CN105991552A - Method for aging flow table and NAT (network address translation) session table and apparatus - Google Patents
Method for aging flow table and NAT (network address translation) session table and apparatus Download PDFInfo
- Publication number
- CN105991552A CN105991552A CN201510056361.2A CN201510056361A CN105991552A CN 105991552 A CN105991552 A CN 105991552A CN 201510056361 A CN201510056361 A CN 201510056361A CN 105991552 A CN105991552 A CN 105991552A
- Authority
- CN
- China
- Prior art keywords
- nat
- stream
- information
- tree
- conversational list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000013519 translation Methods 0.000 title claims abstract description 9
- 230000002431 foraging effect Effects 0.000 title claims abstract description 6
- 230000032683 aging Effects 0.000 claims abstract description 209
- 230000008859 change Effects 0.000 claims abstract description 140
- 230000008520 organization Effects 0.000 claims description 80
- 238000001514 detection method Methods 0.000 claims description 31
- 241000712062 Patricia Species 0.000 claims description 9
- 238000000151 deposition Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 20
- 238000005516 engineering process Methods 0.000 description 9
- 230000000694 effects Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for aging a flow table and an NAT (network address translation) session table and an apparatus for aging the flow table and the NAT (network address translation) session table and belongs to the network communication technical field. The method includes the following steps that: after an interface IP, public network IP resources or interface link state changes, pre-change IP information is obtained; the pre-change IP information is interpolated into a preset waiting tree of an IP information tree type storage structure in a node form; and whether the flow table and the NAT session table are to be aged is determined according to the number of nodes in the waiting tree and aging timed time; and when it is determined that the flow table and the NAT session table are to be aged, the flow table and the NAT session table are scanned, and flow table nodes and NAT session nodes in the flow table and the NAT session table, which are corresponding to the pre-change IP information in the IP information tree type storage structure table, are aged. With the method and the apparatus adopted, the flow table and the NAT session table can be aged actively, and the frequency of the scannin of the flow table and the NAT session table can be reduced.
Description
Technical field
The present invention relates to network communication technology field, be specifically related to a kind of convection current table and NAT conversational list enters
The method and apparatus that row is aging.
Background technology
Along with the development of the network communications technology, the effect of network is the most increasing, when being surfed the Net by network,
The state-detection network equipment can be by stream table (flow table), and record network connection information (mainly includes source
The five-tuple information such as IP, purpose IP, source port, destination interface, procotol), NAT can be passed through
(Network Address Translation, Network address translators) conversational list is (by NAT Binding
The table that (binding) forms), record private network IP address is converted into the mapping relations of public network IP address.?
In daily O&M, the interface IP of the network equipment needs because of network topology change to change sometimes;
The public network IP resource of the network equipment is changed because of the planning of operator ISP sometimes;The network equipment
Interface link state there may come a time when to change (such as down, change).Change at interface IP,
After public network IP resource changing or interface link state change, IP can change, and the IP before change is at shape
The stream table of the state detection network equipment and NAT conversational list also have table node.In order to avoid taking resource,
The table node of the IP before changing can be carried out burin-in process.
For the burin-in process of the table node of the IP before the change in stream table and NAT conversational list, lead at present
Following two technology to be had: the first: the most aging, after IP changes, state-detection network
Equipment not active scan stream table and NAT conversational list, wait the time-out naturally of the table node of front IP to be changed
Aging.The second: the most aging, after IP changes, triggers once stream table and NAT session
Table scan, the table node of IP before changing aging fall.
But, for the most aging technology, need time-out time to after could aging fall change before IP
Table node, and the time-out time flowing table and conversational list is usually two minutes, like this, state-detection
The network equipment can not discharge the session of the IP before change in time, can greatly reduce state-detection network and set
Standby concurrent connection number, the memory source of the state-detection network equipment and the meaningless of forwarding performance can be caused to disappear
Consumption;For the session of the IP before changing, the state-detection network equipment may proceed to forward the number in this session
According to bag, the biggest potential safety hazard can be brought to back-end server.For actively aging technology, each IP
Change and all can trigger once stream table and the scanning of NAT conversational list, and due in network IP a lot, shape
Table node in the stream table of the state detection network equipment and NAT conversational list can reach million millions even
More than one hundred million levels, each IP changes and triggers once stream table and the scanning of NAT conversational list, can examine to state
Survey grid network equipment brings great performance to be lost.
Summary of the invention
In order to solve problem of the prior art, the invention provides a kind of convection current table and NAT conversational list enters
The aging method and apparatus of row, can actively aging stream table and NAT conversational list, state-detection network sets
The standby session that can discharge the IP before change in time, does not continues to forward in the session of the IP before changing
Packet;By IP information tree-shaped storage organization can reduce scanning stream table and NAT conversational list time
Number, reduces the performance loss of the state-detection network equipment so that the state-detection network equipment can be timely and high
The Session Resources that the release of effect ground is relevant, improves the safety of back-end server, reduces state-detection network and sets
Standby resource consumption.
In order to solve the problems referred to above, the invention discloses a kind of convection current table and NAT conversational list carries out aging
Method, described method includes:
After interface IP change, public network IP resource changing or interface link state change, obtain before changing
IP information;
IP information before described change is inserted into default IP information tree-shaped storage knot with the form of node
In the wait tree of structure;
According to the described IP number of nodes waited in tree, and aging timing, it is determined whether convection current
Table and address translation NAT conversational list carry out aging;
When determine described stream table and described NAT conversational list are carried out aging time, scan described stream table and institute
State NAT conversational list, by depositing with described IP information tree-shaped in described stream table and described NAT conversational list
Stream table node that the IP information before described change in storage structure is corresponding and NAT session node aging fall.
Further, after interface IP change, public network IP resource changing or interface link state change,
Before obtaining the IP information before changing, also include:
Obtain the state-detection network equipment and start information;
Create described IP information tree-shaped storage organization.
Further, described IP information tree-shaped storage organization includes: balanced binary tree prefix trees Patricia
Tree-shaped storage organization, balanced binary tree RBTree tree-shaped storage organization or balanced binary tree self-balancing tree SBT
Tree-shaped storage organization.
Further, according to the described IP number of nodes waited in tree, and aging timing, really
Fixed the most whether convection current table and NAT conversational list carry out aging, including:
The described IP number of nodes waited in tree is compared with the IP number of nodes threshold value preset;
When the described IP number of nodes waited in tree is more than or equal to the IP number of nodes threshold value preset, sentence
Whether disconnected described stream table and described NAT conversational list are in scanned state;
If described stream table and described NAT conversational list are not on scanned state, it is determined that to described
Stream table and described NAT conversational list carry out aging.
Further, the described IP number of nodes waited in tree is entered with the IP number of nodes threshold value preset
After row compares, also include:
When the described IP number of nodes waited in tree is less than the IP number of nodes threshold value preset, determine not
Described stream table and described NAT conversational list are carried out aging.
Further, according to aging timing, it is determined whether convection current table and NAT conversational list are carried out always
Change, including:
Every a time interval preset, it is judged that whether the IP number of nodes in described wait tree is zero;
If the described IP number of nodes waited in tree is not zero, then by meter corresponding for aging timing
Time device timing time increase by a preset time value;
Judge that the timing time of the timer that described aging timing is corresponding is whether more than or equal to presetting
Aging timing threshold value;
If greater than equal to described aging timing threshold value, then judge described stream table and described NAT meeting
Whether words table is in scanned state;
If described stream table and described NAT conversational list are not on scanned state, it is determined that to described
Stream table and described NAT conversational list carry out aging.
Further, it is judged that after whether the described IP number of nodes waited in tree is zero, also include:
If zero, it is determined that described stream table and described NAT conversational list are not carried out aging.
Further, it is judged that whether the timing time of the timer that described aging timing is corresponding is more than
After default aging timing threshold value, also include:
If less than described aging timing threshold value, it is determined that not to described stream table and described NAT meeting
Words table carries out aging.
Further, it is judged that after whether described stream table and described NAT conversational list are in scanned state,
Also include:
If described stream table and described NAT conversational list are in scanned state, it is determined that not to described stream
Table and described NAT conversational list carry out aging.
Further, described stream table and described NAT conversational list are scanned, by described stream table and described NAT
The stream corresponding with the IP information before the described change in described IP information tree-shaped storage organization in conversational list
Table node and NAT session node aging fall, including:
Scan described NAT conversational list, obtain a NAT and bind node;
Judge whether described NAT binding node is empty;
If described NAT binding node is not empty, then obtain the IP that described NAT binding node is corresponding
Information;
The IP before change during IP information corresponding for described NAT binding node is set with described wait successively
Information compares;
If there is the change that the IP information corresponding with described NAT binding node is consistent in tree in described wait
Front IP information, then delete described NAT and bind node, then perform to scan described NAT conversational list
Step;
If described NAT binding node is empty, then scans described stream table, obtain a traffic identifier ID;
Judge that described stream ID is the most effective;
If described stream ID is effective, then according to described stream ID, obtain the IP of described stream corresponding for stream ID
Information;
IP letter before change during the IP information of described stream corresponding for stream ID is set with described wait successively
Breath compares;
If before there is the change consistent with the IP information of described stream corresponding for stream ID in described wait tree
IP information, then be set to ageing state by described stream corresponding for stream ID, to described stream corresponding the flowing to of ID
Row stream is aging, then performs to scan the step of described stream table;
If described stream ID is invalid, then empty described IP information tree-shaped storage organization.
Further, described stream table and described NAT conversational list are scanned, by described stream table and described NAT
The stream corresponding with the IP information before the described change in described IP information tree-shaped storage organization in conversational list
Table node and NAT session node aging fall, including:
Scan described stream table, obtain a traffic identifier ID;
Judge that described stream ID is the most effective;
If described stream ID is effective, then according to described stream ID, obtain the IP of described stream corresponding for stream ID
Information;
IP letter before change during the IP information of described stream corresponding for stream ID is set with described wait successively
Breath compares;
If before there is the change consistent with the IP information of described stream corresponding for stream ID in described wait tree
IP information, then be set to ageing state by described stream corresponding for stream ID, to described stream corresponding the flowing to of ID
Row stream is aging, then performs to scan the step of described stream table;
If described stream ID is invalid, then scan described NAT conversational list, obtain a NAT binding joint
Point;
Judge whether described NAT binding node is empty;
If described NAT binding node be empty, then obtain described in take NAT and bind the IP that node is corresponding
Information;
The IP before change during IP information corresponding for described NAT binding node is set with described wait successively
Information compares;
If there is the change that the IP information corresponding with described NAT binding node is consistent in tree in described wait
Front IP information, then delete described NAT and bind node, then perform to scan described NAT conversational list
Step;
If described NAT binding node is empty, then empty described IP information tree-shaped storage organization.
In order to solve the problems referred to above, the invention also discloses a kind of convection current table and NAT conversational list is carried out always
The device changed, described device includes:
Acquisition module, for changing in interface IP change, public network IP resource changing or interface link state
After, obtain the IP information before changing;
Insert module, for the IP information before described change is inserted into default IP with the form of node
In the wait tree of information tree-shaped storage organization;
Determine module, the IP number of nodes in setting according to described wait, and aging timing,
Determine whether that convection current table and address translation NAT conversational list carry out aging;
Ageing module, for when determine described stream table and described NAT conversational list are carried out aging time, sweep
Retouch described stream table and described NAT conversational list, by described stream table and described NAT conversational list with described
Stream table node that the IP information before described change in IP information tree-shaped storage organization is corresponding and NAT session
Node aging fall.
Further, described device also includes:
Start module, be used for obtaining the state-detection network equipment and start information;
Creation module, is used for creating described IP information tree-shaped storage organization.
Further, described IP information tree-shaped storage organization includes: balanced binary tree prefix trees Patricia
Tree-shaped storage organization, balanced binary tree RBTree tree-shaped storage organization or balanced binary tree self-balancing tree SBT
Tree-shaped storage organization.
Further, described determine that module includes:
First comparing unit, for by the described IP number of nodes waited in tree and the IP nodes preset
Amount threshold value compares;
First judging unit, for when the described IP number of nodes waited in tree is more than or equal to the IP preset
During number of nodes threshold value, it is judged that whether described stream table and described NAT conversational list are in scanned state;
First determines unit, if being not on being scanned for described stream table and described NAT conversational list
State, it is determined that described stream table and described NAT conversational list are carried out aging.
Further, described determine that module also includes:
Second determines unit, for when the described IP number of nodes waited in tree is less than the IP node preset
During amount threshold, determine and described stream table and described NAT conversational list are not carried out aging.
Further, described determine that module includes:
Second judging unit, for every a time interval preset, it is judged that the IP in described wait tree
Whether number of nodes is zero;
Timing unit, if be not zero, then by aging fixed for the described IP number of nodes waited in tree
Time timer corresponding to time timing time increase by a preset time value;
3rd judging unit, for judging that the timing time of timer that described aging timing is corresponding is
No more than or equal to the aging timing threshold value preset;
4th judging unit, for if greater than equal to described aging timing threshold value, then judging described
Whether stream table and described NAT conversational list are in scanned state;
3rd determines unit, if being not on being scanned for described stream table and described NAT conversational list
State, it is determined that described stream table and described NAT conversational list are carried out aging.
Further, described determine that module also includes:
4th determines unit, if being zero for the described IP number of nodes waited in tree, it is determined that no
Described stream table and described NAT conversational list are carried out aging.
Further, described determine that module also includes:
5th determines unit, for if less than described aging timing threshold value, it is determined that not to described
Stream table and described NAT conversational list carry out aging.
Further, described determine that module also includes:
6th determines unit, if being in scanned state for described stream table and described NAT conversational list,
Then determining does not carries out aging to described stream table and described NAT conversational list.
Further, described ageing module includes:
First scanning element, is used for scanning described NAT conversational list, obtains a NAT and binds node;
5th judging unit, is used for judging whether described NAT binding node is empty;
First acquiring unit, if not being empty for described NAT binding node, then obtains described NAT
The IP information that binding node is corresponding;
Second comparing unit, for by described NAT binding IP information corresponding to node successively with described etc.
Wait that the IP information before the change in setting compares;
For described, first aged cell, if waiting that in tree, existence is corresponding with described NAT binding node
The consistent change of IP information before IP information, then delete described NAT and bind node, then notify
Described first scanning element performs to scan the step of described NAT conversational list;
Second scanning element, if being empty for described NAT binding node, then scans described stream table,
Obtain a traffic identifier ID;
6th judging unit, is used for judging that described stream ID is the most effective;
Second acquisition unit, if effective for described stream ID, then according to described stream ID, obtains described
The IP information of the stream that stream ID is corresponding;
3rd comparing unit, for waiting tree with described successively by the IP information of described stream corresponding for stream ID
In change before IP information compare;
, if there is the IP with described stream corresponding for stream ID in tree for described wait in the second aged cell
IP information before the change that information is consistent, then be set to ageing state, to institute by described stream corresponding for stream ID
State stream stream corresponding to ID and carry out flowing aging, then notify that described second scanning element performs to scan described stream
The step of table;
First empties unit, if invalid for described stream ID, then empties the storage of described IP information tree-shaped
Structure.
Further, described ageing module includes:
3rd scanning element, is used for scanning described stream table, obtains a traffic identifier ID;
7th judging unit, is used for judging that described stream ID is the most effective;
3rd acquiring unit, if effective for described stream ID, then according to described stream ID, obtains described
The IP information of the stream that stream ID is corresponding;
4th comparing unit, for waiting tree with described successively by the IP information of described stream corresponding for stream ID
In change before IP information compare;
, if there is the IP with described stream corresponding for stream ID in tree for described wait in the 3rd aged cell
IP information before the change that information is consistent, then be set to ageing state, to institute by described stream corresponding for stream ID
State stream stream corresponding to ID and carry out flowing aging, then notify that described 3rd scanning element performs to scan described stream
The step of table;
4th scanning element, if invalid for described stream ID, then scans described NAT conversational list,
Node is bound to a NAT;
8th judging unit, is used for judging whether described NAT binding node is empty;
4th acquiring unit, if for described NAT binding node be sky, then obtain described in take NAT
The IP information that binding node is corresponding;
5th comparing unit, for by described NAT binding IP information corresponding to node successively with described etc.
Wait that the IP information before the change in setting compares;
For described, 4th aged cell, if waiting that in tree, existence is corresponding with described NAT binding node
The consistent change of IP information before IP information, then delete described NAT and bind node, then notify
Described 4th scanning element performs to scan the step of described NAT conversational list;
Second empties unit, if being empty for described NAT binding node, then empties described IP information
Tree-shaped storage organization.
Compared with prior art, the present invention can obtain and include techniques below effect:
1) after interface IP change, public network IP resource changing or interface link state change, believe according to IP
The IP number of nodes waited in tree of breath tree-shaped storage organization, and aging timing, it is determined whether
Convection current table and NAT conversational list carry out aging, can actively aging stream table and NAT conversational list, state inspection
The survey network equipment can discharge the session of the IP before change in time, does not continues to forward the IP before changing
Session on packet;And the IP information before changing is inserted into default IP with the form of node
In the wait tree of information tree-shaped storage organization, scanning stream can be reduced by IP information tree-shaped storage organization
Table and the number of times of NAT conversational list, reduce the performance loss of the state-detection network equipment so that state is examined
Survey the network equipment and can discharge relevant Session Resources in time and efficiently, improve the safety of back-end server
Property, reduce the resource consumption of the state-detection network equipment.
2) scanning stream table and during NAT conversational list, by flow the IP information of stream corresponding for ID successively with IP
IP information before the change waited in tree of information tree-shaped storage organization compares, by NAT binding joint
Put the IP information before the change during the wait successively with IP information tree-shaped storage organization of the corresponding IP information is set
Comparing, the time complexity of the inquiry of IP information tree-shaped storage organization is O (logn), thus phase
When in scanning, stream table O (logn) is secondary, it is secondary to scan NAT conversational list O (logn), thus greatly reduce
Scanning stream table and the frequency of NAT conversational list.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes of the present invention
Point, the schematic description and description of the present invention is used for explaining the present invention, is not intended that the present invention's
Improper restriction.In the accompanying drawings:
Fig. 1 be the embodiment of the present invention provide the first convection current table and NAT conversational list carry out aging side
Method flow chart;
Fig. 2 is a kind of balanced binary tree Patricia tree-shaped storage organization signal that the embodiment of the present invention provides
Figure;
Fig. 3 be the embodiment of the present invention provide a kind of according to the IP number of nodes waited in tree, determine and be
No convection current table and NAT conversational list carry out aging method flow diagram;
Fig. 4 be the embodiment of the present invention provide one according to aging timing, it is determined whether convection current table and
NAT conversational list carries out aging method flow diagram;
Fig. 5 be the embodiment of the present invention provide the second convection current table and NAT conversational list carry out aging side
Method flow chart;
Fig. 6 be the embodiment of the present invention provide the third convection current table and NAT conversational list carry out aging side
Method flow chart;
Fig. 7 be the embodiment of the present invention provide the first convection current table and NAT conversational list carry out aging dress
Put structural representation;
Fig. 8 be the embodiment of the present invention provide the second convection current table and NAT conversational list carry out aging dress
Put structural representation.
Detailed description of the invention
Embodiments of the present invention are described in detail, thereby to the present invention below in conjunction with drawings and Examples
How application technology means solve technical problem and reach the process that realizes of technology effect and can fully understand
And implement according to this.
As employed some vocabulary in the middle of description and claim to censure specific components.This area skill
Art personnel are it is to be appreciated that hardware manufacturer may call same assembly with different nouns.This explanation
In the way of book and claim not difference by title is used as distinguishing assembly, but with assembly in function
On difference be used as distinguish criterion." bag as mentioned by the middle of description in the whole text and claim
Contain " it is an open language, therefore " comprise but be not limited to " should be construed to." substantially " refer to receive
Range of error in, those skilled in the art can solve described technical problem in the range of certain error,
Basically reach described technique effect.Additionally, " coupling " word comprise at this any directly and the most electrical
Couple means.Therefore, if a first device is coupled to one second device described in literary composition, then represent described
One device can directly be electrically coupled to described second device, or pass through other devices or couple means indirectly
It is electrically coupled to described second device.Description subsequent descriptions is to implement the better embodiment of the present invention,
For the purpose of right described description is the rule so that the present invention to be described, it is not limited to the model of the present invention
Enclose.Protection scope of the present invention is when being as the criterion depending on the defined person of claims.
Also, it should be noted term " includes ", " comprising " or its any other variant are intended to non-
Comprising of exclusiveness, so that include that the commodity of a series of key element or system not only include that those are wanted
Element, but also include other key elements being not expressly set out, or also include for this commodity or be
Unite intrinsic key element.In the case of there is no more restriction, statement " including ... " limit
Key element, it is not excluded that there is also other identical element in the commodity including described key element or system.
Embodiment describes
With an embodiment, the realization of the inventive method is described further below.As it is shown in figure 1, be this
A kind of convection current table of inventive embodiments and NAT conversational list carry out aging method flow diagram, the method bag
Include:
S101: after interface IP change, public network IP resource changing or interface link state change, obtain
IP information before change.
Wherein, the IP information before change includes version and the address of the IP before changing.
Wherein, the version of IP includes IPv4 (Internet Protocol Version 4, internet protocol version
4), IPv6 (Internet Protocol Version 6, internet protocol version 6) etc..
Specifically, after interface IP change, public network IP resource changing or interface link state change, shape
The state detection network equipment sends message informing Service Processing Module, and Service Processing Module extracts from message and changes
IP information before change.
S102: the IP information before changing is inserted into default IP information tree-shaped storage with the form of node
In the wait tree of structure.
Wherein, IP information tree-shaped storage organization includes: balanced binary tree Patricia (prefix trees) tree-shaped
Storage organization, balanced binary tree RBTree tree-shaped storage organization or balanced binary tree SBT (Size
Balanced Tree, self-balancing tree) tree-shaped storage organization.
Specifically, balanced binary tree Patricia tree-shaped storage organization, balanced binary tree RBTree tree-shaped are deposited
Storage structure or balanced binary tree SBT tree-shaped storage organization etc., can (log n, n be that needs are grasped at O
The total nodes made) complete in the time to insert, search and deletion action, scan efficiency can be improved.
Specifically, IP information tree-shaped storage organization, can be to change in interface IP change, public network IP resource
Become or after the change of interface link state, before obtaining the IP information before changing, obtaining state-detection net
Create after network equipment startup information, i.e. after the state-detection network equipment starts, create IP inforamtion tree
Type storage organization.
S103: according to the IP number of nodes waited in tree, and aging timing, it is determined whether right
Stream table and NAT conversational list carry out aging.
Specifically, wait the IP number of nodes in tree, and two conditional parallel of aging timing enter
Row judges, when by the two arbitrary judge that convection current table and NAT conversational list carry out aging time, the most really
Determine convection current table and NAT conversational list carries out aging.
S104: when determining convection current table and NAT conversational list carries out aging, scanning stream table and NAT session
Table, by believing with the IP before the change in IP information tree-shaped storage organization in stream table and NAT conversational list
Stream table node that breath is corresponding and NAT session node aging fall.
Specifically, when scanning stream table and NAT conversational list, can first scan NAT conversational list and scan again
Stream table, it is also possible to first scanning stream table scans NAT conversational list again, does not limits this, can be according to reality
Border application feature is configured.
Specifically, see Fig. 2, a kind of balanced binary tree Patricia tree-shaped storage created for this example
Structure, each data member meaning is as follows: * pending_tree (waits tree): the IP information before change
Node hang over wait tree;Pending_num: current IP number of nodes;Pending_threshold:
IP number of nodes threshold value, IP number of nodes reaches IP number of nodes threshold value, driver sweep stream table and NAT
Conversational list;Sec_passed: the timing time of the timer that aging timing is corresponding;Sec_threshold:
Aging timing threshold value;If the timing time of the timer that aging timing is corresponding reaches aging fixed
Time time threshold, driver sweep stream table and NAT conversational list;* working_tree: scanning changes
The node of the IP information before change, working_tree need not store data, merely points to pending_tree,
Due to needs scanning stream table and NAT conversational list, scan for convenience, in the ban after scanning NAT conversational list
During scanning stream table, pending_tree can be used when scanning NAT conversational list, use during scanning stream table
Working_tree (owing to working_tree need not store data, merely point to pending_tree,
So being indirectly to use pending_tree), when scanning NAT conversational list after scanning stream table in the ban, permissible
Scanning stream table time use pending_tree, scanning NAT conversational list time use working_tree (by
Need not store data in working_tree, merely point to pending_tree, so being indirectly to use
pending_tree);Is_in_scan:Scan (scanning) processes mark, it is to avoid stream table and NAT meeting
Words table scan process is interrupted, and can arrange scan process when being masked as 1, stream table and NAT conversational list
Be in scanned state, scan process is when being masked as 0, and stream table and NAT session are not on being scanned
State;If_node: node number;The call number of ifl_idx: network device interface;Ifip:IPVx type is tied
Structure, the version of storage IP and address, including the address of IPv4 or IPv6.
Specifically, see Fig. 3, in a preferred embodiment, according to the IP number of nodes waited in tree,
Determine whether that convection current table and NAT conversational list carry out aging, including:
S201: the IP number of nodes waited in tree is compared with the IP number of nodes threshold value preset,
When the IP number of nodes waited in tree is more than or equal to the IP number of nodes threshold value preset, perform S202;
When the IP number of nodes waited in tree is less than the IP number of nodes threshold value preset, perform S204.
Specifically, the IP number of nodes threshold value preset can be configured according to actual application feature, as
Could be arranged to 10,100 etc..
S202: judge whether stream table and NAT conversational list are in scanned state, if stream table and NAT
Conversational list is not on scanned state, then perform S203;If stream table and NAT conversational list be in by
Scanning mode, then perform S204.
Specifically, owing to waiting the IP number of nodes in tree, and two conditions of aging timing are also
Row judges, when by the two arbitrary judge that convection current table and NAT conversational list carry out aging time,
Then determine that convection current table and NAT conversational list carry out aging, thus aging in order to avoid repeating, really
Surely perform aging before, first judge whether a downstream table and NAT conversational list are in scanned state, if
Be in scanned state, then stream table and NAT conversational list are aging, and can no longer perform aging.
Specifically, mark (is_in_scan) can be processed by inquiry scan and judge stream table and NAT
Whether conversational list is in scanned state.
S203: determine that convection current table and NAT conversational list carry out aging, then perform S104.
Specifically, it is determined that convection current table and NAT conversational list carry out aging after, can be by scan process mark
(is_in_scan) be set to scanned state, as arrange scan process be masked as 1 time, stream table and NAT
Conversational list is in scanned state, then scan process mark is set to 1.
S204: determine that not convection current table and NAT conversational list carry out aging, then terminate.
Specifically, see Fig. 4, in a preferred embodiment, according to aging timing, determine and be
No convection current table and NAT conversational list carry out aging, including:
S301: every a time interval preset, it is judged that wait whether the IP number of nodes in tree is zero,
If the IP number of nodes waited in tree is not zero, then perform S302;If the IP node waited in tree
Quantity is zero, then perform S306.
Wherein, the time interval preset can be 0.1 second, 0.5 second, 1 second etc., can should according to reality
Select by situation, this is not limited.
S302: the timing time of timer corresponding for aging timing is increased by a preset time value.
Wherein, preset time value can be identical with default time interval, such as default time interval
Being 1 second, preset time value is also 1 second, i.e. judges to wait the IP number of nodes in tree not every 1 second
When being zero, the timing time of the timer that the most aging timing is corresponding increases by 1 second, until aging timing
The timing time of the timer that the time is corresponding is more than or equal to the aging timing threshold value preset.Preset Time
Value can differ with default time interval, if default time interval is 0.5 second, and preset time value
It it is 1 second, when i.e. judging to wait that the IP number of nodes in tree is not zero every 0.5 second, during the most aging timing
Between the timing time of corresponding timer increase by 1 second, until the meter of timer corresponding to aging timing
Time the time more than or equal to preset aging timing threshold value.
S303: judge that whether the timing time of the timer that aging timing is corresponding is more than or equal to pre-
If aging timing threshold value, if greater than equal to preset aging timing threshold value, then perform
S304;If less than default aging timing threshold value, then perform S306.
S304: judge whether stream table and NAT conversational list are in scanned state, if stream table and NAT
Conversational list is not on scanned state, then perform S305;If stream table and NAT conversational list be in by
Scanning mode, then perform S306.
Specifically, owing to waiting the IP number of nodes in tree, and two conditions of aging timing are also
Row judges, when by the two arbitrary judge that convection current table and NAT conversational list carry out aging time,
Then determine that convection current table and NAT conversational list carry out aging, thus aging in order to avoid repeating, really
Surely perform aging before, first judge whether a downstream table and NAT conversational list are in scanned state, if
Be in scanned state, then stream table and NAT conversational list are aging, and can no longer perform aging.
Specifically, mark (is_in_scan) can be processed by inquiry scan and judge stream table and NAT
Whether conversational list is in scanned state.
S305: determine that convection current table and NAT conversational list carry out aging, then perform S104.
Specifically, it is determined that convection current table and NAT conversational list carry out aging after, can be by scan process mark
(is_in_scan) be set to scanned state, as arrange scan process be masked as 1 time, stream table and NAT
Conversational list is in scanned state, then scan process mark is set to 1.
S306: determine that not convection current table and NAT conversational list carry out aging, then terminate.
Specifically, see Fig. 5, in a preferred embodiment, scanning NAT conversational list in the ban, then
During scanning stream table: scanning stream table and NAT conversational list, by believing with IP in stream table and NAT conversational list
Cease stream table node corresponding to the IP information before the change in tree-shaped storage organization and NAT session node is aging
Fall, including:
S401: scanning NAT conversational list, obtains NAT binding joint (binding) point.
S402: judge whether NAT binding node is empty, if NAT binding node is not empty, then holds
Row S403;If NAT binding node is empty, then perform S406.
Specifically, NAT binding node is empty, then prove to have scanned through owning in NAT conversational list
NAT binds node.
S403: obtain the IP information that NAT binding node is corresponding.
Wherein, IP information includes version and the address of IP.
S404: NAT is bound the IP before the change during IP information corresponding to node is set with wait successively
Information compares, if waiting and there is IP information consistent change corresponding with NAT binding node in tree
IP information before change, then perform S405;If waiting and tree not having and NAT binding node pair
IP information before the change that the IP information answered is consistent, then perform S401.
Specifically, wait in tree before there is the change that the IP information corresponding with NAT binding node is consistent
IP information, then prove that the IP information that NAT binding node is corresponding has occurred and that change, can be by NAT
Binding knot removal falls.
S405: delete NAT and bind node, then perform S401.
S406: scanning stream table, obtains a traffic identifier ID.
S407: judge to flow ID the most effective, if stream ID is effective, then perform S408;If stream ID
Invalid, then perform S411.
Specifically, if stream ID is invalid, then prove to have scanned through stream table.
S408: according to stream ID, obtain flowing the IP information of stream corresponding for ID.
S409: the IP information before change during the IP information flowing stream corresponding for ID is set with wait successively
Compare, if waiting the IP before there is the change consistent with the IP information flowing stream corresponding to ID in tree
Information, then perform S410;If waiting the IP information one of stream not corresponding with stream ID in tree
IP information before the change caused, then perform S406.
Specifically, the IP before there is the change consistent with the IP information flowing stream corresponding to ID is waited in tree
Information, then prove that the IP information of stream corresponding for stream ID has occurred and that change, can be corresponding by flowing ID
Flow aging fall.
S410: be set to ageing state by flowing stream corresponding for ID, stream corresponding for convection current ID carries out flowing aging,
Then S406 is performed.
S411: empty IP information tree-shaped storage organization, then terminate.
Specifically, empty IP information tree-shaped storage organization, i.e. empty in IP information tree-shaped storage organization
The data such as the IP information before change, aging timing, IP number of nodes.
Specifically, after emptying IP information tree-shaped storage organization, can be by scan process mark (is_in_scan)
Be set to not be scanned state, as arrange scan process be masked as 0 time, stream table and NAT conversational list do not have
It is in scanned state, then scan process mark is set to 0.
Specifically, see Fig. 6, in a preferred embodiment, scanning stream table in the ban, then scan NAT
During conversational list: scanning stream table and NAT conversational list, by stream table and NAT conversational list with IP information
Stream table node and NAT session node that IP information before change in tree-shaped storage organization is corresponding are aging
Fall, including:
S501: scanning stream table, obtains a traffic identifier ID.
S502: judge to flow ID the most effective, if stream ID is effective, then perform S503;If stream ID
Invalid, then perform S506.
Specifically, if stream ID is invalid, then prove to have scanned through stream table.
S503: according to stream ID, obtain flowing the IP information of stream corresponding for ID.
Wherein, IP information includes version and the address of IP.
S504: the IP information before change during the IP information flowing stream corresponding for ID is set with wait successively
Compare, if waiting the IP before there is the change consistent with the IP information flowing stream corresponding to ID in tree
Information, then perform S505;If waiting the IP information one of stream not corresponding with stream ID in tree
IP information before the change caused, then S501.
Specifically, the IP before there is the change consistent with the IP information flowing stream corresponding to ID is waited in tree
Information, then prove that the IP information of stream corresponding for stream ID has occurred and that change, can be corresponding by flowing ID
Flow aging fall.
S505: be set to ageing state by flowing stream corresponding for ID, stream corresponding for convection current ID carries out flowing aging,
Then S501 is performed.
S506: scanning NAT conversational list, obtains a NAT and binds node.
S507: judge whether NAT binding node is empty, if NAT binding node is not empty, then holds
Row S508;If NAT binding node is empty, then perform S511.
Specifically, NAT binding node is empty, then prove to have scanned through owning in NAT conversational list
NAT binds node.
S508: obtain the IP information that NAT binding node is corresponding.
S509: NAT is bound the IP before the change during IP information corresponding to node is set with wait successively
Information compares, if waiting and there is IP information consistent change corresponding with NAT binding node in tree
IP information before change, then perform S510;If waiting and tree not having and NAT binding node pair
IP information before the change that the IP information answered is consistent, then perform S506.
Specifically, wait in tree before there is the change that the IP information corresponding with NAT binding node is consistent
IP information, then prove that the IP information that NAT binding node is corresponding has occurred and that change, can be by NAT
Binding knot removal falls.
S510: delete NAT and bind node, then perform S506.
S511: empty IP information tree-shaped storage organization, then terminate.
Specifically, empty IP information tree-shaped storage organization, i.e. empty in IP information tree-shaped storage organization
The data such as the IP information before change, aging timing, IP number of nodes.
Specifically, after emptying IP information tree-shaped storage organization, can be by scan process mark (is_in_scan)
Be set to not be scanned state, as arrange scan process be masked as 0 time, stream table and NAT conversational list do not have
It is in scanned state, then scan process mark is set to 0.
Convection current table and NAT conversational list described in the present embodiment carry out aging method, change at interface IP,
After public network IP resource changing or interface link state change, according to the wait of IP information tree-shaped storage organization
IP number of nodes in tree, and aging timing, it is determined whether convection current table and NAT conversational list enter
Row is aging, can actively aging stream table and NAT conversational list, the state-detection network equipment can be in time
The session of the IP before release change, does not continues to the packet forwarded in the session of the IP before changing;And
And will change before IP information with the form of node be inserted into default IP information tree-shaped storage organization etc.
In waiting to set, scanning stream table and the number of times of NAT conversational list can be reduced by IP information tree-shaped storage organization,
Reduce the performance loss of the state-detection network equipment so that the state-detection network equipment can in time and efficiently
The Session Resources that release is relevant, improves the safety of back-end server, reduces the state-detection network equipment
Resource consumption.Scanning stream table and during NAT conversational list, by flow the IP information of stream corresponding for ID successively with
IP information before the change waited in tree of IP information tree-shaped storage organization compares, is bound by NAT
IP information corresponding to node successively with the change waited in tree of IP information tree-shaped storage organization before IP
Information compares, and the time complexity of the inquiry of IP information tree-shaped storage organization is O (logn), so
It is equivalent to scan that stream table O (logn) is secondary, it is secondary to scan NAT conversational list O (logn), thus greatly
Reduce scanning stream table and the frequency of NAT conversational list.
As it is shown in fig. 7, be a kind of convection current table of the embodiment of the present invention and NAT conversational list carries out aging
Structure drawing of device, this device includes:
Acquisition module 601, in interface IP change, public network IP resource changing or interface link state
After change, obtain the IP information before changing;Wherein, the IP information before change includes the IP before changing
Version and address;
Inserting module 602, the IP information before changing is inserted into default IP with the form of node
In the wait tree of information tree-shaped storage organization;
Determine module 603, the IP number of nodes in setting according to wait, and aging timing,
Determine whether that convection current table and address translation NAT conversational list carry out aging;
Ageing module 604, for when determining convection current table and NAT conversational list carries out aging, scanning is flowed
Table and NAT conversational list, by stream table and NAT conversational list in in IP information tree-shaped storage organization
Stream table node that IP information before change is corresponding and NAT session node aging fall.
Further, seeing Fig. 8, this device also includes:
Start module 605, be used for obtaining the state-detection network equipment and start information;
Creation module 606, is used for creating IP information tree-shaped storage organization.
Further, IP information tree-shaped storage organization includes: balanced binary tree prefix trees Patricia tree-shaped
Storage organization, balanced binary tree RBTree tree-shaped storage organization or balanced binary tree self-balancing tree SBT tree
Type storage organization.
Further, it is determined that module 603 includes:
First comparing unit, for the IP number of nodes that will wait in tree and the IP number of nodes threshold preset
Value compares;
First judging unit, for when the IP number of nodes waited in tree is more than or equal to the IP node preset
During amount threshold, it is judged that whether stream table and NAT conversational list are in scanned state;
First determines unit, if being not on scanned state for stream table and NAT conversational list, then
Determine that convection current table and NAT conversational list carry out aging.
Further, it is determined that module 603 also includes:
Second determines unit, for when the IP number of nodes waited in tree is less than the IP number of nodes preset
During threshold value, determine that not convection current table and NAT conversational list carry out aging.
Further, it is determined that module 603 includes:
Second judging unit, for every a time interval preset, it is judged that wait the IP node in tree
Whether quantity is zero;
Timing unit, if for waiting that the IP number of nodes in tree is not zero, then time by aging timing
Between the timing time of corresponding timer increase by a preset time value;
3rd judging unit is the biggest for judging the timing time of timer that aging timing is corresponding
In equal to the aging timing threshold value preset;
4th judging unit, for if greater than equal to aging timing threshold value, then judge stream table and
Whether NAT conversational list is in scanned state;
3rd determines unit, if being not on scanned state for stream table and NAT conversational list, then
Determine that convection current table and NAT conversational list carry out aging.
Further, it is determined that module 603 also includes:
4th determines unit, if being zero for waiting the IP number of nodes in tree, it is determined that not convection current
Table and NAT conversational list carry out aging.
Further, it is determined that module 603 also includes:
5th determines unit, for if less than aging timing threshold value, it is determined that not convection current table and
NAT conversational list carries out aging.
Further, it is determined that module 603 also includes:
6th determines unit, if being in scanned state for stream table and NAT conversational list, it is determined that
Not convection current table and NAT conversational list carry out aging.
Further, ageing module 604 includes:
First scanning element, is used for scanning NAT conversational list, obtains a NAT and binds node;
5th judging unit, is used for judging whether NAT binding node is empty;
First acquiring unit, if not being empty for NAT binding node, then obtains NAT and binds node
Corresponding IP information;Wherein, IP information includes version and the address of IP;
Second comparing unit, for NAT bound IP information corresponding to node successively with wait in tree
IP information before change compares;
, if there is the IP information corresponding with NAT binding node in tree for waiting in the first aged cell
IP information before consistent change, then delete NAT and bind node, then notify that the first scanning element is held
The step of row scanning NAT conversational list;
Second scanning element, if being empty for NAT binding node, then scanning stream table, obtains one
Traffic identifier ID;
6th judging unit, is used for judging to flow ID the most effective;
Second acquisition unit, if effective for stream ID, then according to stream ID, obtains flowing ID corresponding
The IP information of stream;
3rd comparing unit, the change in the IP information flowing stream corresponding for ID is set with wait successively
Front IP information compares;
Second aged cell, if consistent for waiting the IP information that there is the stream corresponding with stream ID in tree
Change before IP information, then be set to ageing state, the stream that convection current ID is corresponding by flowing stream corresponding for ID
Carry out flowing aging, then notify that the second scanning element performs the step of scanning stream table;
First empties unit, if invalid for stream ID, then empties IP information tree-shaped storage organization.
Further, ageing module 604 includes:
3rd scanning element, is used for scanning stream table, obtains a traffic identifier ID;
7th judging unit, is used for judging to flow ID the most effective;
3rd acquiring unit, if effective for stream ID, then according to stream ID, obtains flowing ID corresponding
The IP information of stream;Wherein, IP information includes version and the address of IP;
4th comparing unit, the change in the IP information flowing stream corresponding for ID is set with wait successively
Front IP information compares;
3rd aged cell, if consistent for waiting the IP information that there is the stream corresponding with stream ID in tree
Change before IP information, then be set to ageing state, the stream that convection current ID is corresponding by flowing stream corresponding for ID
Carry out flowing aging, then notify that the 3rd scanning element performs the step of scanning stream table;
4th scanning element, if invalid for stream ID, then scanning NAT conversational list, obtains one
NAT binds node;
8th judging unit, is used for judging whether NAT binding node is empty;
4th acquiring unit, if not being empty for NAT binding node, then obtains NAT and binds node
Corresponding IP information;
5th comparing unit, for NAT bound IP information corresponding to node successively with wait in tree
IP information before change compares;
, if there is the IP information corresponding with NAT binding node in tree for waiting in the 4th aged cell
IP information before consistent change, then delete NAT and bind node, then notify that the 4th scanning element is held
The step of row scanning NAT conversational list;
Second empties unit, if being empty for NAT binding node, then empties the storage of IP information tree-shaped
Structure.
Convection current table and NAT conversational list described in the present embodiment carry out aging device, change at interface IP,
After public network IP resource changing or interface link state change, according to the wait of IP information tree-shaped storage organization
IP number of nodes in tree, and aging timing, it is determined whether convection current table and NAT conversational list enter
Row is aging, can actively aging stream table and NAT conversational list, the state-detection network equipment can be in time
The session of the IP before release change, does not continues to the packet forwarded in the session of the IP before changing;And
And will change before IP information with the form of node be inserted into default IP information tree-shaped storage organization etc.
In waiting to set, scanning stream table and the number of times of NAT conversational list can be reduced by IP information tree-shaped storage organization,
Reduce the performance loss of the state-detection network equipment so that the state-detection network equipment can in time and efficiently
The Session Resources that release is relevant, improves the safety of back-end server, reduces the state-detection network equipment
Resource consumption.Scanning stream table and during NAT conversational list, by flow the IP information of stream corresponding for ID successively with
IP information before the change waited in tree of IP information tree-shaped storage organization compares, is bound by NAT
IP information corresponding to node successively with the change waited in tree of IP information tree-shaped storage organization before IP
Information compares, and the time complexity of the inquiry of IP information tree-shaped storage organization is O (logn), so
It is equivalent to scan that stream table O (logn) is secondary, it is secondary to scan NAT conversational list O (logn), thus greatly
Reduce scanning stream table and the frequency of NAT conversational list.
Described device describes corresponding with aforesaid method flow, and weak point is chatted with reference to said method flow process
State, repeat the most one by one.
Convection current table and NAT conversational list that the present invention proposes carry out aging method and apparatus, both can apply
In IPv4 can also be used for the network equipment of IPv6.Can be used in multi-core network device.All right
It is applied in the similar aging application scenarios of other state-detection network equipment.
Described above illustrate and describes some preferred embodiments of the present invention, but as previously mentioned, it should reason
Solve the present invention and be not limited to form disclosed herein, be not to be taken as the eliminating to other embodiments,
And can be used for various other combination, amendment and environment, and can in invention contemplated scope described herein,
It is modified by above-mentioned teaching or the technology of association area or knowledge.And those skilled in the art are carried out changes
Move and change is without departing from the spirit and scope of the present invention, the most all should be in the protection of claims of the present invention
In the range of.
Claims (22)
1. a convection current table and NAT conversational list carry out aging method, it is characterised in that described method
Including:
After interface IP change, public network IP resource changing or interface link state change, obtain before changing
IP information;
IP information before described change is inserted into default IP information tree-shaped storage knot with the form of node
In the wait tree of structure;
According to the described IP number of nodes waited in tree, and aging timing, it is determined whether convection current
Table and address translation NAT conversational list carry out aging;
When determine described stream table and described NAT conversational list are carried out aging time, scan described stream table and institute
State NAT conversational list, by depositing with described IP information tree-shaped in described stream table and described NAT conversational list
Stream table node that the IP information before described change in storage structure is corresponding and NAT session node aging fall.
2. the method for claim 1, it is characterised in that in interface IP change, public network IP
After resource changing or interface link state change, before obtaining the IP information before changing, also include:
Obtain the state-detection network equipment and start information;
Create described IP information tree-shaped storage organization.
3. method as claimed in claim 1 or 2, it is characterised in that described IP information tree-shaped stores
Structure includes: balanced binary tree prefix trees Patricia tree-shaped storage organization, balanced binary tree RBTree tree
Type storage organization or balanced binary tree self-balancing tree SBT tree-shaped storage organization.
4. the method for claim 1, it is characterised in that according to the described IP waited in tree joint
Point quantity, and aging timing, it is determined whether convection current table and NAT conversational list carry out aging, bag
Include:
The described IP number of nodes waited in tree is compared with the IP number of nodes threshold value preset;
When the described IP number of nodes waited in tree is more than or equal to the IP number of nodes threshold value preset, sentence
Whether disconnected described stream table and described NAT conversational list are in scanned state;
If described stream table and described NAT conversational list are not on scanned state, it is determined that to described
Stream table and described NAT conversational list carry out aging.
5. method as claimed in claim 4, it is characterised in that by the described IP node waited in tree
After quantity compares with the IP number of nodes threshold value preset, also include:
When the described IP number of nodes waited in tree is less than the IP number of nodes threshold value preset, determine not
Described stream table and described NAT conversational list are carried out aging.
6. the method for claim 1, it is characterised in that according to aging timing, determine
Convection current table and NAT conversational list carry out aging, including:
Every a time interval preset, it is judged that whether the IP number of nodes in described wait tree is zero;
If the described IP number of nodes waited in tree is not zero, then by meter corresponding for aging timing
Time device timing time increase by a preset time value;
Judge that the timing time of the timer that described aging timing is corresponding is whether more than or equal to presetting
Aging timing threshold value;
If greater than equal to described aging timing threshold value, then judge described stream table and described NAT meeting
Whether words table is in scanned state;
If described stream table and described NAT conversational list are not on scanned state, it is determined that to described
Stream table and described NAT conversational list carry out aging.
7. method as claimed in claim 6, it is characterised in that judge the described IP waited in tree joint
After whether some quantity is zero, also include:
If zero, it is determined that described stream table and described NAT conversational list are not carried out aging.
8. method as claimed in claim 6, it is characterised in that judge described aging timing pair
After whether the timing time of the timer answered is more than or equal to the aging timing threshold value preset, also wrap
Include:
If less than described aging timing threshold value, it is determined that not to described stream table and described NAT meeting
Words table carries out aging.
9. the method as described in claim 4 or 6, it is characterised in that judge described stream table and described
After whether NAT conversational list is in scanned state, also include:
If described stream table and described NAT conversational list are in scanned state, it is determined that not to described stream
Table and described NAT conversational list carry out aging.
10. the method for claim 1, it is characterised in that scan described stream table and described NAT
Conversational list, by described stream table and described NAT conversational list with in described IP information tree-shaped storage organization
Described change before stream table node corresponding to IP information and NAT session node aging fall, including:
Scan described NAT conversational list, obtain a NAT and bind node;
Judge whether described NAT binding node is empty;
If described NAT binding node is not empty, then obtain the IP that described NAT binding node is corresponding
Information;
The IP before change during IP information corresponding for described NAT binding node is set with described wait successively
Information compares;
If there is the change that the IP information corresponding with described NAT binding node is consistent in tree in described wait
Front IP information, then delete described NAT and bind node, then perform to scan described NAT conversational list
Step;
If described NAT binding node is empty, then scans described stream table, obtain a traffic identifier ID;
Judge that described stream ID is the most effective;
If described stream ID is effective, then according to described stream ID, obtain the IP of described stream corresponding for stream ID
Information;
IP letter before change during the IP information of described stream corresponding for stream ID is set with described wait successively
Breath compares;
If before there is the change consistent with the IP information of described stream corresponding for stream ID in described wait tree
IP information, then be set to ageing state by described stream corresponding for stream ID, to described stream corresponding the flowing to of ID
Row stream is aging, then performs to scan the step of described stream table;
If described stream ID is invalid, then empty described IP information tree-shaped storage organization.
11. the method for claim 1, it is characterised in that scan described stream table and described NAT
Conversational list, by described stream table and described NAT conversational list with in described IP information tree-shaped storage organization
Described change before stream table node corresponding to IP information and NAT session node aging fall, including:
Scan described stream table, obtain a traffic identifier ID;
Judge that described stream ID is the most effective;
If described stream ID is effective, then according to described stream ID, obtain the IP of described stream corresponding for stream ID
Information;
IP letter before change during the IP information of described stream corresponding for stream ID is set with described wait successively
Breath compares;
If before there is the change consistent with the IP information of described stream corresponding for stream ID in described wait tree
IP information, then be set to ageing state by described stream corresponding for stream ID, to described stream corresponding the flowing to of ID
Row stream is aging, then performs to scan the step of described stream table;
If described stream ID is invalid, then scan described NAT conversational list, obtain a NAT binding joint
Point;
Judge whether described NAT binding node is empty;
If described NAT binding node be empty, then obtain described in take NAT and bind the IP that node is corresponding
Information;
The IP before change during IP information corresponding for described NAT binding node is set with described wait successively
Information compares;
If there is the change that the IP information corresponding with described NAT binding node is consistent in tree in described wait
Front IP information, then delete described NAT and bind node, then perform to scan described NAT conversational list
Step;
If described NAT binding node is empty, then empty described IP information tree-shaped storage organization.
12. 1 kinds of convection current tables and NAT conversational list carry out aging device, it is characterised in that described dress
Put and include:
Acquisition module, for changing in interface IP change, public network IP resource changing or interface link state
After, obtain the IP information before changing;
Insert module, for the IP information before described change is inserted into default IP with the form of node
In the wait tree of information tree-shaped storage organization;
Determine module, the IP number of nodes in setting according to described wait, and aging timing,
Determine whether that convection current table and address translation NAT conversational list carry out aging;
Ageing module, for when determine described stream table and described NAT conversational list are carried out aging time, sweep
Retouch described stream table and described NAT conversational list, by described stream table and described NAT conversational list with described
Stream table node that the IP information before described change in IP information tree-shaped storage organization is corresponding and NAT session
Node aging fall.
13. devices as claimed in claim 12, it is characterised in that described device also includes:
Start module, be used for obtaining the state-detection network equipment and start information;
Creation module, is used for creating described IP information tree-shaped storage organization.
14. devices as described in claim 12 or 13, it is characterised in that described IP information tree-shaped
Storage organization includes: balanced binary tree prefix trees Patricia tree-shaped storage organization, balanced binary tree are red-black
Tree tree-shaped storage organization or balanced binary tree self-balancing tree SBT tree-shaped storage organization.
15. devices as claimed in claim 12, it is characterised in that described determine that module includes:
First comparing unit, for by the described IP number of nodes waited in tree and the IP nodes preset
Amount threshold value compares;
First judging unit, for when the described IP number of nodes waited in tree is more than or equal to the IP preset
During number of nodes threshold value, it is judged that whether described stream table and described NAT conversational list are in scanned state;
First determines unit, if being not on being scanned for described stream table and described NAT conversational list
State, it is determined that described stream table and described NAT conversational list are carried out aging.
16. devices as claimed in claim 15, it is characterised in that described determine that module also includes:
Second determines unit, for when the described IP number of nodes waited in tree is less than the IP node preset
During amount threshold, determine and described stream table and described NAT conversational list are not carried out aging.
17. devices as claimed in claim 12, it is characterised in that described determine that module includes:
Second judging unit, for every a time interval preset, it is judged that the IP in described wait tree
Whether number of nodes is zero;
Timing unit, if be not zero, then by aging fixed for the described IP number of nodes waited in tree
Time timer corresponding to time timing time increase by a preset time value;
3rd judging unit, for judging that the timing time of timer that described aging timing is corresponding is
No more than or equal to the aging timing threshold value preset;
4th judging unit, for if greater than equal to described aging timing threshold value, then judging described
Whether stream table and described NAT conversational list are in scanned state;
3rd determines unit, if being not on being scanned for described stream table and described NAT conversational list
State, it is determined that described stream table and described NAT conversational list are carried out aging.
18. devices as claimed in claim 17, it is characterised in that described determine that module also includes:
4th determines unit, if being zero for the described IP number of nodes waited in tree, it is determined that no
Described stream table and described NAT conversational list are carried out aging.
19. devices as claimed in claim 17, it is characterised in that described determine that module also includes:
5th determines unit, for if less than described aging timing threshold value, it is determined that not to described
Stream table and described NAT conversational list carry out aging.
20. devices as described in claim 15 or 17, it is characterised in that described determine that module is also wrapped
Include:
6th determines unit, if being in scanned state for described stream table and described NAT conversational list,
Then determining does not carries out aging to described stream table and described NAT conversational list.
21. devices as claimed in claim 12, it is characterised in that described ageing module includes:
First scanning element, is used for scanning described NAT conversational list, obtains a NAT and binds node;
5th judging unit, is used for judging whether described NAT binding node is empty;
First acquiring unit, if not being empty for described NAT binding node, then obtains described NAT
The IP information that binding node is corresponding;
Second comparing unit, for by described NAT binding IP information corresponding to node successively with described etc.
Wait that the IP information before the change in setting compares;
For described, first aged cell, if waiting that in tree, existence is corresponding with described NAT binding node
The consistent change of IP information before IP information, then delete described NAT and bind node, then notify
Described first scanning element performs to scan the step of described NAT conversational list;
Second scanning element, if being empty for described NAT binding node, then scans described stream table,
Obtain a traffic identifier ID;
6th judging unit, is used for judging that described stream ID is the most effective;
Second acquisition unit, if effective for described stream ID, then according to described stream ID, obtains described
The IP information of the stream that stream ID is corresponding;
3rd comparing unit, for waiting tree with described successively by the IP information of described stream corresponding for stream ID
In change before IP information compare;
, if there is the IP with described stream corresponding for stream ID in tree for described wait in the second aged cell
IP information before the change that information is consistent, then be set to ageing state, to institute by described stream corresponding for stream ID
State stream stream corresponding to ID and carry out flowing aging, then notify that described second scanning element performs to scan described stream
The step of table;
First empties unit, if invalid for described stream ID, then empties the storage of described IP information tree-shaped
Structure.
22. devices as claimed in claim 12, it is characterised in that described ageing module includes:
3rd scanning element, is used for scanning described stream table, obtains a traffic identifier ID;
7th judging unit, is used for judging that described stream ID is the most effective;
3rd acquiring unit, if effective for described stream ID, then according to described stream ID, obtains described
The IP information of the stream that stream ID is corresponding;
4th comparing unit, for waiting tree with described successively by the IP information of described stream corresponding for stream ID
In change before IP information compare;
, if there is the IP with described stream corresponding for stream ID in tree for described wait in the 3rd aged cell
IP information before the change that information is consistent, then be set to ageing state, to institute by described stream corresponding for stream ID
State stream stream corresponding to ID and carry out flowing aging, then notify that described 3rd scanning element performs to scan described stream
The step of table;
4th scanning element, if invalid for described stream ID, then scans described NAT conversational list,
Node is bound to a NAT;
8th judging unit, is used for judging whether described NAT binding node is empty;
4th acquiring unit, if for described NAT binding node be sky, then obtain described in take NAT
The IP information that binding node is corresponding;
5th comparing unit, for by described NAT binding IP information corresponding to node successively with described etc.
Wait that the IP information before the change in setting compares;
For described, 4th aged cell, if waiting that in tree, existence is corresponding with described NAT binding node
The consistent change of IP information before IP information, then delete described NAT and bind node, then notify
Described 4th scanning element performs to scan the step of described NAT conversational list;
Second empties unit, if being empty for described NAT binding node, then empties described IP information
Tree-shaped storage organization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510056361.2A CN105991552B (en) | 2015-02-03 | 2015-02-03 | The method and apparatus that aging is carried out to flow table and NAT conversational list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510056361.2A CN105991552B (en) | 2015-02-03 | 2015-02-03 | The method and apparatus that aging is carried out to flow table and NAT conversational list |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105991552A true CN105991552A (en) | 2016-10-05 |
| CN105991552B CN105991552B (en) | 2018-11-30 |
Family
ID=57037054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510056361.2A Active CN105991552B (en) | 2015-02-03 | 2015-02-03 | The method and apparatus that aging is carried out to flow table and NAT conversational list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105991552B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639802A (en) * | 2018-12-18 | 2019-04-16 | 杭州迪普科技股份有限公司 | A kind of link statistics management method and device |
| CN112217919A (en) * | 2020-12-11 | 2021-01-12 | 广东省新一代通信与网络创新研究院 | Method and system for realizing network address conversion |
| CN113746954A (en) * | 2021-09-22 | 2021-12-03 | 烽火通信科技股份有限公司 | Method and device for rapidly recovering NAT address block secondary allocation |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170517A (en) * | 2007-12-06 | 2008-04-30 | 杭州华三通信技术有限公司 | Method and device for aging of control session table |
| CN101247353A (en) * | 2008-03-25 | 2008-08-20 | 杭州华三通信技术有限公司 | Stream aging method and network appliance |
| US20090182829A1 (en) * | 2006-10-10 | 2009-07-16 | Wei Li | Method, system and apparatus for keeping session table alive in net address translation apparatus |
| CN102780641A (en) * | 2012-08-17 | 2012-11-14 | 北京傲天动联技术有限公司 | Flow table aging method and device of quick forwarding engine, and switch |
| CN103414698A (en) * | 2013-07-22 | 2013-11-27 | 北京星网锐捷网络技术有限公司 | Method and device for aging conversation flows |
-
2015
- 2015-02-03 CN CN201510056361.2A patent/CN105991552B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090182829A1 (en) * | 2006-10-10 | 2009-07-16 | Wei Li | Method, system and apparatus for keeping session table alive in net address translation apparatus |
| CN101170517A (en) * | 2007-12-06 | 2008-04-30 | 杭州华三通信技术有限公司 | Method and device for aging of control session table |
| CN101247353A (en) * | 2008-03-25 | 2008-08-20 | 杭州华三通信技术有限公司 | Stream aging method and network appliance |
| CN102780641A (en) * | 2012-08-17 | 2012-11-14 | 北京傲天动联技术有限公司 | Flow table aging method and device of quick forwarding engine, and switch |
| CN103414698A (en) * | 2013-07-22 | 2013-11-27 | 北京星网锐捷网络技术有限公司 | Method and device for aging conversation flows |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639802A (en) * | 2018-12-18 | 2019-04-16 | 杭州迪普科技股份有限公司 | A kind of link statistics management method and device |
| CN112217919A (en) * | 2020-12-11 | 2021-01-12 | 广东省新一代通信与网络创新研究院 | Method and system for realizing network address conversion |
| CN113746954A (en) * | 2021-09-22 | 2021-12-03 | 烽火通信科技股份有限公司 | Method and device for rapidly recovering NAT address block secondary allocation |
| CN113746954B (en) * | 2021-09-22 | 2023-06-13 | 烽火通信科技股份有限公司 | Method and device for quickly recovering NAT address block through secondary allocation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991552B (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106953795B (en) | Method and device for configuring multiple network cards | |
| CN107995324B (en) | Tunnel mode-based cloud protection method and device | |
| CN103108089B (en) | Connection establishment management method of network system and related system thereof | |
| CN107800668B (en) | Distributed denial of service attack defense method, device and system | |
| CN107370636B (en) | Link state determination method and device | |
| CN109347670A (en) | Route tracing method and device, electronic equipment, storage medium | |
| CN105227466A (en) | Communication processing method and device | |
| CN105991552A (en) | Method for aging flow table and NAT (network address translation) session table and apparatus | |
| CN107360027A (en) | The distribution method, apparatus and intelligent appliance of a kind of intelligent appliance | |
| CN105743687B (en) | Method and device for judging node fault | |
| CN102035738A (en) | Method and device for acquiring routing information | |
| CN108848204A (en) | A kind of NAT business immediate processing method and device | |
| CN104506549A (en) | Method, device and system for establishing online game connection | |
| CN106161362A (en) | A kind of network application means of defence and equipment | |
| CN105897610A (en) | Flow control method and device | |
| CN105939323A (en) | Data packet filtering method and device | |
| CN102025641B (en) | Message filtering method and exchange equipment | |
| CN104486217A (en) | Cross network message transmitting method and equipment | |
| CN109451087A (en) | MAC address entries ageing method and device | |
| CN105991353A (en) | Fault location method and device | |
| CN107547690A (en) | Port assignment method, apparatus, NAT device and storage medium in NAT | |
| CN109617920A (en) | A kind of message processing method, device, router and firewall box | |
| CN103916489A (en) | Method and system for resolving single-domain-name multi-IP domain name | |
| CN109347792B (en) | Large-scale DDoS attack resistance defense system and method based on cloud + end equipment continuous linkage mode | |
| CN105429880B (en) | The network equipment and its method for carrying out routing forwarding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211105 Address after: Room 516, floor 5, building 3, No. 969, Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee after: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: ALIBABA GROUP HOLDING Ltd. |
|
| TR01 | Transfer of patent right | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20161005 Assignee: Hangzhou Jinyong Technology Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001317 Denomination of invention: Method and device for aging flow tables and NAT session tables Granted publication date: 20181130 License type: Common License Record date: 20240123 Application publication date: 20161005 Assignee: Golden Wheat Brand Management (Hangzhou) Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001316 Denomination of invention: Method and device for aging flow tables and NAT session tables Granted publication date: 20181130 License type: Common License Record date: 20240123 Application publication date: 20161005 Assignee: Hangzhou Xinlong Huazhi Trademark Agency Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001315 Denomination of invention: Method and device for aging flow tables and NAT session tables Granted publication date: 20181130 License type: Common License Record date: 20240123 |
|
| EE01 | Entry into force of recordation of patent licensing contract |