CN103731356B - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN103731356B
CN103731356B CN201310662028.7A CN201310662028A CN103731356B CN 103731356 B CN103731356 B CN 103731356B CN 201310662028 A CN201310662028 A CN 201310662028A CN 103731356 B CN103731356 B CN 103731356B
Authority
CN
China
Prior art keywords
public network
address
destination
port
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310662028.7A
Other languages
Chinese (zh)
Other versions
CN103731356A (en
Inventor
邱扩伟
钟岳林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Fujian Star Net Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Star Net Communication Co Ltd filed Critical Fujian Star Net Communication Co Ltd
Priority to CN201310662028.7A priority Critical patent/CN103731356B/en
Publication of CN103731356A publication Critical patent/CN103731356A/en
Application granted granted Critical
Publication of CN103731356B publication Critical patent/CN103731356B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a message processing method and a device which are applied to a multi-core routing system including multiple processor cores. Each processor core forwards messages through a flow platform. The message processing method comprises the steps: the first processor core establishes data message forward flows through input service of the flow platform; public network addresses and public network ports which are pre-allocated for data messages are confirmed in a public network address pool through network address translation service, and the situation that the data message reverse flows do not exist in a flow table stored on the flow platform is confirmed; the flow table stored on the flow platform is locked, data message reserve pseudo flows are established and stored in the flow table, the flow table is unlocked to enable the public network addresses and public network ports not be allocated for the processor cores in the multi-core routing system except the first processor core; the data message reverse flows are established through output service of the flow platform, and the reserve pseudo flows age after the reserve flows are established.

Description

Message processing method and device
Technical field
The present embodiments relate to the communication technology, more particularly to a kind of message processing method and device.
Background technology
Network address translation(Network Address Translation, abbreviation NAT)Technology is by IP data packet heads IP address conversion be another IP address process.
In the prior art, NAT technologies include internet protocol version(Internet Protocol version, letter Claim:IPv)The conversion and the conversion of IPv6/IPv4 of 4/IPv4, are mainly used in monokaryon route system.Wherein, IPv4/IPv4 Transfer process, is by the source IP v4 address translations of IPv4 data messages into public network IP v4 addresses.The transfer process of IPv6/IPv4 In, the source address of IPv6 data messages is translated into public network IP v4 addresses, the destination address of IPv6 data messages is translated into The destination address of IPv4 datagrams.After address conversion is carried out, final IPv4 data messages or IPv6 data messages are with public network IPv4 addresses are sent to destination host as outlet.
However, only giving monokaryon route system in the prior art carries out the implementation of NAT technology, and Do not provide how multinuclear route system realizes NAT technology.
The content of the invention
The embodiment of the present invention provides a kind of message processing method and device, is turned with the network address for realizing multinuclear route system Change technology.
In a first aspect, the present invention provides a kind of message processing method, multinuclear route system, the multinuclear route system are applied to System includes multiple processor cores, and each processor core is E-Packeted by levelling platform, including:
First processor core sets up the source address of data message, source port to purpose by the incoming traffic of the levelling platform Address, the forward stream of destination interface, the first processor core are any processor core in the multiple processor core;
The first processor core determines to be pre-assigned to the number by network address translation business in public network address pond According to the public network address of message, public network port, the destination in the flow table of preservation in the absence of the data message on levelling platform is determined Location, destination interface to the public network address, the reverse flow of the public network port;
The flow table preserved on the first processor verification levelling platform is locked, and sets up the destination of the data message Location, destination interface to the public network address, the reverse pseudo- stream of the public network port, and the reverse pseudo- stream is preserved to the stream In table, the flow table is unlocked, so that other processor cores in the multiple nucleus system in addition to the first processor core The public network address and the public network port cannot be distributed;
The first processor core sets up the destination address of the data message, mesh by the outgoing traffic of the levelling platform Port is to the public network address, the reverse flow of the public network port and preserves in the flow table, the reverse pseudo- stream is in institute State aging after reverse flow table is preserved into the flow table.
Second aspect, the present invention provides a kind of message process device, is applied to multinuclear route system, the multinuclear route system System includes multiple processor cores, and each processor core is E-Packeted by levelling platform, and the message process device is integrated throughout On reason device core, including:
First builds flow module, and the source address of data message, source port are set up for the incoming traffic by the levelling platform To destination address, the forward stream of destination interface;
Judge module, for determining to be pre-assigned to the datagram in public network address pond by network address translation business Public network address, the public network port of text, determine destination address, mesh in the flow table of preservation in the absence of the data message on levelling platform Port to the public network address, the reverse flow of the public network port;
Processing module, on convection current platform preserve flow table locked, set up the data message destination address, Destination interface is preserved to the flow table the reverse pseudo- stream to the public network address, the reverse pseudo- stream of the public network port In, the flow table is unlocked so that other processor cores in the multiple nucleus system in addition to the first processor core without Method distributes the public network address and the public network port;
Second builds flow module, for the outgoing traffic by the levelling platform set up the data message destination address, Destination interface is to the public network address, the reverse flow of the public network port and preserves into the flow table, and the reverse pseudo- stream exists The reverse flow table is aging after preserving into the flow table.
Message processing method provided in an embodiment of the present invention and device, the input that first processor core passes through the levelling platform Business sets up the source address of data message, source port to destination address, the forward stream of destination interface, and the first processor core is Any processor core in the multiple processor core;The first processor core is by network address translation business on public network ground Determine to be pre-assigned to public network address, the public network port of the data message in the pond of location, determine in the flow table preserved on levelling platform not There is destination address, destination interface to the public network address, the reverse flow of the public network port of the data message;Described The flow table preserved on one processor core convection current platform is locked, and sets up destination address, the destination interface of the data message extremely The public network address, the reverse pseudo- stream of the public network port, and the reverse pseudo- stream is preserved into the flow table, to the stream Table is unlocked, so that other processor cores in the multiple nucleus system in addition to the first processor core cannot distribute the public affairs Net address and the public network port;The first processor core sets up the data message by the outgoing traffic of the levelling platform Destination address, destination interface to the public network address, the reverse flow of the public network port and preserve in the flow table, it is described Reversely pseudo- stream is aging after the reverse flow table is preserved into the flow table, not only realizes the network address of multinuclear route system Conversion, it is thus also avoided that the address conflict issues between each core.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are this hairs Some bright embodiments, for those of ordinary skill in the art, without having to pay creative labor, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of message processing method embodiment one of the present invention;
