CN106572197A

CN106572197A - Network address conversion method, apparatus and system thereof

Info

Publication number: CN106572197A
Application number: CN201510654182.9A
Authority: CN
Inventors: 金帅; 吴佳明; 陈家军; 薛蹦蹦; 陈子昂; 杨玉玺
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2015-10-10
Filing date: 2015-10-10
Publication date: 2017-04-19
Anticipated expiration: 2035-10-10
Also published as: CN106572197B

Abstract

The invention discloses a network address conversion method, an apparatus and a system thereof. The method is characterized in that a virtual server acquires an external network source address in a service request message sent by user equipment and the external network source address is an external network address of the user equipment; the external network source address and an external network destination address in the service request message are converted into an internal network source address and an internal network destination address, wherein the internal network source address is an internal network address of the virtual server and the destination address is an internal network address of a cloud host processing the service request message; the external network source address and a first identification bit are carried in the service request message after the address is converted and the service request message is sent to a connection tracker; and the connection tracker acquires the external network source address carried in the service request message according to the first identification bit carried in the service request message sent by the virtual server, the internal network source address in the service request message is replaced into the external network source address, and the service request message is sent to the cloud host so as to carry out service processing.

Description

A kind of method for network address translation, apparatus and system

Technical field

The application is related to the load-balancing technique field in linux system, specifically, is related to a kind of net Network address conversion method, apparatus and system.

Background technology

Load balancing is a kind of according to load-balancing algorithm, and network request is distributed to a server cluster In available server technology.Load balancing enters the data traffic of server cluster by management, from And make web visitor obtain network experience as well as possible.It is for example in cloud computing service, equal by load Network service request is assigned on the less server of load and is processed by weighing apparatus technology, to improve network clothes The treatment effeciency of business request, makes web visitor obtain preferably experience.

Generally, in cloud computing service, it is equal that load equalizer often invents multiple available dummy loads Weighing apparatus (Virtual Load Balancer, VLB), or, by load balancing software installation virtual On server (virtual machine of server virtualization), to realize cloud computing service in load balancing.Example Such as, multiple back-end servers can be integrated into one by the load-balancing technique based on (SuSE) Linux OS Individual virtual server, realizes the flow forwarding to multiple back-end servers and load balancing.

Inventor has found during the present invention is realized：In the environment of cloud computing, grasped based on Linux In making the load-balancing technique of system, when Operational Visit request message is sent to virtual server by client (Linux Virtual Server, LVS) internally network transmission when, virtual server is needed to business Access request message does address conversion, could pass through load-balancing technique and distribute Operational Visit request message To loading, less back-end server (Real Server are cloud main frame under cloud computing environment) is enterprising Row is processed.But, for back-end server (cloud main frame), it is not known that be which front end user equipment The Operational Visit request message of transmission.

Therefore, can not realize to cloud main frame in the existing load-balancing technique based on (SuSE) Linux OS User's Transparent Proxy.

The content of the invention

In view of this, the application provides a kind of method for network address translation, apparatus and system, can solve Existing problem.

In order to solve above-mentioned technical problem, the application first aspect provides a kind of method for network address translation, Including：

Virtual server obtains the outer net source address in the service request message that user equipment sends, described outer Net source address is the outer net address of the user equipment；

Intranet source ground is converted to the outer net source address and outer net destination address in the service request message Location and Intranet destination address, the internal network source address is the internal address of the virtual server, the mesh Address be the cloud main frame for processing the service request message internal address；

The outer net source address and the first flag are carried in the service request message after address conversion, And the service request message is sent to into connection tracker；So that the connection tracker is according to the void Intend first flag carried in the service request message that server sends, obtain the service request The outer net source address carried in message, replaces with to the internal network source address in the service request message The outer net source address, and the service request message is sent to into the cloud main frame carries out Business Processing.

Alternatively, the outer net source address and the first flag are carried into the business after the address conversion In request message, including：

The virtual server adds the first extended field in the service request message format, using institute State the first extended field and carry the outer net source address and the first flag.

The virtual server adds the second extended field and the 3rd in the service request message format Extended field, using second extended field outer net source address is carried, using the described 3rd extension Field carries first flag；Or carry first mark using second extended field Position, using the 3rd extended field outer net source address is carried.

Alternatively, described method also includes：

The virtual server receives the service response message that the connection tracker sends, and the business is rung Message is answered to be that the cloud main frame rings according to the business that the service request message carries out being sent after Business Processing Answer message；

The virtual server is according to the second flag carried in the service response message is obtained The outer net destination address carried in service response message, the outer net destination address sets for the user Standby outer net address, the user that the service response message is sent to the outer net destination address sensing is set It is standby.

Second aspect, the embodiment of the present invention also provides a kind of method for network address translation, including：

Connection tracker receives the service request message carried out after address conversion that virtual server sends, institute The service request message stated service request message and be sent to the virtual server for user equipment；

Obtained in the service request message according to the first flag carried in the service request message The outer net source address of carrying, the outer net source address is the user equipment for sending the service request message Outer net address；

The outer net source address is replaced with to the internal network source address in the service request message, and will be described Service request message is sent to cloud main frame and carries out Business Processing.

Alternatively, described method also includes：

The connection tracker receives the service response message that the cloud main frame sends, the service response report The service response report that text carries out being sent after Business Processing for the cloud main frame according to the service request message Text, the destination address in the service response message is outer net destination address, and for the service request report The outer net address of the user equipment carried in text；

Outer net destination address in the service response message is replaced with into Intranet destination address, the Intranet Destination address is the internal address of the virtual server, by the outer net destination address and the second flag In carrying the service response message after the address conversion, and the service response message is sent to into void Intend server, so that in service response message of the virtual server according to the connection tracker transmission The second flag for carrying obtains the outer net destination address carried in service response message, by the industry Business response message is sent to the user equipment that the outer net destination address is pointed to.

Alternatively, the outer net destination address and the second flag are carried into the industry after the address conversion In business response message, including：

The connection tracker adds the first extended field in the service response message format, using institute State the first extended field and carry the outer net destination address and the second flag.

The connection tracker adds the second extended field and the 3rd in the service response message format Extended field, using second extended field outer net destination address is carried, and is expanded using the described 3rd Exhibition field carries second flag；Or carry second mark using second extended field Position, using the 3rd extended field outer net source address is carried.

The third aspect, the embodiment of the present invention also provides a kind of network address conversion device, positioned at Virtual Service Device side, including：

Acquisition module, for the outer net source address in the service request message for obtaining user equipment transmission, institute State the outer net address that outer net source address is the user equipment；

Modular converter, for turning to the outer net source address and outer net destination address in the service request message Internal network source address and Intranet destination address are changed to, the internal network source address is the Intranet of the virtual server Address, the destination address is the internal address of the cloud main frame for processing the service request message；

Package module, for the outer net source address and the first flag to be carried into the industry after address conversion In business request message, and the service request message is sent to into connection tracker by sending module；With Make it is described connection tracker according in the service request message that the virtual server sends carrying described in First flag, obtains the outer net source address carried in the service request message, to the business Internal network source address in request message replaces with the outer net source address, and the service request message is sent out Giving the cloud main frame carries out Business Processing.

Alternatively, the package module specifically for：

Add the first extended field in the service request message format, using first extended field Carry the outer net source address and the first flag.

Alternatively, the package module specifically for：

Add the second extended field and the 3rd extended field in the service request message format, using institute State the second extended field and carry the outer net source address, using the 3rd extended field described first is carried Flag；Or first flag is carried using second extended field, expand using the described 3rd Exhibition field carries the outer net source address.

Alternatively, described device also includes：

Receiver module, for receiving the service response message that the connection tracker sends, the business is rung Message is answered to be that the cloud main frame rings according to the business that the service request message carries out being sent after Business Processing Answer message；

The acquisition module, for obtaining institute according to the second flag carried in the service response message The outer net destination address carried in service response message is stated, the outer net destination address is the user The outer net address of equipment, the outer mesh is sent to by the service response message by the sending module Address point to user equipment.

Fourth aspect, the embodiment of the present invention also provides a kind of network address conversion device, positioned at connection tracking Device, including：

Receiver module, for receiving the service request report carried out after address conversion of virtual server transmission Text, the service request message is sent to the service request message of the virtual server for user equipment；

Acquisition module, for obtaining the industry according to the first flag carried in the service request message The outer net source address carried in business request message, the outer net source address is the transmission service request message User equipment outer net address；

Replacement module, for replacing with the outer net source to the internal network source address in the service request message Address, and the service request message is sent to into cloud main frame by sending module carries out Business Processing.

Alternatively, described device also includes：

The receiver module, is additionally operable to receive the service response message that the cloud main frame sends, the business Response message is the business that the cloud main frame carries out being sent after Business Processing according to the service request message Response message, the destination address in the service response message is outer net destination address, and for the business The outer net address of the user equipment carried in request message；

The replacement module, be additionally operable to replace with the outer net destination address in the service response message in Net destination address, the Intranet destination address is the internal address of the virtual server, by the outer net Destination address and the second flag are carried in the service response message after the address conversion, and will be described Service response message is sent to virtual server, so that the virtual server is according to the connection tracker What is carried in the second flag acquisition service response message carried in the service response message of transmission is described Outer net destination address, the user that the service response message is sent to the outer net destination address sensing is set It is standby.

Alternatively, the replacement module specifically for：

Add the first extended field in the service response message format, using first extended field Carry the outer net destination address and the second flag.

Alternatively, the replacement module specifically for：

Add the second extended field and the 3rd extended field in the service response message format, using institute State the second extended field and carry the outer net destination address, using the 3rd extended field described the is carried Two flags；Or second flag is carried using second extended field, using the described 3rd Extended field carries the outer net source address.

5th aspect, the embodiment of the present invention also provides a kind of network address transfer system, including：Virtual clothes Business device and connection tracker；

The virtual server includes the network address conversion device described in the third aspect；

The connection tracker includes the network address conversion device described in fourth aspect.

Alternatively, described system also includes：User equipment and cloud main frame；

The user equipment, for sending service request message to the virtual server, the business please Message is asked to include outer net source address and outer net destination address, the outer net source address is the user equipment Outer net address, the outer net destination address is the outer net address of the virtual server；

The cloud main frame, the service request message for being sent according to the connection tracker is carried out at business After reason, to the service response message that the connection tracker sends, the service response message includes outer Net destination address and internal network source address, wherein, the outer net destination address is the outer net of the user equipment Address, the internal network source address is the internal address of the cloud main frame.

The embodiment of the present invention is by virtual server in the service request message for receiving user equipment transmission When, the outer net address of user equipment is obtained, it is interior entoilage to the outer net address conversion in service request message Location, and the outer net address of user equipment and the first flag are carried into the service request after address conversion In message, connection tracker is sent to afterwards so that connection tracker obtains message according to the first flag The outer net address of the user equipment of middle carrying, before service request message is sent to into cloud main frame, will report Internal network source address in text replaces with the outer net address of user equipment, so, the business that cloud main frame is received Source address in request message is the address of real user equipment, is observed in the angle of cloud main frame, externally The cloud main frame of service is directly set up between real user equipment and is communicated, and realizes the Transparent Proxy of user.

Description of the drawings

Accompanying drawing described herein is used for providing further understanding of the present application, constitutes of the application Point, the schematic description and description of the application is used to explain the application, does not constitute to the application's Improper restriction.In the accompanying drawings：

Fig. 1 is a kind of system architecture figure for realizing load-balancing technique in prior art；

Fig. 2 is a kind of flow chart for realizing load-balancing technique in prior art；

Fig. 3 is a kind of system architecture figure for realizing load-balancing technique provided in an embodiment of the present invention；

Fig. 4 is a kind of schematic flow sheet of method for network address translation of the embodiment of the present application；

Fig. 5 is a kind of schematic flow sheet of method for network address translation of the embodiment of the present application；

Fig. 6 is a kind of schematic flow sheet of method for network address translation of the embodiment of the present application；

Fig. 7 is a kind of schematic flow sheet of method for network address translation of the embodiment of the present application；

Fig. 8 is a kind of structural representation of network address conversion device of the embodiment of the present invention；

Fig. 9 is a kind of structural representation of network address conversion device of the embodiment of the present invention；

Figure 10 is the structural representation of a kind of electronic equipment provided in an embodiment of the present invention；

Figure 11 is the structural representation of a kind of electronic equipment provided in an embodiment of the present invention；

Figure 12 is a kind of structural representation of network address transfer system of the embodiment of the present invention；

The Organization Chart that Figure 13 is disposed for a kind of Conntrack module distributions formula of the embodiment of the present invention.

Specific embodiment

Presently filed embodiment is described in detail below in conjunction with drawings and Examples, thereby to the application How application technology means come solve technical problem and reach technology effect realize that process can fully understand And implement according to this.

In a typical configuration, computing device include one or more processors (CPU), input/ Output interface, network interface and internal memory.

Internal memory potentially includes the volatile memory in computer-readable medium, random access memory And/or the form, such as read only memory (ROM) or flash memory (flash such as Nonvolatile memory (RAM) RAM).Internal memory is the example of computer-readable medium.

Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be by Any method or technique is realizing information Store.Information can be computer-readable instruction, data structure, The module of program or other data.The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic random access memory (DRAM), Other kinds of random access memory (RAM), read only memory (ROM), electrically erasable Read only memory (EEPROM), fast flash memory bank or the read-only storage of other memory techniques, read-only optical disc Device (CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic cassette tape, magnetic The storage of band magnetic rigid disk or other magnetic storage apparatus or any other non-transmission medium, can be used for storage can be with The information being accessed by a computing device.Define according to herein, computer-readable medium does not include non-temporary The data signal and carrier wave of computer readable media (transitory media), such as modulation.

As in description and claim some vocabulary used in censuring specific components.This area skill Art personnel are, it is to be appreciated that hardware manufacturer may call same component with different nouns.This explanation Book and claim not in the way of the difference of title is used as distinguishing component, but with component in function On difference be used as distinguish criterion.Such as " the bag in description in the whole text and claim mentioned in Containing " it is an open language, therefore should be construed to " include but be not limited to "." substantially " referring to receive Range of error in, those skilled in the art can solve the technical problem in the range of certain error, Basically reach the technique effect.Additionally, " coupling " word here is comprising any direct and indirectly electrical Coupling means.Therefore, if a first device is coupled to a second device described in text, described is represented One device can directly be electrically coupled to the second device, or by other devices or couple means indirectly It is electrically coupled to the second device.Description subsequent descriptions are to implement the better embodiment of the application, So the description is for the purpose of the rule for illustrating the application, to be not limited to the model of the application Enclose.The protection domain of the application ought be defined depending on the claims person of defining.

Also, it should be noted that term " including ", "comprising" or its any other variant be intended to it is non- Exclusiveness is included, so that not only will including those including the commodity or system of a series of key elements Element, but also including other key elements being not expressly set out, or also include for this commodity or be The intrinsic key element of system.In the absence of more restrictions, limited by sentence "including a ..." Key element, it is not excluded that also there is other identical element in the commodity or system including the key element.

