CN101420465A - Method for mapping source port in address conversion table and network address conversion equipment - Google Patents
Method for mapping source port in address conversion table and network address conversion equipment Download PDFInfo
- Publication number
- CN101420465A CN101420465A CNA2008102390586A CN200810239058A CN101420465A CN 101420465 A CN101420465 A CN 101420465A CN A2008102390586 A CNA2008102390586 A CN A2008102390586A CN 200810239058 A CN200810239058 A CN 200810239058A CN 101420465 A CN101420465 A CN 101420465A
- Authority
- CN
- China
- Prior art keywords
- port
- source port
- message
- mapping
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method for mapping source ports in an address translation table and a network address translation device. The method comprises the following steps: partitioning a source port resource of the network address translation device; and mapping a port of an IP message to the port differing from the port of the IP message by integral times of intervals which are obtained by resource partitioning in the case that the port of the received IP message is occupied. The network address translation device comprises a partitioning unit, a receiving unit and a mapping unit. By partitioning the source port resource, the NAT device solves a problem that the complexity of the mapping the source port increases with the increase of conflict times under extreme circumstances, which greatly reduces search times, improves the hit ratio of searching the effective source port, and the utilization rate of the source port of the NAT device is expanded to all ports from a fixed range.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of in ATT method and network address translation (Network Address Translation, the NAT) equipment of mapping source port.
Background technology
Along with the Internet user constantly increases, (Internet Protocol, IP) address is in short supply day by day for public internet protocol.For example, the Asia that accounts for world population 56% has only 9% address, and China only has 0.06 IP address per capita.The NAT technology is the topmost technological means that solves IP address shortage problem.
The NAT technology becomes one or several public network IP address with a plurality of Intranet IP address transition, and carry out intranet and extranet communication by the transformational relation table of preserving the address transition corresponding relation one of NAT device internal control, realized the function of private network visit external network, simultaneously can reduce the use global ip address greatly again, reach the purpose of saving the IP address.
But,, make that the conflict of public network IP address is very big because the NAT technology becomes one or several public network IP address with a plurality of Intranet IP address transition.In order to handle this conflict, NAT device adopts the mode of changing IP, port to solve conflict, utilizes existing resource realization address transition as much as possible as far as possible.Lift a simple example, Intranet user is visited other public network address by a public network address A online.The message destination address that sends out can not be modified, thereby the message that Intranet sends finally can arrive at the destination.But it all is this public network address A that outer net returns to the destination address of all users' of Intranet message.NAT device must search the message that outer net sends is to issue concrete which user with information beyond this public network address A such as port, then destination address is modified as the IP address of corresponding Intranet user, the message of outer net transmission is sent to smoothly the user of Intranet.The IP address after IP address, port and the address transition before the address transition, the corresponding relation of port have just been write down in address transition relation table the inside, and wherein, different Intranet users is gone in different port representatives.
As shown in Figure 1, Intranet user 192.168.1.2 goes out from this public network IP address of 218.66.13.74 and visits 61.233.3.211, the message destination address that returns from outer net is exactly 218.66.13.74 naturally, NAT device is searched inside ATT and is obtained corresponding address 192.168.1.2 according to the source port 1080 of the message that returns.At this moment, NAT device is revised as destination address 192.168.1.2 and sends message.When 192.168.1.3 also visited 61.233.3.211, its IP address was converted into 218.66.13.74 equally.At this moment, have two 218.66.13.74 records in the ATT, if current record continues to use 1080 port, so current record will with the record conflict of front.Therefore, NAT device is revised as 1081 with source port, and source port in the message that returns will find corresponding record if 1081, and in view of the above the destination address of message is modified as 192.168.1.3.Like this, these two Intranet users can have been visited 61.233.3.211 smoothly.
In the application of topological environmental shown in Figure 1, the address transition relation table adopts the mode of two tuples (source address, source port) to organize, and recorded content comprises: source address, source port after the source address before the conversion, source port and the conversion.But owing to have only a public network IP address, port to have only 65535 (fields of 16 sizes) here, therefore, the address transition relation table only can write down 65535 such connections.That is to say that a public network IP address can only be supported 65535 users at most.And, in the practical application, also need to keep a large amount of ports to satisfy some special applications, like this, actual spendable port number is far smaller than 65535.And such capacity is difficult to satisfy present needs.
In order to address this problem, most NAT realizes adopting the mode of five-tuple (source address, source port, destination address, destination interface, agreement) to organize the address transition relation table.Since increased destination address and destination interface, agreement, therefore, under the situation of source address, source port unanimity, as long as any one difference can not conflicted in destination address, destination interface or the agreement.The probability of conflict is little a lot of with respect to two tuples, and the number of connection of permission also can enlarge thereupon.Yet under some extreme case, the conflict that produces during the reference address under the five-tuple mode is still very big.Such as the application of common c/s pattern, a large amount of client-access servers, and the serve port of server is fixed.That is to say that all purpose of connecting addresses all are the same with destination interface.At this moment, Export resource has only under the situation of a public network IP address, and it all is identical that four key assignments are arranged in the five-tuple, has only source port can distinguish connection, as long as the source port unanimity will produce conflict.In this case, client is many more, and the number of times of conflict is many more, easily causes occurring a large amount of port collision.
In the prior art, adopt increase progressively port or by turns the IP address mode solve address transition collision problem under the five-tuple mode.
The mode that increases progressively port adds 1 with port numbers during promptly each the conflict and searches conflict again, is the most direct the simplest method.But this method is along with the increase of conflict number of times, and complexity has also increased greatly.As shown in Figure 2, only need search once if first connects not have to conflict, second connection begins to find conflict, need search twice, the three connection discovery conflict and need search three times, and the rest may be inferred.Every appearance one road newly connects, and the number of times that inquires the resource that is not used will increase progressively once, and the complexity of searching for the n time is exactly (1+2+3+......n) so.This searching will consume a large amount of time, and reduces the efficient of newly-built connection.
By turns the mode of IP address is to change source IP address increasing progressively on the basis of port, and this mode can not solve root problem in practice.Because under a limited number of situations of optional source IP address, the connection of conflict still will be searched by the mode that increases progressively port greater than optional source IP address quantity the time.Because ATT itself is a huge data acquisition system, conflict is searched needs all list items of traversal, has increased amount of calculation greatly.
Summary of the invention
The objective of the invention is to propose a kind of in ATT the method and the network address translation apparatus of mapping source port, the problem that increases along with the conflict number of times with the complexity that solves mapping source port under the extreme case.
For achieving the above object, the invention provides a kind of in ATT the method for mapping source port, comprising:
Source port resource partitioning with network address translation apparatus;
Under the occupied situation of port in the IP message that receives, with the port mapping in the described IP message to described IP message in port differ the interval source port of integer, described interval obtains through resource partitioning.
The present invention also provides a kind of network address translation apparatus, comprising:
Zoning unit is used for the source port resource partitioning with network address translation apparatus;
Receiving element is used to receive the IP message;
Map unit is used under the occupied situation of the port of the IP message that described receiving element receives, with the port mapping in the described IP message to described IP message in port differ the interval source port of integer, described interval obtains through resource partitioning.
Described zoning unit can be that siding-to-siding block length is at least two source port intervals of 100 or 128 ports with described source port resource division.
In the such scheme, NAT device passes through the source port resource partitioning, and after conflict first, with the port mapping in the described IP message to the IP message in port differ the interval source port of integer, guaranteed that the port of searching after each conflict all drops on different interval the insides, the complexity that has solved mapping source port under the extreme case has significantly reduced and has searched number of times along with the problem that the conflict number of times increases, and has improved the hit rate of searching effective source port.And, and the utilance of NAT device source port also expanded whole ports to from fixed range, improved the efficient of newly-built connection, reduced the possibility that appearance can't connect when extreme case occurred.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is a network topology schematic diagram of the prior art;
Fig. 2 is by increasing progressively the schematic diagram of port mapping source port in the prior art;
Fig. 3 is the flow chart of the present invention method embodiment of mapping source port in ATT;
Fig. 4 is that 128 ports and conversion front port are the source port schematic diagram that was mapped in 1000 o'clock for siding-to-siding block length among the method embodiment of the present invention's mapping source port in ATT;
Fig. 5 is that 128 ports and conversion front port are the source port schematic diagram that was mapped in 1001 o'clock for siding-to-siding block length among the method embodiment of the present invention's mapping source port in ATT;
Fig. 6 is the structural representation of network address translation apparatus embodiment of the present invention.
Embodiment
Fig. 3 is the flow chart of the present invention method embodiment of mapping source port in ATT, comprising:
Under step 32, the occupied situation of the port in the IP message that receives, with the port mapping in the described IP message to described IP message in port differ the interval source port of integer, described interval obtains through resource partitioning.For example, to port numbers the source port of H with the port mapping in the described IP message; Wherein, H=h+m * l; H is the port numbers of described IP message middle port, and m can be the Intranet IP number of addresses that has write down, also can be random number, and l is the siding-to-siding block length of source port resource.
In the present embodiment, NAT device passes through the source port resource partitioning, and after conflict first, with the port mapping in the described IP message to the IP message in port differ the interval source port of integer, guaranteed that the port of searching after each conflict all drops on different interval the insides, significantly reduced and searched number of times, improved the hit rate of searching effective source port.And, and the utilance of NAT device source port also expanded whole ports to from fixed range, improved the efficient of newly-built connection, reduced the possibility that appearance can't connect when extreme case occurred.And, in the port migration first time, hit, thereby avoided the existence of port migration first, reduce the conflict of port migration first.
In the above-mentioned steps 31, search in the conflict of five-tuple on the basis of mode, source port available on the NAT device is divided into a plurality of intervals, interval of 100 ports for example, effectively port is 655
34,656 intervals altogether.At this moment, in the above-mentioned steps 32, NAT device is that the port of h+m * 100 carries out new source port after the address transition as NAT device with port numbers, has guaranteed that the port that each conflict is searched all drops on different interval the insides, has reduced the conflict of port migration first.
With the source port siding-to-siding block length is that 128 ports are example, and the source port that is mapped to as shown in Figure 4.Suppose that available source port is 1000~65512, have 55513, then can be divided into 434 intervals.When NAT device receives IP message from Intranet 192.168.1.1, and the port in the IP message is 1000 o'clock, searches the interval at port one 000 place, owing to there is not conflict, therefore, port is constant when carrying out address transition.When NAT device receives IP message from Intranet 192.168.1.2, and the port in the IP message is 1000 o'clock, search the interval at port one 000 place, at this moment, port one 000 has been taken by 192.168.1.1, and the interior net address that has write down has one, therefore, port one 000 is revised as 1000+1 * 128=1128, that is, the port one 000 of 192.168.1.2 is mapped to the source port 1128 of NAT device.When NAT device receives IP message from Intranet 192.168.1.3, and the port in the IP message still is 1000 o'clock, search the interval at port one 000 place, at this moment, port one 000 has been taken by 192.168.1.1, and the interior net address that has write down has two, therefore, port one 000 is revised as 1000+2 * 128=1256, that is, the port one 000 of 192.168.1.3 is mapped to the source port 1256 of NAT device.When NAT device receives IP message from Intranet 192.168.1.4, and the port in the IP message still is 1000 o'clock, search the interval at port one 000 place, at this moment, port one 000 has been taken by 192.168.1.1, and the interior net address that has write down has three, therefore, port one 000 is revised as 1000+3 * 128=1384, that is, the port one 000 of 192.168.1.4 is mapped to the source port 1384 of NAT device.When continuing to be subjected to the IP message of other main frames transmissions of Intranet, the rest may be inferred, carries out port mapping.When said process uses the C language to realize, comprising:
" static unsigned short port=0; // source port
Unsigned short portrange=128; // interval size
srcport=(srcport%portrange)+(port%(64000/portrange))*portr
Ange; // choose both port of origination
Port++; // moving section position "
Like this, except the not conflict of first IP message, searching first all of the IP message of back can have conflict, after using subregion to search, only need search again and can hit, and improved the hit rate of effective port greatly.
And, receiving in the IP message that other main frames of Intranet send when follow-up, port is 1001 o'clock, source port shines upon as shown in Figure 5.The source port that is mapped to and the like be 1001,1129,1257,1385 ....Receive in the IP message that other main frames of Intranet send when follow-up, port is 1003 o'clock, the source port that is mapped to and the like be 1003,1131,1259,1387 ..., or the like.Make the utilization of available port on the NAT device expand whole ports to, improved the utilance of port greatly and set up the new efficient that connects from fixed range.
Fig. 6 is the structural representation of network address translation apparatus embodiment of the present invention, and NAT device comprises: zoning unit 61, receiving element 62 and map unit 63.Zoning unit 61 is used for the source port resource partitioning with NAT device; Receiving element 62 is used to receive the IP message; Under the occupied situation of port in the IP message that receiving element 62 receives, map unit 63 with the port mapping in the described IP message to the IP message in port differ the interval source port of integer, described interval obtains through resource partitioning.Port mapping in the IP message is the source port of H to port numbers as described; Wherein, H=h+m * l; H is the port numbers of described IP message middle port, and m can be random number, also can be the Intranet IP number of addresses that has write down, and l is the siding-to-siding block length of source port resource.
Described zoning unit 61 is that siding-to-siding block length is that at least two source ports of 100 ports are when interval with described source port resource division; Described map unit 63 is the source port of H=h+m * 100 to port numbers with the port mapping in the described IP message.Described zoning unit 61 is that siding-to-siding block length is that at least two source ports of 128 ports are when interval with described source port resource division; Described map unit 63 is the source port of H=h+m * 128 to port numbers with the port mapping in the described IP message.
In said method and the apparatus embodiments, NAT device passes through the source port resource partitioning, and after conflict first, with the port mapping in the described IP message is the source port of H=h+m * l to port numbers, guaranteed that the port of searching after each conflict all drops on different interval the insides, significantly reduced and searched number of times, improved the hit rate of searching effective source port.And, and the utilance of NAT device source port also expanded whole ports to from fixed range, improved the efficient of newly-built connection, reduced the possibility that appearance can't connect when extreme case occurred.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1, a kind of in ATT the method for mapping source port, it is characterized in that, comprising:
Source port resource partitioning with network address translation apparatus;
Under the occupied situation of port in the IP message that receives, with the port mapping in the described IP message to described IP message in port differ the interval source port of integer, described interval obtains through resource partitioning.
2, according to claim 1 described in ATT the method for mapping source port, it is characterized in that, the source port resource partitioning of network address translation apparatus is comprised: by the port numbers size order subregion of described source port resource;
Under the occupied situation of port in described IP message, the port numbers of the port of the port mapping in the described IP message in port numbers and the described IP message is differed an integer interval source port.
3, according to claim 1 or 2 described in ATT the method for mapping source port, it is characterized in that the Intranet IP number of addresses of described integer for having write down.
4, according to claim 1 or 2 described in ATT the method for mapping source port, it is characterized in that described integer is a random number.
5, according to claim 1 or 2 described in ATT the method for mapping source port, it is characterized in that the source port resource partitioning of network address translation apparatus is comprised: with described source port resource division is that siding-to-siding block length is at least two source port intervals of 100 or 128 ports.
6, a kind of network address translation apparatus is characterized in that, comprising:
Zoning unit is used for the source port resource partitioning with network address translation apparatus;
Receiving element is used to receive the IP message;
Map unit is used under the occupied situation of the port of the IP message that described receiving element receives, with the port mapping in the described IP message to described IP message in port differ the interval source port of integer, described interval obtains through resource partitioning.
7, network address translation apparatus according to claim 6 is characterized in that, described zoning unit is by the port numbers size order subregion of described source port resource; Under the occupied situation of the port of described map unit in described IP message, the port numbers of the port of the port mapping in the described IP message in port numbers and the described IP message is differed an integer interval source port.
8, according to claim 6 or 7 described network address translation apparatus, it is characterized in that the Intranet IP number of addresses of described integer for having write down.
According to claim 6 or 7 described network address translation apparatus, it is characterized in that 9, described integer is a random number.
According to claim 6 or 7 described network address translation apparatus, it is characterized in that 10, it is that siding-to-siding block length is at least two source port intervals of 100 or 128 ports that described zoning unit also is used for described source port resource division.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102390586A CN101420465A (en) | 2008-12-05 | 2008-12-05 | Method for mapping source port in address conversion table and network address conversion equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102390586A CN101420465A (en) | 2008-12-05 | 2008-12-05 | Method for mapping source port in address conversion table and network address conversion equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101420465A true CN101420465A (en) | 2009-04-29 |
Family
ID=40631066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102390586A Pending CN101420465A (en) | 2008-12-05 | 2008-12-05 | Method for mapping source port in address conversion table and network address conversion equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101420465A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916865A (en) * | 2012-11-08 | 2013-02-06 | 浙江宇视科技有限公司 | Monitoring service management method and device |
| CN103856574A (en) * | 2012-12-06 | 2014-06-11 | 中国电信股份有限公司 | Method, device and system for controlling services |
| CN112104761A (en) * | 2020-08-20 | 2020-12-18 | 广东网堤信息安全技术有限公司 | NAT address translation method |
| CN112261176A (en) * | 2020-12-24 | 2021-01-22 | 金锐同创(北京)科技股份有限公司 | Method for acquiring actual network access relationship and related equipment |
-
2008
- 2008-12-05 CN CNA2008102390586A patent/CN101420465A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916865A (en) * | 2012-11-08 | 2013-02-06 | 浙江宇视科技有限公司 | Monitoring service management method and device |
| CN102916865B (en) * | 2012-11-08 | 2015-09-09 | 浙江宇视科技有限公司 | A kind of monitoring business management method and device |
| CN103856574A (en) * | 2012-12-06 | 2014-06-11 | 中国电信股份有限公司 | Method, device and system for controlling services |
| CN103856574B (en) * | 2012-12-06 | 2017-07-14 | 中国电信股份有限公司 | Method, apparatus and system for control business |
| CN112104761A (en) * | 2020-08-20 | 2020-12-18 | 广东网堤信息安全技术有限公司 | NAT address translation method |
| CN112261176A (en) * | 2020-12-24 | 2021-01-22 | 金锐同创(北京)科技股份有限公司 | Method for acquiring actual network access relationship and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100477671C (en) | Network address converting method for supporting multi-dialogue application-layer protocol under PAT mode | |
| CN105144121B (en) | Cache content addressable data block is for Storage Virtualization | |
| CN103155524B (en) | The system and method for IIP address is shared between the multiple cores in multiple nucleus system | |
| CN104135715B (en) | The implementation method of location-based service, a device, and system | |
| CN107079060A (en) | The system and method optimized for carrier-class NAT | |
| CN107908357B (en) | Named data network forwarding plane PIT storage structure and data retrieval method thereof | |
| CN101159619B (en) | Fast adding method, device and switching arrangement of ARP table | |
| Bando et al. | FlashTrie: beyond 100-Gb/s IP route lookup using hash-based prefix-compressed trie | |
| CN102971732A (en) | System architecture for integrated hierarchical query processing for key/value stores | |
| CN101132424B (en) | Network address conversion method and device thereof | |
| CN103885887B (en) | User data storage method, read method and system | |
| CN103888499A (en) | Distributed object processing method and system | |
| CN100356752C (en) | A method for utilizing network address resource | |
| CN102985909A (en) | Method and apparatus for providing highly-scalable network storage for well-gridded objects | |
| CN103761102B (en) | A kind of uniform data service platform and its implementation | |
| CN109213699A (en) | A kind of metadata management method, system, equipment and computer readable storage medium | |
| CN102420814A (en) | Data access method and device, and server | |
| CN103778120B (en) | Global profile mark generating method, generating means and corresponding distributed file system | |
| CN103595799A (en) | Method for achieving distributed shared data bank | |
| CN101800690A (en) | Method and device for realizing source address conversion by using address pool | |
| CN101420465A (en) | Method for mapping source port in address conversion table and network address conversion equipment | |
| CN106302659A (en) | A kind of based on cloud storage system promotes access data quick storage method | |
| CN106487864A (en) | The method for building up of data cube computation, service end and mobile terminal | |
| CN101820351B (en) | Method, device and system for discovering P2P flow optimization service | |
| CN102209019A (en) | Load balancing method and load balancing equipment based on message payload |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20090429 |