Fig. 2 is embodiment of the present invention circulation hair schematic diagram;
Fig. 3 is the application IP addresses schematic diagram of message processing method of the present invention;
Fig. 4 is the structural representation of message process device embodiment one provided in an embodiment of the present invention.
Specific embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the schematic flow sheet of message processing method embodiment one of the present invention.At message provided in an embodiment of the present invention Reason method can be realized by arbitrary message process device.The message process device can be by arbitrary software and/or hardware reality It is existing.Message processing method provided in an embodiment of the present invention includes:
Step 101, first processor core set up the source address of data message, source by the incoming traffic of the levelling platform Mouthful to destination address, the forward stream of destination interface;
Step 102, the first processor core determine predistribution by network address translation business in public network address pond Public network address, public network port to the data message, determine do not exist the data message in the flow table preserved on levelling platform Destination address, destination interface to the public network address, the reverse flow of the public network port;
The flow table preserved on step 103, first processor verification levelling platform is locked, and sets up the data message Destination address, destination interface to the public network address, the reverse pseudo- stream of the public network port, and will the reverse pseudo- stream preservation Into the flow table, the flow table is unlocked, so that other in the multiple nucleus system in addition to the first processor core Processor core cannot distribute the public network address and the public network port;
Step 104, the first processor core set up the mesh of the data message by the outgoing traffic of the levelling platform Address, destination interface to the public network address, the reverse flow of the public network port and preserve in the flow table, it is described reversely Puppet stream is aging after the reverse flow table is preserved into the flow table.
During implementing, the message processing method that the present invention is provided is applied to multinuclear route system, wherein, multinuclear Route system includes multiple processor cores, and each processor core can receive message, and be E-Packeted by levelling platform.
Wherein, levelling platform is the basic business of platform property in multinuclear route system, is a kind of general to be operated in three layers A kind of forwarding platform, a packet can be according to its five-tuple(Source address, source port, destination address, destination interface and association View number)It is a stream that information is come abstract;Five-tuple is incomplete same, is indicated as different streams.
During implementing, Fig. 2 is embodiment of the present invention circulation hair schematic diagram.As shown in Fig. 2 levelling platform obtains report Text, stream identification/flow point class is carried out to message, and stream identification is what is be identified by the five-tuple of message, is responsible for rapidly recognizing Whether the packet of arrival belongs to the stream for having existed.Flow point class is that message flow is divided according to the protocol number of message Class.The incoming traffic of levelling platform constructs forward stream according to five-tuple information, and forward stream is added in flow table, then to report Text carries out routing forwarding, is modified when to message, such as when being modified to message source address after routing forwarding, levelling platform Outgoing traffic is responsible for extracting reverse stream information, constructs reverse flow, and reverse flow is added in flow table, finally enters line link to message Encapsulation, is forwarded.When the message that levelling platform is obtained is the non-first packet message of the message, can not be by incoming traffic, route Forwarding, outgoing traffic, directly by the sending service that circulates can carry out Link Encapsulation and forwarding.
It is identical to belong to the source of all data messages of same stream, purpose IP address, therefore can be along identical Path is forwarded, and same stream only needs to route first message, and the result that will be route is recorded in flow table, and subsequent packet is straight Connect and forwarded according to the result of record, without carrying out incoming traffic, routing forwarding and outgoing traffic again.
Network address translation(Network Address Translation, abbreviation NAT)It is an IP operation module.Its In, the corresponding NAT technologies of IPv4/IPv4 are referred to as NAT, and the corresponding NAT technologies of IPv6/IPv4 are referred to as NAT64, and levelling platform is IP industry The business general basic business module of layer, due to a packet can with it is abstract be a stream, recognized by five-tuple information;NAT/ NAT64 business carries out address conversion, and just includes address, port and protocol information in five-tuple information, and packet is entering Before row NAT/NAT64 Business Processings, forward stream can be first set up, then carry out NAT/NAT64 business, resettle reverse flow.
In the present embodiment, Fig. 3 is the application IP addresses schematic diagram of message processing method of the present invention.Assuming that polycaryon processor system System includes four processor cores, respectively first processor core C1, second processing device core C2, the 3rd processor core C3, the 4th Processor core C4.
First, for first processor core C1, message processing method of the invention is described in detail.Implementing During, first processor core C1 receives IPv4/IPv6 messages, and the type according to data message is different, and processing mode slightly has not Together.First so that data message is IPv4 messages as an example, illustrate.
For IPv4 messages, first processor core C1 obtains the five-tuple information of the IPv4 messages, described five yuan Group information includes source address 192.168.1.1, source port 3000, destination address 125.2.2.1, the destination of the IPv4 messages 5000 and protocol number IPv4 of mouth.
In a step 101, first processor core sets up source address, the source of IPv4 messages by the incoming traffic of levelling platform Mouthful to destination address, the forward stream of destination interface(192.168.1.1,3000----→125.2.2.1,5000;IPv4).
In a step 102, the first processor core passes through network address translation business in IPv4 public network addresses pond (1.1.1.1~1.1.1.20)Middle source address, the corresponding public network address of source port, the public affairs for determining to be pre-assigned to the IPv4 messages Net port, determines destination address, destination interface to the public affairs in the flow table of preservation in the absence of the IPv4 messages on levelling platform Net address, the reverse flow of the public network port.
Specifically, the first processor core determines to be reported with the presence or absence of the IPv4 in the flow table preserved on the levelling platform Destination address, destination interface to the public network address, the reverse flow of the public network port of text;
If it is not, then the first processor core determines the mesh in the flow table of preservation in the absence of the IPv4 messages on levelling platform Address, destination interface to the public network address, the reverse flow of the public network port;
If so, then the first processor core determines other pre- point by network address translation business in public network address pond The public network address of IPv4 messages, public network port described in dispensing, until in the absence of described in determining the flow table preserved on levelling platform The destination address of IPv4 messages, destination interface to the public network address, the reverse flow of the public network port, if for example, in flow table In find the stream, illustrate that the stream has been present, this public network address, public network port can not be allocated, it is necessary to again from public network ground Other addresses and port are selected in the pond of location carries out aforesaid operations again;Untill being allocated successfully.
In this example, it is assumed that it is 1.1.1.10 to be pre-assigned to the public network address of the IPv4 messages, public network port, 2500, the destination address of the IPv4 messages, destination interface to the public network address, the reverse flow of the public network port are (125.2.2.1,5000----→1.1.1.10,2500;IPv4).
In step 103, when processor core needs to set up reversely pseudo- stream, when being operated to flow table, first processor core The flow table preserved on C1 convection current platforms is locked, and sets up destination address, the destination interface to the public network of the IPv4 messages Address, the reverse pseudo- stream of the public network port(125.2.2.1,5000----→1.1.1.10,2500;IPv4), at first Reason device core C1 flows reversely puppet after preserving into flow table, and flow table is unlocked.It is unlocked to flow table in first processor core C1 Before, other processor cores C2, C3, C4, it is impossible to operated to the flow table.Because first processor core C1 is added to flow table Lock, other processor cores C2, C3, C4 cannot use flow table, i.e., cannot determine in the flow table preserved on levelling platform in the absence of described The destination address of IPv4 messages, destination interface to the public network address, the reverse flow of the public network port, so that other processors Core C2, C3, C4 can not carry out the process of application IP addresses distribution, finally, its in multiple nucleus system in addition to the first processor core Its processor core cannot distribute the public network address and the public network port.
At step 104, first processor core sets up the mesh of the IPv4 messages by the outgoing traffic of the levelling platform Address, destination interface to the public network address, the reverse flow of the public network port, and be stored in the flow table, it is described anti- It is aging after the reverse flow table is preserved into the flow table to puppet stream.
Specifically, first processor core C1 sets up the destination of the IPv4 messages by the outgoing traffic of the levelling platform Location, destination interface to the public network address, the reverse flow of the public network port,(125.2.2.1,5000----→1.1.1.10, 2500;IPv4).After reverse flow is successfully established, reversely pseudo- stream is aging.
It will be understood by those skilled in the art that the data mode that reversely pseudo- stream and reverse flow are showed in flow table is identical , but implication is different in thing.Reverse flow is set up on the outgoing traffic of levelling platform, and reversely pseudo- stream is not in levelling Set up on platform.Reverse flow is the real stream set up by levelling platform, and reversely puppet stream is only the destination for setting up data message Location, destination interface to the public network address, a kind of data mode of the public network port.
In order to not influence operation of other processor cores to flow table, the lock times of first processor verification flow table are very short, Within the locking time locked between unlocking, IPv4 messages are also introduced into the outgoing traffic of levelling platform, or outgoing traffic Reverse flow is not set up also, reversely pseudo- stream is now set up, and reverse pseudo- stream is stored in flow table, it is ensured that the time after unblock, Other processor cores can be operated to the flow table, but, due to the reversely pseudo- presence flowed, other processor cores find this Reversely during pseudo- stream, it is impossible to flow corresponding public network address to the reverse puppet and public network port pre-allocates, when the output of levelling platform Business sets up reverse flow, and after reverse flow is preserved into flow table, reversely pseudo- stream is aging, so as to avoid between processor core Occurs conflict in applied address.
It is described in detail by IPv6 messages of data message below.
For IPv6 messages, first processor core C1 obtains the five-tuple information of the IPv6 messages, described five yuan Group information includes the source address 3000 of the IPv6 messages::1st, source port 3000, destination address 2001:da8::7d02:201、 Destination interface 5000 and protocol number IPv6.First processor core C1 is converted to the destination address of IPv6 messages, destination interface The destination address of IPv4 messages, destination interface.Specifically, last 32 to the destination address of IPv6 messages extract, and obtain To the destination address 125.2.2.1 of IPv4 messages.
In a step 101, first processor core sets up source address, the source of IPv6 messages by the incoming traffic of levelling platform Mouthful to destination address, the forward stream of destination interface(3000::1,3000----→2001:da8::7d02:201,5000; IPv6).
In a step 102, the first processor core passes through network address translation business in IPv4 public network addresses pond (1.1.1.1~1.1.1.20)Middle source address, the corresponding public network address of source port, the public affairs for determining to be pre-assigned to the IPv6 messages Net port, determines destination address, the destination interface to public network ground on levelling platform in the flow table of preservation in the absence of IPv4 messages Location, the reverse flow of the public network port.Wherein, the destination address of IPv4 messages, destination interface for IPv6 messages destination address, What destination interface was converted to.
Specifically, first processor core determines the purpose in the flow table of preservation with the presence or absence of IPv4 messages on the levelling platform Address, destination interface to public network address, the reverse flow of public network port;
If it is not, then first processor core determine on levelling platform preserve flow table in the absence of IPv4 messages destination address, Destination interface is to public network address, the reverse flow of public network port;
If so, then first processor core determines other pre- point by network address translation business in IPv4 public network addresses pond The public network address of dispensing IPv6 messages, public network port, until in the absence of IPv4 messages in determining the flow table preserved on levelling platform Destination address, destination interface are to public network address, the reverse flow of public network port, if for example, find the stream in flow table, illustrating this Stream existed, this public network address, public network port can not be allocated, it is necessary to selected from public network address pond again other addresses and Port carries out aforesaid operations again;Untill being allocated successfully.
In this example, it is assumed that it is 1.1.1.10 to be pre-assigned to the public network address of the IPv6 messages, public network port, 2500, after the destination address of IPv6 messages is changed, the destination address of IPv4 is obtained for 125.2.2.1,5000.
The destination address of IPv6 messages, destination interface to public network address, the reverse flow of public network port are(125.2.2.1, 5000----→1.1.1.10,2500;IPv6).
In step 103, when processor core needs to set up reversely pseudo- stream, when being operated to flow table, first processor core The flow table preserved on C1 convection current platforms is locked, and sets up destination address, destination interface to public network address, the public network of IPv6 messages The reverse pseudo- stream of port(125.2.2.1,5000----→1.1.1.10,2500;IPv6), when first processor core C1 will be reverse After puppet stream is preserved into flow table, flow table is unlocked.Before first processor core C1 is unlocked to flow table, other processor cores C2, C3, C4, it is impossible to operated to the flow table.Because first processor core C1 is locked to flow table, other processor cores C2, C3, C4 cannot use flow table, i.e., cannot determine the destination in the flow table of preservation in the absence of the IPv6 messages on levelling platform Location, destination interface to the public network address, the reverse flow of the public network port, so that other processor cores C2, C3, C4 can not enter The process of row address application distribution, finally, other processor cores in multiple nucleus system in addition to the first processor core cannot divide With the public network address and the public network port.
At step 104, first processor core is after the outgoing traffic of the levelling platform sets up the conversion of IPv6 messages The destination address of IPv4 messages, destination interface to public network address, the reverse flow of public network port, the reverse pseudo- stream is described reverse Flow table is aging after preserving into the flow table.
Specifically, the IPv4 that first processor core C1 is set up after IPv6 messages are changed by the outgoing traffic of the levelling platform The destination address of message, destination interface to public network address, the reverse flow of public network port,(125.2.2.1,5000----→ 1.1.1.10,2500;IPv6).After reverse flow is successfully established, reversely pseudo- stream is aging.In the present embodiment, IPv6 reports are established The forward stream and reverse flow of text, in subsequent process, after IPv6 messages are converted to IPv4 messages, are resettling IPv4 messages just To stream and reverse flow, for specifically building stream process, here is omitted for the present embodiment.
It will be understood by those skilled in the art that in order to not influence operation of other processor cores to flow table, first processor The lock times for checking flow table are very short, and within the locking time locked between unlocking, IPv6 messages are also introduced into levelling platform Outgoing traffic, or outgoing traffic do not set up reverse flow also, now sets up reversely pseudo- stream, and reverse pseudo- stream is stored in into flow table In, it is ensured that the time after unblock, other processor cores can be operated to the flow table, but, due to reverse pseudo- stream In the presence of when other processor cores find the reverse pseudo- stream, it is impossible to flow corresponding public network address and public network port to the reverse puppet Pre-allocated, when the outgoing traffic of levelling platform sets up reverse flow, and after reverse flow is preserved into flow table, reversely pseudo- stream is old Change, occur conflict between processor core in applied address so as to avoid.
For second processing device core C2, the 3rd processor core C3, fourth processor core C4 Message processing process, reference can be made to The implementation process of first processor core C1, here is omitted for the present embodiment.
Message processing method provided in an embodiment of the present invention, first processor core is built by the incoming traffic of the levelling platform Source address, source port to destination address, the forward stream of destination interface of vertical data message, the first processor core are described many Any processor core in individual processor core;The first processor core is by network address translation business in public network address pond It is determined that being pre-assigned to the public network address of the data message, public network port, determine do not exist institute in the flow table preserved on levelling platform State destination address, destination interface to the public network address, the reverse flow of the public network port of data message;First treatment The flow table preserved on device verification levelling platform is locked, and sets up destination address, the destination interface to the public affairs of the data message Net address, the reverse pseudo- stream of the public network port, and the reverse pseudo- stream is preserved into the flow table, the flow table is carried out Unblock, so that other processor cores in the multiple nucleus system in addition to the first processor core cannot distribute the public network address With the public network port;The first processor core sets up the purpose of the data message by the outgoing traffic of the levelling platform Address, destination interface to the public network address, the reverse flow of the public network port are simultaneously preserved into the flow table, the reverse puppet Stream is aging after the reverse flow table is preserved into the flow table, not only realizes the network address translation of multinuclear route system, Also avoid the address conflict issues between each core.
Fig. 4 is the structural representation of message process device embodiment one provided in an embodiment of the present invention.The present embodiment is provided Message process device, be applied to multinuclear route system, the multinuclear route system includes multiple processor cores, each processor Core will be E-Packeted by levelling platform, on the integrated throughout reason device core of the message process device 40, including:
First builds flow module 401, and the source address of data message, source are set up for the incoming traffic by the levelling platform Mouthful to destination address, the forward stream of destination interface;
Judge module 402, for determining to be pre-assigned to the number in public network address pond by network address translation business According to the public network address of message, public network port, the destination in the flow table of preservation in the absence of the data message on levelling platform is determined Location, destination interface to the public network address, the reverse flow of the public network port;
Processing module 403, the flow table for being preserved on convection current platform is locked, and sets up the destination of the data message Location, destination interface to the public network address, the reverse pseudo- stream of the public network port, and the reverse pseudo- stream is preserved to the stream In table, the flow table is unlocked, so that other processor cores in the multiple nucleus system in addition to the first processor core The public network address and the public network port cannot be distributed;
Second builds flow module 404, and the destination of the data message is set up for the outgoing traffic by the levelling platform Location, destination interface to the public network address, the reverse flow of the public network port are simultaneously preserved into the flow table, the reverse pseudo- stream It is aging after the reverse flow table is preserved into the flow table.
Message process device provided in an embodiment of the present invention, can be used to perform the technical scheme of above-mentioned message processing method, Its realization principle is similar with technique effect, and here is omitted for the present embodiment.
Alternatively, the judge module specifically for:
Determined with being pre-assigned to the public network of the data message in public network address pond by network address translation business Location, public network port;
Determine on the levelling platform preserve flow table in the presence or absence of the data message destination address, destination interface extremely The public network address, the reverse flow of the public network port;
If so, then determining that other are pre-assigned to the data message in public network address pond by network address translation business Public network address, public network port, until determine levelling platform on preserve flow table in the absence of the data message destination address, Destination interface is to the public network address, the reverse flow of the public network port.
Alternatively, the data message is IPv4 messages, and described device also includes:
First acquisition module, for setting up the source address of data message, source by the incoming traffic of the levelling platform Before mouth to destination address, the forward stream of destination interface, IPv4 messages are received, obtain the five-tuple information of the IPv4 messages, The five-tuple information includes source address, source port, destination address, destination interface and the protocol number of the IPv4 messages;
The judge module also particularly useful for:
Determine in IPv4 public network addresses pond to be pre-assigned to the public network of the IPv4 messages by network address translation business Address, public network port.
Alternatively, the data message is IPv6 messages, and described device also includes:
Second acquisition module, for setting up the source address of data message, source by the incoming traffic of the levelling platform Before mouth to destination address, the forward stream of destination interface, IPv6 messages are received, obtain the five-tuple information of the IPv6 messages, The five-tuple information includes source address, source port, destination address, destination interface and the protocol number of the IPv6 messages;
Modular converter, the destination for the destination address of the IPv6 messages, destination interface to be converted to IPv4 messages Location, destination interface;
The judge module also particularly useful for:
Determine in IPv4 public network addresses pond to be pre-assigned to the public network of the IPv6 messages by network address translation business Address, public network port;
The destination address of the data message, destination interface to the public network address, the reverse flow tool of the public network port Body is:
Destination address, destination interface to the public network address, the institute of the IPv4 messages obtained after the IPv6 messages conversion State the reverse flow of public network port.
Message process device provided in an embodiment of the present invention, can be used to perform the technical scheme of above-mentioned message processing method, Its realization principle is similar with technique effect, and here is omitted for the present embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed apparatus and method, can be by it Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only Only a kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can be tied Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed Coupling each other or direct-coupling or communication connection can be the INDIRECT COUPLINGs or logical of device or unit by some interfaces Letter connection, can be electrical, mechanical or other forms.
The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be according to the actual needs selected to realize the mesh of this embodiment scheme 's.
In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.Above-mentioned integrated list Unit can both be realized in the form of hardware, it would however also be possible to employ hardware adds the form of SFU software functional unit to realize.
The above-mentioned integrated unit realized in the form of SFU software functional unit, can store and be deposited in an embodied on computer readable In storage media.Above-mentioned SFU software functional unit storage is in a storage medium, including some instructions are used to so that a computer Equipment(Can be personal computer, server, or network equipment etc.)Or processor(processor)Perform the present invention each The part steps of embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage(Read- Only Memory, ROM), random access memory(Random Access Memory, RAM), magnetic disc or CD etc. it is various Can be with the medium of store program codes.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey Sequence upon execution, performs the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent Pipe has been described in detail with reference to foregoing embodiments to the present invention, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, or which part or all technical characteristic are entered Row equivalent;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (6)

1. a kind of message processing method, it is characterised in that be applied to multinuclear route system, the multinuclear route system includes multiple Processor core, each processor core is E-Packeted by levelling platform, including:
First processor core sets up the source address of data message, source port to destination by the incoming traffic of the levelling platform Location, the forward stream of destination interface, the first processor core are any processor core in the multiple processor core;
The first processor core determines to be pre-assigned to the datagram by network address translation business in public network address pond Public network address, the public network port of text, determine destination address, mesh in the flow table of preservation in the absence of the data message on levelling platform Port to the public network address, the reverse flow of the public network port;
The flow table preserved on first processor verification levelling platform is locked, set up the data message destination address, Destination interface is preserved to the flow table the reverse pseudo- stream to the public network address, the reverse pseudo- stream of the public network port In, the flow table is unlocked so that other processor cores in the multiple nucleus system in addition to the first processor core without Method distributes the public network address and the public network port;
The first processor core sets up the destination address of the data message, destination by the outgoing traffic of the levelling platform Mouth is to the public network address, the reverse flow of the public network port and preserves into the flow table, and the reverse pseudo- stream is described anti- It is aging after being preserved into the flow table to flow table;
Wherein, the first processor core determines to be pre-assigned to the number by network address translation business in public network address pond According to the source address of message, the corresponding public network address of source port, public network port, determine do not exist institute in the flow table preserved on levelling platform Destination address, destination interface to the public network address, the reverse flow of the public network port of data message are stated, including:
The first processor core determines to be pre-assigned to the datagram by network address translation business in public network address pond Public network address, the public network port of text;
The first processor core determines the destination in the flow table of preservation with the presence or absence of the data message on the levelling platform Location, destination interface to the public network address, the reverse flow of the public network port;
If so, then the first processor core determines that other are pre-assigned to by network address translation business in public network address pond The public network address of the data message, public network port, until not existing the datagram in determining the flow table preserved on levelling platform Destination address, destination interface to the public network address, the reverse flow of the public network port of text.
2. method according to claim 1, it is characterised in that the data message is IPv4 messages, first treatment Device core sets up the source address of data message, source port to destination address, destination interface by the incoming traffic of the levelling platform Before forward stream, also include:
The first processor core receives IPv4 messages, obtains the five-tuple information of the IPv4 messages, the five-tuple information Source address, source port, destination address, destination interface and protocol number including the IPv4 messages;
The first processor core determines to be pre-assigned to the datagram by network address translation business in public network address pond Public network address, the public network port of text, including:
The first processor core determines to be pre-assigned to described by network address translation business in IPv4 public network addresses pond The public network address of IPv4 messages, public network port.
3. method according to claim 1, it is characterised in that the data message is IPv6 messages, first treatment Device core sets up the source address of data message, source port to destination address, destination interface by the incoming traffic of the levelling platform Before forward stream, also include:
The first processor core receives IPv6 messages, obtains the five-tuple information of the IPv6 messages, the five-tuple information Source address, source port, destination address, destination interface and protocol number including the IPv6 messages;
The destination address of the IPv6 messages, destination interface are converted to the first processor core destination of IPv4 messages Location, destination interface;
The first processor core determines to be pre-assigned to the datagram by network address translation business in public network address pond Public network address, the public network port of text, including:
The first processor core determines to be pre-assigned to described by network address translation business in IPv4 public network addresses pond The public network address of IPv6 messages, public network port;
The destination address of the data message, destination interface to the public network address, the reverse flow of the public network port are specially:
Destination address, destination interface to the public network address, the public affairs of the IPv4 messages obtained after the IPv6 messages conversion Net the reverse flow of port.
4. a kind of message process device, it is characterised in that be applied to multinuclear route system, the multinuclear route system includes multiple Processor core, each processor core is E-Packeted by levelling platform, on the integrated throughout reason device core of the message process device, bag Include:
First builds flow module, and the source address of data message, source port to mesh are set up for the incoming traffic by the levelling platform Address, the forward stream of destination interface;
Judge module, for determining to be pre-assigned to the data message in public network address pond by network address translation business Public network address, public network port, determine destination address, destination in the flow table of preservation in the absence of the data message on levelling platform Mouthful to the public network address, the reverse flow of the public network port;
Processing module, the flow table for being preserved on convection current platform is locked, and sets up destination address, the purpose of the data message Port is preserved into the flow table the reverse pseudo- stream to the public network address, the reverse pseudo- stream of the public network port, right The flow table is unlocked, so that other processor cores in the multiple nucleus system in addition to the first processor core cannot be distributed The public network address and the public network port;
Second builds flow module, and the destination address of the data message, purpose are set up for the outgoing traffic by the levelling platform Port is to the public network address, the reverse flow of the public network port and preserves into the flow table, and the reverse pseudo- stream is described Reverse flow table is aging after preserving into the flow table;
Wherein, the judge module specifically for:
Determine in public network address pond to be pre-assigned to public network address, the public affairs of the data message by network address translation business Net port;
Determine in the flow table preserved on the levelling platform with the presence or absence of the destination address of the data message, destination interface to described Public network address, the reverse flow of the public network port;
If so, then determining that other are pre-assigned to the public affairs of the data message in public network address pond by network address translation business Net address, public network port, until in the absence of destination address, the purpose of the data message in determining the flow table preserved on levelling platform Port is to the public network address, the reverse flow of the public network port.
5. device according to claim 4, it is characterised in that the data message is IPv4 messages, described device is also wrapped Include:
First acquisition module, for setting up the source address of data message, source port extremely by the incoming traffic of the levelling platform Before destination address, the forward stream of destination interface, IPv4 messages are received, obtain the five-tuple information of the IPv4 messages, it is described Five-tuple information includes source address, source port, destination address, destination interface and the protocol number of the IPv4 messages;
The judge module also particularly useful for:
Determine in IPv4 public network addresses pond to be pre-assigned to by network address translation business the public network address of the IPv4 messages, Public network port.
6. device according to claim 4, it is characterised in that the data message is IPv6 messages, described device is also wrapped Include:
Second acquisition module, for setting up the source address of data message, source port extremely by the incoming traffic of the levelling platform Before destination address, the forward stream of destination interface, IPv6 messages are received, obtain the five-tuple information of the IPv6 messages, it is described Five-tuple information includes source address, source port, destination address, destination interface and the protocol number of the IPv6 messages;
Modular converter, for the destination address of the IPv6 messages, destination interface to be converted into the destination address of IPv4 messages, mesh Port;
The judge module also particularly useful for:
Determine in IPv4 public network addresses pond to be pre-assigned to by network address translation business the public network address of the IPv6 messages, Public network port;
The destination address of the data message, destination interface to the public network address, the reverse flow of the public network port are specially:
Destination address, destination interface to the public network address, the public affairs of the IPv4 messages obtained after the IPv6 messages conversion Net the reverse flow of port.
CN201310662028.7A 2013-12-09 2013-12-09 Message processing method and device Active CN103731356B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310662028.7A CN103731356B (en) 2013-12-09 2013-12-09 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310662028.7A CN103731356B (en) 2013-12-09 2013-12-09 Message processing method and device

Publications (2)

Publication Number Publication Date
CN103731356A CN103731356A (en) 2014-04-16
CN103731356B true CN103731356B (en) 2017-05-24

Family

ID=50455291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310662028.7A Active CN103731356B (en) 2013-12-09 2013-12-09 Message processing method and device

Country Status (1)

Country Link
CN (1) CN103731356B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9602465B2 (en) * 2014-09-09 2017-03-21 Citrix Systems, Inc. Systems and methods for carrier grade NAT optimization
CN104836738B (en) * 2015-04-02 2018-05-22 福建星网锐捷网络有限公司 Routing hardware list item method for managing resource, device and the network equipment
CN107566549B (en) * 2017-09-30 2021-06-18 东软集团股份有限公司 Method, device and equipment for processing network address translation mapping table
CN108390954B (en) * 2018-03-26 2021-09-21 新华三信息安全技术有限公司 Message transmission method and device
CN109067935A (en) * 2018-08-16 2018-12-21 深圳市风云实业有限公司 Packet message processing method and multi-core processor system
CN112929277B (en) * 2019-12-06 2024-03-05 华为云计算技术有限公司 Message processing method and device
CN112333298B (en) * 2020-12-01 2022-09-02 武汉绿色网络信息服务有限责任公司 Message transmission method and device, computer equipment and storage medium
CN112737957B (en) * 2020-12-30 2022-12-13 锐捷网络股份有限公司 Flow table aging method and device
CN113098858B (en) * 2021-03-29 2023-07-14 上海辰锐信息科技有限公司 Lock-free processing system and method for link establishment message

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1592886A (en) * 2000-11-24 2005-03-09 凯萨罗恩产品公司 Method and device for implementing computer multi-tasking via virtual threading
CN101276294A (en) * 2008-05-16 2008-10-01 杭州华三通信技术有限公司 Method and apparatus for parallel processing heteromorphism data
CN101299773A (en) * 2008-06-02 2008-11-05 华为技术有限公司 Method, processor and system for implementing network address conversion
CN102821165A (en) * 2012-04-13 2012-12-12 中兴通讯股份有限公司 Method and device for converting internet protocol (IP) address

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1592886A (en) * 2000-11-24 2005-03-09 凯萨罗恩产品公司 Method and device for implementing computer multi-tasking via virtual threading
CN101276294A (en) * 2008-05-16 2008-10-01 杭州华三通信技术有限公司 Method and apparatus for parallel processing heteromorphism data
CN101299773A (en) * 2008-06-02 2008-11-05 华为技术有限公司 Method, processor and system for implementing network address conversion
CN102821165A (en) * 2012-04-13 2012-12-12 中兴通讯股份有限公司 Method and device for converting internet protocol (IP) address

Also Published As

Publication number Publication date
CN103731356A (en) 2014-04-16

Similar Documents

Publication Publication Date Title
CN103731356B (en) Message processing method and device
CN105264834B (en) A kind of method, apparatus and NVO3 network of the processing multicast message in NVO3 network
CN106664261B (en) A kind of methods, devices and systems configuring flow entry
EP2206052B1 (en) Methods and apparatus for managing addresses related to virtual partitions of a session exchange device
CN103457818B (en) Extend more hosts in bridge
CN107920023A (en) A kind of realization method and system in secure resources pond
CN100379220C (en) Shared port address translation on a router behaving as NAT and NAT-PT gateway
CN105553977B (en) Processing, sending method and the device of request message
TW522684B (en) MAC address-based communication restricting method
CN103118149B (en) Communication control method between same tenant's server and the network equipment
CN104954221B (en) PCI Express architecture for fully connected network LF Topology structure route
CN103516610B (en) Method for processing business, equipment and system
CN104410541B (en) The method and device that VXLAN internal layer virtual machine traffics are counted in intermediary switch
CN104780111B (en) Virtualize the method and device, virtualization network that message forwards in network
CN107113240A (en) Expansible VLAN file transmitting method, computer equipment and computer-readable recording medium
CN109698788A (en) Flow forwarding method and flow forwarding device
CN101800690B (en) Method and device for realizing source address conversion by using address pool
CN108199958A (en) A kind of general secure resources pond service chaining realization method and system
CN106209638A (en) From VLAN to the message forwarding method of virtual expansible LAN and equipment
CN103685032B (en) Message forwarding method and network address translation services device
CN107968749A (en) Realize method, exchange chip and the interchanger of QinQ route terminations
CN109412927A (en) A kind of more VPN data transmission methods, device and the network equipment
CN106209636A (en) From the multicast data packet forwarding method and apparatus of VLAN to VXLAN
CN108833472B (en) System is established in the connection of cloud host
CN105991438A (en) Method and device for processing data packet in virtual two-layer network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor

Patentee after: RUIJIE NETWORKS CO., LTD.

Address before: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor

Patentee before: Fujian Xingwangruijie Network Co., Ltd.

CP01 Change in the name or title of a patent holder