapping relationship may be adopted, the VPC-IP of the first communication device is mapped to one of the random IP addresses of the VPC-NIP pool, and the first communication device directly accesses the IDC-VIP corresponding to the second communication device through the IP address mapped to the VPC-NIP pool.
In an optional embodiment of the present application, configuring the first converted IP address according to the private network address mapping relationship may include: when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device belongs to a network segment of the first communication object, mapping the IP address of the first communication device to be a designated IP address and mapping the designated IP address to be the access IP address of the first communication device; and the network segment corresponding to the specified IP address is different from the network segment corresponding to the first communication object.
In an optional specific example, in an application scenario that a first communication device in the VPC actively accesses a second communication device in the IDC, and an access IP address of the first communication device accessing the second communication device belongs to a network segment of the VPC, for example, the network segment of the IDC is 192.168.0.0/16, the IP address of the IDC-VIP is 192.168.1.1, the network segment of the VPC is 172.16.0.0/16, and the VPC-NIP pool is 7.1.1.1/32. Optionally, a third private network address mapping relationship may be adopted to map the VPC-IP of the first communication device to the designated IP address. For example, the designated IP address may be named VPC-NNIP, which has an IP address of 10.1.1.1. And then, continuously adopting the first private network address mapping relation, and mapping the VPC-NNIP to be the access IP address of the first communication equipment on the appointed private network, wherein the access IP address can be a random IP address in a VPC-NIP pool.
In an optional embodiment of the present application, configuring the first and second translated IP addresses according to the private network address mapping relationship may include: when a first communication device in the first communication object actively accesses a second communication device in the second communication object and the IP address of the first communication device conflicts with the designated access IP address of the second communication device accessing the first communication device, mapping the IP address of the first communication device to one random IP address in the conversion IP pool and mapping an additional designated access IP address of the second communication device to the designated access IP address of the second communication device; wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
Wherein the additional specified access IP address may be set for the IDC, different from the IP address of the specified access IP address.
In an optional specific example, in an application scenario where a first communication device in the VPC actively accesses a second communication device in the IDC, and an IP address of the first communication device conflicts with a specified access IP address of the second communication device accessing the first communication device, for example, a network segment of the IDC is 192.168.0.0/16, an IP address of the IDC-VIP is 192.168.1.1, a network segment of the VPC is 192.168.0.0/16, and a VPC-NIP pool is 6.1.1.1/32. Optionally, a third private network address mapping relationship may be adopted, the IP address of the first communication device in the VPC is mapped to the VPC-NIP pool, and the second private network address mapping relationship is continuously adopted, the additional specified access IP address IDC-NVIP is mapped to the specified access address IDC-VIP on the private network, and the first communication device in the VPC may actively access the IDC-NVIP.
In an optional embodiment of the present application, the configuring the first and second translated IP addresses according to the private network address mapping relationship may include: when a plurality of first communication devices in the first communication object actively access a plurality of second communication devices in the second communication object, designated access IP addresses of the second communication devices corresponding to the first communication devices are the same, and access IP addresses of the first communication devices corresponding to the second communication devices are different, mapping the IP addresses of the first communication devices to the IP addresses in a conversion IP pool according to additional designated access IP addresses of the second communication devices with different destination IP addresses, and mapping the additional designated access IP addresses of the second communication devices to the designated access IP addresses of the second communication devices; wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
Fig. 3 is a schematic diagram of a private network address translation method according to an embodiment of the present disclosure. In an optional specific example, in an application scenario where a first communication device in a VPC actively accesses a second communication device in an IDC, designated access IP addresses of the second communication devices corresponding to the first communication device are the same, and access IP addresses of the first communication devices corresponding to the second communication devices are different, as shown in fig. 3, a network segment of the VPC is 172.16.0.0/16, and a network segment corresponding to an IP address of an IDC-NVIP1 (an additional designated access IP address network segment set by the mechanism 1) is 6.1.1.1/32, and during specific communication, one IP address, for example, 6.1.1.1 may be randomly selected from 6.1.1.1/32 as the IDC-NVIP 1. The network segment corresponding to the IP address of IDC-NVIP2 (the additional designated access IP address network segment set by mechanism 2) is 7.1.1.1/32, and one IP address such as 7.1.1.1 can be randomly selected from 7.1.1.1/32 to serve as IDC-NVIP2 during specific communication. The network segment of IDC1 (agency 1) is 192.168.0.0/16, the IP address of IDC-VIP1 (agency 1 assigned access IP address) is 192.168.1.1, and the IP address of VPC-NIP1 (one of the first communication devices accessing agency 1's access IP address) is 10.1.1.6. The network segment of IDC2 (mechanism 2) is 192.168.0.0/16, the IP address of IDC-VIP2 (mechanism 2 specifies the access IP address) is 192.168.1.1, and the IP address of VPC-NIP2 (another first communication device accesses the access IP address of mechanism 2) is 10.1.1.7. Wherein gw identifies an enterprise-level wireless route, EVR represents a private gateway, and BVR represents a routing table.
Optionally, a third private network address mapping relationship may be adopted, and the VPC-IP of the first communication device of the access mechanism 1 is mapped to VPC-NIP110.1.1.6 according to the IDC-NVIPs of different destination IP addresses, that is, according to IDC-NVIP16.1.1.1/32; the VPC-IP of the first communication device of the access mechanism 2 is mapped to VPC-NIP210.1.1.7 according to IDC-NVIP27.1.1.1/32. And then continuing to adopt the second special-line network address mapping relation to map the IDC-NVIP into IDC-VIP on different special-line networks. That is, IDC-NVIP1 is mapped to IDC-VIP1, and IDC-NVIP2 is mapped to IDC-VIP 2. After private network address translation is complete, a first communication device within the VPC may actively access IDC-NVIP1 or IDC-NVIP 2. And the NAT gateway routes the flow to the NAT gateway, and the NAT gateway selects a corresponding VPC-NIP pool according to the IDC-NVIP of the destination IP address and then matches with the special line route. Before the data packet is sent out from the router, a second special network address mapping relation is adopted, and IDC-NVIP of the destination IP address is mapped into IDC-VIP. The EVR can search a corresponding route in the virtual machine, and send a data packet from the private line to a corresponding mechanism. The repackaging is similar to the above-described unpacking process.
In the above technical scheme, under the condition that the first communication device in the VPC actively accesses the second communication device in the IDC, the corresponding private network address mapping relation is adopted to perform private network address conversion according to the specific condition of accessing the IP address, so that the problem of address space conflict between the VPC and the IDC can be effectively solved, the hiding of the address space between the VPC and the IDC is realized, and the private network communication requirement between the VPC and the IDC is met.
In one example, a specific application scenario for IDC active access to VPCs is described.
In an optional embodiment of the present application, configuring the first and second translated IP addresses according to the private network address mapping relationship may include: when second communication equipment in the second communication object actively accesses first communication equipment in the first communication object, the appointed access IP addresses of the second communication equipment, which correspond to the first communication equipment, are the same, and the access IP addresses of the first communication equipment, which correspond to the second communication equipment, are different, mapping the original conversion address of the first communication equipment into the conversion network address; and when the IP address of the second communication equipment conflicts with the IP addresses of other second communication equipment or conflicts with the IP address of the first communication equipment, mapping the IP address of the second communication equipment into an access IP address of the second communication equipment for accessing the first communication equipment.
In an optional specific example, in an application scenario where the second communication device in the IDC actively accesses the first communication device in the VPC, the designated access IP addresses of the second communication devices corresponding to the first communication device are the same, and the access IP addresses of the first communication devices corresponding to the second communication devices are different, for example, the network segment of the IDC is 192.168.0.0/16, the IP address of the IDC-VIP is 192.168.1.1, the network segment of the VPC is 192.168.0.0/16, and the original translation address is 172.1.1.1: 12345. Optionally, a fourth private network address mapping relationship may be used to map the original translated addresses 172.1.1.1:12345 of the first communication device to the translated network addresses VPC-DPNIP 6.1.1.1: 12345. It should be noted that if IDC-IP conflicts with VPC or with other IDCs, a second private network address mapping relationship may be used to map IDC-IP to IDC-NIP access VPC.
In the above technical solution, under the condition that the second communication device in the IDC actively accesses the first communication device in the VPC, if the designated access IP addresses of the second communication devices corresponding to the first communication device are the same and the access IP addresses of the first communication devices corresponding to the second communication device are different, the original translation address of the first communication device is mapped to the translation network address, which can effectively solve the problem of address space conflict between the VPC and the IDC, and hide the address spaces of the VPC and the IDC, thereby satisfying the requirement of private line communication between the VPC and the IDC.
In an example, fig. 4 is a structural diagram of a private network address translation device provided in an embodiment of the present application, which is implemented by software and/or hardware and is specifically configured in a private gateway, and can be applied to the case of solving the address space conflict and the address space hiding problem between a VPC and an IDC.
A private network address translation apparatus 400 as shown in fig. 4 comprises: a private network address mapping relation obtaining module 410, an IP address configuration module 420 and a communication connection establishing module 430.
Wherein the content of the first and second substances,
a private network address mapping relationship obtaining module 410, configured to obtain a pre-stored private network address mapping relationship; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC;
an IP address configuration module 420, configured to configure a target translation IP address for the communication object according to the private network address mapping relationship;
a communication connection establishing module 430, configured to establish a communication connection between the VPC and the IDC according to the target translation IP address.
According to the embodiment of the application, the pre-stored private network address mapping relation is obtained, the VPC or the IDC is configured with the target conversion IP address on the private network gateway according to the obtained private network address mapping relation, so that the communication connection between the VPC and the IDC is established according to the configured target conversion IP address, the problem of address space conflict between the VPC and the IDC is solved, the hiding of the address space of the VPC and the IDC is realized, and the private network communication requirement between the VPC and the IDC is met.
Optionally, the private network address mapping relationship includes: mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address; mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address; mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool; mapping relation between original conversion address and conversion network address of each first communication device in the first communication object; the original translation address comprises an original IP address and a designated port, and the translation network address comprises a translation IP address and the designated port.
Optionally, the IP address configuration module 420 is specifically configured to: mapping the IP address of each first communication device into each first conversion IP address according to the mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address; wherein the first converted IP addresses corresponding to the IP addresses of the first communication devices are different; the first converted IP address is used for the first communication device and the second communication device in the second communication object to access each other.
Optionally, the IP address configuration module 420 is specifically configured to: mapping the IP address of each second communication device into each second conversion IP address according to the mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address; wherein the second converted IP addresses corresponding to the IP addresses of the second communication devices are different; the second converted IP address is used for the second communication device to access the first communication device in the first communication object.
Optionally, the IP address configuration module 420 is specifically configured to: mapping the IP address of each first communication device into the IP address of a conversion IP pool according to the mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool; wherein the IP addresses of the converted IP pools corresponding to the IP addresses of the first communication devices are different; and the IP address of the conversion IP pool is used for the first communication equipment to actively access the second communication equipment in the second communication object through a random port.
Optionally, the IP address of the IP pool is converted into a random IP address or a combination of a designated IP address and a random port.
Optionally, the IP address configuration module 420 is specifically configured to: mapping the original translation address of each first communication device into the translation network address according to the mapping relation between the original translation address and the translation network address of each first communication device in the first communication object; the original conversion address comprises an original IP address and a designated port, and the conversion network address comprises a conversion IP address and a designated port; the IP addresses of the first communication equipment are different in corresponding conversion IP address; the converted network address is used for the second communication device in the second communication object to actively access the first communication device through a designated port.
Optionally, the IP address configuration module 420 is specifically configured to: when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device does not belong to a network segment of the first communication object, directly mapping the IP address of the first communication device to one of random IP addresses of the conversion IP pool; and the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object.
Optionally, the IP address configuration module 420 is specifically configured to: when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device belongs to a network segment of the first communication object, mapping the IP address of the first communication device to be a designated IP address and mapping the designated IP address to be the access IP address of the first communication device; and the network segment corresponding to the specified IP address is different from the network segment corresponding to the first communication object.
Optionally, the IP address configuration module 420 is specifically configured to: when a first communication device in the first communication object actively accesses a second communication device in the second communication object and the IP address of the first communication device conflicts with the designated access IP address of the second communication device accessing the first communication device, mapping the IP address of the first communication device to one random IP address in the conversion IP pool and mapping an additional designated access IP address of the second communication device to the designated access IP address of the second communication device; wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
Optionally, the IP address configuration module 420 is specifically configured to: when a plurality of first communication devices in the first communication object actively access a plurality of second communication devices in the second communication object, designated access IP addresses of the second communication devices corresponding to the first communication devices are the same, and access IP addresses of the first communication devices corresponding to the second communication devices are different, mapping the IP addresses of the first communication devices to the IP addresses in a conversion IP pool according to additional designated access IP addresses of the second communication devices with different destination IP addresses, and mapping the additional designated access IP addresses of the second communication devices to the designated access IP addresses of the second communication devices; wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
Optionally, the IP address configuration module 420 is specifically configured to: when second communication equipment in the second communication object actively accesses first communication equipment in the first communication object, the appointed access IP addresses of the second communication equipment, which correspond to the first communication equipment, are the same, and the access IP addresses of the first communication equipment, which correspond to the second communication equipment, are different, mapping the original conversion address of the first communication equipment into the conversion network address; and when the IP address of the second communication equipment conflicts with the IP addresses of other second communication equipment or conflicts with the IP address of the first communication equipment, mapping the IP address of the second communication equipment into an access IP address of the second communication equipment for accessing the first communication equipment.
The private network address translation device can execute the private network address translation method provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method. For details of the technology not described in detail in this embodiment, reference may be made to the private network address translation method provided in any embodiment of the present application.
Since the private network address translation device described above is a device capable of executing the private network address translation method in the embodiment of the present application, based on the private network address translation method described in the embodiment of the present application, a person skilled in the art can understand a specific implementation manner of the private network address translation device of the embodiment of the present application and various variations thereof, and therefore, how to implement the private network address translation method in the embodiment of the present application by the private network address translation device is not described in detail herein. The device used by those skilled in the art to implement the private network address translation method in the embodiments of the present application is within the scope of the present application.
In one example, the present application also provides a private line gateway and a readable storage medium.
Fig. 5 is a schematic structural diagram of a private gateway for implementing the private network address translation method according to the embodiment of the present application. Fig. 5 is a block diagram of a private gateway of a private network address translation method according to an embodiment of the present application. A private line gateway is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 5, the private line gateway includes: one or more processors 501, a memory 502, and interfaces for connecting the components, including a high-speed interface and a low-speed interface, optionally, an ethernet interface, a CAN (Controller area network) interface, or a JTAG (Joint Test Action Group) interface, etc. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor can process instructions for execution within the private gateway, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output device (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple private gateways may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 5, one processor 501 is taken as an example.
Memory 502 is a non-transitory computer readable storage medium as provided herein. The memory stores instructions executable by at least one processor to cause the at least one processor to perform the private network address translation method provided by the present application. The non-transitory computer-readable storage medium of the present application stores computer instructions for causing a computer to perform the private network address translation method provided by the present application.
The memory 502, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the private network address translation method in the embodiment of the present application (for example, the private network address mapping relation obtaining module 410, the IP address configuration module 420, and the communication connection establishing module 430 shown in fig. 4). The processor 501 executes various functional applications of the server and data processing by running non-transitory software programs, instructions, and modules stored in the memory 502, that is, implements the private network address translation method in the above method embodiments.
The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area can store data created by using a private line gateway for realizing the private line network address translation method, and the like. Further, the memory 502 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 502 optionally includes memory located remotely from processor 501, which may be connected via a network to a private line gateway that implements the XXX method. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The private line gateway for implementing the private line network address translation method may further include: an input device 503 and an output device 504. The processor 501, the memory 502, the input device 503 and the output device 504 may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The input device 503 may receive input numeric or character information and generate key signal inputs related to user settings and function control of a private gateway implementing the private network address conversion method, such as an input device of a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointing stick, one or more mouse buttons, a track ball, a joystick, etc. The output devices 504 may include a display device, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibrating motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
According to the embodiment of the application, the pre-stored private network address mapping relation is obtained, the VPC or the IDC is configured with the target conversion IP address on the private network gateway according to the obtained private network address mapping relation, so that the communication connection between the VPC and the IDC is established according to the configured target conversion IP address, the problem of address space conflict between the VPC and the IDC is solved, the hiding of the address space of the VPC and the IDC is realized, and the private network communication requirement between the VPC and the IDC is met.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (26)

1. A private network address translation method is applied to a private network gateway and comprises the following steps:
acquiring a pre-stored private network address mapping relation; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC;
configuring a target conversion IP address for the communication object according to the private network address mapping relation;
and establishing communication connection between the VPC and the IDC according to the target translation IP address.
2. The method of claim 1, wherein the private line network address mapping relationship comprises:
mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address;
mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address;
mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool;
mapping relation between original conversion address and conversion network address of each first communication device in the first communication object; the original translation address comprises an original IP address and a designated port, and the translation network address comprises a translation IP address and the designated port.
3. The method of claim 1, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
mapping the IP address of each first communication device into each first conversion IP address according to the mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address;
wherein the first converted IP addresses corresponding to the IP addresses of the first communication devices are different; the first converted IP address is used for the first communication device and the second communication device in the second communication object to access each other.
4. The method of claim 1, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
mapping the IP address of each second communication device into each second conversion IP address according to the mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address;
wherein the second converted IP addresses corresponding to the IP addresses of the second communication devices are different; the second converted IP address is used for the second communication device to access the first communication device in the first communication object.
5. The method of claim 1, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
mapping the IP address of each first communication device into the IP address of a conversion IP pool according to the mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool;
wherein the IP addresses of the converted IP pools corresponding to the IP addresses of the first communication devices are different; and the IP address of the conversion IP pool is used for the first communication equipment to actively access the second communication equipment in the second communication object through a random port.
6. The method of claim 5, wherein the IP address of the translation IP pool is a random IP address or a combination of a designated IP address and a random port.
7. The method of claim 1, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
mapping the original translation address of each first communication device into the translation network address according to the mapping relation between the original translation address and the translation network address of each first communication device in the first communication object;
the original conversion address comprises an original IP address and a designated port, and the conversion network address comprises a conversion IP address and a designated port; the IP addresses of the first communication equipment are different in corresponding conversion IP address; the converted network address is used for the second communication device in the second communication object to actively access the first communication device through a designated port.
8. The method of claim 2, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device does not belong to a network segment of the first communication object, directly mapping the IP address of the first communication device to one of random IP addresses of the conversion IP pool;
and the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object.
9. The method of claim 2, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device belongs to a network segment of the first communication object, mapping the IP address of the first communication device to be a designated IP address and mapping the designated IP address to be the access IP address of the first communication device;
and the network segment corresponding to the specified IP address is different from the network segment corresponding to the first communication object.
10. The method of claim 2, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
when a first communication device in the first communication object actively accesses a second communication device in the second communication object and the IP address of the first communication device conflicts with the designated access IP address of the second communication device accessing the first communication device, mapping the IP address of the first communication device to one random IP address in the conversion IP pool and mapping an additional designated access IP address of the second communication device to the designated access IP address of the second communication device;
wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
11. The method of claim 2, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
when a plurality of first communication devices in the first communication object actively access a plurality of second communication devices in the second communication object, designated access IP addresses of the second communication devices corresponding to the first communication devices are the same, and access IP addresses of the first communication devices corresponding to the second communication devices are different, mapping the IP addresses of the first communication devices to the IP addresses in a conversion IP pool according to additional designated access IP addresses of the second communication devices with different destination IP addresses, and mapping the additional designated access IP addresses of the second communication devices to the designated access IP addresses of the second communication devices;
wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
12. The method of claim 7, wherein said configuring the communication object with a target translation IP address according to the private network address mapping comprises:
when second communication equipment in the second communication object actively accesses first communication equipment in the first communication object, the appointed access IP addresses of the second communication equipment, which correspond to the first communication equipment, are the same, and the access IP addresses of the first communication equipment, which correspond to the second communication equipment, are different, mapping the original conversion address of the first communication equipment into the conversion network address;
and when the IP address of the second communication equipment conflicts with the IP addresses of other second communication equipment or conflicts with the IP address of the first communication equipment, mapping the IP address of the second communication equipment into an access IP address of the second communication equipment for accessing the first communication equipment.
13. A private network address translation device configured in a private gateway, comprising:
the private network address mapping relation acquisition module is used for acquiring a pre-stored private network address mapping relation; the private network address mapping relation comprises a mapping relation between an IP address of a communication object and a conversion IP address; the communication object comprises a first communication object or a second communication object, the first communication object is a VPC, and the second communication object is an IDC;
the IP address configuration module is used for configuring a target conversion IP address for the communication object according to the private network address mapping relation;
and the communication connection establishing module is used for establishing communication connection between the VPC and the IDC according to the target translation IP address.
14. The apparatus of claim 13, wherein the private line network address mapping relationship comprises:
mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address;
mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address;
mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool;
mapping relation between original conversion address and conversion network address of each first communication device in the first communication object; the original translation address comprises an original IP address and a designated port, and the translation network address comprises a translation IP address and the designated port.
15. The apparatus of claim 13, wherein the IP address configuration module is specifically configured to:
mapping the IP address of each first communication device into each first conversion IP address according to the mapping relation between the IP address of each first communication device in the first communication object and each first conversion IP address;
wherein the first converted IP addresses corresponding to the IP addresses of the first communication devices are different; the first converted IP address is used for the first communication device and the second communication device in the second communication object to access each other.
16. The apparatus of claim 13, wherein the IP address configuration module is specifically configured to:
mapping the IP address of each second communication device into each second conversion IP address according to the mapping relation between the IP address of each second communication device in the second communication object and each second conversion IP address;
wherein the second converted IP addresses corresponding to the IP addresses of the second communication devices are different; the second converted IP address is used for the second communication device to access the first communication device in the first communication object.
17. The apparatus of claim 13, wherein the IP address configuration module is specifically configured to:
mapping the IP address of each first communication device into the IP address of a conversion IP pool according to the mapping relation between the IP address of each first communication device in the first communication object and the IP address of the conversion IP pool;
wherein the IP addresses of the converted IP pools corresponding to the IP addresses of the first communication devices are different; and the IP address of the conversion IP pool is used for the first communication equipment to actively access the second communication equipment in the second communication object through a random port.
18. The apparatus of claim 17, wherein the IP address of the translation IP pool is a random IP address or a combination of a designated IP address and a random port.
19. The apparatus of claim 13, wherein the IP address configuration module is specifically configured to:
mapping the original translation address of each first communication device into the translation network address according to the mapping relation between the original translation address and the translation network address of each first communication device in the first communication object;
the original conversion address comprises an original IP address and a designated port, and the conversion network address comprises a conversion IP address and a designated port; the IP addresses of the first communication equipment are different in corresponding conversion IP address; the converted network address is used for the second communication device in the second communication object to actively access the first communication device through a designated port.
20. The apparatus according to claim 14, wherein the IP address configuration module is specifically configured to:
when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device does not belong to a network segment of the first communication object, directly mapping the IP address of the first communication device to one of random IP addresses of the conversion IP pool;
and the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object.
21. The apparatus according to claim 14, wherein the IP address configuration module is specifically configured to:
when a first communication device in the first communication object actively accesses a second communication device in the second communication object and an access IP address of the first communication device accessing the second communication device belongs to a network segment of the first communication object, mapping the IP address of the first communication device to be a designated IP address and mapping the designated IP address to be the access IP address of the first communication device;
and the network segment corresponding to the specified IP address is different from the network segment corresponding to the first communication object.
22. The apparatus according to claim 14, wherein the IP address configuration module is specifically configured to:
when a first communication device in the first communication object actively accesses a second communication device in the second communication object and the IP address of the first communication device conflicts with the designated access IP address of the second communication device accessing the first communication device, mapping the IP address of the first communication device to one random IP address in the conversion IP pool and mapping an additional designated access IP address of the second communication device to the designated access IP address of the second communication device;
wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
23. The apparatus according to claim 14, wherein the IP address configuration module is specifically configured to:
when a plurality of first communication devices in the first communication object actively access a plurality of second communication devices in the second communication object, designated access IP addresses of the second communication devices corresponding to the first communication devices are the same, and access IP addresses of the first communication devices corresponding to the second communication devices are different, mapping the IP addresses of the first communication devices to the IP addresses in a conversion IP pool according to additional designated access IP addresses of the second communication devices with different destination IP addresses, and mapping the additional designated access IP addresses of the second communication devices to the designated access IP addresses of the second communication devices;
wherein, the network segment corresponding to the conversion IP pool is different from the network segment corresponding to the first communication object; the additional specified access IP address is different from the network segment corresponding to the specified access IP address.
24. The apparatus according to claim 14, wherein the IP address configuration module is specifically configured to:
when second communication equipment in the second communication object actively accesses first communication equipment in the first communication object, the appointed access IP addresses of the second communication equipment, which correspond to the first communication equipment, are the same, and the access IP addresses of the first communication equipment, which correspond to the second communication equipment, are different, mapping the original conversion address of the first communication equipment into the conversion network address;
and when the IP address of the second communication equipment conflicts with the IP addresses of other second communication equipment or conflicts with the IP address of the first communication equipment, mapping the IP address of the second communication equipment into an access IP address of the second communication equipment for accessing the first communication equipment.
25. A private line gateway, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the private network address translation method of any of claims 1-12.
26. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the private network address translation method of any one of claims 1-12.
CN202010530952.XA 2020-06-11 2020-06-11 Private network address conversion method and device, private network gateway and storage medium Active CN111698346B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010530952.XA CN111698346B (en) 2020-06-11 2020-06-11 Private network address conversion method and device, private network gateway and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010530952.XA CN111698346B (en) 2020-06-11 2020-06-11 Private network address conversion method and device, private network gateway and storage medium

Publications (2)

Publication Number Publication Date
CN111698346A true CN111698346A (en) 2020-09-22
CN111698346B CN111698346B (en) 2023-01-17

Family

ID=72480413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010530952.XA Active CN111698346B (en) 2020-06-11 2020-06-11 Private network address conversion method and device, private network gateway and storage medium

Country Status (1)

Country Link
CN (1) CN111698346B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098991A (en) * 2021-03-29 2021-07-09 北京金山云网络技术有限公司 Message processing method and device, private line access gateway and public cloud system
CN114401274A (en) * 2022-01-21 2022-04-26 浪潮云信息技术股份公司 Communication line creating method, device, equipment and readable storage medium
CN114499935A (en) * 2021-12-17 2022-05-13 阿里巴巴(中国)有限公司 Cloud platform access method, device, equipment and storage medium
CN114726780A (en) * 2022-03-23 2022-07-08 阿里云计算有限公司 Communication method, device and storage medium from cloud to cloud

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729388A (en) * 2008-10-22 2010-06-09 华为技术有限公司 Method, media gateway and network system for realizing network address conversion
US20120297089A1 (en) * 2011-05-16 2012-11-22 Cox Communications, Inc. Systems and Methods of Mapped Network Address Translation
CN107959654A (en) * 2016-10-14 2018-04-24 北京金山云网络技术有限公司 A kind of data transmission method, device and mixing cloud system
US10541966B1 (en) * 2015-07-02 2020-01-21 Aviatrix Systems, Inc. System and method for enabling communication between networks with overlapping IP address ranges

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729388A (en) * 2008-10-22 2010-06-09 华为技术有限公司 Method, media gateway and network system for realizing network address conversion
US20120297089A1 (en) * 2011-05-16 2012-11-22 Cox Communications, Inc. Systems and Methods of Mapped Network Address Translation
US10541966B1 (en) * 2015-07-02 2020-01-21 Aviatrix Systems, Inc. System and method for enabling communication between networks with overlapping IP address ranges
CN107959654A (en) * 2016-10-14 2018-04-24 北京金山云网络技术有限公司 A kind of data transmission method, device and mixing cloud system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098991A (en) * 2021-03-29 2021-07-09 北京金山云网络技术有限公司 Message processing method and device, private line access gateway and public cloud system
CN113098991B (en) * 2021-03-29 2022-11-04 北京金山云网络技术有限公司 Message processing method and device, private line access gateway and public cloud system
CN114499935A (en) * 2021-12-17 2022-05-13 阿里巴巴(中国)有限公司 Cloud platform access method, device, equipment and storage medium
CN114499935B (en) * 2021-12-17 2023-08-29 阿里巴巴(中国)有限公司 Cloud platform access method, device, equipment and storage medium
CN114401274A (en) * 2022-01-21 2022-04-26 浪潮云信息技术股份公司 Communication line creating method, device, equipment and readable storage medium
CN114401274B (en) * 2022-01-21 2023-11-07 浪潮云信息技术股份公司 Communication line creation method, device, equipment and readable storage medium
CN114726780A (en) * 2022-03-23 2022-07-08 阿里云计算有限公司 Communication method, device and storage medium from cloud to cloud
CN114726780B (en) * 2022-03-23 2024-04-02 阿里云计算有限公司 Communication method, device and storage medium from top to bottom of cloud

Also Published As

Publication number Publication date
CN111698346B (en) 2023-01-17

Similar Documents

Publication Publication Date Title
CN111698346B (en) Private network address conversion method and device, private network gateway and storage medium
US10547463B2 (en) Multicast helper to link virtual extensible LANs
CN106462408B (en) Low latency connection to a workspace in a cloud computing environment
US9491002B1 (en) Managing communications involving external nodes of provided computer networks
US20230396539A1 (en) Scalable routing and forwarding of packets in cloud infrastructure
US10999195B1 (en) Multicast VPN support in data centers using edge replication tree
US11665088B2 (en) Assisted replication in software defined network
US10164914B2 (en) Network function virtualization (NFV) software-defined network (SDN) network-to-network interfaces (NNIs)
US11777897B2 (en) Cloud infrastructure resources for connecting a service provider private network to a customer private network
US20230024408A1 (en) Efficient flow management utilizing control packets
US20230370421A1 (en) Scaling ip addresses in overlay networks
US20240039847A1 (en) Highly-available host networking with active-active or active-backup traffic load-balancing
US20240154904A1 (en) Dynamic ip routing in a cloud environment
CN105657078A (en) Data transmission method, data transmission device and multi-layer network manager
US11929976B2 (en) Virtual network routing gateway that supports address translation for dataplane as well as dynamic routing protocols (control plane)
US20220197683A1 (en) Mechanism to implement vcn network virtualization in a rack-based switch
US20230396579A1 (en) Cloud infrastructure resources for connecting a service provider private network to a customer private network
US11811593B2 (en) Secure bi-directional network connectivity system between private networks
US20240179115A1 (en) Virtual network routing gateway that supports address translation for dataplans as well as dynamic routing protocols (control plane)
US20240095739A1 (en) Identity management for virtual private label clouds
US20230013110A1 (en) Techniques for processing network flows
US20230133380A1 (en) Transparent mounting of external endpoints between private networks
WO2022271990A1 (en) Routing policies for graphical processing units
CN117561705A (en) Routing policies for graphics processing units
CN117597894A (en) Routing policies for graphics processing units

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant