CN106656615B - Message processing method and device based on TRACERT command - Google Patents
Message processing method and device based on TRACERT command Download PDFInfo
- Publication number
- CN106656615B CN106656615B CN201611247335.9A CN201611247335A CN106656615B CN 106656615 B CN106656615 B CN 106656615B CN 201611247335 A CN201611247335 A CN 201611247335A CN 106656615 B CN106656615 B CN 106656615B
- Authority
- CN
- China
- Prior art keywords
- message
- cpu
- request message
- request
- nat
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
Abstract
The application provides a message processing method and device based on a TRACERT command. In the application, when receiving a UDP request message based on a TRACERT command, the FPGA may send the received request message to the CPU according to a control table entry sent by the CPU in advance to the CPU, so that the CPU establishes a session table entry corresponding to quintuple information carried by the message locally and a corresponding relationship between the table entry and NAT information to be converted, so that when receiving an ICMP request timeout message corresponding to the request message, the CPU may return a correct request timeout message to the requesting device according to the locally established corresponding relationship, thereby ensuring that the network operation and maintenance based on the TRACERT command can implement reliable location and analysis of a fault in a test path thereof.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method and an apparatus for processing a packet based on a traurt command.
Background
Today, the rapid development of network communication technology, the operation and maintenance of the internet increasingly become an important component for ensuring reliable transmission of network information. The traurt command is one of the important commands for implementing network operation and maintenance. In practical applications, the requesting device may sequentially send a group of request messages to the destination device, where the group of request messages may be denoted as a request group, and the request messages have the same five-tuple information and the initial value of Time To Live (TTL) gradually increases from 1. When the request message in the request group passes through any intermediate device, the initial value is reduced by 1, when the intermediate device finds that the current value of the TTL of the received request message is 1, the request message is directly discarded, and a request overtime message is returned to the request device along the original path, so that the request device sends the request message with the initial value of the TTL increased by 1 to the target device again after receiving the overtime message; when the intermediate device receives a request message with the current value of TTL greater than 1, it directly sends the request message to the next-hop intermediate device, and certainly, the intermediate device still receives a request timeout message returned by the next-hop intermediate device, and returns the received request timeout message to the request device along the original path. According to the rule, if the request device can send the request message to the destination device, the path between the local device and the destination device is considered to be reachable, otherwise, the request device can perform fault location and analysis on the detection path between the local device and the destination device according to the received request timeout messages returned by the intermediate devices, thereby achieving the purpose of network operation and maintenance. However, when the testing path of the trap command includes an intermediate device having a NAT (Network Address Translation) function, and the intermediate device has a design architecture combining an FPGA (Field-Programmable Gate Array) and a CPU (Central Processing Unit), the reliable positioning and analysis of the fault in this path cannot be realized due to the message selective Processing mechanism of this intermediate device.
Because the request Message in the traurt command is generally a UDP (User Datagram Protocol) Message, and the request timeout Message is generally an ICMP (Internet Control Message Protocol) Message, according to the selective processing mechanism of such a device, the FPGA may first receive all messages entering the device, such as UDP and ICMP messages, and upload the received messages that are less in number and need to be assisted by the CPU or cannot be processed by local hardware, such as ICMP messages, to the CPU for processing. When the FPGA receives a request message that the TTL current value is 1, namely an ICMP request overtime message needs to be returned, the FPGA confirms that the message needs to be processed by CPU assistance, namely the ICMP request overtime message needs to be returned by the CPU assistance, and then the request message is directly sent to the CPU; when receiving a request message of which the TTL current value is greater than 1, that is, an ICMP request timeout message does not need to be returned by the device, but NAT conversion needs to be executed, NAT conversion is directly performed on the message according to a local session corresponding to the message and NAT information matched with the session, and the converted request message is sent to a next-hop intermediate device, under the condition, when receiving the ICMP request timeout message returned by the next-hop intermediate device, the FPGA confirms that local hardware cannot process the ICMP message and sends the message to a CPU, and at the moment, the CPU cannot execute correct NAT reduction operation on the ICMP message according to the NAT information matched with the session because the session corresponding to the message is not established locally or the corresponding session is not accessed for a long time and cannot forward the ICMP request message returned by the next-hop intermediate device to the request device, and results in the requesting device's mislocation of the point of failure in the test path.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for processing a message based on a TRACERT command, so as to ensure that reliable positioning and analysis of a fault in a testing path of the TRACERT command can be achieved when the testing path of the TRACERT command includes an intermediate device with an NAT function and the intermediate device has a design architecture combining an FPGA and a CPU.
According to a first aspect of an embodiment of the present application, a method for processing a packet based on a traurt command is provided, where the method is applied to a network system that accepts a traurt command for operation and maintenance, and the network system includes: the method comprises the following steps that a request device, an intermediate device and a target device are used, the intermediate device comprises a Network Address Translation (NAT) device which adopts a design framework combining a Field Programmable Gate Array (FPGA) and a Central Processing Unit (CPU), and the method comprises the following steps:
aiming at User Datagram Protocol (UDP) request messages with the survival time TTL values gradually increased from 2, which are received in sequence, the FPGA forwards each message to a CPU (central processing unit) according to control items, and the control items are sent to the local by the CPU in advance;
the CPU creates a session table item corresponding to the quintuple information and a corresponding relation between the table item and the NAT information according to the quintuple information and the NAT information carried by the received request message with the TTL value of 2; performing NAT (network Address translation) conversion on each received request message with TTL (transistor-transistor logic) value larger than 1 according to the corresponding relation, and forwarding the converted request message to next-hop intermediate equipment;
and after receiving the ICMP request overtime message forwarded to the local control message protocol by the FPGA, the CPU performs NAT reduction on the received ICMP request overtime message according to the corresponding relation and returns the reduced request overtime message to the request equipment.
According to a second aspect of the embodiments of the present application, there is provided a message processing apparatus based on a traurt command, where the apparatus is applied to an NAT device in a network system, and the network system receives a traurt command for operation and maintenance, and includes: the NAT equipment is contained in the intermediate equipment and adopts a design framework combining a Field Programmable Gate Array (FPGA) and a Central Processing Unit (CPU), and the device comprises:
the FPGA is used for forwarding each message to the CPU according to a control table item aiming at User Datagram Protocol (UDP) request messages with the survival time TTL values sequentially received and gradually increased from 2, and the control table item is sent to the local by the CPU in advance;
the CPU is used for creating a session table item corresponding to the quintuple information and a corresponding relation between the table item and the NAT information according to the quintuple information and the NAT information carried by the received request message with the TTL value of 2; performing NAT (network Address translation) conversion on each received request message with TTL (transistor-transistor logic) value larger than 1 according to the corresponding relation, and forwarding the converted request message to next-hop intermediate equipment;
and the CPU is also used for carrying out NAT reduction on the received ICMP request overtime message according to the corresponding relation after receiving the ICMP request overtime message forwarded to a local control message protocol by the FPGA, and returning the reduced request overtime message to the request equipment.
In the application, when receiving a UDP request message based on a TRACERT command, the FPGA may send the received request message to the CPU according to a control table entry sent by the CPU in advance to the CPU, so that the CPU establishes a session table entry corresponding to quintuple information carried by the message locally and a corresponding relationship between the table entry and NAT information to be converted, so that when receiving an ICMP request timeout message corresponding to the request message, the CPU may return a correct request timeout message to the requesting device according to the locally established corresponding relationship, thereby ensuring that the network operation and maintenance based on the TRACERT command can implement reliable location and analysis of a fault in a test path thereof.
Drawings
Fig. 1 is a schematic view of a scenario of a message processing method based on a traurt command according to the present application;
fig. 2 is a flowchart of a message processing method based on a traurt command according to the present application;
fig. 3 is a flowchart of an embodiment of a message processing method based on a traurt command according to the present application;
fig. 4 is a structural diagram of a message processing apparatus based on a traurt command according to the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, fig. 1 is a scene schematic diagram of a message processing method based on a traurt command according to the present application. The schematic diagram depicts a network system for operation and maintenance under the TRACERT command, which comprises: the device comprises a request device, an intermediate device and a destination device, wherein the intermediate device can be a three-layer device with a routing function or a firewall device, the request device, the intermediate devices and the destination device form a TRACERT command operation and maintenance test path together, and the intermediate device in the application needs to comprise an NAT device adopting a design framework combining an FPGA and a CPU. However, when the test path of the TRACERT command includes such NAT devices, the message selective processing mechanism of such devices may cause that the network operation and maintenance based on the TRACERT command cannot reliably locate and analyze the fault in this path.
Aiming at the problem, the application provides a message processing method based on the TRACERT command, so that when a test path of the TRACERT command comprises an intermediate device with an NAT function and the intermediate device has a design framework combining an FPGA (field programmable gate array) and a CPU (central processing unit), reliable positioning and analysis of faults in the test path can be realized by network operation and maintenance based on the TRACERT command.
In order to make the technical solutions in the embodiments of the present application better understood and make the above objects, features and advantages of the embodiments of the present application more comprehensible, the technical solutions in the embodiments of the present application are described in further detail below with reference to the accompanying drawings.
Referring to fig. 2, fig. 2 is a flowchart of a message processing method based on a traurt command according to the present application, where the flowchart may include the following steps:
step 201: and the FPGA forwards each message to the CPU according to a control table entry aiming at the user datagram protocol UDP request messages of which the survival time TTL values are sequentially received and are gradually increased from 2, wherein the control table entry is sent to the local by the CPU in advance.
The present embodiment is applied to a network system that accepts a traurt command for operation and maintenance, and the network system includes: the system comprises a request device, an intermediate device and a destination device, wherein the intermediate device comprises an NAT device adopting a design framework combining an FPGA and a CPU.
The implementation principle of the TRACERT command is explained in detail in the background art, and is not described herein again, it can be known from the implementation principle of the TRACERT command that the execution subject NAT device in this embodiment sequentially receives UDP request messages whose TTL values are gradually increased from 1, and according to the selective processing mechanism of such NAT device, the FPGA first receives all messages entering the device and sends the messages that are received in a small number and need to be assisted by the CPU or cannot be processed by the local hardware to the CPU for processing.
When the FPGA receives a request message with the TTL value of 1, namely the request message is found to be overtime and an ICMP request message needs to be locally returned, the FPGA confirms that the request message needs to be processed by the CPU in an auxiliary mode and forwards the message to the CPU, so that the CPU returns the ICMP request overtime message corresponding to the request message to a request device. Meanwhile, the CPU receiving the message also sends a control table entry to the FPGA, wherein the table entry comprises control information and quintuple information carried by the message, and the FPGA is used for forwarding each request message with the quintuple information and the TTL value of more than 1 to the local according to the control information.
When receiving a request message with a TTL value larger than 1, the FPGA firstly confirms that the received request message is a forwarding message, judges whether a control table item matched with the message exists locally on the basis, and directly sends the message to next-hop intermediate equipment after executing required processing on the message if the control table item does not exist; if yes, forwarding the received request message to the CPU according to the matched control table item. Wherein, the forwarding message means: the matching refers to: the quintuple information recorded in the control table entry is consistent with the quintuple information carried by the message.
On one hand, the request message of the target equipment, namely the equipment, and the request message of which the TTL value is greater than 1 but does not belong to the TRACERT command are respectively screened out through the links of confirmation and judgment; on the other hand, when a control table entry matching the message exists, the message can be forwarded to the CPU, so that the CPU can locally establish a corresponding session table entry, or update the aging duration of the table entry in time according to a subsequently received request message matching the table entry when the session table entry is already established, so as to ensure that the received request timeout message cannot be returned to the requesting device because the session table entry is already aged when the ICMP request timeout message returned by the next-hop intermediate device is received, thereby preventing the requesting device executing the traurt command from erroneously locating the fault point in the test path.
Step 202: the CPU creates a session table item corresponding to the quintuple information and a corresponding relation between the table item and the NAT information according to the quintuple information and the NAT information carried by the received request message with the TTL value of 2; and performing NAT (network Address translation) conversion on each received request message with the TTL value larger than 1 according to the corresponding relation, and forwarding the converted request message to the next-hop intermediate device.
As can be understood by those skilled in the art, when receiving a request packet with a TTL value of 2, the FPGA will first confirm that a session entry already exists locally, so that the quintuple information recorded in the entry is consistent with the quintuple information carried in the packet, and the entry already matches with the corresponding NAT information. On this basis, when the FPGA forwards the request message carrying the quintuple information to the CPU, the matched corresponding NAT information can be carried at the tail of the message as backup information for establishing or maintaining the local session table entry of the CPU and the corresponding relationship between the table entry and the NAT information, thereby further ensuring that NAT conversion of the request message by the CPU and NAT information used for NAT restoration of the request timeout message are consistent.
It should be noted that, because the aging duration of the session table entry cannot be set to be long due to UDP attack prevention and the like, and the number of messages to be processed by the CPU is relatively small in a normal case, in this embodiment, the CPU determines, for each received request message whose TTL value is greater than 1, whether the session table entry corresponding to the quintuple information and the NAT information carried by the message and the correspondence between the table entry and the NAT information have been created locally; if the TTL value is established, NAT conversion is carried out on each received request message with the TTL value being more than 1 according to the established corresponding relation; otherwise, creating the session table entry and the corresponding relation between the table entry and the NAT information again, and performing NAT conversion on each received request message with the TTL value being greater than 1 according to the created corresponding relation, thereby ensuring that the aging duration of the session table entry can be updated timely to the maximum extent.
In this embodiment, the correspondence includes two objects and a relationship between the two objects, where the two objects respectively refer to: session table entries and NAT information; association refers to the mapping relationship between the session table entry and the NAT information.
Step 203: after receiving the ICMP request overtime message forwarded by the FPGA to a local control message protocol, the CPU performs NAT reduction on the received ICMP request overtime message according to the corresponding relation and returns the reduced request overtime message to the request equipment.
Those skilled in the art can understand that the ICMP request timeout message encapsulates the ICMP header field only on the basis of the corresponding request message, and does not change the five-tuple information carried by the request message.
According to the method, when receiving a UDP request message based on a TRACERT command, the FPGA can transmit the received request message to the CPU according to a control table item which is sent to the local by the CPU in advance, so that the CPU establishes a session table item corresponding to quintuple information carried by the message and a corresponding relation between the table item and NAT information to be converted locally, and the CPU can return a correct request overtime message to a request device according to the locally established corresponding relation when receiving an ICMP request overtime message corresponding to the request message, thereby ensuring that the network operation and maintenance based on the TRACERT command can realize reliable positioning and analysis of faults in a test path.
Referring to fig. 3, fig. 3 is a flowchart of an embodiment of a method for processing a message based on a traurt command according to the present application, where the flowchart may include the following steps:
step 301: and the FPGA receives a request message with the TTL value of 1 sent by the request equipment and forwards the message to the CPU.
In this embodiment, the request message may be a UDP message.
Step 302: and the CPU returns an ICMP request overtime message corresponding to the message to the request equipment according to the received request message.
In this embodiment, when the CPU determines that the TTL value of the received request packet is 1, the CPU searches a corresponding routing table entry locally according to the source IP address in the packet, and returns an ICMP request timeout packet corresponding to the packet to the requesting device according to the egress interface information recorded in the routing table entry.
Step 303: and the CPU generates a control table item according to the quintuple information carried by the received request message and sends the generated control table item to the FPGA.
In this embodiment, the content and the function of the control entry have been described in detail in step 201, and are not described herein again.
Step 304: the FPGA receives a request message with TTL value larger than 1 sent by a request device, judges whether a control table item matched with the message exists locally or not when the message is determined to be a forwarding message, and executes step 305 if the control table item exists; and if not, sending the message to the next-hop intermediate equipment.
In this embodiment, the functions of forwarding the message, confirming the message as the forwarded message, and determining whether there is a control entry matching the received message are described in detail in step 201, and are not described herein again.
Step 305: and the FPGA forwards each received request message with the TTL value larger than 1 to the CPU according to the control table item.
In this embodiment, the effect of configuring the control table entry has already been described in detail in step 201, and is not described herein again.
As a preferred embodiment, the FPGA may also set a flag bit for the session table entry locally recorded with the same quintuple information as the control table entry according to the control table entry, so that when receiving the request packet matching the session table entry, the FPGA directly forwards the packet to the CPU for processing according to the session table entry without further querying the control table entry matching the packet.
Step 306: the CPU judges whether the session table entry corresponding to the quintuple information and the NAT information carried in the received packet and the correspondence between the table entry and the NAT information have been created locally, if so, step 308 is executed, otherwise, step 307 is executed.
In this embodiment, the reason why the CPU determines whether the session table entry and the corresponding relationship between the session table entry and the NAT information already exist locally for each received message is described in detail in step 202, and is not described herein again.
Step 307: the CPU creates a session table entry corresponding to the quintuple information and a corresponding relationship between the table entry and the NAT information according to the quintuple information and the NAT information carried in the received message, and performs step 308.
In this embodiment, the meaning of the corresponding relationship has been described in detail in step 202, and is not described herein again, it is assumed that, in the five-tuple information carried in the packet received by the CPU, the source IP is 192.168.0.5, the destination IP is 220.181.28.42, the source port is 5000, the destination port is 6000, and the protocol is UDP, in the NAT information to be converted carried at the tail of the packet, the public network IP corresponding to the source IP is 218.22.192.21, and the public network port corresponding to the source port is 4000, and the session table entry locally created by the CPU and the corresponding relationship between the table entry and the NAT information may be represented in the form of table 1 below:
TABLE 1
Step 308: and the CPU performs NAT conversion on each received request message with the TTL value larger than 1 according to the established corresponding relation.
Step 309: and the CPU forwards the converted request message to the next hop intermediate device.
Step 310: and after receiving the ICMP request overtime message forwarded to the local by the FPGA, the CPU performs NAT reduction on the received ICMP request overtime message according to the established corresponding relation.
In this embodiment, the CPU locally receives ICMP request timeout messages returned from the next-hop intermediate device by all the intermediate devices, and returns the messages to the requesting device in sequence.
Step 311: and the CPU returns the restored request overtime message to the request equipment.
It can be seen from the above embodiments that, when receiving a UDP request packet based on a traurt command, the FPGA may send the received request packet to the CPU according to a control table entry sent by the CPU to the local in advance, so that the CPU establishes a session table entry corresponding to quintuple information carried in the packet and a corresponding relationship between the table entry and NAT information to be converted locally, so that when receiving an ICMP request timeout packet corresponding to the request packet, the CPU may return a correct request timeout packet to the requesting device according to the locally established corresponding relationship, thereby ensuring that the network operation and maintenance based on the traurt command can implement reliable location and analysis of a fault in a test path thereof.
Referring to fig. 4, fig. 4 is a structural diagram of a message processing apparatus based on a traurt command according to the present application, where the apparatus is applied to an NAT device in a network system, and the network system receives a traurt command for operation and maintenance, and includes: the NAT device is included in the intermediate device and adopts a design framework combining a Field Programmable Gate Array (FPGA) and a Central Processing Unit (CPU), and the apparatus may include: FPGA410 and CPU 420.
The FPGA410 is used for forwarding each message to the FPGA420 according to a control table entry aiming at user datagram protocol UDP request messages with the survival time TTL values sequentially received and gradually increased from 2, wherein the control table entry is sent to the local by the FPGA420 in advance;
the FPGA420 is configured to create a session table entry corresponding to the quintuple information and a corresponding relationship between the table entry and the NAT information according to the quintuple information and the NAT information carried in the received request message with the TTL value of 2; performing NAT conversion on each received request message with TTL value larger than 1 according to the corresponding relation, and forwarding the converted request message to next hop intermediate equipment;
the FPGA420 is further configured to, after receiving the ICMP request timeout message forwarded by the FPGA410 to the local control message protocol ICMP, perform NAT restoration on the received ICMP request timeout message according to the correspondence, and return the restored request timeout message to the requesting device.
In a first implementation manner of this embodiment, the FPGA420 is further configured to:
generating a control table item according to a local request message with the TTL value of 1 forwarded by the FPGA410, wherein the control table item comprises control information and quintuple information carried by the message, so that the FPGA410 forwards each request message with the TTL value of more than 1, which carries the quintuple information, to the local according to the control information; and for sending the generated control table entry to FPGA 410.
In a second implementation manner of this embodiment, the FPGA410 is further configured to:
directly forwarding the request message to the FPGA420 aiming at the received UDP request message with TTL value of 1;
the FPGA420 is further configured to: and returning an ICMP request overtime message corresponding to the request message to the request equipment.
In a third implementation manner of this embodiment, the FPGA420 is further configured to:
aiming at each received request message with TTL value larger than 1, judging whether a session table item corresponding to quintuple information and NAT information carried by the message and a corresponding relation between the table item and the NAT information are established locally or not;
if the request message is created, performing NAT (network Address translation) conversion on each received request message with TTL (transistor-transistor logic) value larger than 1 according to the corresponding relation; otherwise, creating the corresponding relation and carrying out NAT conversion on each received request message with TTL value larger than 1 according to the created corresponding relation.
In a fourth implementation manner of this embodiment, the FPGA410 is specifically configured to:
when the received UDP request message is determined to be a message to be forwarded to the next hop equipment, judging whether a control table item matched with the message exists locally;
if yes, forwarding the received UDP request message to the FPGA 420; and if not, sending to the next-hop intermediate device.
It can be seen from the above embodiments that, when receiving a UDP request packet based on a traurt command, the FPGA may send the received request packet to the CPU according to a control table entry sent by the CPU to the local in advance, so that the CPU establishes a session table entry corresponding to quintuple information carried in the packet and a corresponding relationship between the table entry and NAT information to be converted locally, so that when receiving an ICMP request timeout packet corresponding to the request packet, the CPU may return a correct request timeout packet to the requesting device according to the locally established corresponding relationship, thereby ensuring that the network operation and maintenance based on the traurt command can implement reliable location and analysis of a fault in a test path thereof.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A message processing method based on TRACERT command is applied to a network system which accepts TRACERT command operation maintenance, and the network system comprises: the method comprises the following steps that a request device, an intermediate device and a target device are used, wherein the intermediate device comprises a Network Address Translation (NAT) device which adopts a design framework combining a Field Programmable Gate Array (FPGA) and a Central Processing Unit (CPU), and is characterized in that the method comprises the following steps:
aiming at User Datagram Protocol (UDP) request messages with the survival time TTL values gradually increased from 2, which are received in sequence, the FPGA forwards each message to a CPU according to a control table item so that the CPU establishes a session table item corresponding to the request message or updates the aging duration of the session table item in time according to a subsequently received request message matched with the control table item when the session table item is established, and the control table item is sent to the FPGA by the CPU in advance;
the CPU creates a session table item corresponding to the quintuple information and a corresponding relation between the table item and the NAT information according to the quintuple information and the NAT information carried by the received request message with the TTL value of 2; performing NAT (network Address translation) conversion on each received request message with TTL (transistor-transistor logic) value larger than 1 according to the corresponding relation, and forwarding the converted request message to next-hop intermediate equipment;
and after receiving the ICMP request overtime message of the control message protocol forwarded by the FPGA, the CPU performs NAT reduction on the received ICMP request overtime message according to the corresponding relation and returns the reduced request overtime message to the request equipment.
2. The method of claim 1, wherein the CPU sends a control table entry to the FPGA, comprising:
the CPU generates a control table item according to a request message forwarded by the FPGA, wherein the TTL value of the request message is 1, and the control table item comprises control information and quintuple information carried by the message, so that the FPGA forwards each request message, which carries the quintuple information and has a TTL value of more than 1, to the CPU according to the control information;
and the CPU sends the generated control table entry to the FPGA.
3. The method of claim 1, further comprising, prior to the method:
aiming at a received UDP request message with TTL value of 1, the FPGA directly forwards the request message to a CPU;
and the CPU returns an ICMP request overtime message corresponding to the request message to the request equipment.
4. The method of claim 1, wherein performing NAT translation on each received request packet with a TTL value greater than 1 according to the correspondence relationship comprises:
aiming at each received request message with TTL value larger than 1, the CPU judges whether a session table item corresponding to quintuple information and NAT information carried by the message and a corresponding relation between the table item and the NAT information are established locally;
if the request message is created, NAT conversion is carried out on each received request message with TTL value larger than 1 according to the corresponding relation; otherwise, creating a conversation table item and the corresponding relation between the table item and the NAT information, and carrying out NAT conversion on each received request message with the TTL value being more than 1 according to the created corresponding relation.
5. The method of claim 1, wherein before forwarding each packet to the CPU according to the control table entry, the FPGA further comprises:
when the received UDP request message is determined to be a message to be forwarded to the next hop equipment, judging whether a control table item matched with the message exists locally;
if yes, forwarding the received UDP request message to a CPU; and if not, sending to the next-hop intermediate device.
6. A message processing device based on TRACERT command is applied to NAT equipment in a network system, the network system accepts TRACERT command operation maintenance, including: the NAT equipment is contained in the intermediate equipment and adopts a design framework combining a Field Programmable Gate Array (FPGA) and a Central Processing Unit (CPU), and the NAT equipment is characterized by comprising:
the FPGA is used for forwarding each message to the CPU according to a control table entry aiming at user datagram protocol UDP request messages with the survival time TTL values gradually increased from 2, so that the CPU establishes a session table entry corresponding to the request message or updates the aging duration of the session table entry in time according to the subsequently received request message matched with the control table entry when the session table entry is established, and the control table entry is sent to the FPGA by the CPU in advance;
the CPU is used for creating a session table item corresponding to the quintuple information and a corresponding relation between the table item and the NAT information according to the quintuple information and the NAT information carried by the received request message with the TTL value of 2; performing NAT (network Address translation) conversion on each received request message with TTL (transistor-transistor logic) value larger than 1 according to the corresponding relation, and forwarding the converted request message to next-hop intermediate equipment;
and the CPU is also used for carrying out NAT reduction on the received ICMP request overtime message according to the corresponding relation after receiving the ICMP request overtime message of the control message protocol forwarded by the FPGA, and returning the reduced request overtime message to the request equipment.
7. The apparatus of claim 6, wherein the CPU is further configured to:
generating a control table item according to a request message forwarded by the FPGA, wherein the request message has a TTL value of 1, and the control table item comprises control information and quintuple information carried by the message, so that the FPGA forwards each request message, which carries the quintuple information and has a TTL value of more than 1, to the CPU according to the control information; and the FPGA is used for sending the generated control table entry to the FPGA.
8. The apparatus of claim 6, wherein the FPGA is further configured to:
directly forwarding a received UDP request message with TTL value of 1 to a CPU;
the CPU is further configured to: and returning an ICMP request overtime message corresponding to the request message to the request equipment.
9. The apparatus of claim 6, wherein the CPU is specifically configured to:
aiming at each received request message with TTL value larger than 1, judging whether a session table item corresponding to quintuple information and NAT information carried by the message and a corresponding relation between the table item and the NAT information are established locally or not;
if the request message is created, NAT conversion is carried out on each received request message with TTL value larger than 1 according to the corresponding relation; otherwise, creating a conversation table item and the corresponding relation between the table item and the NAT information, and carrying out NAT conversion on each received request message with the TTL value being more than 1 according to the created corresponding relation.
10. The apparatus of claim 6, wherein the FPGA is specifically configured to:
when the received UDP request message is determined to be a message to be forwarded to the next hop equipment, judging whether a control table item matched with the message exists locally;
if yes, forwarding the received UDP request message to a CPU; and if not, sending to the next-hop intermediate device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611247335.9A CN106656615B (en) | 2016-12-29 | 2016-12-29 | Message processing method and device based on TRACERT command |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611247335.9A CN106656615B (en) | 2016-12-29 | 2016-12-29 | Message processing method and device based on TRACERT command |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106656615A CN106656615A (en) | 2017-05-10 |
| CN106656615B true CN106656615B (en) | 2020-03-06 |
Family
ID=58835888
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611247335.9A Active CN106656615B (en) | 2016-12-29 | 2016-12-29 | Message processing method and device based on TRACERT command |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106656615B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107948104A (en) * | 2017-12-25 | 2018-04-20 | 北京东土科技股份有限公司 | The method and switching equipment that message forwards in a kind of network address translation environment |
| CN108200221B (en) * | 2017-12-25 | 2021-07-30 | 北京东土科技股份有限公司 | Method and device for synchronizing conversion rules in network address conversion environment |
| JP2021022778A (en) * | 2019-07-25 | 2021-02-18 | 富士通株式会社 | Verification program, verification method, and verification device |
| CN113132504A (en) * | 2019-12-31 | 2021-07-16 | 奇安信科技集团股份有限公司 | Identification method and device of network address translation equipment and computer equipment |
| CN111245866B (en) * | 2020-03-04 | 2021-09-14 | 深圳市龙信信息技术有限公司 | Ethernet application layer protocol control system and method based on hardware acceleration |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050046632A (en) * | 2003-11-14 | 2005-05-18 | 소니 가부시끼 가이샤 | Information communication system and method, information processing apparatus and method, program, and recording medium containing the program therein |
| CN1741480A (en) * | 2004-08-29 | 2006-03-01 | 华为技术有限公司 | Method and equipment for detecting signalling or media path fault in next generation method |
| CN1815970A (en) * | 2005-02-01 | 2006-08-09 | 华为技术有限公司 | Method for detecting network chain fault and positioning said fault |
| CN101026567A (en) * | 2007-01-29 | 2007-08-29 | 华为技术有限公司 | Address repeat listing keeping-alive method and system |
| CN101068212A (en) * | 2007-06-11 | 2007-11-07 | 中兴通讯股份有限公司 | Network address switching retransmitting device and method |
| CN101119324A (en) * | 2007-09-21 | 2008-02-06 | 杭州华三通信技术有限公司 | Network address converting attribute self-adaptive method and apparatus |
| CN104135548A (en) * | 2014-08-12 | 2014-11-05 | 深圳市邦彦信息技术有限公司 | Static NAT realization method and device based on FPGA |
-
2016
- 2016-12-29 CN CN201611247335.9A patent/CN106656615B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050046632A (en) * | 2003-11-14 | 2005-05-18 | 소니 가부시끼 가이샤 | Information communication system and method, information processing apparatus and method, program, and recording medium containing the program therein |
| CN1741480A (en) * | 2004-08-29 | 2006-03-01 | 华为技术有限公司 | Method and equipment for detecting signalling or media path fault in next generation method |
| CN1815970A (en) * | 2005-02-01 | 2006-08-09 | 华为技术有限公司 | Method for detecting network chain fault and positioning said fault |
| CN101026567A (en) * | 2007-01-29 | 2007-08-29 | 华为技术有限公司 | Address repeat listing keeping-alive method and system |
| CN101068212A (en) * | 2007-06-11 | 2007-11-07 | 中兴通讯股份有限公司 | Network address switching retransmitting device and method |
| CN101119324A (en) * | 2007-09-21 | 2008-02-06 | 杭州华三通信技术有限公司 | Network address converting attribute self-adaptive method and apparatus |
| CN104135548A (en) * | 2014-08-12 | 2014-11-05 | 深圳市邦彦信息技术有限公司 | Static NAT realization method and device based on FPGA |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106656615A (en) | 2017-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106656615B (en) | Message processing method and device based on TRACERT command | |
| EP3424183B1 (en) | System and method for dataplane-signaled packet capture in ipv6 environment | |
| US10742488B2 (en) | Detecting link faults in network paths that include link aggregation groups (LAGs) | |
| EP3125476B1 (en) | Service function chaining processing method and device | |
| US20210036953A1 (en) | Flow modification including shared context | |
| EP3151464A1 (en) | Fault detection method and apparatus for service chain | |
| US9350630B2 (en) | Dynamic remote packet capture | |
| WO2016058245A1 (en) | Processing method and apparatus for operation, administration and maintenance (oam) message | |
| US10785137B2 (en) | Dataplane-based seamless bidirectional forwarding detection monitoring for network entities | |
| US10116546B2 (en) | OAM packet processing method, network device, and network system | |
| US20160119367A1 (en) | Method, apparatus, and system for cooperative defense on network | |
| EP3646533B1 (en) | Inline stateful monitoring request generation for sdn | |
| CN108259261B (en) | Path detection method and device | |
| US20190296988A1 (en) | Reactive mechanism for in-situ operation, administration, and maintenance traffic | |
| CN102739462B (en) | Test message sending method and device | |
| CN107659436B (en) | Method and device for preventing service interruption | |
| CN108259294B (en) | Message processing method and device | |
| CN110351159B (en) | Cross-intranet network performance testing method and device | |
| US20170070473A1 (en) | A switching fabric including a virtual switch | |
| US9455911B1 (en) | In-band centralized control with connection-oriented control protocols | |
| CN103688508B (en) | Packet identification method and preventer | |
| EP2819365A1 (en) | Network traffic inspection | |
| CN112995025B (en) | Path tracking method, device, equipment and computer readable storage medium | |
| CN110784535B (en) | Message forwarding method, device and network equipment | |
| KR101896551B1 (en) | Separated network bridge system and control method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |