CN105939404A - NAT (Network Address Translation) resource obtaining method and device - Google Patents

NAT (Network Address Translation) resource obtaining method and device Download PDF

Info

Publication number
CN105939404A
CN105939404A CN201610293183.XA CN201610293183A CN105939404A CN 105939404 A CN105939404 A CN 105939404A CN 201610293183 A CN201610293183 A CN 201610293183A CN 105939404 A CN105939404 A CN 105939404A
Authority
CN
China
Prior art keywords
nat
resource
nat resource
acquisition
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610293183.XA
Other languages
Chinese (zh)
Other versions
CN105939404B (en
Inventor
袁野
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201610293183.XA priority Critical patent/CN105939404B/en
Publication of CN105939404A publication Critical patent/CN105939404A/en
Application granted granted Critical
Publication of CN105939404B publication Critical patent/CN105939404B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an NAT (Network Address Translation) resource obtaining method and device. The method comprises following steps of receiving a message, obtaining an NAT resource for the message and adjusting the obtaining times of the NAT resource; judging whether the obtained NAT resource is available or not; calculating the utilization rate of the NAT resource by employing the obtaining times of the NAT resource if the obtained NAT resource is not available; obtaining a new NAT resource for the message when the utilization rate of the NAT resource is lower than a preset threshold value, adjusting the obtaining times of the NAT resource and continuing to carry out the process of judging whether the obtained NAT resource is available or not; and carrying out NAT on the message by employing the obtained NAT resource if the obtained NAT resource is available. Through application of the method and the device provided by the embodiment of the invention, the calculation of the utilization rate of the NAT resource is finished by a network device in the process of obtaining the NAT resource for the message, the utilization rate of the NAT resource is calculated by employing the obtaining times of the NAT resource, the occupation of the memory of the network device is reduced, and the processing efficiency of the network device is improved.

Description

The acquisition methods of NAT resource and device
Technical field
The application relates to communication technical field, particularly relates to acquisition methods and the device of a kind of NAT resource.
Background technology
NAT (Network Address Translation, network address translation) conversion refers to that the network equipment will connect Source IP (Internet, Protocol, the Internet protocol) address that the message received carries and source port (private network ground Location and private network port) it is converted into IP address and port (public network address and the public network port) of NAT resource record, Thus this message can be transferred to server by network, the network equipment can be by record source IP address and source Port and the corresponding relation of NAT resource, it is achieved NAT changes.In order to avoid NAT resource is by source IP ground Location and source port are finished, and the unlimited NAT of proposition can be by the source IP address utilizing message to carry, source Purpose IP address, destination interface that mouth is corresponding are different, and multiplexing NAT resource.It follows that NAT money Source utilization rate is the most intuitively showing of NAT resource service condition.
In the prior art, in the session of the network equipment, record has each purpose IP address corresponding with destination interface NAT resource, in preset time period, in session record each purpose IP address and purpose The NAT resource that port is corresponding, adds up the NAT number of resources that this purpose IP address is corresponding with destination interface, and Total NAT number of resources is utilized to calculate NAT resource utilization, to judge to access this purpose IP address and destination Whether NAT resource used by mouthful exhausts.It is accomplished by the most at regular intervals due to the network equipment adding up the most all Purpose IP address and the NAT resource utilization of destination interface, and be also performed to judge, so will certainly Take the internal memory of the network equipment, reduce the treatment effeciency of the network equipment.
Summary of the invention
In view of this, the application provides acquisition methods and the device of a kind of NAT resource, to solve in terms of existing Calculate the problem that NAT resource utilization can take the internal memory of the network equipment.
First aspect according to the embodiment of the present application, it is provided that the acquisition methods of a kind of NAT resource, described method Being applied on the network equipment, described method includes:
Receive message, and be one NAT resource of described Receive message, and adjust NAT resource acquisition number of times;
Judge whether the NAT resource of described acquisition can be used;
If unavailable, then described NAT resource acquisition number of times is utilized to calculate NAT resource utilization;
When described NAT resource utilization is less than predetermined threshold value, then it is one new NAT of described Receive message Resource, and adjust described NAT resource acquisition number of times, and continue executing with the NAT resource judging described acquisition Whether can process;
If available, then utilize the NAT resource of described acquisition that described message is carried out NAT conversion.
Second aspect according to the embodiment of the present application, it is provided that the acquisition device of a kind of NAT resource, described device Being applied on the network equipment, described device includes:
Receive unit, be used for receiving message, and be one NAT resource of described Receive message, and adjust NAT Resource acquisition number of times;
Judging unit, for judging whether the NAT resource of described acquisition can be used;
Computing unit, for when judged result is unavailable, utilizes described NAT resource acquisition number of times to calculate NAT resource utilization;
Acquiring unit, for when described NAT resource utilization is less than predetermined threshold value, then obtaining for described message Take a new NAT resource, and adjust described NAT resource acquisition number of times, and it is described to continue executing with judgement The NAT resource obtained whether can process;
Converting unit, for when judged result is for, time available, utilizing the NAT resource of described acquisition to described report Literary composition carries out NAT conversion.
Application the embodiment of the present application, after the network equipment receives message, is first described Receive message one NAT resource, and adjust NAT resource acquisition number of times;Then whether the NAT resource of described acquisition is judged Available;If unavailable, then described NAT resource acquisition number of times is utilized to calculate NAT resource utilization;When When described NAT resource utilization is less than predetermined threshold value, then it is one new NAT money of described Receive message Source, and adjust described NAT resource acquisition number of times, and continue executing with the NAT resource judging described acquisition Whether can process;If available, then utilize the NAT resource of described acquisition that described message is carried out NAT Conversion.Understanding based on foregoing description, the network equipment is the completeest during for Receive message NAT resource Become the calculating of NAT resource utilization rather than every NAT utilization of resources of calculating at regular intervals Rate, thus improve the treatment effeciency of the network equipment, additionally, the network equipment is by utilizing NAT resource Obtain number of times calculate NAT resource utilization, without add up from session each purpose IP address with The NAT number of resources that destination interface is corresponding, and it is corresponding with destination interface to be utilized respectively each purpose IP address NAT number of resources calculate the NAT resource utilization of each purpose IP address and destination interface, thus can To reduce, network equipment internal memory is taken.
Accompanying drawing explanation
Fig. 1 is the application reality according to the acquisition methods of a kind of NAT resource shown in an exemplary embodiment Execute example flow chart;
Fig. 2 is the application hardware structure diagram according to a kind of network equipment shown in an exemplary embodiment;
Fig. 3 is the application enforcement according to the acquisition device of a kind of NAT resource shown in an exemplary embodiment Example structure chart.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following retouches Stating when relating to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element. Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the application Formula.On the contrary, they only with describe in detail in appended claims, the application some in terms of mutually one The example of the apparatus and method caused.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting this Application." a kind of ", " described " of singulative used in the application and appended claims " it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.It is also understood that Term "and/or" used herein refer to and comprise any of one or more project of listing being associated or Likely combine.
Although should be appreciated that may use term first, second, third, etc. to describe various letter in the application Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information district each other Separately.Such as, in the case of without departing from the application scope, the first information can also be referred to as the second information, Similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this " if " can be construed to " ... time " or " when ... time " or " in response to determining ".
Shown in Figure 1, for the application according to the acquisition of a kind of NAT resource shown in an exemplary embodiment The embodiment flow chart of method, this embodiment is applied on the network equipment, and the described network equipment can be gateway, Can also be fire wall, this embodiment comprises the following steps:
Step 101: receive message, and be one NAT resource of described Receive message, and adjust NAT resource Obtain number of times.
The network equipment receives the report that other network equipment (such as router, switch, client etc.) sends Literary composition, before for one NAT resource of this Receive message, the network equipment can utilize five yuan that this message carries All sessions of group information searching local maintenance;If finding described five-tuple information, then utilize described five yuan NAT resource corresponding to group information carries out NAT conversion to this message;If not finding described five-tuple information, Then perform the process for described one NAT resource of Receive message.
Wherein, in session, record has the corresponding relation of five-tuple information and NAT resource, described NAT resource Middle record has a corresponding relation of IP address and port, namely the corresponding relation of public network address and public network port, net If network equipment finds the five-tuple information that message carries from all sessions, then it represents that the most recorded in session The NAT resource of this message, it is possible to use the NAT resource that this five-tuple is corresponding carries out NAT to this message Conversion, will be converted into this with source port (i.e. private net address and private network port) by the source IP address that carries of message The IP address of NAT resource record and port (i.e. public network address and public network port).If the network equipment is from all Session does not finds the five-tuple information that message carries, then it represents that this message belongs to the flow being newly received, Need to obtain an available NAT resource, to carry out NAT conversion for it.
The network equipment, can be by NAT resource acquisition time after for one NAT resource of described Receive message Number adds 1, and described NAT resource acquisition number of times is used for representing that the network equipment is currently for this Receive message NAT resource Number of times.
Step 102: judge whether the NAT resource of described acquisition can be used, if available, then performs step 103, If unavailable, then perform step 104.
The network equipment can utilize purpose IP address, destination interface and the described acquisition that this message carries All sessions of NAT resource lookup local maintenance;If do not find from all sessions described purpose IP address, The corresponding relation of the NAT resource of destination interface and described acquisition, it is determined that the NAT resource of described acquisition Available, perform step 103;If find from all sessions described purpose IP address, destination interface and The corresponding relation of the NAT resource of described acquisition, it is determined that the NAT resource of described acquisition is unavailable, performs Step 104.
Wherein, described five-tuple information can include source IP address, source port, purpose IP address, destination Mouth and protocol number.The NAT conversion regime that message is carried out by the network equipment can use unlimited NAT to change, Described unlimited NAT conversion refers to the source IP address that the network equipment utilizes message to carry, the mesh that source port is corresponding IP address, destination interface different, and multiplexing NAT resource, due to purpose IP address it is believed that with or without Poor, it will also be appreciated that the distribution of NAT resource uses is also believed to infinite time.If that is, two The source IP address that individual message carries is different from the combination of source port, and if the mesh that carries in the two message The combination of IP address and destination interface also differ, then the two message can provide with same NAT Source carries out NAT conversion, as shown in table 1, for a kind of exemplary conversational list.Thus can obtain, the network equipment The NAT resource that can utilize purpose IP address, destination interface and described acquisition that this message carries goes to look into Look for all sessions of local maintenance, to judge whether the NAT resource of described acquisition can be used.
Source IP address+source port Purpose IP address+destination interface Protocol number NAT resource
Source IP1+ source port 1 Purpose IP100+ destination interface 100 Protocol number 1 NAT resource 1
Source IP1+ source port 2 Purpose IP101+ destination interface 100 Protocol number 1 NAT resource 1
Table 1
Step 103: utilize the NAT resource of described acquisition that described message carries out NAT conversion, terminates current Flow process.
The network equipment can be with afterwards in the NAT resource determining described acquisition, it is possible to use the NAT of described acquisition IP address and the port of resource record replaces source IP address and the source port that this message carries, i.e. NAT changes.
Additionally, the network equipment is after the NAT resource utilizing described acquisition carries out NAT conversion to this message, The corresponding relation of five-tuple information that this message carries and the NAT resource of described acquisition can be recorded in a session, During to guarantee to receive the message carrying identical five-tuple information more below, the network equipment can be directly from meeting Words find the NAT resource of correspondence.Meanwhile, NAT resource acquisition number of times is reset by the network equipment.
Step 104: utilize described NAT resource acquisition number of times to calculate NAT resource utilization.
The network equipment can first obtain NAT number of resources total in the described network equipment, then obtains described NAT Resource acquisition number of times and the ratio of described total NAT number of resources, and determine that described ratio is described NAT money Source utilization rate.
Wherein, the network equipment is provided with public network address scope and public network port range, described total NAT in advance Number of resources refers to the product of the number of addresses in this public network address scope and the port number in this public network port range. Such as, public network address scope is 20.1.1.21 to 20.1.1.23, and public network port range is 10001-60000, always NAT number of resources be 3*50000=150000.
Step 105: judge that described NAT resource utilization, whether less than predetermined threshold value, if being less than, then performs Step 106, if being not less than, then performs step 107.
If NAT resource utilization is less than predetermined threshold value, then it represents that the NAT resource in the network equipment uses also Do not transfinite, perform step 106, if NAT resource utilization is not less than predetermined threshold value, then it represents that the network equipment In NAT resource use transfinited, perform step 107.
Wherein, described predetermined threshold value can be arranged according to practical experience, and such as 0.95, when the NAT utilization of resources When rate reaches 0.95, represent that the NAT resource in the network equipment i.e. will exhaust.
Step 106: for the NAT resource that described Receive message one is new, and adjust described NAT resource acquisition Number of times, and continue executing with step 102.
As described in step 104, the network equipment obtains NAT resource can be in order from the public network being pre-configured with Address is chosen in public network port, first chooses 20.1.1.21 and 10001, then can select again Take 20.1.1.21 and 10002, the like.The network equipment is in the NAT resource new for this Receive message one Afterwards, NAT resource acquisition number of times is added 1.
Step 107: send alert message, terminates current process.
When NAT resource utilization is not less than predetermined threshold value, the network equipment can send warning to management equipment Information, to remind NAT resource will to exhaust or exhausted to management equipment, thus, management equipment is permissible Increase the quantity of the public network address of configuration for the network equipment, or increase the public network port number of configuration.
Described in above-described embodiment, after the network equipment receives message, it is first one NAT of described Receive message Resource, and adjust NAT resource acquisition number of times;Then judge whether the NAT resource of described acquisition can be used; If unavailable, then described NAT resource acquisition number of times is utilized to calculate NAT resource utilization;As described NAT When resource utilization is less than predetermined threshold value, then it is the NAT resource that described Receive message one is new, and adjusts institute State NAT resource acquisition number of times, and continue executing with judge the NAT resource of described acquisition whether can process; If available, then utilize the NAT resource of described acquisition that described message is carried out NAT conversion.Retouch based on above-mentioned Stating and understand, the network equipment just completes NAT resource utilization during for Receive message NAT resource Calculate rather than every NAT resource utilization of calculating at regular intervals, thus improve the network equipment Treatment effeciency, additionally, the network equipment by utilize NAT resource acquisition number of times calculate the NAT utilization of resources Rate, the NAT number of resources corresponding with destination interface without adding up each purpose IP address from session, And it is utilized respectively each purpose IP address NAT number of resources corresponding with destination interface with calculating each purpose IP Location and the NAT resource utilization of destination interface, take such that it is able to reduce network equipment internal memory.
Corresponding with the embodiment of the acquisition methods of aforementioned NAT resource, present invention also provides NAT resource The embodiment of acquisition device.
The embodiment of the acquisition device of the application NAT resource can be applied on network devices.Device embodiment Can be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.Implemented in software As a example by, as the device on a logical meaning, it is that the processor by its place equipment is deposited non-volatile Computer program instructions corresponding in reservoir reads and runs formation in internal memory.For hardware view, as Shown in Fig. 2, for a kind of hardware structure diagram of the acquisition device place equipment of the application NAT resource, except figure Outside processor shown in 2, internal memory, network interface and nonvolatile memory, device institute in embodiment Equipment generally according to the actual functional capability of this equipment, it is also possible to include other hardware, this repeated no more.
Shown in Figure 3, for the application according to a kind of NAT resource shown in an exemplary embodiment The example structure figure of acquisition device, this embodiment is applied on the network equipment, and described device includes: connect Receive unit 310, judging unit 320, computing unit 330, acquiring unit 340, converting unit 350.
Wherein, described reception unit 310, it is used for receiving message, and is one NAT money of described Receive message Source, and adjust NAT resource acquisition number of times;
Described judging unit 320, for judging whether the NAT resource of described acquisition can be used;
Described computing unit 330, for when judged result is unavailable, utilizes described NAT resource acquisition Number of times calculates NAT resource utilization;
Described acquiring unit 340, for when described NAT resource utilization is less than predetermined threshold value, then for institute State the NAT resource that Receive message one is new, and adjust described NAT resource acquisition number of times, and continue executing with Judge the NAT resource of described acquisition whether can process;
Described converting unit 350, for when judged result is for, time available, utilizing the NAT resource of described acquisition Described message is carried out NAT conversion.
In an optional implementation, the described network equipment is for utilizing the NAT resource report to receiving Literary composition carries out NAT conversion, and described device also includes (not shown in Fig. 3): search conversation element, is used for After described reception unit 310 receives message, utilize five-tuple information searching this locality dimension that described message carries The all sessions protected;If finding described five-tuple information, then utilize the NAT that described five-tuple information is corresponding Resource carries out NAT conversion to described message;If not finding described five-tuple information, then perform as described report Literary composition obtains the process of a NAT resource;
Described device also includes (not shown in Fig. 3): record unit, in described lookup conversation element After the NAT resource utilizing described acquisition carries out NAT conversion to described message, record is described in a session The corresponding relation of the NAT resource of the five-tuple information that message carries and described acquisition.
In another optional implementation, described device also includes (not shown in Fig. 3): send single Unit, for utilizing described NAT resource acquisition number of times to calculate the NAT utilization of resources at described computing unit 330 After rate, when described NAT resource utilization is not less than predetermined threshold value, then send alert message.
In another optional implementation, described five-tuple information includes source IP address, source port, mesh IP address, destination interface and protocol number, described judging unit 320, specifically for utilizing described message Owning of the NAT resource lookup local maintenance of purpose IP address, destination interface and the described acquisition carried Session;If finding described purpose IP address, destination interface and the NAT of described acquisition from all sessions The corresponding relation of resource, it is determined that the NAT resource of described acquisition is unavailable;If not searching from all sessions Corresponding relation to the NAT resource of described purpose IP address, destination interface and described acquisition, it is determined that The NAT resource of described acquisition can be used.
In another optional implementation, described computing unit 330, set specifically for obtaining described network NAT number of resources total in Bei;Obtain described NAT resource acquisition number of times and described total NAT number of resources Ratio, and determine that described ratio is described NAT resource utilization;Wherein, the described network equipment is joined in advance Being equipped with public network address scope and public network port range, described total NAT number of resources refers to described public network address Number of addresses in scope and the product of the port number in described public network port range.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method Rapid realizes process, does not repeats them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees The part of embodiment of the method illustrates.Device embodiment described above is only schematically, wherein The described unit illustrated as separating component can be or may not be physically separate, as unit The parts of display can be or may not be physical location, i.e. may be located at a place, or also may be used To be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs Realize the purpose of the application scheme.Those of ordinary skill in the art in the case of not paying creative work, I.e. it is appreciated that and implements.
Described in above-described embodiment, after the network equipment receives message, it is first one NAT of described Receive message Resource, and adjust NAT resource acquisition number of times;Then judge whether the NAT resource of described acquisition can be used; If unavailable, then described NAT resource acquisition number of times is utilized to calculate NAT resource utilization;As described NAT When resource utilization is less than predetermined threshold value, then it is the NAT resource that described Receive message one is new, and adjusts institute State NAT resource acquisition number of times, and continue executing with judge the NAT resource of described acquisition whether can process; If available, then utilize the NAT resource of described acquisition that described message is carried out NAT conversion.Retouch based on above-mentioned Stating and understand, the network equipment just completes NAT resource utilization during for Receive message NAT resource Calculate rather than every NAT resource utilization of calculating at regular intervals, thus improve the network equipment Treatment effeciency, additionally, the network equipment by utilize NAT resource acquisition number of times calculate the NAT utilization of resources Rate, the NAT number of resources corresponding with destination interface without adding up each purpose IP address from session, And it is utilized respectively each purpose IP address NAT number of resources corresponding with destination interface with calculating each purpose IP Location and the NAT resource utilization of destination interface, take such that it is able to reduce network equipment internal memory.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all in this Shen Within spirit please and principle, any modification, equivalent substitution and improvement etc. done, should be included in this Shen Within the scope of please protecting.

Claims (10)

1. the acquisition methods of a NAT resource, it is characterised in that described method is applied on the network equipment, Described method includes:
Receive message, and be one network address translation NAT resource of described Receive message, and adjust NAT Resource acquisition number of times;
Judge whether the NAT resource of described acquisition can be used;
If unavailable, then described NAT resource acquisition number of times is utilized to calculate NAT resource utilization;
When described NAT resource utilization is less than predetermined threshold value, then it is one new NAT of described Receive message Resource, and adjust described NAT resource acquisition number of times, and continue executing with the NAT resource judging described acquisition Whether can process;
If available, then utilize the NAT resource of described acquisition that described message is carried out NAT conversion.
Method the most according to claim 1, it is characterised in that the described network equipment is used for utilizing NAT The resource message to receiving carries out NAT conversion, and after described reception message, described method includes:
Utilize all sessions of the five-tuple information searching local maintenance that described message carries;
If finding described five-tuple information, then utilize NAT resource corresponding to described five-tuple information to described Message carries out NAT conversion;
If not finding described five-tuple information, then perform the process for described one NAT resource of Receive message;
After the described NAT resource utilizing described acquisition carries out NAT conversion to described message, described method Including: record the five-tuple information that described message carries in a session corresponding with the NAT resource of described acquisition Relation.
Method the most according to claim 1, it is characterised in that described utilize described NAT resource to obtain After taking number of times calculating NAT resource utilization, described method includes:
When described NAT resource utilization is not less than predetermined threshold value, then send alert message.
Method the most according to claim 1 and 2, it is characterised in that described five-tuple information includes source IP address, source port, purpose IP address, destination interface and protocol number, the described acquisition of described judgement Whether NAT resource can be used, including:
The NAT resource utilizing purpose IP address, destination interface and described acquisition that described message carries is looked into Look for all sessions of local maintenance;
If finding described purpose IP address, destination interface and the NAT of described acquisition from all sessions The corresponding relation of resource, it is determined that the NAT resource of described acquisition is unavailable;
If not finding described purpose IP address, destination interface and the NAT of described acquisition from all sessions The corresponding relation of resource, it is determined that the NAT resource of described acquisition can be used.
Method the most according to claim 1, it is characterised in that described utilize described NAT resource to obtain Take number of times and calculate NAT resource utilization, including:
Obtain NAT number of resources total in the described network equipment;
Obtain the ratio of described NAT resource acquisition number of times and described total NAT number of resources, and determine described Ratio is described NAT resource utilization;Wherein, the described network equipment is provided with public network address scope in advance With public network port range, described total NAT number of resources refer to number of addresses in described public network address scope with The product of the port number in described public network port range.
6. the acquisition device of a NAT resource, it is characterised in that described device is applied on the network equipment, Described device includes:
Receive unit, be used for receiving message, and be one network address translation NAT resource of described Receive message, And adjust NAT resource acquisition number of times;
Judging unit, for judging whether the NAT resource of described acquisition can be used;
Computing unit, for when judged result is unavailable, utilizes described NAT resource acquisition number of times to calculate NAT resource utilization;
Acquiring unit, for when described NAT resource utilization is less than predetermined threshold value, then obtaining for described message Take a new NAT resource, and adjust described NAT resource acquisition number of times, and it is described to continue executing with judgement The NAT resource obtained whether can process;
Converting unit, for when judged result is for, time available, utilizing the NAT resource of described acquisition to described report Literary composition carries out NAT conversion.
Device the most according to claim 6, it is characterised in that the described network equipment is used for utilizing NAT The resource message to receiving carries out NAT conversion, and described device also includes:
Search conversation element, after receiving message at described reception unit, utilize described message to carry All sessions of five-tuple information searching local maintenance;If finding described five-tuple information, then utilize described NAT resource corresponding to five-tuple information carries out NAT conversion to described message;If not finding described five yuan Group information, then perform the process for described one NAT resource of Receive message;
Described device also includes: record unit, for utilizing the NAT of described acquisition in described lookup conversation element After resource carries out NAT conversion to described message, record the five-tuple information that described message carries in a session Corresponding relation with the NAT resource of described acquisition.
Device the most according to claim 6, it is characterised in that described device also includes: transmitting element, After utilizing described NAT resource acquisition number of times to calculate NAT resource utilization at described computing unit, When described NAT resource utilization is not less than predetermined threshold value, then send alert message.
9. according to the device described in claim 6 or 7, it is characterised in that described five-tuple information includes source IP address, source port, purpose IP address, destination interface and protocol number, described judging unit, specifically use NAT resource lookup in the purpose IP address utilizing described message to carry, destination interface and described acquisition All sessions of local maintenance;If find from all sessions described purpose IP address, destination interface and The corresponding relation of the NAT resource of described acquisition, it is determined that the NAT resource of described acquisition is unavailable;If from All sessions do not find the NAT resource of described purpose IP address, destination interface and described acquisition Corresponding relation, it is determined that the NAT resource of described acquisition can be used.
Device the most according to claim 6, it is characterised in that described computing unit, specifically for Obtain NAT number of resources total in the described network equipment;Obtain described NAT resource acquisition number of times with described always The ratio of NAT number of resources, and determine that described ratio is described NAT resource utilization;Wherein, described Being provided with public network address scope and public network port range in the network equipment in advance, described total NAT number of resources refers to Be the product of number of addresses in described public network address scope and the port number in described public network port range.
CN201610293183.XA 2016-05-04 2016-05-04 The acquisition methods and device of NAT resource Active CN105939404B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610293183.XA CN105939404B (en) 2016-05-04 2016-05-04 The acquisition methods and device of NAT resource

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610293183.XA CN105939404B (en) 2016-05-04 2016-05-04 The acquisition methods and device of NAT resource

Publications (2)

Publication Number Publication Date
CN105939404A true CN105939404A (en) 2016-09-14
CN105939404B CN105939404B (en) 2019-02-19

Family

ID=57151510

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610293183.XA Active CN105939404B (en) 2016-05-04 2016-05-04 The acquisition methods and device of NAT resource

Country Status (1)

Country Link
CN (1) CN105939404B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547296A (en) * 2017-05-10 2018-01-05 新华三信息安全技术有限公司 A kind of information processing method and device
CN107682470A (en) * 2017-10-16 2018-02-09 杭州迪普科技股份有限公司 The method and device of public network IP availability in a kind of detection nat address pool
CN112600765A (en) * 2020-12-02 2021-04-02 杭州迪普科技股份有限公司 Method and device for scheduling configuration resources

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777194A (en) * 2005-12-16 2006-05-24 中国科学院计算技术研究所 Network address converting method for supporting multi-dialogue application-layer protocol under PAT mode
CN101247421A (en) * 2008-03-28 2008-08-20 杭州华三通信技术有限公司 Self-adapting distribution method and system of NAT address pool under distributed structure
CN102299975A (en) * 2010-06-28 2011-12-28 杭州华三通信技术有限公司 Method and system for regulating NAT (Network Address Translation) equipment self-adapting to multilayer NAT environment
CN103560979A (en) * 2013-11-21 2014-02-05 中国联合网络通信集团有限公司 Resource distribution method and device
CN105491171A (en) * 2014-09-17 2016-04-13 中兴通讯股份有限公司 Allocation method and device of network address translation (NAT) resources

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777194A (en) * 2005-12-16 2006-05-24 中国科学院计算技术研究所 Network address converting method for supporting multi-dialogue application-layer protocol under PAT mode
CN101247421A (en) * 2008-03-28 2008-08-20 杭州华三通信技术有限公司 Self-adapting distribution method and system of NAT address pool under distributed structure
CN102299975A (en) * 2010-06-28 2011-12-28 杭州华三通信技术有限公司 Method and system for regulating NAT (Network Address Translation) equipment self-adapting to multilayer NAT environment
CN103560979A (en) * 2013-11-21 2014-02-05 中国联合网络通信集团有限公司 Resource distribution method and device
CN105491171A (en) * 2014-09-17 2016-04-13 中兴通讯股份有限公司 Allocation method and device of network address translation (NAT) resources

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547296A (en) * 2017-05-10 2018-01-05 新华三信息安全技术有限公司 A kind of information processing method and device
CN107682470A (en) * 2017-10-16 2018-02-09 杭州迪普科技股份有限公司 The method and device of public network IP availability in a kind of detection nat address pool
CN112600765A (en) * 2020-12-02 2021-04-02 杭州迪普科技股份有限公司 Method and device for scheduling configuration resources

Also Published As

Publication number Publication date
CN105939404B (en) 2019-02-19

Similar Documents

Publication Publication Date Title
CN107948076B (en) Method and device for forwarding message
WO2020177497A1 (en) Method and system for performing charging processing on network slice client, and related device
CN105379218A (en) Service flow processing method, apparatus and device
CN106161335A (en) A kind for the treatment of method and apparatus of network packet
CN109040243B (en) Message processing method and device
CN105101176B (en) A kind of binding session methods, devices and systems under roaming scence
CN107547346B (en) Message transmission method and device
CN105163062B (en) A kind of system and method that social resources are linked into common platform
EP3310011A1 (en) Load sharing method and related apparatus
CN105122741A (en) Method and apparatus for controlling service chain of service flow
CN109474713B (en) Message forwarding method and device
CN105939240A (en) Load balancing method and device
US20140189082A1 (en) Local Partitioning in a Distributed Communication System
CN103442096B (en) NAT method based on mobile Internet and system
CN105939404A (en) NAT (Network Address Translation) resource obtaining method and device
CN106027354B (en) The reflow method and device of VPN client
CN102201996B (en) Method and equipment for forwarding message in network address translation (NAT) environment
CN110855424B (en) Method and device for synthesizing asymmetric flow xDR in DPI field
CN106027356A (en) Tunnel identifier conversion method and device
CN108777664A (en) A kind of data package processing method and its equipment, system, storage medium
CN104702591A (en) Method and system for penetrating through firewall based on port forwarding multiplexing technology
CN109413224A (en) Message forwarding method and device
CN104506405B (en) The method and device of cross-domain access
CN109743238B (en) Distributed access system
CN108011801A (en) Method, unit and the system of data transfer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant