CN103797774B - A kind of network address translation apparatus and method - Google Patents

A kind of network address translation apparatus and method Download PDF

Info

Publication number
CN103797774B
CN103797774B CN201380002273.3A CN201380002273A CN103797774B CN 103797774 B CN103797774 B CN 103797774B CN 201380002273 A CN201380002273 A CN 201380002273A CN 103797774 B CN103797774 B CN 103797774B
Authority
CN
China
Prior art keywords
cpu
message
port resource
port
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201380002273.3A
Other languages
Chinese (zh)
Other versions
CN103797774A (en
Inventor
魏东
谭玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN103797774A publication Critical patent/CN103797774A/en
Application granted granted Critical
Publication of CN103797774B publication Critical patent/CN103797774B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2517Translation of Internet protocol [IP] addresses using port numbers

Abstract

The invention provides a kind of device and method of network address translation, to solve the problem of control panel is as port resource distribution bottlenecks and low port resource utilization rate.Network address translation apparatus includes control panel, business board and interface board.Business board includes multiple CPU, and multiple CPU that the port resource of network address translation apparatus distributes to business board are managed and distributed.Interface board is used for the first CPU that the first message for sending customer premises equipment, CPE is transmitted to business board;First CPU of the business board determines the port resource block that the 2nd CPU is responsible for needed for the first message carries out network address translation according to NAT strategies, N number of port resource is obtained from the 2nd CPU, network address translation is carried out to first message using first port resource from the N number of port resource obtained;The first message after network address translation is sent to interface board;The first message carried out after network address translation is sent in external network by the interface board.Port resource is managed by the CPU of business board respectively, the problem of solving the bottleneck that control panel is distributed as port resource;Multiple CPU take part in the process of network address translation, give full play to the advantage of distributed system, and improve the utilization rate of port resource.

