CN103152269A - NAT (Network Address Translation)-based message forwarding method and equipment - Google Patents

NAT (Network Address Translation)-based message forwarding method and equipment Download PDF

Info

Publication number
CN103152269A
CN103152269A CN2013100605368A CN201310060536A CN103152269A CN 103152269 A CN103152269 A CN 103152269A CN 2013100605368 A CN2013100605368 A CN 2013100605368A CN 201310060536 A CN201310060536 A CN 201310060536A CN 103152269 A CN103152269 A CN 103152269A
Authority
CN
China
Prior art keywords
address
message
route
nat
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013100605368A
Other languages
Chinese (zh)
Other versions
CN103152269B (en
Inventor
覃志祥
顾锦枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201310060536.8A priority Critical patent/CN103152269B/en
Publication of CN103152269A publication Critical patent/CN103152269A/en
Application granted granted Critical
Publication of CN103152269B publication Critical patent/CN103152269B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses an NAT (Network Address Translation)-based message forwarding method and equipment. The method comprises the following steps of: when configuring a route to a hardware forwarding module connected with an external interface by a route protocol module of NAT equipment, packaging a next hop of IP (Internet Protocol) address to be an MAC (Media Access Control) address for a route of which the next hop of attribute directs at a direct connection route learned by the external interface, and configuring a strategy route in the hardware forwarding module for redirecting the message with source MAC address matched with the MAC address to the external interface corresponding to the next hop of IP address; after receiving the message from the internal interface by the NAT module of the NAT equipment and performing NAT conversion, matching with the IP address corresponding to the external interface according to an address transition table and an ARP (Address Resolution Protocol) table, converting the IP address into the MAC address, substituting the source MAC address of the message, and transmitting to the hardware forwarding module connected with the external interface; and matching the strategy route by the hardware forwarding module according to the source MAC address of the message, and redirecting the message to the specified external interface according to the matched strategy route to perform forwarding.

Description

A kind of message forwarding method and equipment based on NAT
Technical field
The present invention relates to the communications field, relate in particular to a kind of message forwarding method based on NAT and equipment.
Background technology
NAT(Network Address Translation, network address translation) be with the process of the IP address transition in IP datagram literary composition head for another IP address.In actual applications, NAT is mainly used in realizing the function of private network access public network.This by using a small amount of public network IP address to represent the mode of more private network IP address, the exhaustion that will help to slow down the IP available address space.
Fig. 1 has described a kind of basic NAT and has used, and the basic process of its address transition comprises:
(1) the IP datagram literary composition that Intranet user main frame Host(192.168.1.3) outside network server Server(1.1.1.2) sends passes through NAT device.
(2) NAT device is checked the header content of IP datagram literary composition, find that this message mails to outer net, with the private net address 192.168.1.3 of its source IP address field convert to one can routing on Internet public network address 20.1.1.1, and this message is sent to outer network server, and record the mapping relations before and after this address transition in the network address translation table of NAT device.
(3) after the response message that sends to Intranet user of outer network server (its initial purpose IP address be 20.11.1) arrives NAT device, NAT device is checked header content, then the record of Network Search ATT, replace initial purpose IP address with corresponding Intranet private address 192.168.1.3.
Above-mentioned NAT process is transparent to terminal (as the Host in Fig. 1 and Server).External network server, it thinks that the IP address of Intranet user main frame is exactly 20.1.1.1, and does not know to have this address of 192.168.1.3.
The advantage of address transition is, under the prerequisite that " privacy " protection is provided for the internal network main frame, has realized that the main frame of internal network is by the resource of this function access external network.
Generally, the interface that is connected to user's internal network on NAT device is called the NAT internal interface, and the interface that is connected to external network (as Internet) is called the NAT external interface.In actual applications, may there be a plurality of NAT external interfaces on NAT device, and form equal-cost route.As shown in Figure 2, when the user accessed external network from user's internal network, NAT device might have a plurality of external interfaces to form equal-cost routes.in such cases, if the veneer that external interface connects is not the veneer of doing the NAT conversion, through after the veneer of the message after NAT conversion through this external interface place, can again carry out route querying, because the route of external interface is equal-cost route, therefore according to the algorithm of equal-cost route load balancing, such as the HASH(Hash) algorithm, select a route from equal-cost route, and forward the packet away from the external interface of correspondence, like this, access to netwoks process for this user, can't guarantee on NAT device from the incoming interface of the request message of outer net-〉 Intranet, be consistent with the outgoing interface from the response message of Intranet-〉 outer net.
Therefore, need a kind of technology badly, can guarantee in this case, still forward from this external interface after the message of realizing on NAT device coming in from external interface is through the NAT conversion.
Summary of the invention
The embodiment of the present invention provides a kind of message forwarding method based on NAT and equipment, is used for realizing also sending from this external interface when the message that external interface is come in returns in the situation that the external interface of NAT device has equal-cost route to exist.
A kind of message forwarding method based on NAT that the embodiment of the present invention provides, the method comprises:
The NAT module of NAT device interface internally receives message and carries out the NAT conversion, according to external interface corresponding to ATT inquiry, inquire about the IP address in the ARP table at described external interface place, with the IP address transition MAC Address that inquires and the source MAC of replacing this message with this MAC Address, this message is sent to the hardware forwarding module that connects external interface;
The source MAC matching strategy route of the message that the hardware forwarding module that connects external interface is sent according to the NAT module, outgoing interface in ARP list item corresponding to the purpose IP address lookup that is redirected to according to the tactful route that matches, the source MAC of this message is updated to the MAC Address of described outgoing interface, forwards this message from described outgoing interface.
wherein, the layoutprocedure of described tactful route comprises: when the Routing Protocol module of described NAT device configures route to the hardware forwarding module that connects external interface, the attribute of the next-hop ip address of query routing, if the direct-connected route that the next-hop ip address of route is come for pointing to external interface study, described next-hop ip address is converted to MAC Address, and according to the MAC Address collocation strategy route in described hardware forwarding module after conversion, described tactful route is used for the message redirecting of the coupling of the MAC Address after source MAC and described conversion is arrived described next-hop ip address.
Perhaps, the layoutprocedure of described tactful route comprises: after the ARP module of described NAT device is learnt the ARP list item from external interface, be MAC Address with the IP address transition in described ARP list item, and according to the collocation strategy route in the hardware forwarding module that connects external interface of the MAC Address after conversion, described tactful route is for the IP address of the message redirecting that the MAC Address after source MAC and described conversion is mated to described ARP list item.
A kind of NAT device that the embodiment of the present invention provides comprises:
The NAT module, after being used for the message that receives from this device interior interface is carried out the NAT conversion, according to external interface corresponding to ATT inquiry, inquire about the IP address in the ARP list item at described external interface place, be MAC Address and the source MAC of replacing this message with this MAC Address with the IP address transition that inquires, this message sent to the hardware forwarding module that connects external interface;
The hardware forwarding module, source MAC matching strategy route for the message of sending according to the NAT module, outgoing interface in ARP list item corresponding to the purpose IP address lookup that is redirected to according to the tactful route that matches, the source MAC of this message is updated to the MAC Address of described outgoing interface, forwards this message from described outgoing interface.
Further, this equipment also comprises: the Routing Protocol module, be used for when configuring route to the hardware forwarding module that connects external interface, the attribute of the next-hop ip address of query routing, if the direct-connected route that the next-hop ip address of route is come for pointing to external interface study, described next-hop ip address is converted to MAC Address, and according to the MAC Address collocation strategy route in described hardware forwarding module after conversion, described tactful route is used for the message redirecting of the coupling of the MAC Address after source MAC and described conversion is arrived described next-hop ip address.
Further, this equipment also comprises: the ARP module, after being used for learning the ARP list item from external interface, be MAC Address with the IP address transition in described ARP list item, and according to the collocation strategy route in the hardware forwarding module that connects external interface of the MAC Address after conversion, described tactful route is for the IP address of the message redirecting that the MAC Address after source MAC and described conversion is mated to described ARP list item.
in the above embodiment of the present invention, NAT module in NAT device is after receiving message and carrying out the NAT conversion from this device interior interface, according to external interface corresponding to ATT inquiry, according to IP address corresponding to ARP table this external interface of inquiry, this IP address transition MAC Address is also replaced the source MAC of this message with this MAC Address, this message is sent to the hardware forwarding module that connects external interface, so that the source MAC matching strategy route of the message that the hardware forwarding module that connects external interface is sent according to the NAT module, outgoing interface in ARP list item corresponding to the purpose IP address lookup that is redirected to according to the tactful route that matches, forward this message from this outgoing interface, thereby realize still forwarding from this external interface after the message that external interface is come in is changed through NAT.
Description of drawings
Fig. 1 is the schematic diagram of NAT conversion in prior art;
There is the schematic diagram of a plurality of external interfaces in Fig. 2 on NAT device in prior art;
Fig. 3 is the message repeating schematic diagram based on NAT in the embodiment of the present invention;
Fig. 4 A, Fig. 4 B, Fig. 4 C are respectively the structural representation of the NAT device that the embodiment of the present invention provides.
Embodiment
Below in conjunction with meeting, the embodiment of the present invention is described in detail.
Embodiment one
When configuring route in the hardware forwarding module of the Routing Protocol module of NAT device on the veneer that connects external interface, inquire about the attribute of the down hop that this route quotes, if the down hop of this route is to point to the direct-connected route of external interface that the study of NAT device external interface is come, this next-hop ip address is converted to the MAC Address form, and configure a tactful route according to this MAC Address to the hardware forwarding module, arrive this next-hop ip address in order to the message redirecting with source MAC and this MAC Address coupling.When NAT device after network receives message internally, determine corresponding external interface according to the address transition list item of coupling, inquire about the IP address in the ARP list item of this external interface place, be the MAC Address form with this IP address transition and replace source MAC in message, and message is sent to the veneer that connects external interface; The hardware forwarding module that connects on the veneer of external interface mates tactful route on this hardware forwarding module according to the source MAC of this message, and according to the purpose IP address lookup ARP list item that is redirected to of tactful route of coupling, the outgoing interface from the ARP list item that inquires forwards this message.
In the embodiment of the present invention, related NAT device can be centralized NAT device, can be also the NAT device of distributed structure/architecture.
The below is take framework shown in Figure 3 as example, and the specific implementation process of the present embodiment is described in detail.
As shown in Figure 3, the external interface port1 of NAT device is connected the interface that NAT device connects external network (public network) with port2.The route that the route that port1 is corresponding and port2 are corresponding is equal-cost route.
Port1 connection device 1, the IP address of equipment 1 is 1.1.1.1, MAC Address is xx-xx-xx-xx-xx-xx, port2 connection device 2, the IP address of equipment 2 is 2.2.2.2, MAC Address is yy-yy-yy-yy-yy-yy, and port0 is the internal interface that NAT device connects user's internal network (private network).
The veneer that port1, port2 connect is not done NAT conversion, the ASIC(Application Specific Integrated Circuit on this veneer, application-specific IC) configure hardware forwarding-table item on chip, be responsible for E-Packeting.
When NAT device received from port1 the message that mails to user's internal network, the veneer that port1 connects was learnt the ARP list item shown in table 1, and generated corresponding direct-connected route: 1.1.1.1/32-〉1.1.1.1.NAT device carries out the NAT conversion to this message, generate address transition list item as shown in table 2, and the message after changing sends to user's internal network by port0.
Table 1
The IP address MAC Address Outgoing interface
[0038]?
1.1.1.1 xx-xx-xx-xx-xx-xx port1
Table 2
Figure BDA00002861238500061
Wherein, " five-tuple " can comprise source IP address, purpose IP address, source port, destination interface, the protocol type of message.
In like manner, when NAT device received from port2 the message that mails to user's internal network, the veneer that port2 connects was learnt ARP list item as shown in table 3, and generated corresponding direct-connected route: 2.2.2.2/32-〉2.2.2.2.NAT device carries out the NAT conversion to this message, generate address transition list item as shown in table 4, and the message after changing sends to user's internal network by port0.
Table 3
The IP address MAC Address Outgoing interface
2.2.2.2 yy-yy-yy-yy-yy-yy porr2
Table 4
Figure BDA00002861238500062
When the Routing Protocol module on NAT device issues route at the asic chip on the veneer that connects external interface (port1, port2), inquire about the attribute of the down hop that this route quotes.If comprise 10.0.0.1/24-in the route that issues〉1.1.1.1, the down hop 1.1.1.1 that quotes due to this route is the direct-connected route 1.1.1.1/32-that external interface is learnt〉1.1.1.1, therefore according to the transformation rule of predesignating (in this embodiment, describe as an example of following rule example: with each byte numerical value of IP address numerical value as corresponding byte in MAC Address, the remainder zero padding), this down hop 1.1.1.1 is converted to MAC Address form: 0-0-1-1-1-1.Then, NAT device issues a tactful route on the asic chip of this veneer according to this MAC Address.The rule of this strategy route is for the source MAC of message and 0-0-1-1-1-1 coupling, being operating as of this strategy route regulation: if the source MAC of message and 0-0-1-1-1-1 mate, with this message redirecting to 1.1.1.1.Such as, this strategy route can be an ACL(Access Control List of following content, Access Control List (ACL)):
Rule permit source-mac00-11-11 ff-ff-ff//rule is 0-0-1-1-1-1 for mating 00-11-11(with the message source MAC Address), matching way is exact matching (being MAC Address total length coupling)
Redirect to next-hop 1.1.1.1//move as being redirected to down hop 1.1.1.1
In like manner, the direct-connected route 2.2.2.2/32-that if the down hop 2.2.2.2 that the route that issues is quoted is external interface to be learnt〉2.2.2.2, this down hop 2.2.2.2 is converted to MAC Address form: 0-0-2-2-2-2, and issues a tactful route according to this MAC Address on the asic chip of this veneer.This strategy route regulation: if the source MAC of message mates with 0-0-2-2-2-2, with this message redirecting to 2.2.2.2.
After NAT device is received message from port0, carry out the NAT conversion, according to address transition list item corresponding to the inquiry of the message five-tuple before and after conversion, according to ARP list item corresponding to the inquiry of the outgoing interface in the address transition list item that inquires, upgrade the source MAC of this message according to the IP address in the ARP list item that inquires, that is, the IP address that inquires is converted to the MAC Address form according to aforementioned rule, to replace the source MAC of this message, the veneer that then sends to external interface to connect; Asic chip on the veneer that external interface connects is according to the corresponding tactful route of source MAC coupling of this message, if match corresponding tactful route, ARP list item corresponding to the purpose IP address lookup that be redirected to specified according to this strategy route, forward this message according to the outgoing interface in the ARP list item that inquires from this outgoing interface.
Such as, NAT device carries out sending to user's internal network after the NAT conversion after receiving from port1 the message that mails to user's internal network, carries out above-mentioned list item study and the operation of tactful route sending-down in this process.after NAT device is received the response message of this message from port0, veneer by NAT module place carries out the NAT conversion, address transition list item (as shown in table 2) corresponding to the board querying at NAT module place matches port1(because this message is for entering the response message of the message of this NAT device from port1, therefore match port1), according to port1 inquiry ARP list item as shown in table 1, obtaining corresponding IP address is 1.1.1.1, then according to the transformation rule of predesignating (namely, with each byte numerical value of IP address numerical value as corresponding byte in MAC Address, the remainder zero padding), 1.1.1.1 is converted to the MAC Address form, and replace the source MAC of the message after NAT changes with it, namely, the source MAC of this message is updated to 0-0-1-1-1-1.The veneer at NAT module place will be delivered to by the chip internal passage on asic chip on the veneer at external interface place ((special port) delivers on asic chip such as the particular port that is connected with CPU by chip) through the message after NAT conversion, and this asic chip matches with the source MAC of message the tactful route that issues in advance; Because this strategy route regulation needs this message redirecting to 1.1.1.1, thus asic chip to obtain corresponding outgoing interface according to 1.1.1.1 inquiry ARP list item (as shown in table 1) be port1, so this message is forwarded to external network from port1.The interface redirection function is the general function that the asic chip of all support policy routes is all supported.
In like manner, if after NAT device is received message and carried out the NAT conversion from port0, match port2 according to ATT, process according to above-mentioned flow process, finally forward the packet to external network from port2.
In above-mentioned flow process, although the NAT module in NAT device is replaced the source MAC that user's internal network mails to the message of external network, but when this message is forwarded from external interface, also the source MAC of message can be modified as three layer MAC address of NAT device, therefore revise the normal forwarding capability that this field can not affect this message in the inner process that forwards of NAT device.
Can find out by above flow process, enter the message of user's internal network by NAT device from external network, its response message can be forwarded to external network from identical external interface, thereby has realized passing through from the message that external interface is come in the purpose that still forwards from this external interface after the NAT conversion.
Need to prove, " transformation rule of predesignating " in above-mentioned flow process is so that each byte numerical value of IP address is described as example as the numerical value of corresponding byte in MAC Address, and those skilled in the art should easily expect other similar transformation rule." five-tuple " in ATT in above-mentioned flow process also can be replaced by other message characteristic value, such as the source IP address of message, purpose IP address.
Embodiment two
The ARP module of NAT device is when learning the ARP list item from external interface, be the MAC Address form with the IP address transition in this ARP list item, and according to this MAC Address to tactful route corresponding to hardware forwarding module configuration, the IP address in order to message redirecting that source MAC and this MAC Address are mated in this ARP list item.After NAT device receives message from user's internal network, determine corresponding external interface according to the address transition list item of coupling, inquire about the IP address in ARP list item corresponding to this external interface, be the MAC Address form replacing the source MAC in message with this IP address transition, and message sent to the veneer that connects external interface; The hardware forwarding module that connects on the veneer of external interface mates tactful route on this hardware forwarding module according to the source MAC of this message, and according to the purpose IP address lookup ARP list item that tactful route was redirected of coupling, forward this message from the outgoing interface of the ARP list item that inquires.
The below is still take framework shown in Figure 3 as example, and the specific implementation process of the present embodiment is described in detail.
When NAT device receives from port1 the message that mails to internal network, the veneer that port1 connects may learn the ARP list item shown in table 1, and according to the transformation rule of predesignating (in this embodiment, describe as an example of following rule example: with each byte numerical value of IP address numerical value as corresponding byte in MAC Address), the IP address 1.1.1.1 in this ARP list item is converted to MAC Address form: 0-0-1-1-1-1.Then, NAT device issues a tactful route on the asic chip of this veneer according to this MAC Address.This strategy route regulation: if the source MAC of message mates with 0-0-1-1-1-1, with this message redirecting to 1.1.1.1.NAT device carries out the NAT conversion to this message, generate address transition list item as shown in table 2, and the message after changing sends to user's internal network by port0.
In like manner, when NAT device receives from port2 the message that mails to user's internal network, the veneer that port2 connects may learn ARP list item as shown in table 3, and according to the transformation rule of predesignating, IP address 2.2.2.2 in this ARP list item is converted to MAC Address form: 0-0-2-2-2-2, and issues a tactful route according to this MAC Address on the asic chip of this veneer.This strategy route regulation: if the source MAC of message mates with 0-0-2-2-2-2, with this message redirecting to 2.2.2.2.NAT device carries out the NAT conversion to this message, generate address transition list item as shown in table 4, and the message after changing sends to user's internal network by port0.
After NAT device is received message from port0, carry out the NAT conversion, according to address transition list item corresponding to the inquiry of the message five-tuple before and after conversion, according to ARP list item corresponding to the inquiry of the outgoing interface in the address transition list item that inquires, upgrade the source MAC of this message according to the IP address in the ARP list item that inquires, that is, the IP address that inquires is converted to the MAC Address form according to aforementioned rule, to replace the source MAC of this message, the veneer that then sends to external interface to connect; Asic chip on the veneer that external interface connects is according to the corresponding tactful route of source MAC coupling of this message, if match corresponding tactful route, ARP list item corresponding to the purpose IP address lookup that be redirected to specified according to this strategy route, forward this message according to the outgoing interface in the ARP list item that inquires from this outgoing interface.
such as, NAT device receives after message that from port0 the veneer by NAT module place carries out the NAT conversion, address transition list item (as shown in table 2) corresponding to inquiry matches por1(and illustrates that this message is to enter before the response message of the message of this NAT device from port1), according to port1 inquiry ARP list item, obtaining corresponding IP address is 1.1.1.1, then according to the transformation rule of predesignating (namely, with each byte numerical value of IP address numerical value as corresponding byte in MAC Address, the remainder zero padding), 1.1.1.1 is converted to 0-0-1-1-1-1, upgrade the source MAC of the message after NAT changes with 0-0-1-1-1-1.Deliver to by the chip internal passage through the message after NAT conversion on the asic chip on the veneer at external interface place, this asic chip matches with the source MAC of message the tactful route that issues in advance; Because this strategy route regulation needs this message redirecting to 1.1.1.1, thus asic chip to obtain corresponding outgoing interface according to 1.1.1.1 inquiry ARP list item (as shown in table 1) be port1, so this message is forwarded to external network from port1.
In like manner, if after NAT device is received message and carried out the NAT conversion from port0, match port2 according to ATT, process according to above-mentioned flow process, finally forward the packet to external network from port2.
Can find out by above flow process, enter the message of internal network by NAT device from external network, its response message can be forwarded to external network from identical external interface, thereby has realized passing through from the message that external interface is come in the purpose that still forwards from this external interface after the NAT conversion.
Based on identical technical conceive, the embodiment of the present invention also provides a kind of NAT device.Generally include NAT module, hardware forwarding module, Routing Protocol module, ARP module etc. in NAT device.Wherein, for the centralized NAT device, Routing Protocol module and NAT module can be positioned at master control borad CPU, and for the NAT device of distributed structure/architecture, Routing Protocol module, NAT module also can be positioned at the CPU of interface board; The hardware forwarding module can have one or more, is positioned on interface board, can be asic chip.
The NAT device that the embodiment of the present invention provides, the formation of its inside function module is basic identical with existing NAT device, has just increased new function in certain module.
Referring to Fig. 4 A, the structural representation of a kind of NAT device that provides for the embodiment of the present invention, as shown in the figure, comprising NAT module 41 and hardware forwarding module 42, wherein:
NAT module 41, after being used for the message that receives from this device interior interface is carried out the NAT conversion, according to external interface corresponding to ATT inquiry, inquire about the IP address in the ARP list item at described external interface place, be MAC Address and the source MAC of replacing this message with this MAC Address with the IP address transition that inquires, this message sent to the hardware forwarding module 42 that connects external interface;
Hardware forwarding module 42 is used for the source MAC matching strategy route of the message sent according to the NAT module, and the outgoing interface in ARP list item corresponding to the purpose IP address lookup that is redirected to according to the tactful route that matches forwards this message from this outgoing interface.
Further, hardware forwarding module 42 also was updated to the source MAC of this message the MAC Address of the outgoing interface that inquires before E-Packeting from outgoing interface.
Wherein, the layoutprocedure of strategy route can trigger based on the routing configuration operation, perhaps learn to trigger based on the ARP list item, according to different trigger mechanisms, the embodiment of the present invention also provides the NAT device as shown in Fig. 4 B and Fig. 4 C, wherein on the basis of the NAT device shown in Fig. 4 A, NAT device shown in Fig. 4 B can operate based on routing configuration the configuration of trigger policy route, and the NAT device shown in Fig. 4 C can learn based on the ARP list item configuration of trigger policy route.
As shown in Figure 4 B, Routing Protocol module 43 in this equipment, can be when configuring route to the hardware forwarding module that connects external interface, the attribute of the next-hop ip address of query routing, if the direct-connected route that the next-hop ip address of route is come for pointing to external interface study, described next-hop ip address is converted to MAC Address, and according to the MAC Address collocation strategy route in described hardware forwarding module after conversion, described tactful route is used for the message redirecting of the coupling of the MAC Address after source MAC and described conversion is arrived described next-hop ip address.
Wherein, the rule of using when Routing Protocol module 43 is converted to MAC Address with described next-hop ip address, that uses when with NAT module 41, the IP address transition being MAC Address is regular identical.
As shown in Fig. 4 C, ARP module 44 in this equipment, after being used for learning the ARP list item from external interface, be MAC Address with the IP address transition in described ARP list item, and according to the collocation strategy route in the hardware forwarding module that connects external interface of the MAC Address after conversion, described tactful route is for the IP address of the message redirecting that the MAC Address after source MAC and described conversion is mated to described ARP list item.
Wherein, the rule of using when ARP module 44 is MAC Address with the IP address transition in described ARP list item, that uses when with NAT module 41, the IP address transition being MAC Address is regular identical.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above is only the preferred embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.

Claims (10)

1. the message forwarding method of an address transition NAT Network Based, is characterized in that, the method comprises:
The NAT module of NAT device interface internally receives message and carries out the NAT conversion, according to external interface corresponding to ATT inquiry, inquire about the IP address in the ARP table at described external interface place, with the IP address transition MAC Address that inquires and the source MAC of replacing this message with this MAC Address, this message is sent to the hardware forwarding module that connects external interface;
The source MAC matching strategy route of the message that the hardware forwarding module that connects external interface is sent according to the NAT module, outgoing interface in ARP list item corresponding to the purpose IP address lookup that is redirected to according to the tactful route that matches, the source MAC of this message is updated to the MAC Address of described outgoing interface, forwards this message from described outgoing interface.
2. the method for claim 1, is characterized in that, the layoutprocedure of described tactful route comprises:
When the Routing Protocol module of described NAT device configures route to the hardware forwarding module that connects external interface, the attribute of the next-hop ip address of query routing, if the direct-connected route that the next-hop ip address of route is come for pointing to external interface study, described next-hop ip address is converted to MAC Address, and according to the MAC Address collocation strategy route in described hardware forwarding module after conversion, described tactful route is used for the message redirecting of the coupling of the MAC Address after source MAC and described conversion is arrived described next-hop ip address.
3. method as claimed in claim 2, is characterized in that, the rule of using when described Routing Protocol module is converted to MAC Address with described next-hop ip address, and that uses when with described NAT module, the IP address transition being MAC Address is regular identical.
4. the method for claim 1, is characterized in that, the layoutprocedure of described tactful route comprises:
After the ARP module of described NAT device is learnt the ARP list item from external interface, be MAC Address with the IP address transition in described ARP list item, and according to the collocation strategy route in the hardware forwarding module that connects external interface of the MAC Address after conversion, described tactful route is for the IP address of the message redirecting that the MAC Address after source MAC and described conversion is mated to described ARP list item.
5. method as claimed in claim 4, is characterized in that, the rule of using when described ARP module is MAC Address with the IP address transition in described ARP list item, and that uses when with described NAT module, the IP address transition being MAC Address is regular identical.
6. a NAT device, is characterized in that, comprising:
The NAT module, after being used for the message that receives from this device interior interface is carried out the NAT conversion, according to external interface corresponding to ATT inquiry, inquire about the IP address in the ARP list item at described external interface place, be MAC Address and the source MAC of replacing this message with this MAC Address with the IP address transition that inquires, this message sent to the hardware forwarding module that connects external interface;
The hardware forwarding module, source MAC matching strategy route for the message of sending according to the NAT module, outgoing interface in ARP list item corresponding to the purpose IP address lookup that is redirected to according to the tactful route that matches, the source MAC of this message is updated to the MAC Address of described outgoing interface, forwards this message from described outgoing interface.
7. equipment as claimed in claim 6, is characterized in that, also comprises:
The Routing Protocol module, be used for when configuring route to the hardware forwarding module that connects external interface, the attribute of the next-hop ip address of query routing, if the direct-connected route that the next-hop ip address of route is come for pointing to external interface study, described next-hop ip address is converted to MAC Address, and according to the MAC Address collocation strategy route in described hardware forwarding module after conversion, described tactful route is used for the message redirecting of the coupling of the MAC Address after source MAC and described conversion is arrived described next-hop ip address.
8. equipment as claimed in claim 7, is characterized in that, the rule of using when described Routing Protocol module is converted to MAC Address with described next-hop ip address, and that uses when with described NAT module, the IP address transition being MAC Address is regular identical.
9. equipment as claimed in claim 6, is characterized in that, also comprises:
The ARP module, after being used for learning the ARP list item from external interface, be MAC Address with the IP address transition in described ARP list item, and according to the collocation strategy route in the hardware forwarding module that connects external interface of the MAC Address after conversion, described tactful route is for the IP address of the message redirecting that the MAC Address after source MAC and described conversion is mated to described ARP list item.
10. equipment as claimed in claim 9, is characterized in that, the rule of using when described ARP module is MAC Address with the IP address transition in described ARP list item, and that uses when with described NAT module, the IP address transition being MAC Address is regular identical.
CN201310060536.8A 2013-02-26 2013-02-26 A kind of message forwarding method based on NAT and equipment Active CN103152269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310060536.8A CN103152269B (en) 2013-02-26 2013-02-26 A kind of message forwarding method based on NAT and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310060536.8A CN103152269B (en) 2013-02-26 2013-02-26 A kind of message forwarding method based on NAT and equipment

Publications (2)

Publication Number Publication Date
CN103152269A true CN103152269A (en) 2013-06-12
CN103152269B CN103152269B (en) 2016-03-02

Family

ID=48550141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310060536.8A Active CN103152269B (en) 2013-02-26 2013-02-26 A kind of message forwarding method based on NAT and equipment

Country Status (1)

Country Link
CN (1) CN103152269B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533103A (en) * 2013-10-31 2014-01-22 成都西加云杉科技有限公司 Communication method and device based on network address translation
WO2015066840A1 (en) * 2013-11-05 2015-05-14 华为技术有限公司 Device and method for network address conversion
CN105162901A (en) * 2015-09-30 2015-12-16 北京特立信电子技术股份有限公司 Method and device for realizing NAT based on SOPC
WO2016187783A1 (en) * 2015-05-25 2016-12-01 华为技术有限公司 Data transmission method and device
CN106790556A (en) * 2016-12-26 2017-05-31 深圳市风云实业有限公司 A kind of NAT conversation managing methods based on distributed system
CN110392127A (en) * 2019-08-15 2019-10-29 中盈优创资讯科技有限公司 Address space recognition methods and device
CN111787025A (en) * 2020-07-23 2020-10-16 迈普通信技术股份有限公司 Encryption and decryption processing method, device and system and data protection gateway
CN112311905A (en) * 2019-07-29 2021-02-02 烽火通信科技股份有限公司 Method and equipment for realizing dynamic ARP learning
CN114024731A (en) * 2021-10-29 2022-02-08 杭州迪普科技股份有限公司 Message processing method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020083344A1 (en) * 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device
US20020141352A1 (en) * 2001-04-03 2002-10-03 Fangman Richard E. System and method for configuring an IP telephony device
CN101052022A (en) * 2006-04-05 2007-10-10 华为技术有限公司 System and method for virtual special net user to access public net
CN101605084A (en) * 2009-06-29 2009-12-16 北京航空航天大学 Virtual network message processing method and system based on virtual machine
CN102215273A (en) * 2010-04-12 2011-10-12 杭州华三通信技术有限公司 Method and device for providing external network access for internal network user
CN102447752A (en) * 2012-02-09 2012-05-09 杭州华三通信技术有限公司 Service access method, system and device based on layer2 tunnel protocol (L2TP)
CN102546349A (en) * 2012-02-09 2012-07-04 杭州华三通信技术有限公司 Message forwarding method and equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020083344A1 (en) * 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device
US20020141352A1 (en) * 2001-04-03 2002-10-03 Fangman Richard E. System and method for configuring an IP telephony device
CN101052022A (en) * 2006-04-05 2007-10-10 华为技术有限公司 System and method for virtual special net user to access public net
CN101605084A (en) * 2009-06-29 2009-12-16 北京航空航天大学 Virtual network message processing method and system based on virtual machine
CN102215273A (en) * 2010-04-12 2011-10-12 杭州华三通信技术有限公司 Method and device for providing external network access for internal network user
CN102447752A (en) * 2012-02-09 2012-05-09 杭州华三通信技术有限公司 Service access method, system and device based on layer2 tunnel protocol (L2TP)
CN102546349A (en) * 2012-02-09 2012-07-04 杭州华三通信技术有限公司 Message forwarding method and equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王茂芝, 郭科: "《网络地址转换原理及其配置实例》", 《实验科学与技术》 *
陈玉娟,刘菲: "《关于IP地址与MAC地址的转换研究》", 《内蒙古科技与经济》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533103A (en) * 2013-10-31 2014-01-22 成都西加云杉科技有限公司 Communication method and device based on network address translation
WO2015066840A1 (en) * 2013-11-05 2015-05-14 华为技术有限公司 Device and method for network address conversion
WO2016187783A1 (en) * 2015-05-25 2016-12-01 华为技术有限公司 Data transmission method and device
CN105162901B (en) * 2015-09-30 2019-05-14 北京特立信电子技术股份有限公司 Method and device for realizing NAT based on SOPC
CN105162901A (en) * 2015-09-30 2015-12-16 北京特立信电子技术股份有限公司 Method and device for realizing NAT based on SOPC
CN106790556B (en) * 2016-12-26 2019-09-17 深圳市风云实业有限公司 A kind of NAT conversation managing method based on distributed system
CN106790556A (en) * 2016-12-26 2017-05-31 深圳市风云实业有限公司 A kind of NAT conversation managing methods based on distributed system
CN112311905A (en) * 2019-07-29 2021-02-02 烽火通信科技股份有限公司 Method and equipment for realizing dynamic ARP learning
CN112311905B (en) * 2019-07-29 2022-11-25 烽火通信科技股份有限公司 Method and equipment for realizing dynamic ARP learning
CN110392127A (en) * 2019-08-15 2019-10-29 中盈优创资讯科技有限公司 Address space recognition methods and device
CN110392127B (en) * 2019-08-15 2022-01-11 中盈优创资讯科技有限公司 Network address space identification method and device
CN111787025A (en) * 2020-07-23 2020-10-16 迈普通信技术股份有限公司 Encryption and decryption processing method, device and system and data protection gateway
CN111787025B (en) * 2020-07-23 2022-02-22 迈普通信技术股份有限公司 Encryption and decryption processing method, device and system and data protection gateway
CN114024731A (en) * 2021-10-29 2022-02-08 杭州迪普科技股份有限公司 Message processing method and device
CN114024731B (en) * 2021-10-29 2023-04-25 杭州迪普科技股份有限公司 Message processing method and device

Also Published As

Publication number Publication date
CN103152269B (en) 2016-03-02

Similar Documents

Publication Publication Date Title
CN103152269B (en) A kind of message forwarding method based on NAT and equipment
CN103534993B (en) Connect the system of selection of Tag switching route and the device in low-power network territory
EP2214355B1 (en) Method and apparatus for forwarding packets with hierarchically structured variable-length identifiers using an exact-match lookup engine
US9847935B2 (en) Technologies for distributed routing table lookup
CN102014043B (en) Address mapping system, data transmission method and address mapping maintenance method
US20070060147A1 (en) Apparatus for transmitting data packets between wireless sensor networks over internet, wireless sensor network domain name server, and data packet transmission method using the same
US10348646B2 (en) Two-stage port-channel resolution in a multistage fabric switch
US20150358232A1 (en) Packet Forwarding Method and VXLAN Gateway
CN102307136B (en) Method for processing message and device thereof
US20160330167A1 (en) Arp Implementation Method, Switch Device, and Control Device
US20060280138A1 (en) Wireless access point repeater
CN104780088A (en) Service message transmission method and equipment
CN101707569B (en) Method and device for processing NAT service message
US7822024B2 (en) Apparatus and method for performing security and classification in a multiprocessor router
US9401865B2 (en) Network appliance redundancy system, control apparatus, network appliance redundancy method and program
US11070471B1 (en) Switch fabric for networked virtual machines
WO2015108106A1 (en) Packet transfer device, control device, communication system, communication method, and program
US8472420B2 (en) Gateway device
JP2016509822A (en) Ethernet packet forwarding
CN106533946B (en) Message forwarding method and device
CN102201996B (en) Method and equipment for forwarding message in network address translation (NAT) environment
US11546222B2 (en) Mapping between wireless links and virtual local area networks
CN109246016B (en) Cross-VXLAN message processing method and device
JP5050978B2 (en) Transmission information transfer apparatus and method
Hemalatha et al. Real time prefix matching based IP lookup and update mechanism for efficient routing in networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Patentee after: Xinhua three Technology Co., Ltd.

Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base

Patentee before: Huasan Communication Technology Co., Ltd.