Fig. 1 is a kind of system architecture figure for realizing load-balancing technique in prior art, as shown in figure 1, In load-balancing technique system, virtual server externally provides the outer net address of the Virtual Service of a front end (such as 220.67.8.10), used as the Operational Visit address of user equipment, user equipment is by the Operational Visit Address carries out Operational Visit；Virtual server internally provides the internal address of the Virtual Service of a rear end (such as 192.168.1.10) as back-end server (cloud main frame) service response address, cloud main frame lead to Crossing the service response address carries out the feedback of service processing result.

Based on the system architecture diagram shown in Fig. 1, Fig. 2 is that one kind realizes load-balancing technique in prior art Flow chart, as shown in Fig. 2 it is comprised the following steps that：

201：Operational Visit request message is sent to virtual server by user equipment.

Wherein, the source address of Operational Visit request message for user equipment outer net address (such as 10.87.7.45), destination address is the outer net of the Virtual Service that virtual server externally provides a front end Address (such as 220.67.8.10).

202：Virtual server receives the Operational Visit request message, by load-balancing algorithm, selects One cloud main frame carries out Business Processing, and carries out network address translation, i.e., internally provided with virtual server A rear end Virtual Service internal address (such as 192.168.1.10) replace Operational Visit request report The source address (such as 10.87.7.45) of text, with the internal address (such as 192.168.10.11) of selected cloud main frame The destination address (such as 220.67.8.10) of Operational Visit request message is replaced, by the business after address conversion Access request message is sent to selected cloud main frame.

203：The cloud host process Operational Visit request message, is disposed, and returns Operational Visit response Message.

Wherein, the source address of the Operational Visit response message is the internal address of the cloud main frame of processing business (such as 192.168.10.11), destination address is the virtual clothes of the rear end that virtual server is internally provided The internal address (such as 192.168.1.10) of business.

204：Operational Visit response message reaches virtual server, and virtual server carries out again the network address Conversion, i.e., externally provide the outer net address of Virtual Service of a front end (such as with virtual server 220.67.8.10 the source address of Operational Visit response message) is replaced, by the outer net address of user equipment (such as 10.87.7.45 the destination address of Operational Visit response message) is replaced, by the Operational Visit after address conversion Response message is sent to user equipment.

It follows that through VIRTUAL SERVER LOAD message in a balanced way, needing to use internal address in Intranet Transmission, cloud main frame perceives the presence less than front end user equipment；User equipment is also perceived less than rear end cloud master The presence of machine.Therefore, it is right to realize in the existing load-balancing technique based on (SuSE) Linux OS User's Transparent Proxy of cloud main frame.

The present invention needs to change prior art in order to realize the user's Transparent Proxy to cloud main frame Enter：

By deployment connection tracker (contrack modules) on each host of cloud main frame, to Jing VIRTUAL SERVER LOAD Operational Visit request message in a balanced way is crossed, virtual server is needed the source ground of message Location (address of i.e. real user equipment) is carried in Operational Visit request message, and upper cloud master is sent to Before machine, connection tracker needs for internal network source address in Operational Visit request message to be reduced to real user The address of equipment；If cloud main frame replys message with the address of real user equipment, due to real use The address of family equipment is not internal address, it is impossible to be routed to outer net through Intranet, therefore, when cloud main frame with (destination address in cloud host response message is true during the address reply message of real user equipment User equipment address), by connect tracker by cloud host response message destination address replace Transmit in Intranet for home address, then before user equipment is sent to, replaced again by virtual server It is changed to the address of real user equipment.

Therefore, technical scheme can meet virtual server foundation load function in a balanced way, together When can realize two-way Transparent Proxy again, cloud main frame can get the address of real user equipment.

Fig. 3 is a kind of system architecture figure for realizing load-balancing technique provided in an embodiment of the present invention, such as Fig. 3 Shown, in load-balancing technique system, virtual server (abbreviation LVS) externally provides a front end Virtual Service outer net address (such as 220.67.8.10) as user equipment Operational Visit address, use Family equipment carries out Operational Visit by the Operational Visit address；Internal one rear end of offer of virtual server Business of the internal address (such as 192.168.1.10) of Virtual Service as back-end server (cloud main frame) Response address.In the system architecture diagram of the embodiment of the present invention, the deployment in each host of cloud main frame connects Connect tracker (contrack modules, abbreviation CTK), it is upper be sent to cloud main frame before, connection tracker need Internal network source address in Operational Visit request message is reduced to into the address of real user equipment；As cloud master (destination address in cloud host response message is when machine replys message with the address of real user equipment The address of real user equipment), by connecting tracker by the destination address in cloud host response message Replace with home address to transmit in Intranet.

Based on the system architecture diagram shown in Fig. 3, Fig. 4 is a kind of network address translation of the embodiment of the present application The schematic flow sheet of method, methods described is performed positioned at virtual server side, as shown in figure 4, working as user Equipment to virtual server have sent service request message when, methods described includes：

401st, the service request message that virtual server receive user equipment sends.

Wherein, the outer net source address in service request message is the outer net address of user equipment, is real The address of user equipment, the IP address of user equipment as shown in Figure 3 is 10.87.7.45, service request Outer net destination address in message is the outer net of the Virtual Service that virtual server externally provides a front end Address (such as 220.67.8.10), as the Operational Visit address of user equipment.

402nd, the outer net source address in the service request message that user equipment sends is obtained, by the business Outer net source address and outer net destination address in request message is converted to internal network source address and Intranet destination Location.

Here source address is the outer net address of the user equipment, is the address of real user equipment, The IP address of user equipment as shown in Figure 3 is 10.87.7.45.

Wherein, internal network source address is the interior entoilage of the Virtual Service that virtual server internally provides a rear end Location (such as 192.168.1.10), as the service response address of back-end server (cloud main frame)；

Intranet destination address be the internal address of the cloud main frame for processing the service request message (such as 192.168.10.11)。

It should be noted that how the cloud main frame of the above-mentioned process service request message determines, it is By virtual server when service request message is received, using default load-balancing algorithm the industry is calculated The sequence number of the cloud main frame that business request message should be sent to.Here, load-balancing algorithm can adopt existing algorithm, For example：Round robin algorithm, random algorithm, based on the hash algorithm of address, Smallest connection algorithm, service Device pressure algorithm, weighting algorithm etc., the present invention does not do any restriction.

403rd, the outer net source address for obtaining and the first flag are carried into the service request after address conversion In message.

Wherein, first be designated be indicated for connect tracker receiving virtual server transmission industry During business request message, according to the first flag carried in service request message, the service request is obtained The outer net source address carried in message, the internal network source address in the service request message is replaced with Outer net source address.That is, connection tracker is in the service request report for receiving virtual server transmission Wen Shi, obtain service request message in carry real user equipment address, it is upper be sent to cloud main frame it Before, internal network source address in service request message is replaced with into the address of real user equipment.

Step 403 in a kind of optional embodiment, can be asked when implementing in the business Ask and add in message format the first extended field, using first extended field outer net source ground is carried Location and the first flag.

In a kind of optional embodiment, the addition second in the service request message format extends word Section and the 3rd extended field, carry the outer net source address, using described using second extended field 3rd extended field carries first flag；Or carry described the using second extended field One flag, using the 3rd extended field outer net source address is carried.

For example, when being communicated based on ICP/IP protocol, can make by oneself in the addition of TCP header Option regions The field of justice, using the TLV structures of standard：

TYPE(1Bytes)

Length(1Byte)

Value

Identify in the type field definition, Length field declaration length, the filling of Value fields is true to be used The address of family equipment.

404th, service request message is sent to into connection tracker.

Wherein, the service request message in step 404 is after address conversion, and in service request report Text carries the address (outer net source address) of real user equipment and the first flag.

It should be noted that in above-mentioned steps, the service request report that virtual server sends to user equipment Data in text do not make any changes.

Based on the system architecture diagram shown in Fig. 3, net is performed in virtual server side corresponding to shown in Fig. 4 Network address conversion method, Fig. 5 is that a kind of flow process of method for network address translation of the embodiment of the present application is illustrated Figure, methods described is located at connection tracker side and performs, as shown in figure 5, when connection tracker receives void When intending the service request message that server sends, methods described includes：

501st, connect tracker and receive the service request message that virtual server sends.

It should be noted that the service request message that virtual server sends is through embodiment illustrated in fig. 4 After carrying out address conversion, and address (the outer net source ground of real user equipment is carried in service request message Location) and the first flag service request message.

502nd, the service request report is obtained according to the first flag carried in the service request message The outer net source address carried in text.

Wherein, the outer net source address is the outer entoilage of the user equipment for sending the service request message The address (10.87.7.450 as shown in Figure 3) of location, i.e. real user equipment.

503rd, the outer net source address is replaced with to the internal network source address in the service request message, and The service request message is sent to into cloud main frame carries out Business Processing.

That is, the industry for receiving is replaced in the address of the real user equipment of connection tracker acquisition Internal network source address in business request message, and the service request message replaced after source address is sent to logical The selected cloud main frame of overload equalization algorithm carries out Business Processing.

That is, the source address being sent in the service request message of cloud main frame is real user equipment Address (10.87.7.450 as shown in Figure 3), destination address for cloud main frame internal address (such as 192.168.10.11)。

Based on the system architecture diagram shown in Fig. 3, Fig. 6 is a kind of network address translation of the embodiment of the present application The schematic flow sheet of method, methods described is located at connection tracker side and performs, as shown in fig. 6, when connection When tracker receives the service response message of cloud main frame transmission, methods described includes：

601st, connect tracker and receive the service response message that cloud main frame sends.

Wherein, the service response message carries out business for the cloud main frame according to the service request message The service response message sent after process, the destination address in the service response message is outer net destination Location, and (i.e. real user sets for the outer net address of user equipment that carries in the service request message Standby address, the IP address of user equipment as shown in Figure 3 is 10.87.7.45)；The service response Source address in message is the internal address (such as 192.168.10.11) of cloud main frame.

602nd, the outer net destination address in the service response message is replaced with into Intranet destination address.

Because the destination address in the service response message is the outer net address of user equipment, being can not be again Transmit in Intranet, therefore, connection tracker is needed the outer net destination in the service response message Location replaces with Intranet destination address, as shown in figure 3, by the user equipment in the service response message IP address replaces with internal address that virtual server internally provides Virtual Service (such as 10.87.7.45 192.168.1.10)。

603rd, the outer net destination address and the second flag are carried into the business after the address conversion In response message.

Object here address is the outer net address of user equipment.

In a kind of optional embodiment, the addition first in the service response message format extends word Section, using first extended field outer net destination address and the second flag are carried.

In a kind of optional embodiment, the addition second in the service response message format extends word Section and the 3rd extended field, carry the outer net destination address, using institute using second extended field State the 3rd extended field and carry second flag；Or carry described using second extended field Second flag, using the 3rd extended field outer net source address is carried.

TYPE(1Bytes)

Length(1Byte)

Value

Wherein, the second flag is used to indicate virtual server according to carrying in the service response message Second flag obtains the outer net destination address carried in the service response message and (obtains true The outer net address of user equipment).

604th, the service response message is sent to into virtual server.

Here the source address in service response message is (as shown in Figure 3 for the internal address of cloud main frame 192.168.10.11), destination address is (as shown in Figure 3 for the internal address of virtual server 192.168.1.10)。

It should be noted that in above-mentioned steps, connecting the service response message that tracker sends to cloud main frame In data do not make any changes.

Based on the system architecture diagram shown in Fig. 3, net is performed in connection tracker side corresponding to shown in Fig. 6 Network address conversion method, Fig. 7 is that a kind of flow process of method for network address translation of the embodiment of the present application is illustrated Figure, methods described is performed positioned at virtual server side, as shown in fig. 7, when virtual server receives company When connecing the service response message of tracker transmission, methods described includes：

701st, virtual server receives the service response message that the connection tracker sends.

The service response message is to connect the service request message that sends to cloud main frame of tracker according to Fig. 6 The address conversion method of illustrated embodiment processed after service response message；

Wherein, the outer net of the second flag and real user equipment is carried in service response message here Address.

702nd, the service response report is obtained according to the second flag carried in the service response message The outer net destination address carried in text.

Here the outer net destination address is (as shown in Figure 3 for the outer net address of real user equipment 10.87.7.45)。

703rd, the internal network source address in service response message is replaced with into outer net source address, Intranet destination Location replaces with outer net destination address.

Here internal network source address for cloud main frame internal network source address (such as 192.168.10.11), interior mesh Address for virtual server internal address (such as 192.168.1.10).

As shown in figure 3, virtual server by service response message before user equipment is sent to, need By the internal network source address (and the internal network source address of cloud main frame, such as 192.168.10.11) in service response message (i.e. virtual server externally provides the outer net address of network service, such as to replace with outer net source address 220.67.8.10), by Intranet destination address, (i.e. virtual server internally provides the interior entoilage of network service Location, such as 192.168.1.10) replace with outer net destination address (i.e. the outer net address of real user equipment, Such as 10.87.7.45).

704th, the service response message is sent to into the user equipment that the outer net destination address is pointed to.

Here service response message is message of the virtual server after address conversion.

Based on a kind of system architecture figure for realizing load-balancing technique that Fig. 3 is provided, below by concrete act Example method for network address translation illustratively described in the embodiment of the present invention.

User equipment sends Cip->The service request message of Vip；Wherein, Cip：Client IP, i.e. user The source IP address (such as 10.87.7.45) of equipment；Vip：Virtual IP, virtual server IP address is (such as 220.67.8.10)；

Virtual server (abbreviation LVS) carries out source address and destination address conversion, is converted to Lip->Rip；

Wherein, Lip：The IP address of internal network that Local IP, LVS are used, in Intranet transmitting message Address (such as 192.168.1.10)；

Rip：The IP address of internal network that RS IP, RS are used, for providing the address of the cloud main frame of back-end services (such as 192.168.10.11)；

Wherein, service request message carries the source address and the first flag of real user equipment；

When the service request message of the source address and the first flag that carry real user equipment reaches place After main frame (host of cloud main frame, abbreviation NC), by the Conntrack modules in host (also known as even Connect tracker) address conversion is carried out, be converted to Cip->Rip, is delivered to cloud main frame.

Network path	Source	Dest
			User equipment	Cip	Vip
LVS	Lip	Rip
			Conntrack	Cip	Rip

The service response message Rip- of cloud host response>Cip, through Conntrack modules, carries out first mesh Address conversion be Rip->Lip, through being routed back to LVS, is converted to Vip->Cip sends back to client End.

Network path	Source	Dest
			Cloud main frame	Rip	Cip
Conntrack	Rip	Lip
			LVS	Vip	Cip

Observe in the angle of cloud main frame, the cloud main frame externally serviced with Rip visitor directly with Cip as address Communication is set up between the end of family, two-way Transparent Proxy is realized.

Fig. 8 is a kind of structural representation of network address conversion device of the embodiment of the present invention, positioned at virtual Server side, includes as shown in Figure 8：

Acquisition module 81, for the outer net source address in the service request message for obtaining user equipment transmission, The outer net source address is the outer net address of the user equipment；

Modular converter 82, for the outer net source address in the service request message and outer net destination Location is converted to internal network source address and Intranet destination address, and the internal network source address is the virtual server Internal address, the destination address is the internal address of the cloud main frame for processing the service request message；

Package module 83, for the outer net source address and the first flag to be carried after address conversion Service request message in, and by the service request message by sending module 84 be sent to connection with Track device；So that carrying in the service request message that sent according to the virtual server of the connection tracker First flag, the outer net source address carried in the service request message is obtained, to institute State the internal network source address in service request message and replace with the outer net source address, and by the service request Message is sent to the cloud main frame and carries out Business Processing.

Wherein, the package module 82 specifically for：

The package module 83 is specifically additionally operable to：

Alternatively, described device also includes：

Receiver module 85, for receiving the service response message that the connection tracker sends, the industry Business response message is the industry that the cloud main frame carries out being sent after Business Processing according to the service request message Business response message；

The acquisition module 81, for being obtained according to the second flag carried in the service response message The outer net destination address carried in the service response message is taken, the outer net destination address is described The outer net address of user equipment, the service response message is sent to by the sending module described outer The user equipment that net destination address is pointed to.

Device described in the embodiment of the present invention can perform the network of virtual server side shown in Fig. 4 or Fig. 7 Address conversion method, realizes that principle and technique effect are repeated no more.

Fig. 9 is a kind of structural representation of network address conversion device of the embodiment of the present invention, positioned at connection Tracker side, includes as shown in Figure 9：

Receiver module 91, for receiving the service request carried out after address conversion of virtual server transmission Message, the service request message is sent to the service request report of the virtual server for user equipment Text；

Acquisition module 92, for obtaining institute according to the first flag carried in the service request message The outer net source address carried in service request message is stated, the outer net source address is the transmission service request The outer net address of the user equipment of message；

Replacement module 93, it is described outer for replacing with to the internal network source address in the service request message Net source address, and the service request message is sent to into cloud main frame by sending module 94 carries out business Process.

Alternatively, the receiver module 91, is additionally operable to receive the service response report that the cloud main frame sends Text, the service response message is carried out after Business Processing for the cloud main frame according to the service request message The service response message for sending, the destination address in the service response message is outer net destination address, and The outer net address of the user equipment to carry in the service request message；

The replacement module 93, is additionally operable to replace the outer net destination address in the service response message For Intranet destination address, the Intranet destination address is the internal address of the virtual server, will be described Outer net destination address and the second flag are carried in the service response message after the address conversion, and will The service response message is sent to virtual server so that the virtual server according to it is described connection with The second flag carried in the service response message that track device sends obtains what is carried in service response message The outer net destination address, by the service response message use that the outer net destination address is pointed to is sent to Family equipment.

Alternatively, the replacement module 93 specifically for：

Device described in the embodiment of the present invention can perform the network of connection tracker side shown in Fig. 5 or Fig. 6 Address conversion method, realizes that principle and technique effect are repeated no more.

Figure 10 is the structural representation of a kind of electronic equipment provided in an embodiment of the present invention, can perform figure The method for network address translation of virtual server side shown in 4 or Fig. 7, as shown in Figure 10, including process Device and memorizer；Wherein, the net for performing virtual server side shown in Fig. 4 or Fig. 7 is preserved in memorizer The instruction of network address conversion method, when processor calls the instruction in memorizer, can perform following step Suddenly：

The outer net source address in the service request message that user equipment sends is obtained, the outer net source address is The outer net address of the user equipment；

The outer net source address and the first flag are carried in the service request message after address conversion, And the service request message is sent to into connection tracker；So that the connection tracker is according to the industry First flag carried in business request message, what is carried in the acquisition service request message is described Outer net source address, to the internal network source address in the service request message outer net source address is replaced with, And the service request message is sent to into the cloud main frame carries out Business Processing.

Wherein, the outer net source address and the first flag are carried into the business after the address conversion please In seeking message, including：

Add the first extended field in the service request message format, using first extended field Carry the outer net source address and the first flag；Or

When processor calls the instruction in memorizer, following steps are can also carry out：：

The service response message that the connection tracker sends is received, the service response message is the cloud The service response message that main frame carries out being sent after Business Processing according to the service request message；

Figure 11 is the structural representation of a kind of electronic equipment provided in an embodiment of the present invention, can perform figure The method for network address translation of connection tracker side shown in 5 or Fig. 6, as shown in figure 11, including process Device and memorizer；Wherein, the net for performing connection tracker side shown in Fig. 5 or Fig. 6 is preserved in memorizer The instruction of network address conversion method, when processor calls the instruction in memorizer, can perform following step Suddenly：

Receive the service request message carried out after address conversion that virtual server sends, the service request Message is sent to the service request message of the virtual server for user equipment；

Alternatively, can also carry out：

The service response message that the cloud main frame sends is received, the service response message is the cloud main frame According to the service response message that the service request message carries out being sent after Business Processing, the service response Destination address in message be outer net destination address, and in the service request message carry user set Standby outer net address；

Outer net destination address in the service response message is replaced with into Intranet destination address, the Intranet Destination address is the internal address of the virtual server, by the outer net destination address and the second flag In carrying the service response message after the address conversion, and the service response message is sent to into void Intend server, so that the virtual server is according to the second flag carried in the service response message The outer net destination address carried in service response message is obtained, the service response message is sent to The user equipment that the outer net destination address is pointed to.

Wherein, the outer net destination address and the second flag are carried into the business after the address conversion In response message, including：

Figure 12 is a kind of structural representation of network address transfer system of the embodiment of the present invention, can hold Method for network address translation described in row Fig. 4-Fig. 7 any embodiments；Such as Figure 12, including：User sets Standby, virtual server, connection tracker and cloud main frame；

Wherein, user equipment, for sending service request message, the business to the virtual server Request message includes outer net source address and outer net destination address, and the outer net source address sets for the user Standby outer net address, the outer net destination address is the outer net address of the virtual server；

Virtual server, for the outer net source address in the service request message for obtaining user equipment transmission, The outer net source address is the outer net address of the user equipment；To the outer net in the service request message Source address and outer net destination address are converted to internal network source address and Intranet destination address, the internal network source address For the internal address of the virtual server, the destination address is the cloud for processing the service request message The internal address of main frame；The outer net source address and the first flag are carried into the business after address conversion In request message, and the service request message is sent to into connection tracker；

Connection tracker, for the institute of carrying in the service request message that sent according to the virtual server The first flag is stated, the outer net source address carried in the service request message is obtained, to the industry Internal network source address in business request message replaces with the outer net source address, and by the service request message Being sent to the cloud main frame carries out Business Processing；

Cloud main frame, the service request message for being sent according to the connection tracker carries out Business Processing Afterwards, the service response message for sending to the connection tracker, the service response message includes outer net Destination address and internal network source address, wherein, the outer net destination address is the outer entoilage of the user equipment Location, the internal network source address is the internal address of the cloud main frame.

The connection tracker, is additionally operable to receive the service response message that the cloud main frame sends, the industry Business response message in destination address be outer net destination address, and in the service request message carry The outer net address of user equipment；Outer net destination address in the service response message is replaced with into interior mesh Address, the Intranet destination address is the internal address of the virtual server, by the outer net purpose Address and the second flag are carried in the service response message after the address conversion, and by the business Response message is sent to virtual server；

The virtual server, is additionally operable to be taken in the service response message sent according to the connection tracker Second flag of band obtains the outer net destination address carried in service response message, by the business Response message is sent to the user equipment that the outer net destination address is pointed to.

The Organization Chart that Figure 13 is disposed for a kind of Conntrack module distributions formula of the embodiment of the present invention, such as schemes Shown in 13：

Conntrack modules are deployed on every host, and the flow of every cloud main frame on host is entered Row is processed.Conntrack modules are balanced with front end load independent, the complicated corresponding relation of Maintenance free, Only need to extract and record the true source address connected per bar, and the home address used in Intranet transmission .With simple light weight, it is easy to maintenance the characteristics of, and in failure or upgrade maintenance, no Can on other cloud main frames host produce impact.

Described above illustrates and describes some preferred embodiments of the present invention, but as it was previously stated, should manage The solution present invention is not limited to form disclosed herein, is not to be taken as the exclusion to other embodiment, And can be used for various other combinations, modification and environment, and can in invention contemplated scope described herein, It is modified by the technology or knowledge of above-mentioned teaching or association area.And those skilled in the art are carried out changes Dynamic and change, then all should be in the protection of claims of the present invention without departing from the spirit and scope of the present invention In the range of.

Claims

1. a kind of method for network address translation, it is characterised in that include：

2. method according to claim 1, it is characterised in that by the outer net source address and One flag is carried in the service request message after the address conversion, including：

3. method according to claim 1, it is characterised in that by the outer net source address and One flag is carried in the service request message after the address conversion, including：

4. the method according to any one of claim 1-3, it is characterised in that also include：

5. a kind of method for network address translation, it is characterised in that include：

6. method according to claim 5, it is characterised in that also include：

7. method according to claim 6, it is characterised in that by the outer net destination address and Second flag is carried in the service response message after the address conversion, including：

8. method according to claim 6, it is characterised in that by the outer net destination address and Second flag is carried in the service response message after the address conversion, including：

9. a kind of network address conversion device, positioned at virtual server side, it is characterised in that include：

10. device according to claim 9, it is characterised in that the package module specifically for：

11. devices according to claim 9, it is characterised in that the package module specifically for：

12. devices according to any one of claim 9-11, it is characterised in that also include：

13. a kind of network address conversion devices, positioned at connection tracker, it is characterised in that include：

14. devices according to claim 13, it is characterised in that also include：

15. devices according to claim 14, it is characterised in that the replacement module is specifically used In：

16. devices according to claim 14, it is characterised in that the replacement module is specifically used In：

17. a kind of network address transfer systems, it is characterised in that include：Virtual server and connection with Track device；

The virtual server includes the network address conversion device as described in any one of claim 9-12；

The connection tracker includes the network address translation dress as described in any one of claim 13-16 Put.

18. systems according to claim 17, it is characterised in that also include：User equipment and Cloud main frame；