Description

A kind of network address translation apparatus and method
Technical field
The present invention relates to Internet technical field, more particularly to a kind of network address translation(Network Address Translation, NAT)Device and method.
Background technology
Internet(internet)The IPv4 used(Internet Protocol version 4, internet protocol version 4)There are 32(4 bytes)Address, can at most allow the computer of 2 32 power quantity to be linked in internet.With internet Develop rapidly, the demand to IP address is more and more big, IPv4 addresses will be allocated totally this problem can not avoid.This Under demand, the Internet protocol of next version, i.e. IPv6 are proposed(Internet Protocol version6, internet protocol Discuss version 6).IPv6 uses 128 bit address length, and IP address can be almost provided without restriction, and in security, network It is significantly improved in terms of management, mobility and service quality, is the core standard that Next Generation Internet network agreement is used.
However, due to the network using IPv4(Hereinafter referred IPv4 networks)What is developed is highly developed, and IPv4 networks are non- It is often huge, so that must not need one section of long time progressively from IPv4 networks to IPv6 networks(Use IPv6 network) Transition.In IPv4 networks to the very long transition period of IPv6 networks, NAT(Network Address Translation, network Address conversion)Technology will be used widely.NAT technologies belong to access wide area network(WAN,)Technology, is that one kind will be privately owned (private)Address is converted into public network(public)The switch technology of IP address, is widely used in various internets (internet)Access way in.
It is different from the NAT of normal domestic use or enterprise-level, for operator(Carrier)For, the client that it is faced is more, Therefore requirement to NAT performance, manageability and manageability is high.
Carrier class networks address conversion(Carrier Grade Network Address Translation, i.e., CGNAT, abbreviation CGN)Technology is the widely used transition scheme of current each operator.CGN was also once referred to as LSN (Large Scale NAT), its essence is exactly NAT.Because the client that operator faces is a lot, it can be calculated mostly in units of hundred million, because The portfolio of network address translation to be processed is also very big needed for this CGN equipment.In IPv4 networks to the very long mistake of IPv6 networks During crossing, CGN is required to ensure that existing terminal or the normal of business are used, while real IPv6 applications can be realized again, And in performance, the demand that degree can be runed and business is met in terms of degree can be managed.
The content of the invention
In view of this, the invention provides a kind of device and method of network address translation, by network address translation apparatus The port resource managed is sent respectively to the CPU of each business board, is responsible for managing port resource by the CPU of business board Reason and distribution, and each port resource is managed independently by a CPU, is so realizing the whole process of network address translation In, the CPU of the business board of management port resource can be the CPU distribution port resources for the business board for receiving message, multiple business The CPU of plate participates in realizing network address translation jointly, has given full play to the advantage of distributed system, improves point of port resource With efficiency and utilization rate.
In order to solve the above problems, in a first aspect, realizing setting for network address translation the embodiments of the invention provide a kind of Standby, the equipment includes:Control panel (11), business board and interface board (15), the business board include multiple CPU (central processing unit,CPU), wherein the port resource of the equipment distributes to multiple CPU of the business board It is managed and distributes;The interface board (15) is used for the first report for receiving the first session of customer premises equipment, CPE (301) transmission Text, and first message is transmitted to the first CPU of the business board;First CPU is used for, and is determined according to NAT strategies 2nd CPU is responsible for the port resource required for the first message progress network address translation;Obtained from the 2nd CPU N number of port resource;Network address translation is carried out to first message using first port resource from N number of port resource Message after being changed;Message after the conversion is sent to the interface board (15);The interface board (15) is additionally operable to Message after the conversion received is sent to external network.
With reference in a first aspect, in the first possible implementation, the equipment also includes:Control panel is used for:By end Multiple CPUs of the mouth resource broadcast to the business board;Or port assignment strategy is broadcast to multiple CPU of business board, wherein The port assignment strategy distributes to the port resource of the equipment multiple CPU of the business board, and each CPU is responsible for The distributed port resource of management.
In second of possible implementation with reference to first aspect, the equipment also includes:The interface board (15) is entered One step is used for:First message is transmitted to the first CPU of the business board according to the source IP address of first message.
In the third possible implementation, the equipment also includes:When the first CPU receives first report Where literary during the second message of session, the first CPU is further used for entering second message according to the conversational list of preservation Row processing, wherein the conversational list is set up after first message completes network address translation.
In the 4th kind of possible implementation, the equipment also includes:Stayed when the first CPU receives the user During three message of the second session that ground equipment (301) is sent, wherein second session is different from first session One new session, the first CPU is further used for choosing second port resource from N number of port resource to the described 3rd Message carries out network address translation.
In the 5th kind of possible implementation, the equipment also includes:The network address transferring strategy is used for basis The characteristic of the message received determines corresponding port resource information
In the 6th kind of possible implementation, the equipment also includes:First CPU is used to receive the 4th message; The end that the first CPU is responsible for required for the 4th message carries out network address translation is determined according to NAT strategies Mouth resource;In the port resource pond managed from the first CPU M end is distributed to send the customer premises equipment, CPE of the 4th message Mouth resource;Network address translation is carried out to the 4th message using the first port resource in M port resource.
In the 7th kind of possible implementation, the equipment also includes:First CPU is additionally operable to store the M The use state of port resource, and regularly update the use state of the M port resource.
In the 8th kind of possible implementation, the equipment also includes:It is described that 2nd CPU is further used for storage The use state of N number of port resource, and the use state of N number of port resource is sent to the first CPU;Described first CPU is further used for regularly updating the use state of N number of port resource, and the use state of the renewal is sent into institute State the 2nd CPU.
Second aspect, the embodiments of the invention provide a kind of method for network address translation, wherein, realize the network address The equipment of conversion method includes control panel (11), interface board (15) and the business board with multiple CPU, and the port of the equipment is provided Multiple CPU that the business board is distributed in source are managed and distributed;First CPU of the business board receives the interface board (15) the first message of the first session that the customer premises equipment, CPE (301) of forwarding is sent;Determined according to network address transferring strategy 2nd CPU manages the port resource required for the first message progress network address translation;Obtain N number of from the 2nd CPU Port resource;Network address translation is carried out using the first port resource in N number of port resource to first message to obtain Message after to conversion;Message after the conversion is sent to the interface board (15);The interface board (15) described will turn Message after changing is sent to external network.
With reference to second aspect, in the first possible implementation, the method for network address translation also includes:It is described The port resource is broadcast to multiple CPU of the business board by control panel (11);Or the control panel (11) divides port Multiple CPU of the business board are broadcast to strategy, wherein the port assignment strategy is used for the port resource of the equipment Multiple CPU of the business board are distributed to, each CPU is responsible for distributed port resource.
In second of possible implementation with reference to second aspect, the method for network address translation also includes, described Interface board (15) distributes to first message described the first of the business board according to the source IP address of first message CPU。
In the third possible implementation with reference to second aspect, the method for network address translation also includes, and works as institute State the first CPU receive belong to first message where session the second message when, the first CPU is according to the session of preservation Table is handled second message, wherein the conversational list is set up after first message completes network address translation 's.
In the 4th kind of possible implementation with reference to second aspect, the method for network address translation also includes, and works as institute When stating three message of the second session that the first CPU receives the customer premises equipment, CPE (301) transmission, wherein second meeting Words are a new sessions different from first session, and the first CPU uses the second port resource in N number of port resource Network address translation is carried out to the 3rd message.
In the 5th kind of possible implementation with reference to second aspect, the method for network address translation also includes, described Network address transferring strategy is used to determine corresponding port resource according to the characteristic of the message received.
In the 6th kind of possible implementation with reference to second aspect, the method for network address translation also includes, described First CPU receives the 4th message;Determine that the first CPU is responsible for the 4th report according to the network address transferring strategy Text carries out the port resource required for network address translation;It is transmission the described 4th in the port resource managed from the first CPU The customer premises equipment, CPE of message distributes M port resource;Reported using the first port resource in M port resource to the described 4th Text carries out network address translation.
In the 7th kind of possible implementation with reference to second aspect, the method for network address translation also includes, described First CPU preserves the use state of the M port resource, and regularly updates the use state of the M port resource.
In the 8th kind of possible implementation with reference to second aspect, the method for network address translation also includes, described 2nd CPU stores the use state of N number of port resource, and the use state of N number of port resource is sent to described First CPU;First CPU regularly updates the use state of N number of port resource, and the use state of the renewal is sent out Give the 2nd CPU.
The embodiment of the present invention is sent respectively to each business by the port resource that network address translation apparatus is managed The CPU of plate, is responsible for the management and distribution to port resource by the CPU of business board, and each port resource by a CPU Lai Manage independently, during the entire process of network address translation is realized, the CPU of the business board of management port resource can be to receive report The CPU distribution port resources of the business board of text, the CPU of multiple business boards participates in realizing network address translation jointly.So by industry The CPU of business plate is managed come the port resource to network address translation apparatus, it is to avoid control panel turns into port resource distribution Bottleneck, given full play to the advantage of distributed system, improved the allocative efficiency and utilization rate of port resource.
According to below with reference to the accompanying drawings becoming to detailed description of illustrative embodiments, further feature of the invention and aspect It is clear.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the accompanying drawing used required in technology description to be briefly described.
Fig. 1 is the application scenarios schematic diagram that carrier class networks address translation service is applied;
Fig. 2 is the structural representation of carrier class networks address-translating device;
Fig. 3 is the schematic flow sheet of existing carrier class networks address conversion method;
Fig. 4 be the embodiment of the present invention in network address translation signal schematic representation;
Fig. 5 is the method flow schematic diagram of the network address translation of the embodiment of the present invention.
Embodiment
Describe various exemplary embodiments, feature and the method for the present invention in detail below with reference to accompanying drawing.
In addition, in order to better illustrate the present invention, numerous details are given in embodiment below. It will be appreciated by those skilled in the art that without these details, the present invention can equally be implemented.In other example, It is not described in detail for known method, means, element and circuit, in order to highlight the purport of the present invention.
Carrier class networks address conversion(Carrier Grade Network Address Translation, i.e., CGNAT, abbreviation CGN)Technology is the current widely used IPv4-IPv6 of each operator transition scheme, and it is with being substantially network Location conversion equipment.CGN solutions have a variety of implementations, for example:DS-Lite(Dual-Stack Lite, double stacks simplify skill Art), NAT444(The address network address conversion skill of double-deck NAT44 technologies, i.e. bilayer IPv4 private address to the publicly-owned addresses of IPv4 Art), PNAT(Prefix Based NAT, the IPv6 interim network address translation techniques of Intrusion Detection based on host), NAT64(IPv6 with NAT technology between IPv4).
CGN solutions are mainly used in the network transition of Metropolitan Area Network (MAN), and its application scenarios refers to accompanying drawing 1.Terminal user User (401) and customer premises equipment, CPE(Customer Presidial Equipment, abbreviation CPE)(301) it is connected, CPE (301) as the egress gateways of terminal user (401), Broadband Remote Access Service is passed through(Broadband Remote Access Service, abbreviation BRAS)(2) after dial up lines, E-Packet to CGN equipment (1).CGN equipment (1) is that each CPE distributes port Resource, and realize that Working level NAT is changed, and the message after conversion is sent in external network (5).
In DS-Lite solutions, the message that CPE (301) can send terminal user (401) is encapsulated in be set with CPE Standby IP address(CPE-IP)In the IPv4-in-IPv6 channel messages of source IP, to issue CGN equipment (1).And in NAT444 solutions Certainly in scheme, the source IP for the message that CPE (301) can send terminal user (401) is converted to after CPE-IP, issues CGN equipment. Therefore, in DS-Lite and NAT444 solutions, the message that all terminal users initiate under each CPE reaches CGN equipment (1) after, the source IP of message is all affiliated CPE IP address, and CGN equipment (1) can be distinguished different with identification by message source IP The message that CPE is sent.Other CGN implementations are similar in the realization of port assignment schemes and nat feature, therefore, It is mainly based upon DS-Lite and NAT444 solutions in present specification to be introduced, the similar realization of other solutions Mode is no longer individually described.
In order to meet high forwarding performance and solve the problem that a large amount of NAT trace to the source using the user brought, CGN provides end Mouth predistribution(port-range)Technology and increment distribution(semi-dynamic)Technology.Port predistribution technology refers to, runs Business's level network address translation apparatus(Abbreviation CGN equipment)Port resource, the institute that follow-up CPE is connected are allocated in advance for each CPE The message for having terminal user to send carries out network address translation using allocated port resource.It is continuous with newly-built session Increase, when the port resource that CPE is assigned to is not enough, the CPE can be assigned as by increment and adds the new port resource of distribution.
CGN equipment (1) is typically mounted at the network interface such as LAN or Metropolitan Area Network (MAN), and CGN equipment (1) can be one Individual independent equipment, can also be integrated in firewall box, or be desirably integrated into router device, specific set-up mode According to business it needs to be determined that.The message that terminal user sends is sent to CGN equipment by CPE, and the network address is carried out by CGN equipment It is sent to after conversion in external network, service or information needed for obtaining.
The structure of CGN equipment as shown in Figure 2, including control panel(Main processing unit, abbreviation MPU, have Also referred to as master control borad)(11), business board (service processing unit, abbreviation SPU), and interface board(line Processing unit, abbreviation LPU)(15).The exemplary only theory of mutual alignment relation between each plate provided in Fig. 2 It is bright, show the number and specific installation site of various plates in annexation each other, the CGN equipment of different manufacturers production Difference is had, can only have can realize the plate of similar functions.In addition, CGN equipment also includes network board, power supply, fan Deng building block, similarly to the prior art, it will not be described in detail herein.
If network address translation function is integrated into other equipment, such as network address translation function is integrated into anti- In wall with flues or router, the function of control panel, business board and interface board etc. can by the component that possesses similar functions Lai Realize.Accordingly, the part such as power supply, fan is set also according to the situation of integrated other equipment.No longer separately illustrate herein. In embodiments of the present invention, illustrated with single CGN equipment.
In CGN equipment, control panel (11) is responsible for being managed CGN equipment (1), is especially responsible for the CGN equipment and is gathered around The distribution of some nat address pools and port resource and use.The nat address pool can be used for net by what CGN equipment was managed The set of the public network IP address of network address conversion.The port resource refer to available for network address translation public network IP address and The set of corresponding port number section.
Business board is connected with control panel (11), is responsible for handling message.Typically polylith business is had in CGN equipment Plate, to meet the demand for handling a large amount of messages, multiple business boards are connected with control panel (11) respectively, and each business board is also mutually connected Connect;The connection between connection and each business board between business board and control panel (11) is identical with existing connected mode.Each Business board can include single cpu or including multiple CPU.For operator, due to needing message traffic to be processed Greatly, therefore, business board mostly includes multiple CPU.To message carry out network address translation function, by the CPU in business board Lai Realize.
Interface board (15) is connected with control panel (11), business board, and connected mode is identical with existing connected mode.Interface board (15) message for sending the terminal user received (401) is diverted to business board, business board according to the strategy being pre-configured with Message is handled, then the message after processing is sent to interface board (15), after interface board (15) is again handled business board Message is sent in external network.Interface board receives message and can separated with the function of sending message to be responsible for by an interface board The message that receiving terminal user sends, is responsible for the message after business board is handled by another interface board and is sent to public network In network.
Accompanying drawing 3 gives the schematic diagram that existing CGN equipment carries out network address translation to message.
As shown in Figure 3, the message that CPE1 (301) sends terminal user user1 (401) is sent by BRAS (2) Give CGN equipment (1);The interface board (15) of CGN equipment (1) is received after the message that CPE1 (301) is sent, according to predetermined plan Slightly forward the message to corresponding business board.Corresponding business board, such as SPU1 are for example forwarded the message to according to the source IP of message.
The CPU of business board(Such as SPU1 (131) CPU0 (1311))Receive first session of CPE1 (301) transmissions First message when, apply for N number of port resource to control panel (11), and take out from N number of port resource a port resource Network address translation is carried out for first message of first session, while preserving the session status of first session, i.e., Conversational list.When the CPU0 (1311) of SPU1 (131) messages received are the subsequent packets of first session, according to session Table is forwarded to the subsequent packet of first session, and this technology has been well known to those skilled in the art, no longer detailed herein State.
By that analogy, when the CPU0 (1311) of SPU1 (131) receives the of a new session of CPE1 (301) transmissions During one message, first message that a port resource is taken out from remaining port resource for the new session carries out port turn Change, and preserve corresponding session status, i.e. conversational list.For example, CPU0 (1311) receptions for working as SPU1 (131) is Article 2 meeting During first message of words, one is taken out in the remaining N-1 port in addition to the port except being used by first session Individual port carries out network address translation for first message of Article 2 session, and preserves the session shape of the Article 2 session State, i.e. conversational list;When the CPU0 (1311) of SPU1 (131) receives the subsequent packet of Article 2 session, according to the of preservation The conversational list of two sessions is forwarded to the message.
In this scenario, port resource is managed collectively by control panel (11), and the CPU of each business board is needed to control panel application Port resource is used when doing network address translation for newly-built session.Now, control panel (11) is each CPU acquisitions of each business board The unique channel of port resource, while being also that each CPU of each business board obtains the bottleneck place of port resource performance, it is impossible to play The advantage of distributed system.
Also, when the new session increasing number that SPU1 (131) CPU0 (1311) is received, the N of control panel (11) distribution When individual port resource is used up complete, CPU0 (1311) needs to apply for new port resource, so meeting to control panel (11) again The problem of causing secondary distribution and the management of port resource, add the complexity of port resource distribution.
In addition, the CPU of business board can also apply for that N number of port resource is distributed directly to send message to control panel (11) CPE, when receiving other CPE message, the CPU of business board newly applies for M port resource to control panel (11) again.Or Person, the CPU of business board applies after N number of port resource to control panel (11), and M port resource is divided from this N number of port resource To the CPE for sending message;When receiving other CPE session message, the CPU of business board is again from remaining N-M port Q port resource is distributed in resource and distributes to the CPE newly accessed.Likewise, the mode of both port resources can face control The problem of bottleneck of the port resource distribution of plate and port resource secondary distribution and management.M, N and P herein is one whole Number, specific quantity is not represented.
The problem of in order to overcome the bottleneck and port resource secondary distribution of control panel and manage, there is another realization side Method.Control panel is by port resource piecemeal and is allocated to each CPU of each business board, and so avoiding control panel turns into reason port Resource allocation and the bottleneck of management.When the CPU of each business board receives the message of newly-built session, directly divided from the CPU Port is obtained in port resource and network address translation is carried out.In this scheme, the CPU of each business board can only utilize what is divided Nat port resource is the session distribution port resource that CPE is sent, and when CPU remaining port inadequate resource, can only wait and discharge Handled again after port resource, it is impossible to play the advantage of distributed system, port utilization ratio is low.
The invention provides a kind of distribution of port resource and the device and method of network address translation, control can be solved The problem of plate is the bottleneck that port resource is distributed, port resource manages and distributed conflict between multi-service plate CPU can be solved again Problem, improves port utilization ratio, gives full play to the advantage of distributed system.
In solution provided in an embodiment of the present invention, port resource is mapped on the CPU of each business board, by business The CPU of plate is managed to port resource, and each port resource is individually managed by the CPU mapped.Such port Resource manages and distributed by the CPU of business board, it is to avoid the problem of control panel turns into the bottleneck that port resource is distributed and managed; And each port resource is individually managed by the CPU mapped, solve what the port resource in distributed system was managed The problem of secondary distribution and management;In addition, during port resource distribution and network address translation, thering are multiple CPU to be total to With participating in, port utilization ratio is so improved, the framework and performance advantage of distributed system are given full play to again.
In embodiments of the present invention, CGN equipment includes control panel (11), business board and interface board (15), such as the institute of accompanying drawing 2 Show.The parts such as network board, power supply, fan are identical with existing implementation(It is not shown), will not be described in detail herein.Collection Fire wall or router into CGN functions are realized with reference to solution referred to herein by the component with identical function The network address translation of carrier-class, no longer separately illustrates in embodiments of the present invention.
Control panel (11) includes CPU (1101) and memory (1103).CPU (1101) in control panel (11) is used for pair CGN equipment and CGN all resources and information are managed, and port resource is distributed into each industry according to port assignment strategy The CPU of business plate;Memory (1103) is used to store nat address pool and the port resource that CGN equipment can be managed, and port money Corresponding relation between source and the business board CPU of distribution.The public network IP available for network address translation that CGN equipment is managed The collection of location is combined into nat address pool.The port resource refers to each public network IP address that can be used for network address translation and right The set for the port number section answered.
Business board includes CPU and memory.CPU in business board is used to handle the message received, including port resource Distribution, network address translation etc..Memory is used to store user's table and conversational list.User's table includes port resource and use The information such as the corresponding relation between the premises equipment of family, the conversational list includes the information such as session status.User's table and conversational list Existing implementation in this area can be utilized, is no longer described in detail in the present embodiment.
Interface board (15) includes CPU (1503), receiver (1501) and transmitter (1505).Receiver (1501) is used to connect The messages that send of CPE are received, and message is sent to the CPU of interface board.The CPU of interface board is according to certain rule message point The CPU of business board is issued, message is distributed to business board by the CPU of such as interface board according to the source IP address of the message received CPU.Transmitter (1505) is used to receiving the message that the CPU of business board sends over and is sent to external network.In operator Level network address translation application scenarios under, can also be according to portfolio the need for, will receive message function with send message Function completed respectively by two interface boards.Namely CGN equipment can include two interface boards, an interface board includes CPU And receiver, another interface board include CPU and transmitter.
The public network IP address for network address translation that CGN equipment possesses constitutes nat address pool, is stored in control panel (11) in memory (1103).The workable public network IP address of CGN equipment can constitute a nat address pool, can also It is divided into multiple nat address pools, in embodiments of the present invention, is illustrated by taking a nat address pool as an example.Each public network IP address One section of available port number section of correspondence, such as port 2049-65535 is also stored in the memory of control panel (11) (1103), It is described to constitute port resource available for each public network IP address of network address translation and corresponding port number section.Control panel (11) CPU (1101) port resource is mapped to respectively according to port assignment strategy the CPU of each business board, and by port resource and industry The corresponding relation for the CPU being engaged in plate is preserved in memory.Port assignment strategy is a kind of algorithm, and the port of CGN equipment is provided The CPU of business board is distributed in source, is each responsible for managing distributed port resource by the CPU of business board.Control panel can be run Algorithm is mapped to port resource the CPU of business board, and then each port resource is broadcast to the CPU of business board;Control panel also may be used So that port assignment strategy to be broadcast to the CPU of business board, the CPU of business board is responsible for by running port allocation strategy Port resource.So, the CPU of business board just the management to port resource and distribution has been transferred to from control panel, by business The CPU of plate is independently managed to the port resource of distribution.
For example, with having N number of public network IP that can be used for network address translation in the nat address pool of the CGN equipment controles Location, each public network IP address has one section of available port numbers.CGN equipment is reflected port resource using fixed algorithm respectively The CPU of each business board is mapped to, then port resource is broadcast to the CPU of corresponding business board.Specific port assignment strategy It can be set according to being actually needed for each performance parameter of CGN equipment and operator.It can be included in port assignment strategy Several parameters as shown in Table 1.Parameter in table one is merely illustrative, this programme is not limited, can be with actual use The numerical value of parameter and parameter is modified as needed.
Public network IP address ID Public network IP address SPU is numbered CPU number Port block Port assignment granularity
199 10.10.2.0 1 0 2049-65535 256
200 10.10.2.1 1 1 2049-65535 256
201 10.12.2.2 1 1 2049-65535 256
202 10.12.2.3 1 2 2049-33793 256
Table Single port resource allocation policy institute containing parameter
As shown in Table 1, first group of parameter is represented:By the 199th public network IP address(10.10.2.0)Port resource press It is that a block is responsible for management the 199th to be divided and distributed to SPU1 CPU0, i.e. SPU1 CPU0 according to 256 ports The CPU of the corresponding port resource of public network IP address.Second group of parameter is represented:By the 200th public network IP address(10.10.2.1)'s Port resource is that a block is responsible for be divided and distributed to SPU0 CPU2, i.e. SPU0 CPU2 according to 256 ports Manage the CPU of the port resource of the 200th public network IP address.Because quantity is more, it can not be listed one by one in table, unlisted ginseng Number is with ellipsis(…)Represent.
Management so to port resource is just transferred to the CPU of each business board by control panel, it is to avoid control panel turns into The bottleneck that port resource is distributed and managed.Meanwhile, each port resource is independently managed by a CPU, it is to avoid port point The conflict matched somebody with somebody.
CPU in business board(First CPU)Sent if a CPE first of message of the interface board distribution of reception First message of session(First message), the first CPU searches NAT strategies, and the first CPU is true according to the characteristic of the message received Surely No. ID of the public network IP address of progress network address translation is needed, HASH calculating is done to No. ID of public network IP address, obtains pipe Reason needs to carry out the CPU of the port resource of network address translation(2nd CPU).The characteristic of the message can be the ACL of message In information, the five-tuple information such as source IP, purpose IP, source port, destination interface and the agreement of message, the information such as NAT types It is one or more kinds of.The method and existing implementation phase of the IP address of progress network address translation are determined according to the characteristic of message Approximately, it will not be described in detail herein.
If the 2nd CPU and the first CPU is not same CPU, that is, receive the CPU of business board of message not The CPU of the business board of management port resource is same as, then first message is sent to the 2nd CPU by the first CPU, that is, is received To the business board of message CPU first message is sent to management port resource business board CPU.First CPU It can be located at same business board with the 2nd CPU, different business boards can also be located at.To the skill in the embodiment of the present invention The realization of art scheme does not influence.
2nd CPU is received after first message, is transmission first message from the port resource of management CPE distribute N number of port, and preserve the use state of N number of port resource, such as making N number of port resource of distribution Relation with state and between corresponding CPE is saved in user's table.2nd CPU is by first message, described N number of port of distribution is sent to the first CPU.
First CPU is received after the first message that the 2nd CPU sends over, N number of port resource, from A port resource is chosen in N number of port resource network address translation is carried out to first message, and preserve N number of port The use state of resource, such as by the use state and the relation between corresponding CPE of N number of port resource of the distribution It is saved in user's table, and timing updates user's table.Other information in user's table is similar with prior art implementation, This no longer separately illustrates.The first message for completing network address translation is sent to interface board by the first CPU, by interface board by institute State and complete the first message of network address translation and be sent in external network.In order to ensure N number of port will not be returned by the 2nd CPU Receive, the first CPU timings update the use state of N number of port resource and send refresh message to the 2nd CPU.When the CPE's After all sessions all disconnect, the first CPU no longer refreshes the use state of N number of port resource, does not also retransmit refresh message To the 2nd CPU, if the use state of N number of port resource on the 2nd CPU is not received in the time range of setting Refresh message, then discharge N number of port resource to redistribute.
If what is drawn is responsible for the CPU of the public network IP address(That is the 2nd CPU)CPU with receiving the first message (That is the first CPU)For same CPU, then the first CPU is the use for sending first message from the port resource of management Family premises equipment distributes N number of port, and chooses a port resource to first message progress network from N number of port resource Address conversion, user is saved in by the use state and the relation between corresponding CPE of N number of port resource of the distribution In table and update user's table of storage.Other information in user's table is similar with prior art implementation, no longer another herein Row explanation.The first message for completing network address translation is sent to interface board by the first CPU, is completed by interface board by described First message of network address translation is sent in network.
When N number of resource is not enough in use, process as described above M new port resources of newly application again can be used For network address translation, it will not be described in detail herein.
So, a port resource is managed by unique CPU, solves port resource distribution and management in the prior art multiple Miscellaneous the problem of.In addition, the CPU of multiple business boards participates in complete network address translation overall process jointly, and work as port resource It when not using, can be freed for reusing, can so give full play to the advantage of distributed system, improve port resource Utilization rate.
As the CPU in business board(First CPU)The message of the interface board distribution of reception for session subsequent packet when (Second message), the first CPU sends the second message according to the conversational list of storage, and processing mode now is referred to The processing mode of same session subsequent packet, will not be described in detail herein in existing mode.
As the CPU in business board(First CPU)The message of the interface board distribution of reception is the new meeting that same CPE is sent During first message of words(3rd message), the first CPU selects second port resource pair from N number of port resource of distribution 3rd message carries out network address translation.That is from N number of port resource of distribution, except being already allocated to first In other port resources (i.e. N-1 port resource) beyond the port resource of message, selection a port resource is reported to the 3rd Text carries out network address translation.Processing mode below is similar with the first message, no longer separately illustrates herein.Now, the first CPU No longer need to forward the message to the 2nd CPU, untapped port resource is directly chosen from the allocated port resource and is entered Row network address translation, has given full play to the advantage of distributed system.
Because in CGN schemes, the quantity of the terminal user of a CPE connection may be a lot, it is possible that distribution N number of port resource situation about not enough using, can now apply for M port resource again, the method for application with it is foregoing N number of The method of port resource is identical.
The embodiment provided by the present invention, it is the bottle that port resource is managed and distributed to solve control panel in the prior art The problems such as neck, port resource distribution and problem of management complexity and low port resource utilization rate, take full advantage of distributed system The advantage of system, improves the utilization ratio of port resource.
It is how to come real during network address translation is realized to illustrate CGN equipment with a specific example below Now efficiently simple port resource distribution and management.
The method flow of network address translation provided in an embodiment of the present invention is as shown in figures 4 and 5.
Step 1, the port resource that CGN equipment (1) is possessed is mapped to by the CPU (1101) of CGN equipment control panel (11) The CPU of business board.
CGN equipment possessed for network address translation public network IP address constitute nat address pool, CGN equipment can The public network IP address used can constitute a nat address pool, can also be divided into multiple nat address pools, in the embodiment of the present invention In, illustrated by taking a nat address pool as an example.Each corresponding one section of port number section of IP address is used to carry out the network address turn Change, the public network IP address and corresponding port number section for network address translation constitute the end that can be used for network address translation Mouth resource.The CPU (1101) of control panel (11) is mapped to port resource according to port assignment strategy the CPU of each business board, The port resource being assigned to is managed and distributed by the CPU of business board.Control panel (11) can run port allocation algorithm Port resource is mapped to the CPU of business board, then each port resource is broadcast to the CPU of business board;Control panel (11) also may be used So that port assignment strategy to be broadcast to the CPU of business board, the CPU of business board is responsible for by running port allocation strategy Port resource.
For example, CGN equipment has N number of public network IP address available for network address translation, each public network IP address is corresponding Available port resource is 2049-65535, is stored in the memory of control panel (11) (1103).Control panel (11) MPU's Port resource is mapped to each CPU on business board SPU by CPU (1101).For example, CGN equipment some can be used for the network address The public network IP address changed is 10.10.2.0, and its corresponding port resource is 2049-65535, and the CPU of control panel (11) should Port resource is mapped to CPU0 (1311) management of SPU1 (131), i.e., be responsible for this public network by the CPU0 (1311) of SPU1 (131) The management and distribution of the port resource of IP address.By the mapping relations between port resource and each business board SPU and each CPU It is saved in the memory of MPU (11) (1103).Port assignment strategy has provided specific example above, different detailed herein State.
So, each port resource is managed independently by the CPU of the business board mapped.So, a port resource only can It is managed by a CPU, it is to avoid port assignment conflict;Also, from the point of view of network address translation whole process, business board Multiple CPU participate in the management and distribution of port resource jointly, take full advantage of the framework advantage of distributed system.
Step 2, interface board (15) is received after the message that CPE is sent, and is sent to the CPU of business board.
Interface board (15) branches to the message received according to the source IP address of message the CPU of correspondence business board.Therefore All messages with identical source IP address can be all diverted on the same CPU of same business board.In DS-Lite and NAT444 In solution, the source IP address of message is CPE IP address, i.e. CPE-IP, so all terminals of same CPE connections The message that user sends can be all split to the same CPU processing of same business board.CPE is sent out the terminal user received The processing of the message gone out is described above, and no longer separately illustrates herein.The CPU of business board is assigned to according to the source IP address of message It has been be well known to those skilled in the art that, will not be described in detail herein.
As shown in Figure 4, the receiver (1501) on interface board LPU (15) receives the message that CPE1 is sent, and sends CPU (1503) to interface board (15).Message is diverted to by the CPU (1503) of interface board (15) according to the source IP address of message SPU1 (131) CPU0 (1311).When follow-up CPE1 sends new message or new session, because the source IP address of message is For CPE1 IP address, so these messages still can be split to the CPU0 (1311) on SPU1 (131).If interface board What LPU (15) receiver (1501) was received is the message that CPE2 is sent, then is sent to after the CPU of interface board, interface board CPU according to the source IP address of the message, message is diverted to the CPU1 (1313) on SPU1 (131).In order to clearly show that Go out a complete process, the message that CPE2 is sent is not shown in Figure 5.Due to the source IP of CPE2 messages sent Location is the IP address of the CPE2, therefore, and the new message or new session that CPE2 is sent can also be divided to SPU1 (131) On CPU1 (1313).That is, the message that all terminals under same CPE are sent can be split to same business board Same CPU processing.
Step 3, the CPU of business board is handled the message received.
For convenience, the CPU that will receive the message of interface board shunting is referred to as the first CPU.If the first CPU connects The message received is first message of first session that CPE is sent(First message), the first CPU lookup NAT strategies, according to The characteristic of first message, obtains No. ID of the public network IP address for needing to carry out network address translation, to the public network IP address No. ID progress Hash calculation, obtains being responsible for needing to carry out the CPU of the port resource of network address translation(2nd CPU).Institute The ACL information of the message, source IP, purpose IP, source port, destination interface and the association of message can be included by stating the characteristic of message One or more in the five-tuple information such as view, and the information such as NAT types.Determined with carrying out network according to the characteristic of message The method of the IP address of location conversion is close with existing implementation, will not be described in detail herein.First CPU and described second CPU can be located at same business board, can also be located at different business boards.
The NAT strategies can be previously written and be saved in the memory of control panel (11) (1103), when the first CPU connects Receive after the first message, reading NAT strategies to the memory (1103) of control panel (11) and obtain needs to carry out network address translation No. ID of public network IP address, carry out Hash calculation to No. ID of the public network IP address, draw the corresponding CPU of port resource Number.The NAT strategies can also be previously written and be saved in the memory of each business board, when the first CPU receives the first report Wen Hou, reading NAT strategy acquisitions to the memory of the business board at place needs to carry out the public network IP address of network address translation No. ID, Hash calculation is carried out to No. ID of the public network IP address, show that port resource is corresponding No. CPU.
If the 2nd CPU calculated and the first CPU is same CPU, goes to step 4 and continue with.If The 2nd CPU calculated and the first CPU is not same CPU, then goes to step 5 and continue with.
As shown in Figure 4, business board SPU1 (131) CPU0 (1311) module(That is the first CPU)Receive interface board LPU (15) during the CPE1 sent message, if the message received is first message of first session that CPE1 is sent, industry Business plate SPU1 (131) CPU0 (1311) obtains carrying out the public network IP address of network address translation according to the ACL information of message No. ID is 199, and Hash calculation is carried out to the ID of the IP address, and it is SPU0's (135) to obtain managing the CPU of the port resource CPU2(1353)(That is the 2nd CPU).Now the 2nd CPU and the first CPU is not same CPU, then goes to step 5 and continue with.
Step 4, if the 2nd CPU and the first CPU is same CPU, the first CPU is transmission described first The customer premises equipment, CPE of message distributes N number of port resource, continues executing with step 8.
If the CPU of the business board of management port resource(2nd CPU)Exactly receive the CPU of the business board of message(First CPU), the first CPU is that the customer premises equipment, CPE for sending first message distributes N number of port resource.In addition, described first CPU also preserves the use state of N number of port resource, such as N number of port resource of record distribution in the form of user's table Use state and the corresponding relation between corresponding CPE, user's table are stored in the storage of the business board where the first CPU In device.
Step 5, if the 2nd CPU calculated and the first CPU are not same CPU, the first CPU is by described the One message is transmitted to the 2nd CPU.
If the CPU of the business board of management port resource(2nd CPU)With the CPU for the business board for receiving message(First CPU)It is not same CPU, then the CPU for receiving the business board of message is transmitted to the message received the industry of management port resource The CPU of business plate.In this example, first message that SPU1 (131) CPU0 (1311) sends the CPE1 received turns Issue the CPU2 (1353) of SPU0 (135).
Step 6, the 2nd CPU distributes N number of port resource to the CPE of the transmission first message.
In this example, after the first message that SPU0 (135) CPU2 (1353) is received, to sending first message CPE1 distributes N number of port resource.
Step 7, the N number of port resource and first message of distribution are sent to described by the 2nd CPU One CPU.
In the present embodiment, N number of port resource and the first message are sent to SPU1 by SPU0 (135) CPU2 (1353) (131) CPU0 (1311).
Step 8, the first CPU chooses a port resource from N number of port resource of distribution and first message is carried out Network address translation.
First CPU chooses a port resource to institute from N number of port resource of the 2nd CPU distribution received State the first message and carry out network address translation.In addition, the first CPU preserves the use state of N number of port resource, and The session status of session where preserving first message, report of the remaining N-1 port for the follow-up other newly-built sessions of the CPE Text used during NAT conversions.
As shown in figure 4, N number of port money that SPU1 (131) CPU0 (1311) is distributed from the CPU2 (1353) of SPU0 (135) First message that first session that a port resource is sent to CPE1 is chosen in source carries out NAT conversions.First CPU The use state of N number of port resource is preserved, and timing is updated.
Step 9, the first CPU will carry out the first message after network address translation, and external network is sent to by interface board.
SPU1 (131) CPU0 (1311) modules will carry out the first message after network address translation, pass through interface board (15) it is sent to external network.
Method as shown in Figure 4, control panel manages the management of port resource and assignment transfer to the CPU of business board And distribution, and some port resource manages by a unique CPU, it is to avoid control panel turns into the bottleneck that port resource is distributed, And the problem of port resource distribution and complex management.In addition, during the entire process of network address translation is carried out to message, by industry Be engaged in multiple CPU of plate are participated in jointly, the problem of can so solving the management and distribution conflict of distributed system port resource, Port utilization ratio can be improved again, allowed CPU as much as possible to participate in address pool management, given full play of the excellent of distributed structure/architecture Gesture.
In addition, the advantage in order to make full use of distributed system, improves the utilization rate of port resource, in above-mentioned steps 4, First CPU is distributed after N number of port resource for the CPE of the first message of the transmission, preserves the use of N number of port resource State, for example, record the use state of N number of port resource and the corresponding relation with corresponding CPE in the form of user's table, and Timing updates user's table.When in predetermined time range, the use state of N number of port resource there is no it is new more When new, the first CPU discharges N number of port resource, for sub-distribution again.Similar, in above-mentioned steps 6, described Two CPU are distributed behind N number of port for the CPE of the first message of the transmission, and the 2nd CPU preserves the use shape of N number of port resource State, such as with the use state of N number of port resource of record distribution in the form of user's table and corresponding between corresponding CPE Relation, and user's table is sent to the first CPU.Meanwhile, the first CPU is in receive that the 2nd CPU sends the After one message and the N number of port distributed for the CPE for sending the first message, the use of N number of port resource is also preserved State, such as preserved in the form of user's table N number of port resource use state and with the first message of the transmission Corresponding relation between CPE, timing updates user's table;And timing sends refresh message to the 2nd CPU, it is to avoid N number of port It is recovered and redistributes.When in predetermined time range, the use state for N number of port resource that the 2nd CPU is preserved is not new Renewal when, the 2nd CPU discharges N number of port resource, for sub-distribution again.
So, the advantage of distributed system can be given full play to, the port resource between each CPU can be used mutually; The port resource not used simultaneously is redistributed after can reclaiming, and improves the utilization rate of port resource.
If the message that the first CPU is received is the follow-up report for first session that the customer premises equipment, CPE is sent Wen Shi, then the first CPU subsequent packet is sent in network according to the conversational list of preservation.Sending message according to conversational list is Technology well-known to those skilled in the art, and not described in emphasis of the present invention, will not be described in detail herein.
If the message that the first CPU is received is the first of the newly-built session that the customer premises equipment, CPE is sent Individual message, then the first CPU first message of a port resource to newly-built session is taken out from N-1 port resource of distribution Network address translation is carried out, and first message of the newly-built session after network address translation is sent to outside by interface board Network.That is from N number of port resource of distribution, other in addition to being already allocated to the port resource of the first message In port resource (i.e. N-1 port resource), selection a port resource carries out network address translation to the 3rd message.So, When first CPU receives first message of the newly-built session that the customer premises equipment, CPE is sent, it is not necessary to again receiving First message of newly-built session is transmitted to the 2nd CPU, so saves business board CPU flow consumption, alleviates business board CPU burden, and accelerate the time of Message processing.First CPU takes out a port money from N-1 port resource of distribution Source is carried out after network address translation to first message of newly-built session, updates the user's table and conversational list of storage, and sends brush User's table that new information is stored to the memory refress of business board where the 2nd CPU.
In this embodiment, when the message that CPU0 (1311) module of SPU1 (131) is received is that send one of CPE1 is new When building first message of session, the N-1 that SPU1 (131) CPU0 (1311) is distributed from the CPU2 (1353) of SPU0 (135) is individual A port resource is taken out in port resource and carries out network address translation to first message of newly-built session, and by the network address First message of the newly-built session after conversion is sent by interface board.I.e. except being already allocated to the first of CPE1 transmissions In other port resources outside the port resource of first message of individual session, SPU1 (131) CPU0 (1311) is from surplus Under N-1 port resources in choose a port resource network address translation carried out to first message of newly-built session.SPU1 (131) new session status is saved in SPU1 memory by CPU0 (1311), and sends refresh message depositing to SPU0 Reservoir refreshes stored user's table.
The present invention is by by the CPU of nat port resource allocation to different business plate, being responsible for and being distributed by these CPU Port resource, it is to avoid control panel turns into the bottleneck of port resource, it also avoid the collision problem of Port Management, gives full play to The advantage of distributed system, improves the utilization rate of port resource.
If the first CPU receives first article of message of the new newly-built session that the customer premises equipment, CPE E is sent, the Two CPU are that N number of port resource that the CPE is distributed all is used, and can be used without remaining port resource.Can be with Processing mode during with reference to first article of message that first session that CPE is sent is received as the first CPU.When receiving message The CPU of business board(First CPU)With the CPU of the business board of management port resource(2nd CPU)When being not same CPU, first First article of message of the CPU new newly-built sessions is transmitted to the 2nd CPU.2nd CPU sets for the user resident of the transmission message M port resource of standby reallocation, and update the user's table stored in the memory of place business board, that is, update what is wherein recorded Corresponding relation between CPE and the port resource of distribution.2nd CPU is by newly assigned M port resource and described new newly-built First article of message of session is sent to the first CPU, and the first CPU chooses a port resource from the M port resource received Network address translation is done to first message of the new newly-built session, the message after network address translation is passed through into interface board It is sent to external network.In addition, the first CPU can update the session status of storage, and timing sends and refreshes new information to the 2nd CPU User's table of the storage of the memory of business board where updating the 2nd CPU, to ensure that corresponding end buccal mass resource will not be by the 2nd CPU Reclaim.As the CPU of the business board for receiving message(First CPU)With the CPU of the business board of management port resource(Second CPU)When being same CPU, the first CPU is the customer premises equipment, CPE M port resource of reallocation of the transmission message, more new business The user's table stored in the memory of plate, then a port resource is selected from M port resource of distribution to described new new First message for building session does network address translation, and the message after network address translation is sent into extranets by interface board Network.In addition, the first CPU can update the session status and user's table of storage.According to above-mentioned aspect, the increment of port resource is realized Distribution.
CPU of the invention by the management to port resource and distribution being transferred to by control panel business board, and some Port resource managed independently by a CPU, it is to avoid control panel turns into the bottleneck of management and the distribution of port resource, also simplify The complexity that port resource is managed and distributed.And during network address translation is realized, the CPU for having multiple business boards joins With whole process, and port resource is dynamically distributes, has thus given full play to the advantage of distributed system.And improve The utilization rate of port resource.
The management for the port resource pointed out in technical solution of the present invention and distribution method are readily applicable to common network Address-translating device.It is this as long as the control of the management of port resource and distribution is transferred into business board by control panel The technical scheme of invention is covered.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and method and step, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, depending on the application-specific and design constraint of technical scheme.Professional and technical personnel Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
If the function is realized using in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially in other words The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are to cause a computer equipment(Can be individual People's computer, server, or network equipment etc.)Perform all or part of step of each embodiment methods described of the invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage(ROM, Read-Only Memory), arbitrary access deposits Reservoir(RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
Embodiment of above is merely to illustrate the present invention, and not limitation of the present invention, about the common of technical field Technical staff, without departing from the spirit and scope of the present invention, can also make a variety of changes and modification, therefore all Equivalent technical scheme falls within scope of the invention, and scope of patent protection of the invention should be defined by the claims.

Claims (22)

1. one kind realizes network address translation (network address translation, NAT) equipment, the equipment bag Include control panel, business board and interface board, it is characterised in that:
The business board includes multiple CPU (central processing unit, CPU), wherein the control Multiple CPU that the port resource of the equipment control distributes to the business board are managed and distributed by plate;
The interface board is used for the first message for receiving the first session of customer premises equipment, CPE transmission, and first message is turned Issue the first CPU of the business board;
First CPU is used to determine that the 2nd CPU is responsible for first message and carries out network address translation according to NAT strategies Required port resource;
It is described in the port resource that 2nd CPU is used to distributing to the 2nd CPU management and distribution from the control panel Customer premises equipment, CPE distributes N number of port resource, and preserves the use state of N number of port resource and stayed with corresponding user Relation between ground equipment;First CPU is additionally operable to from N number of port resource using first port resource to described the One message carries out the message after network address translation change, the use state of preservation N number of port resource and with it is right Relation between the customer premises equipment, CPE answered, and the message after the conversion is sent to the interface board;
The message that the interface board is additionally operable to after the conversion that will receive is sent to external network.
2. equipment as claimed in claim 1, it is characterised in that the control panel distributes the port resource of the equipment control Multiple CPU to the business board are managed and distribution is specifically included:
Port resource is broadcast to multiple CPU of the business board by the control panel;Or
Port assignment strategy is broadcast to multiple CPU of business board by the control panel, wherein the port assignment strategy will be described The port resource of equipment distributes to multiple CPU of the business board, and each CPU is responsible for distributed port resource.
3. equipment as claimed in claim 1, it is characterised in that the interface board is further used for:
First message is transmitted to the first CPU of the business board according to the source IP address of first message.
4. equipment as claimed in claim 1, it is characterised in that the meeting where the first CPU receives first message During the second message of words, the first CPU is further used for handling second message according to the conversational list of preservation, its Described in conversational list set up by the first CPU after first message completes network address translation, the conversational list is used for Preserve the use state and the relation between corresponding customer premises equipment, CPE of N number of port resource.
5. equipment as claimed in claim 1, it is characterised in that when the first CPU receives the customer premises equipment, CPE hair During three message of the second session sent, wherein second session is a new sessions different from first session, institute State the first CPU and be further used for choosing second port resource from N number of port resource to the 3rd message progress network Address conversion.
6. equipment as claimed in claim 5, it is characterised in that the first CPU is further used for updating N number of port money The use state in source simultaneously sends refresh message to the 2nd CPU.
7. equipment as claimed in claim 6, it is characterised in that after all sessions of the customer premises equipment, CPE all disconnect, First CPU is further used for the use state for stopping updating N number of port resource, does not retransmit refresh message to institute The 2nd CPU is stated, if the 2nd CPU does not receive the use state of N number of port resource in the time range of setting Refresh message, then N number of port resource is discharged to redistribute.
8. the equipment as described in claim 1 to 7 is any, it is characterised in that the NAT strategies are used for according to the message received Characteristic determine corresponding port resource information.
9. equipment as claimed in claim 1, it is characterised in that the first CPU is further used for:
Receive the 4th message;
According to required for NAT strategies determine that the first CPU is responsible for the 4th message progress network address translation Port resource;
In the port resource pond managed from the first CPU M port is distributed to send the customer premises equipment, CPE of the 4th message Resource;
Network address translation is carried out to the 4th message using the first port resource in M port resource.
10. equipment as claimed in claim 9, it is characterised in that the first CPU is additionally operable to preserve the M port resource Use state, and regularly update the use state of the M port resource.
11. equipment as claimed in claim 1, it is characterised in that the first CPU is further used for it is determined that the 2nd CPU is negative First message is sent to described after port resource required for duty management the first message progress network address translation 2nd CPU, and it is the customer premises equipment, CPE to receive first message and the 2nd CPU of the 2nd CPU returns N number of port resource of distribution.
12. a kind of network address translation (network address translation, NAT) method, wherein realizing the network The equipment of address conversion method includes control panel, interface board and the business board with multiple CPU, it is characterised in that:The control Multiple CPU that the port resource of the equipment control distributes to the business board are managed and distributed by plate;
First report of the first session that the customer premises equipment, CPE that the first CPU of the business board receives the interface board forwarding is sent Text;
First CPU determines that the 2nd CPU manages first message and carries out the network address turn according to network address transferring strategy Change required port resource;
It is described in the port resource that 2nd CPU is used to distributing to the 2nd CPU management and distribution from the control panel Customer premises equipment, CPE distributes N number of port resource, and preserves the use state of N number of port resource and stayed with corresponding user Relation between ground equipment;First CPU uses the first port resource in N number of port resource to first message The message after network address translation is changed is carried out, the use state of N number of port resource is preserved and is used with corresponding Relation between the premises equipment of family, and the message after the conversion is sent to the interface board;
Message after the conversion is sent to external network by the interface board.
13. method as claimed in claim 12, it is characterised in that the control panel divides the port resource of the equipment control Multiple CPU of business board described in dispensing are managed and distribution is specifically included:
The port resource is broadcast to multiple CPU of the business board by the control panel;Or
Port assignment strategy is broadcast to multiple CPU of the business board by the control panel, wherein the port assignment strategy is used In multiple CPU that the port resource of the equipment is distributed to the business board, each CPU is responsible for distributed end Mouth resource.
14. method as claimed in claim 12, it is characterised in that the interface board is according to the source IP address of first message First message is distributed to the first CPU of the business board.
15. method as claimed in claim 12, it is characterised in that this method further comprises:When the first CPU is received Where belonging to first message during the second message of session, the first CPU is reported according to the conversational list of preservation to described second It is literary to be handled, wherein what the conversational list was set up by the first CPU after first message completes network address translation, The conversational list is used to preserve the use state of N number of port resource and the pass between corresponding customer premises equipment, CPE System.
16. method as claimed in claim 12, it is characterised in that this method further comprises:When the first CPU is received During three message of the second session that the customer premises equipment, CPE is sent, wherein second session be with first session not A same new session, the first CPU uses the second port resource in N number of port resource to carry out net to the 3rd message Network address conversion.
17. method as claimed in claim 16, it is characterised in that the first CPU updates the use of N number of port resource State simultaneously sends refresh message to the 2nd CPU.
18. method as claimed in claim 17, it is characterised in that when all sessions of the customer premises equipment, CPE all disconnect Afterwards, the first CPU stops updating the use state of N number of port resource, does not retransmit refresh message to described second CPU, if the 2nd CPU does not receive the refreshing of the use state of N number of port resource in the time range of setting Message, then discharge N number of port resource to redistribute.
19. the method as described in claim 12-17 is any, it is characterised in that, the network address transferring strategy is used for basis The characteristic of the message received determines corresponding port resource.
20. method as claimed in claim 12, it is characterised in that, this method further comprises:
First CPU receives the 4th message;
Determine that the first CPU is responsible for the 4th message and carries out the network address turn according to the network address transferring strategy Change required port resource;
In the port resource managed from the first CPU M port money is distributed to send the customer premises equipment, CPE of the 4th message Source;
Network address translation is carried out to the 4th message using the first port resource in M port resource.
21. method as claimed in claim 20, it is characterised in that, the first CPU preserves the use of the M port resource State, and regularly update the use state of the M port resource.
22. method as claimed in claim 12, it is characterised in that the first CPU it is determined that the 2nd CPU be responsible for it is described First message is sent to the 2nd CPU after port resource required for first message progress network address translation, and Receive first message that the 2nd CPU is returned and N number of end that the 2nd CPU is customer premises equipment, CPE distribution Mouth resource.
CN201380002273.3A 2013-11-05 2013-11-05 A kind of network address translation apparatus and method Active CN103797774B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/086560 WO2015066840A1 (en) 2013-11-05 2013-11-05 Device and method for network address conversion

Publications (2)

Publication Number Publication Date
CN103797774A CN103797774A (en) 2014-05-14
CN103797774B true CN103797774B (en) 2017-07-21

Family

ID=50671631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380002273.3A Active CN103797774B (en) 2013-11-05 2013-11-05 A kind of network address translation apparatus and method

Country Status (2)

Country Link
CN (1) CN103797774B (en)
WO (1) WO2015066840A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103825976B (en) * 2014-03-04 2017-05-10 新华三技术有限公司 NAT (network address translation) processing method and device in distributed system architecture
CN104270396B (en) * 2014-10-24 2017-06-16 南京贝伦思网络科技股份有限公司 The high speed of many board acl rules of blocking equipment concurrently loads implementation method
CN104270394B (en) * 2014-10-24 2017-06-23 南京贝伦思网络科技股份有限公司 The acl rule High speed load implementation method of blocking equipment
CN104601738B (en) * 2014-12-09 2018-04-10 国家计算机网络与信息安全管理中心 A kind of distributed network address conversion system
CN106302841A (en) * 2015-05-18 2017-01-04 中兴通讯股份有限公司 A kind of method and device of carrier class networks address conversion
CN106254256B (en) * 2015-06-04 2019-08-16 新华三技术有限公司 Data message forwarding method and equipment based on three layers of VXLAN gateway
CN106326189B (en) * 2015-07-02 2019-08-23 杭州海康威视数字技术股份有限公司 The control method and device of processor
CN106571944A (en) * 2015-10-10 2017-04-19 中兴通讯股份有限公司 User side equipment, server, port resource management method and system
CN105939400B (en) * 2015-12-24 2019-06-07 杭州迪普科技股份有限公司 A kind of PPPoE address distribution method and device
CN106131244A (en) * 2016-08-29 2016-11-16 北京神州绿盟信息安全科技股份有限公司 A kind of message transmitting method and device
CN106878117B (en) * 2016-12-15 2020-12-29 新华三技术有限公司 Data processing method and device
CN108574587B (en) * 2017-03-09 2020-07-24 华为技术有限公司 Capacity updating method and device for distributed equipment
CN108574626A (en) * 2017-03-13 2018-09-25 中兴通讯股份有限公司 A kind of distribution NAT two-node cluster hot backup flow switching systems and method
CN107547508B (en) * 2017-06-29 2021-07-30 新华三信息安全技术有限公司 Message sending and receiving method, device and network equipment
CN108924272B (en) * 2018-06-26 2021-09-17 新华三信息安全技术有限公司 Port resource allocation method and device
CN111131048A (en) * 2019-12-31 2020-05-08 杭州迪普科技股份有限公司 Network traffic forwarding method and device, electronic equipment and machine-readable storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739820A (en) * 2012-06-28 2012-10-17 杭州华三通信技术有限公司 Message network address conversion processing method and network equipment
CN102821036A (en) * 2012-04-20 2012-12-12 杭州华三通信技术有限公司 Method and device for achieving packet forwarding

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058973B1 (en) * 2000-03-03 2006-06-06 Symantec Corporation Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses
CN101150502A (en) * 2007-10-22 2008-03-26 中兴通讯股份有限公司 A NAT-PT device and its load share method
CN103152269B (en) * 2013-02-26 2016-03-02 杭州华三通信技术有限公司 A kind of message forwarding method based on NAT and equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102821036A (en) * 2012-04-20 2012-12-12 杭州华三通信技术有限公司 Method and device for achieving packet forwarding
CN102739820A (en) * 2012-06-28 2012-10-17 杭州华三通信技术有限公司 Message network address conversion processing method and network equipment

Also Published As

Publication number Publication date
CN103797774A (en) 2014-05-14
WO2015066840A1 (en) 2015-05-14

Similar Documents

Publication Publication Date Title
CN103797774B (en) A kind of network address translation apparatus and method
CN100471162C (en) Method for releasing and processing virtual circuit information and supplier edge device
US20110085560A1 (en) System and Method for Implementing a Virtual Switch
CN104780088A (en) Service message transmission method and equipment
CN102387222B (en) Address distribution method, apparatus and system thereof
CN106375176A (en) Method for accessing physical machine to cloud platform
CN114024880B (en) Network target range probe acquisition method and system based on proxy IP and flow table
CN101990004A (en) Method for distributing virtual ID and virtual IP based on home gateway of internet of things
CN105284080A (en) Data center system and virtual network management method of data center
CN103067268A (en) Method and server of virtual home gateway service delivery
CN102594660A (en) Virtual interface exchange method, device and system
CN105577723A (en) Method of realizing load sharing in virtualization network and apparatus thereof
CN104780232B (en) A kind of resource allocation methods, controller and system
CN105556916A (en) Network flow information statistics method and apparatus
CN102780602B (en) Method and device for data transmission
CN104980368A (en) Bandwidth guarantee method and apparatus in software defined network (SDN)
CN104601738A (en) Distributed network address translation system
CN105635335B (en) Social resources cut-in method, apparatus and system
CN104104749B (en) The distribution method and device of a kind of tunnel IP address
CN108667949A (en) A kind of digital movie distribution projection system and its working method based on new network
CN106161115A (en) A kind of device management method being applied to VXLAN and device
CN101175096B (en) Implementation of expandable IP network based on source routing
CN104486453A (en) Ageing-time adjusting method and device
CN105357332B (en) A kind of method for network address translation and device
CN103200119B (en) A kind of Ethernet virtual interconnection site inner load sharing method and edge device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant