CN115334035A - Message forwarding method and device, electronic equipment and storage medium - Google Patents

Message forwarding method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115334035A
CN115334035A CN202210835515.8A CN202210835515A CN115334035A CN 115334035 A CN115334035 A CN 115334035A CN 202210835515 A CN202210835515 A CN 202210835515A CN 115334035 A CN115334035 A CN 115334035A
Authority
CN
China
Prior art keywords
message
address
forwarded
identifier
sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210835515.8A
Other languages
Chinese (zh)
Other versions
CN115334035B (en
Inventor
白雁飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Cloud Technology Co Ltd
Original Assignee
Tianyi Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Cloud Technology Co Ltd filed Critical Tianyi Cloud Technology Co Ltd
Priority to CN202210835515.8A priority Critical patent/CN115334035B/en
Publication of CN115334035A publication Critical patent/CN115334035A/en
Application granted granted Critical
Publication of CN115334035B publication Critical patent/CN115334035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for forwarding a packet, an electronic device, and a storage medium, where an NAT device receives a packet to be forwarded, where a packet header of the packet to be forwarded at least includes: the sequence identification and the private network IP address of the message to be forwarded; if the port identification associated with the sequence identification is not found, generating a port identification based on the sequence identification by combining a preset identification generation mode, and mapping the private network IP address to a public network IP address to obtain a target message; and forwarding the target message to the next node equipment based on the public network IP address and the port identification. Therefore, resource waste can be avoided, and the message transmission efficiency is improved.

Description

Message forwarding method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for forwarding a packet, an electronic device, and a storage medium.
Background
Currently, with the development of Generic Routing Encapsulation (GRE) technology, the GRE technology can be applied to a variety of different scenarios, for example, the GRE technology can be applied to a Dynamic Multipoint Virtual Private Network (DMVPN).
In the related art, usually, a mapping relationship between a private Network IP Address and a public Network IP Address can be configured on a Network Address Translation (NAT) device, so that Address Translation is performed based on the configured mapping relationship, so that a GRE packet can be transmitted in a public Network, and an IP Security (IPsec) can be encapsulated outside the GRE packet, thereby implementing packet forwarding.
However, when the packet is forwarded by using the Address Translation method, each private network source IP Address only corresponds to one public network source IP Address, and therefore, the method cannot be applied to a scenario with less public network IP resources, for example, in an internet private line of an operator, in order to reduce the number of public network IP addresses, port Address Translation (PAT) is usually used for data transmission; when the packet is forwarded by adopting an IPsec encapsulation mode, the packet length is increased, thereby reducing the packet transmission efficiency.
Disclosure of Invention
The embodiment of the application provides a message forwarding method, a message forwarding device, an electronic device and a storage medium, so as to avoid resource waste and improve message transmission efficiency.
The embodiment of the application provides the following specific technical scheme:
a message forwarding method is applied to Network Address Translation (NAT) equipment, and comprises the following steps:
receiving a message to be forwarded, wherein a message header of the message to be forwarded at least comprises: the sequence identification and the private network IP address of the message to be forwarded;
if the port identification associated with the sequence identification is not found, generating a port identification based on the sequence identification by combining a preset identification generation mode, and mapping the private network IP address to a public network IP address to obtain a target message;
and forwarding the target message to the next node equipment based on the public network IP address and the port identification.
Optionally, after receiving the packet to be forwarded, the method further includes:
if the port identification associated with the sequence identification is found in the PAT list converted from the port address, reading the public network IP address from the table entry containing the port identification;
and mapping the private network IP address in the message to be forwarded into a public network IP address to obtain a target message.
Optionally, the processing the sequence identifier by using a preset identifier generation manner to obtain a port identifier includes:
carrying out hash processing on the sequence identification to obtain a hash value corresponding to the sequence identification;
and taking the hash value as a port identifier corresponding to the message to be forwarded.
Optionally, after mapping the private network IP address to a public network IP address, the method further includes:
establishing an association relation among the public network IP address, the private network IP address and the port identification; and the number of the first and second groups,
and adding the public network IP address, the private network IP address and the port identification into a PAT list.
A message forwarding method is applied to a router, and the method comprises the following steps:
receiving a message to be processed;
identifying a sequence identifier corresponding to the message to be processed;
adding the sequence identification to a message head corresponding to the message to be processed to obtain a message to be forwarded;
sending the message to be forwarded to a Network Address Translation (NAT) device so that the NAT device receives the message to be forwarded, if determining that a port identifier associated with the sequence identifier is not found, generating a port identifier by combining a preset identifier generation mode based on the sequence identifier, mapping the private network IP address to a public network IP address to obtain a target message, and forwarding the target message to a next node device based on the public network IP address and the port identifier, wherein a message header of the message to be forwarded at least comprises: and the sequence identification and the private network IP address of the message to be forwarded.
Optionally, the adding the sequence identifier to the packet header corresponding to the packet to be processed to obtain the packet to be forwarded includes:
setting the field type corresponding to the sequence identification field in the message header of the message to be processed as a necessary choice;
and taking the sequence identification as the value of the sequence identification field to obtain the message to be forwarded.
A message forwarding device is applied to Network Address Translation (NAT) equipment, and the device comprises:
a receiving module, configured to receive a packet to be forwarded, where a packet header of the packet to be forwarded at least includes: the sequence identification and the private network IP address of the message to be forwarded;
the first processing module is used for generating a port identifier by combining a preset identifier generation mode based on the sequence identifier if the port identifier associated with the sequence identifier is not found, and mapping the private network IP address to a public network IP address to obtain a target message;
and the forwarding module is used for forwarding the target message to the next node device based on the public network IP address and the port identifier.
Optionally, after receiving the packet to be forwarded, the apparatus further includes a second processing module, where the second processing module is configured to:
if the port identification associated with the sequence identification is found in the PAT list converted from the port address, reading the public network IP address from the table entry containing the port identification;
and mapping the private network IP address in the message to be forwarded into a public network IP address to obtain a target message.
Optionally, the sequence identifier is processed in a preset identifier generation manner, and when the port identifier is obtained, the first processing module is further configured to:
carrying out hash processing on the sequence identification to obtain a hash value corresponding to the sequence identification;
and taking the hash value as a port identifier corresponding to the message to be forwarded.
Optionally, after mapping the private network IP address to a public network IP address, the first processing module is further configured to:
establishing an association relation among the public network IP address, the private network IP address and the port identification; and the number of the first and second groups,
and adding the public network IP address, the private network IP address and the port identification into a PAT list.
A message forwarding device is applied to a router, and the device comprises:
the receiving module is used for receiving the message to be processed;
the identification module is used for identifying the sequence identification corresponding to the message to be processed;
the generating module is used for adding the sequence identifier to a message header corresponding to the message to be processed to obtain the message to be forwarded;
a processing module, configured to send the packet to be forwarded to a network address translation NAT device, so that the NAT device receives the packet to be forwarded, if it is determined that a port identifier associated with the sequence identifier is not found, generate a port identifier based on the sequence identifier in combination with a preset identifier generation manner, map the private network IP address to a public network IP address, obtain a target packet, and forward the target packet to a next node device based on the public network IP address and the port identifier, where a packet header of the packet to be forwarded at least includes: and the sequence identification and the private network IP address of the message to be forwarded.
Optionally, the generating module is further configured to:
setting the field type corresponding to the sequence identification field in the message header of the message to be processed as a necessary choice;
and taking the sequence identification as the value of the sequence identification field to obtain the message to be forwarded.
An electronic device comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor implements the steps of the message forwarding method when executing the program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned message forwarding method.
In the embodiment of the application, after a router receives a message to be processed, a sequence identifier corresponding to the message to be processed is identified, the sequence identifier is added to a message header corresponding to the message to be processed to obtain the message to be forwarded, the message to be forwarded is sent to Network Address Translation (NAT) equipment so that the message to be forwarded is received, if a port identifier associated with the sequence identifier is determined not to be found, the sequence identifier is processed according to a preset identifier generation mode to obtain the port identifier, a private network IP address is mapped to a public network IP address to obtain a target message, and the target message is forwarded to next node equipment based on the public network IP address and the port identifier. Therefore, because the message header of the message to be forwarded contains the sequence identifier of the message to be forwarded, the port identifier can be obtained based on the sequence identifier when the port identifier associated with the sequence identifier is not found, so that the public network IP identifier can be obtained based on the port identifier and the conversion, and the target message is forwarded to the next node device.
Drawings
Fig. 1 is a schematic flowchart of a message forwarding method in an embodiment of the present application;
fig. 2 is a schematic diagram of a first format of a packet header in the embodiment of the present application;
FIG. 3 is a schematic diagram of a PAT list in an embodiment of the present application;
fig. 4 is a schematic flowchart of another packet forwarding method in this embodiment;
fig. 5 is a schematic diagram of a second format of a packet header in the embodiment of the present application;
fig. 6 is a schematic structural diagram of a router in an embodiment of the present application;
fig. 7 is a schematic diagram illustrating a flow of message processing based on a router in the embodiment of the present application;
fig. 8 is a schematic structural diagram of a NAT device in an embodiment of the present application;
fig. 9 is a schematic diagram of a message processing flow based on the NAT device in the embodiment of the present application;
FIG. 10 is a diagram illustrating an application scenario in an embodiment of the present application;
fig. 11 is a schematic diagram of a message encapsulation flow in the embodiment of the present application;
fig. 12 is a schematic structural diagram of a message forwarding apparatus in an embodiment of the present application;
fig. 13 is another schematic structural diagram of a message forwarding apparatus in the embodiment of the present application;
fig. 14 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
With the development of data communication technology, the GRE technology can be applied to various different scenarios, for example, it can be applied to a DMVPN, which is an implementation manner combining a multipoint GRE and Next Hop Resolution Protocol (NHRP) with IPsec, and can establish a VPN between branches of an enterprise network when the branches use a dynamic access public network.
Specifically, a client automatically registers addresses with a server through NHRP, so that the server obtains dynamic address information of all clients, when one session needs to send data to another session, firstly, the server inquires a public network IP address of the session, and sends out a data packet based on the public network IP address, when a service segment receives the data packet and an inquiry packet, the service segment is forwarded first, and replies the inquiry, when the session end receives the inquiry packet, the session end obtains the public network IP address of the other session end, establishes a VPN tunnel, and the time limit of the VPN tunnel is defaulted to 2 hours.
With the development of 4G and 5G technologies, a telephone card or an internet of things card is often allocated with private network addresses, so that the demand of GRE (generic routing encapsulation) in a 4G and 5G private line or an internet private line for directly establishing a private network and a public network is more and more, a first station is located in the private network, the address of a first session router is the allocated private network address, NAT equipment is deployed in the network, and in order to save public network addresses, PAT (path address) is often operated on the NAT equipment, so that one NAT address can be allocated to a plurality of intranet addresses for sharing at the same time. As the first session router of the GRE terminating equipment of the GRE tunnel is positioned in the private network, the source IP address configured for the GRE tunnel on the first session router is the private network IP address. Therefore, the message of the GRE tunnel is encapsulated by the private network IP address, and the message cannot be transmitted on the public network.
In order to transmit GRE tunnel message in public network, GRE equipment can pass through NAT equipment, in the related technology, corresponding public network measurement source IP address can be statically configured for GRE tunnel on NAT equipment, namely, an address conversion table item between a source IP address corresponding to private network measurement of GRE tunnel and a source IP address corresponding to public network measurement is generated, and the mapping relation between the tunnel source IP address and the NAT IP address is manually configured on NAT equipment to be used as NAT conversion table.
However, because the operator uses PAT on the NAT device to save public network IP addresses, thousands of private network IPs correspond to one public network IP. Moreover, if the IPsec protocol is encapsulated through the outer layer, the length of the message is longer, fragmentation is more likely to occur, and the transmission efficiency is low, and since the manual configuration of the IPsec is required for GRE traversal, the configuration efficiency is poor, the flexibility is low, the applicability is not strong, automatic traversal cannot be performed, and in addition, devices at two ends of the GRE tunnel are required to support the IPsec protocol.
In the embodiment of the application, a message forwarding method is provided, wherein after a router receives a message to be processed, a sequence identifier corresponding to the message to be processed is identified, the sequence identifier is added to a message header corresponding to the message to be processed to obtain the message to be forwarded, the message to be forwarded is sent to Network Address Translation (NAT) equipment so that the message to be forwarded is received, if it is determined that a port identifier associated with the sequence identifier is not found, the sequence identifier is processed according to a preset identifier generation mode to obtain a port identifier, the private network IP address is mapped to a public network IP address to obtain a target message, and the target message is forwarded to next node equipment based on the public network IP address and the port identifier. Therefore, after the message to be forwarded is sent to the NAT device, because the sequence identifier of the message to be forwarded is included in the message header of the message to be forwarded, when the port identifier associated with the sequence identifier is not found, the port identifier can be obtained based on the sequence identifier, so that the public network IP identifier can be obtained based on the port identifier and the conversion, and the target message is forwarded to the next node device.
Based on the foregoing embodiment, referring to fig. 1, a schematic flow chart of a message forwarding method in the embodiment of the present application is shown, which specifically includes:
step 100: and receiving a message to be forwarded.
Wherein, the message header of the message to be forwarded at least comprises: sequence identification and private network IP address of the message to be forwarded.
In the embodiment of the application, a message to be forwarded sent by the NAT equipment is received, and the message to be forwarded comprises a message header and message data.
Referring to fig. 2, the first format diagram of the packet header in the embodiment of the present application is shown, where a first bit in the packet header is a sequence number field, that is, a sequence identifier field in the embodiment of the present application, and the first bit is set to 1, so that the sequence number field is a mandatory field, a second bit is a checksum field, that is, C in fig. 2, a third bit is a key field, that is, K in fig. 2, a fourth bit is a routing field, that is, R in fig. 2, and the checksum field, the key field, and the routing field are optional fields, and in the packet header, information such as a recursion, a flag, a version, and an encapsulated ethernet protocol type is further included.
It should be noted that the minimum length of the packet to be forwarded is 8 bytes, which is not limited in this embodiment of the application.
In addition, it should be noted that, in the embodiment of the present application, a field set 1 indicates that a corresponding field exists, and a field set 0 indicates that no field exists.
Step 110: and if the port identification associated with the sequence identification is not found, generating the port identification based on the sequence identification and by combining a preset identification generation mode, and mapping the private network IP address to a public network IP address to obtain the target message.
In the embodiment of the present application, based on the sequence identifier, whether a port identifier associated with the sequence identifier exists is searched from a pre-stored PAT list, which may be specifically divided into the following two cases.
In the first case: the port id associated with the sequence id is not found.
Specifically, if it is determined that the port identifier associated with the sequence identifier is not found, the sequence identifier is processed in a preset identifier generation mode to obtain the port identifier, and the private network IP address is mapped to the public network IP address to obtain the target message.
In the embodiment of the application, when it is determined that the port identifier associated with the sequence identifier is not found, the value corresponding to the sequence identifier field in the header of the message is read to obtain the sequence identifier, the sequence identifier is processed by combining a preset identifier generation mode based on the sequence identifier, so that the port identifier corresponding to the message to be forwarded is obtained, and meanwhile, the private network IP address contained in the header of the message is mapped to the public network IP address, so that the target message is obtained.
For example, the NAT device receives a message to be forwarded, reads a value corresponding to a sequence identifier field in a message header to be processed, obtains a sequence identifier S1, processes the sequence identifier S1 based on the sequence identifier S1 in combination with a preset identifier generation manner, obtains a port identifier S1 corresponding to the message to be forwarded, reads a private network IP address 192.168.1.1 included in the message header, and maps the private network IP address 192.168.1.1 to a public network IP address 111.11.11, thereby obtaining a target message, that is, the public network IP address included in the message header of the target message is 111.11.11.
Optionally, in the embodiment of the present application, a possible implementation manner is provided for generating a port identifier, which specifically includes:
s1: and carrying out hash processing on the sequence identification to obtain a hash value corresponding to the sequence identification.
In the embodiment of the application, the preset hash algorithm is adopted to perform hash processing on the sequence identifier, so that a hash value corresponding to the sequence identifier is obtained.
For example, after receiving a message to be forwarded, that is, an SGRE message, the NAT device extracts a value of a Sequence Number field in the SGRE message to obtain a Sequence identifier s1, performs hash processing on the Sequence identifier by using a preset hash algorithm, and obtains a hash value corresponding to the Sequence identifier 6060.
S2: and taking the hash value as a port identifier corresponding to the message to be forwarded.
In the embodiment of the application, after the hash value is obtained, the obtained hash value is used as the port identifier corresponding to the message to be forwarded, so that the port address conversion can be realized, and the hash algorithm can be used for hiding the value of the sequence identifier in the original message to be forwarded to prevent replay attack on a public network, thereby improving the security of message forwarding.
Optionally, in this embodiment of the present application, another possible implementation manner is provided for obtaining the port identifier, that is, the sequence identifier is directly used as the packet identifier of the packet to be forwarded.
For example, assuming that the sequence identifier is 8080, the message identifier of the message to be forwarded is 8080.
Further, after obtaining the port identifier, a PAT list may also be generated, and after subsequently receiving a message to be forwarded, the port identifier and the public network IP address may be directly obtained from the PAT list based on the private network IP address and the sequence identifier corresponding to the message to be forwarded, where the following describes a process of establishing the PAT list in the embodiment of the present application, and specifically includes:
the first step is as follows: and establishing an association relation among the public network IP address, the private network IP address and the port identification.
In the embodiment of the application, the association relation among the public network IP address, the private network IP address and the port identification is established, so that the associated public network IP address and the port identification can be inquired based on the private network IP address.
The second step is that: and adding the public network IP address, the private network IP address and the port identification into the PAT list.
In the embodiment of the application, a PAT list is established in advance, the PAT list comprises at least one table entry, and each table entry at least comprises a public network IP address, a private network IP address and a port identifier.
Referring to fig. 3, a schematic diagram of the PAT list in the embodiment of the present application is shown, where the entry of the PAT list includes a PAT type, a GRE protocol, a public network source IP address and port identifier, a private network source IP address and port identifier, a public network destination IP address and port identifier, and a lifetime, where a port identifier of the public network source IP address is S1, and a port identifier of the private network source IP address is S1.
In the second case: the port identification associated with the sequence identification is found.
If the port identifier associated with the sequence identifier is determined to be found, the public network IP address conversion can be directly performed, which specifically includes:
the first step is as follows: and if the port identification associated with the sequence identification is found in the PAT list converted from the port address, reading the public network IP address from the table entry containing the port identification.
In the embodiment of the present application, when it is determined that the port identifier associated with the sequence identifier is found from the pre-established PAT list, the public network IP address included in the entry is read from the entry including the found port identifier.
For example, after receiving the packet to be forwarded, the NAT device searches for the associated port identifier 8800 according to the sequence identifier, and then reads the public network IP address 111.11.22 included in the table entry from the table entry including the port identifier 8800.
The second step: and mapping the private network IP address in the message to be forwarded into a public network IP address to obtain a target message.
In the embodiment of the application, after the public network IP address is read, the private network IP address contained in the message header is replaced by the determined public network IP address, so that the target message containing the public network IP address is obtained.
For example, the read public network IP address is 111.11.22, and the private network IP address 192.168.2.1 included in the packet header is replaced by the determined public network IP address 111.11.22, so as to obtain the target packet, that is, the public network IP address included in the packet header of the target packet is 111.11.22.
Step 120: and forwarding the target message to the next node equipment based on the public network IP address and the port identification.
In the embodiment of the application, after the target packet is obtained, the target packet may be forwarded to the next node device based on the public network IP address and the port identifier in the target packet.
In the embodiment of the application, after a message to be forwarded is received, if it is determined that a port identifier associated with the sequence identifier is not found, the sequence identifier is processed according to a preset identifier generation mode to obtain the port identifier, the private network IP address is mapped to a public network IP address to obtain a target message, and the target message is forwarded to a next node device based on the public network IP address and the port identifier. By the message forwarding method in the embodiment of the application, the message can be forwarded without PAT crossing of IPsec, the sequence identifier is subjected to hash processing to obtain a hash value corresponding to the sequence identifier, the hash value is used as a port identifier corresponding to the message to be forwarded, an encryption effect is achieved, the message forwarding safety can be improved, and the application of the DMVPN technology in 4/5G of an operator and an internet private line scene is expanded.
In addition, by the method in the embodiment of the application, the message forwarding efficiency is increased, so that the message cost is lower, fragmentation is not easy, the PAT can automatically pass through the public network, a static address translation table entry does not need to be manually configured, maintenance is easier, adaptability is stronger, and router devices at two ends of a tunnel do not need to support IPsec.
Based on the foregoing embodiment, referring to fig. 4, a schematic flow chart of another packet forwarding method in the embodiment of the present application is shown, which specifically includes:
step 400: and receiving a message to be processed.
Wherein, the message header of the message to be processed at least comprises: private network IP address of the message to be processed.
In the embodiment of the application, the router receives a message to be processed, and the message to be processed comprises a message header and message data.
Referring to fig. 5, the second format diagram of the packet header in the embodiment of the present application is shown, where a first bit in the packet header is a checksum field, a second bit is a routing field, a third bit is a key field, a fourth bit is a sequence number field, and the checksum field, the routing field, the key field, and the sequence number field are all optional fields.
It should be noted that the minimum length of the message to be processed is 4 bytes, which is not limited in this embodiment of the application.
Step 410: and identifying a sequence identifier corresponding to the message to be processed.
In the embodiment of the application, when a message to be processed is received, a sequence identifier corresponding to the message to be processed is identified.
For example, after receiving the message to be processed, the sequence identifier of the message to be processed is identified, and the sequence identifier 2020 of the message to be processed is obtained.
Step 420: and adding the sequence identifier to the message head corresponding to the message to be processed to obtain the message to be forwarded.
In the embodiment of the application, when the sequence identifier corresponding to the message to be forwarded is identified, the identified sequence identifier is added to the message header of the message to be processed based on a preset identifier adding mode to obtain the message to be forwarded, and therefore the message header of the message to be forwarded includes the sequence identifier.
For example, when the router receives a message to be processed, the sequence identifier 2020 of the message to be processed is identified, and the sequence identifier 2020 is added to the message header of the message to be processed based on a preset identifier adding mode, so as to obtain the message to be forwarded.
Optionally, in this embodiment of the present application, a possible implementation manner is provided for a packet to be forwarded, which specifically includes:
the first step is as follows: and setting the field type corresponding to the sequence identification field in the message header of the message to be processed as a necessary choice.
In the embodiment of the present application, since the packet header of the packet to be processed at least includes the sequence identification field, the field type corresponding to the sequence identification field is set as a mandatory field from an optional field, so that the sequence identification field becomes the mandatory field.
When the field type corresponding to the sequence identification field is set as a mandatory option, the sequence identification field may be set to 1, which is not limited in the embodiment of the present application.
For example, suppose that the first bit in the packet header of the packet to be processed is the sequence identifier field, and therefore, the first bit may be set to 1, so that the sequence identifier field becomes the mandatory field.
The second step is that: and taking the sequence identification as the value of a sequence identification field to obtain the message to be forwarded.
In the embodiment of the application, after the field type corresponding to the sequence identification field is set as a necessary choice, the sequence identification is used as the value of the sequence identification field, so that the message to be forwarded is obtained.
For example, assuming that the sequence id is 3030, the sequence id field takes the value 3030.
Step 430: and sending the message to be forwarded to a Network Address Translation (NAT) device so that the NAT device receives the message to be forwarded, if the NAT device determines that the port identification associated with the sequence identification is not found, generating the port identification based on the sequence identification by combining a preset identification generation mode, mapping the private network IP address to a public network IP address to obtain a target message, and forwarding the target message to the next node device based on the public network IP address and the port identification.
Wherein, the message header of the message to be forwarded at least comprises: sequence identification and private network IP address of the message to be forwarded.
In the embodiment of the application, the message to be forwarded is sent to the NAT device, so that after receiving the message to be forwarded, if it is determined that the port identifier associated with the sequence identifier is not found, the NAT device generates the port identifier based on the sequence identifier and in combination with a preset identifier generation mode, maps the private network IP address to the public network IP address to obtain the target message, and forwards the target message to the next node device based on the public network IP address and the port identifier.
In the embodiment of the application, after the message to be forwarded is sent to the NAT device, because the sequence identifier is added to the message header of the message to be forwarded, the port identifier can be obtained based on the sequence identifier, so that the public network IP identifier can be obtained based on the port identifier and the translation, and the target message is forwarded to the next node device.
Based on the foregoing embodiment, referring to fig. 6, a schematic structural diagram of a router in the embodiment of the present application specifically includes:
1. a control plane.
The control plane includes a GRE module, other modules, and a routing module.
(1) And a GRE module.
In the embodiment of the present application, the GRE module is configured to set a sequence identifier field in a packet header of a packet to be processed to 1, and use a sequence identifier of the generated packet to be processed as a value of the sequence identifier field, so as to obtain the packet to be forwarded.
(2) And a routing module.
In the embodiment of the application, the routing module is used for sending the message to be forwarded to the NAT device.
(3) And (4) other modules.
In the embodiment of the application, the other modules are used for performing other processing on the message to be processed and the message to be forwarded.
2. A data plane.
In the embodiment of the application, the data plane is used for storing the forwarding table entry, and the forwarding table entry is used for the router to send the message to be forwarded to the next NAT device.
Based on the foregoing embodiment, referring to fig. 7, a schematic diagram of a message processing flow based on a router in the embodiment of the present application specifically includes:
step 700: and receiving a message to be processed under a private network.
Step 710: and judging whether the received message to be processed is a GRE message, if so, executing step 720, and if not, executing step 730.
Step 720: the protocol stack sets 1 to the s field in the message header of the message to be processed, and adds the generated sequence identifier to the s field in the message header to obtain the message to be forwarded.
In the embodiment of the application, the header of the message at least comprises an s field, and the s field represents a sequence identification field.
Step 730: and sending the message to be forwarded to the next NAT device.
Based on the above embodiment, referring to fig. 8, a schematic structural diagram of a NAT device in the embodiment of the present application is shown, which specifically includes:
1. and a GRE processing unit.
In the embodiment of the application, the GRE processing unit is configured to perform hash processing on the sequence identifier in the packet header of the packet to be forwarded, obtain a hash value corresponding to the sequence identifier, use the hash value as a port identifier corresponding to the packet to be forwarded, and map the private network IP address as the public network IP address, thereby obtaining the target packet.
2. And a memory unit.
In the embodiment of the application, the storage unit is used for storing the PAT conversion table entry, and the PAT conversion table entry is used for mapping the private network IP address to the public network IP address.
3. And an aging unit.
In the embodiment of the application, the aging unit is used for configuring the aging duration of the private network IP address and the public network IP address.
4. And other control units.
In this embodiment, the other control unit is configured to perform other processing on the packet to be forwarded and the destination packet.
5. And a receiving unit.
In this embodiment of the application, the receiving unit is configured to receive a packet to be forwarded and send a destination packet to a next node device from the router.
Based on the foregoing embodiment, referring to fig. 9, a schematic diagram of a packet processing flow based on NAT devices in the embodiment of the present application specifically includes:
step 900: and receiving a message to be forwarded sent by the router.
Step 910: and judging whether the associated table entry exists, if so, executing step 940, and if not, executing step 920.
In the embodiment of the present application, according to the sequence identifier corresponding to the packet to be forwarded, whether there is an entry associated with the sequence identifier is searched from the PAT entry, if it is determined that there is an associated entry, step 940 is executed, and if there is no associated entry, step 920 is executed.
Step 920: reading the sequence identification in the message header of the message to be forwarded, and performing hash processing on the sequence identification to obtain a hash value corresponding to the sequence identification.
In the embodiment of the application, a preset hash algorithm is adopted to perform hash processing on the sequence identifier, so that a hash value corresponding to the sequence identifier is obtained.
Step 930: and taking the hash value as a port identifier corresponding to the message to be forwarded, generating a PAT conversion table entry based on the port identifier, and mapping the private network IP address into a public network IP address to obtain a target message.
Step 940: and forwarding the target message to the next node device.
Based on the above embodiment, referring to fig. 10, a schematic diagram of an application scenario in the embodiment of the present application is specifically included:
the source IP address configured for the GRE tunnel on the first session router is a private network IP address, that is, a private network-IP 1 in fig. 10, and the address of the address after PAT on the NAT device is a public network-IP. The destination IP that the Hub router configures for the GRE tunnel is the public network address, i.e. public network-IP 3 in fig. 10. When the original IP1 of the first station accesses the original IP3 of the Hub, GRE encapsulation is carried out on the data traffic. The message encapsulation source IP is a private network-IP, the destination IP is a public network-IP 3, and the private network-IP cannot be used as the destination IP of the return flow in the public network, so that address conversion is needed. When the message reaches the NAT device and the received message to be forwarded is detected to be a GRE message, the sequence identification field S1 is subjected to hash processing, so that a hash value S1 corresponding to the sequence identification is obtained. And taking the S1 as a port identifier of PAT conversion, and locally generating an address and a port conversion table entry to realize the PAT crossing process of the whole GRE.
Based on the above embodiment, referring to fig. 11, a schematic diagram of a message encapsulation process in the embodiment of the present application is shown, which specifically includes:
the message to be processed comprises a site 1-IP, a center-IP and message data, when the router receives the message to be processed, the message to be processed is packaged to generate a message to be forwarded, the message to be forwarded comprises a private network-IP 1, a public network-IP 3, a message header, the site 1-IP, the center-IP and the message data, then the message to be forwarded is sent to NAT equipment, and after the NAT equipment receives the message to be forwarded, the private network-IP 1 in the message to be forwarded is mapped into a public network-IP to generate a target message, so that the generated target message comprises the public network-IP, the public network-IP 3, the message header, the site 1-IP, the center-IP and the message data.
Based on the same inventive concept, the embodiment of the present application further provides a message forwarding apparatus, where the message forwarding apparatus may be, for example, the NAT device in the foregoing embodiment, and the message forwarding apparatus may be a hardware structure, a software module, or a hardware structure plus a software module. Based on the above embodiment, referring to fig. 12, a schematic structural diagram of a message forwarding apparatus in the embodiment of the present application is shown, which specifically includes:
a receiving module 1200, configured to receive a packet to be forwarded, where a packet header of the packet to be forwarded at least includes: the sequence identification and the private network IP address of the message to be forwarded;
a first processing module 1201, configured to, if it is determined that a port identifier associated with the sequence identifier is not found, generate a port identifier based on the sequence identifier and in combination with a preset identifier generation manner, and map the private IP address to a public IP address to obtain a target packet;
a forwarding module 1202, configured to forward the target packet to a next node device based on the public network IP address and the port identifier.
Optionally, after receiving the packet to be forwarded, the apparatus further includes a second processing module 1203, where the second processing module 1203 is configured to:
if the port identification associated with the sequence identification is found in the PAT list converted from the port address, reading the public network IP address from the table entry containing the port identification;
and mapping the private network IP address in the message to be forwarded into a public network IP address to obtain a target message.
Optionally, when the sequence identifier is processed in a preset identifier generation manner to obtain a port identifier, the first processing module 1201 is further configured to:
carrying out hash processing on the sequence identification to obtain a hash value corresponding to the sequence identification;
and taking the hash value as a port identifier corresponding to the message to be forwarded.
Optionally, after mapping the private network IP address to a public network IP address, the first processing module 1201 is further configured to:
establishing an association relation among the public network IP address, the private network IP address and the port identification; and (c) a second step of,
and adding the public network IP address, the private network IP address and the port identification into a PAT list.
Based on the same inventive concept, the embodiment of the present application further provides a message forwarding apparatus, which may be, for example, a router in the foregoing embodiment, and the message forwarding apparatus may be a hardware structure, a software module, or a hardware structure plus a software module. Based on the foregoing embodiment, referring to fig. 13, another schematic structural diagram of a message forwarding apparatus in the embodiment of the present application is shown, which specifically includes:
a receiving module 1300, configured to receive a message to be processed;
an identifying module 1301, configured to identify a sequence identifier corresponding to the packet to be processed;
a generating module 1302, configured to add the sequence identifier to a packet header corresponding to the packet to be processed, to obtain a packet to be forwarded;
a processing module 1303, configured to send the packet to be forwarded to a network address translation NAT device, so as to receive the packet to be forwarded, where a packet header of the packet to be forwarded at least includes: and if the sequence identification and the private network IP address of the message to be forwarded are determined not to be found, generating a port identification by combining a preset identification generation mode based on the sequence identification, mapping the private network IP address to a public network IP address to obtain a target message, and forwarding the target message to next node equipment based on the public network IP address and the port identification.
Optionally, the generating module 1302 is further configured to:
setting the field type corresponding to the sequence identification field in the message header of the message to be processed as a necessary choice;
and taking the sequence identification as the value of the sequence identification field to obtain the message to be forwarded.
Based on the above embodiments, fig. 14 is a schematic structural diagram of an electronic device in an embodiment of the present application.
An embodiment of the present application provides an electronic device, which may include a processor 1410 (central Processing Unit, CPU), a memory 1420, an input device 1430, an output device 1440, and the like, wherein the input device 1430 may include a keyboard, a mouse, a touch screen, and the like, and the output device 1440 may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), and the like.
Memory 1420 may include read-only memory (ROM) and Random Access Memory (RAM), and provides program instructions and data stored in memory 1420 to processor 1410. In this embodiment, the memory 1420 may be configured to store a program of any message forwarding method in this embodiment.
The processor 1410 is configured to execute any of the message forwarding methods of the present application according to the obtained program instructions by calling the program instructions stored in the memory 1420.
Based on the foregoing embodiments, in the embodiments of the present application, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the message forwarding method in any of the above method embodiments.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A message forwarding method is applied to Network Address Translation (NAT) equipment, and the method comprises the following steps:
receiving a message to be forwarded, wherein a message header of the message to be forwarded at least comprises: the sequence identification and the private network IP address of the message to be forwarded;
if the port identification associated with the sequence identification is not found, generating a port identification based on the sequence identification and by combining a preset identification generation mode, and mapping the private network IP address to a public network IP address to obtain a target message;
and forwarding the target message to the next node equipment based on the public network IP address and the port identification.
2. The method of claim 1, wherein after receiving the message to be forwarded, the method further comprises:
if the port identification correlated with the sequence identification is found out from the port address translation PAT list, reading the public network IP address from the table entry containing the port identification;
and mapping the private network IP address in the message to be forwarded into a public network IP address to obtain a target message.
3. The method of claim 1, wherein the processing the sequence identifier in a preset identifier generation manner to obtain a port identifier comprises:
carrying out hash processing on the sequence identification to obtain a hash value corresponding to the sequence identification;
and taking the hash value as a port identifier corresponding to the message to be forwarded.
4. The method of claim 1, wherein after mapping the private network IP address to a public network IP address, the method further comprises:
establishing an association relation among the public network IP address, the private network IP address and the port identification; and the number of the first and second groups,
and adding the public network IP address, the private network IP address and the port identification into a PAT list.
5. A message forwarding method is applied to a router, and the method comprises the following steps:
receiving a message to be processed;
identifying a sequence identifier corresponding to the message to be processed;
adding the sequence identification to a message head corresponding to the message to be processed to obtain a message to be forwarded;
sending the message to be forwarded to a Network Address Translation (NAT) device so that the NAT device receives the message to be forwarded, if determining that a port identifier associated with the sequence identifier is not found, generating a port identifier by combining a preset identifier generation mode based on the sequence identifier, mapping the private network IP address to a public network IP address to obtain a target message, and forwarding the target message to a next node device based on the public network IP address and the port identifier, wherein a message header of the message to be forwarded at least comprises: and the sequence identifier and the private network IP address of the message to be forwarded.
6. The method according to claim 5, wherein the adding the sequence identifier to a packet header corresponding to the packet to be processed to obtain a packet to be forwarded includes:
setting the field type corresponding to the sequence identification field in the message header of the message to be processed as a necessary choice;
and taking the sequence identification as the value of the sequence identification field to obtain the message to be forwarded.
7. A message forwarding apparatus is applied to a Network Address Translation (NAT) device, and the apparatus comprises:
a receiving module, configured to receive a packet to be forwarded, where a packet header of the packet to be forwarded at least includes: the sequence identification and the private network IP address of the message to be forwarded;
the first processing module is used for generating a port identifier by combining a preset identifier generation mode based on the sequence identifier if the port identifier associated with the sequence identifier is not found, and mapping the private network IP address to a public network IP address to obtain a target message;
and the forwarding module is used for forwarding the target message to the next node device based on the public network IP address and the port identifier.
8. A message forwarding apparatus, applied to a router, the apparatus comprising:
the receiving module is used for receiving the message to be processed;
the identification module is used for identifying the sequence identification corresponding to the message to be processed;
the generating module is used for adding the sequence identifier to a message header corresponding to the message to be processed to obtain the message to be forwarded;
a processing module, configured to send the packet to be forwarded to a network address translation NAT device, so that the NAT device receives the packet to be forwarded, if it is determined that a port identifier associated with the sequence identifier is not found, generate a port identifier based on the sequence identifier in combination with a preset identifier generation manner, map the private network IP address to a public network IP address, obtain a target packet, and forward the target packet to a next node device based on the public network IP address and the port identifier, where a packet header of the packet to be forwarded at least includes: and the sequence identifier and the private network IP address of the message to be forwarded.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method according to any of claims 1-6 are implemented when the processor executes the program.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program when executed by a processor implementing the steps of the method of any one of claims 1 to 6.
CN202210835515.8A 2022-07-15 2022-07-15 Message forwarding method and device, electronic equipment and storage medium Active CN115334035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210835515.8A CN115334035B (en) 2022-07-15 2022-07-15 Message forwarding method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210835515.8A CN115334035B (en) 2022-07-15 2022-07-15 Message forwarding method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115334035A true CN115334035A (en) 2022-11-11
CN115334035B CN115334035B (en) 2023-10-10

Family

ID=83917544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210835515.8A Active CN115334035B (en) 2022-07-15 2022-07-15 Message forwarding method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115334035B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204191A (en) * 2011-05-31 2011-09-28 华为技术有限公司 A message transmission method and a network-network routing device
CN102857414A (en) * 2012-08-20 2013-01-02 中兴通讯股份有限公司 Forwarding table writing method and device and message forwarding method and device
US20140258705A1 (en) * 2013-03-07 2014-09-11 Google Inc. Low latency server-side redirection of udp-based transport protocols traversing a client-side nat firewall
US20140310391A1 (en) * 2013-04-16 2014-10-16 Amazon Technologies, Inc. Multipath routing in a distributed load balancer
CN105516171A (en) * 2015-12-24 2016-04-20 迈普通信技术股份有限公司 Authentication service cluster-based portal keep-alive system, method, authentication system and method
CN107749899A (en) * 2017-10-24 2018-03-02 新华三信息安全技术有限公司 A kind of message forwarding method, device and electronic equipment
CN111131544A (en) * 2019-12-26 2020-05-08 杭州迪普科技股份有限公司 Method for realizing NAT traversal
CN112040030A (en) * 2020-11-04 2020-12-04 武汉绿色网络信息服务有限责任公司 Message transmission method and device, computer equipment and storage medium
CN114253979A (en) * 2021-12-23 2022-03-29 北京百度网讯科技有限公司 Message processing method and device and electronic equipment
CN114430394A (en) * 2021-12-29 2022-05-03 中国电信股份有限公司 Message processing method and device, electronic equipment and readable storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204191A (en) * 2011-05-31 2011-09-28 华为技术有限公司 A message transmission method and a network-network routing device
CN102857414A (en) * 2012-08-20 2013-01-02 中兴通讯股份有限公司 Forwarding table writing method and device and message forwarding method and device
US20140258705A1 (en) * 2013-03-07 2014-09-11 Google Inc. Low latency server-side redirection of udp-based transport protocols traversing a client-side nat firewall
US20140310391A1 (en) * 2013-04-16 2014-10-16 Amazon Technologies, Inc. Multipath routing in a distributed load balancer
CN105516171A (en) * 2015-12-24 2016-04-20 迈普通信技术股份有限公司 Authentication service cluster-based portal keep-alive system, method, authentication system and method
CN107749899A (en) * 2017-10-24 2018-03-02 新华三信息安全技术有限公司 A kind of message forwarding method, device and electronic equipment
CN111131544A (en) * 2019-12-26 2020-05-08 杭州迪普科技股份有限公司 Method for realizing NAT traversal
CN112040030A (en) * 2020-11-04 2020-12-04 武汉绿色网络信息服务有限责任公司 Message transmission method and device, computer equipment and storage medium
CN114253979A (en) * 2021-12-23 2022-03-29 北京百度网讯科技有限公司 Message processing method and device and electronic equipment
CN114430394A (en) * 2021-12-29 2022-05-03 中国电信股份有限公司 Message processing method and device, electronic equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
石金玉: ""跨协议多路径传输机制的设计与实现"", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》 *

Also Published As

Publication number Publication date
CN115334035B (en) 2023-10-10

Similar Documents

Publication Publication Date Title
US8214537B2 (en) Domain name system using dynamic DNS and global address management method for dynamic DNS server
US9356860B1 (en) Managing external communications for provided computer networks
CN108848100B (en) Stateful IPv6 address generation method and device
US20160226815A1 (en) System and method for communicating in an ssl vpn
CN107046506B (en) Message processing method, flow classifier and service function example
CN106878199B (en) Configuration method and device of access information
CN111786867B (en) Data transmission method and server
CN111786869B (en) Data transmission method between servers and server
CN108512755B (en) Method and device for learning routing information
CN113364660B (en) Data packet processing method and device in LVS load balancing
CN107580079A (en) A kind of message transmitting method and device
CN103634214A (en) Route information generating method and device
CN107070719B (en) Equipment management method and device
CN111786868B (en) Data transmission method between servers and strongswan server
EP3503484B1 (en) Message transmission methods and devices
CN104426759A (en) Host machine router acquiring method, host machine router acquiring device, and host machine router acquiring system
CN115334035B (en) Message forwarding method and device, electronic equipment and storage medium
CN107612831B (en) Transmission method and device for data message of access source station
CN113472625B (en) Transparent bridging method, system, equipment and storage medium based on mobile internet
CN108141704B (en) Location identification of previous network message processors
CN112994928B (en) Virtual machine management method, device and system
US20180159798A1 (en) Packet relay apparatus and packet relay method
CN114567544A (en) Route notification method, device and system
CN108259292B (en) Method and device for establishing tunnel
CN106254253B (en) Private network route generation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant