CN106992963A - A kind of information processing method and gateway - Google Patents

A kind of information processing method and gateway Download PDF

Info

Publication number
CN106992963A
CN106992963A CN201710090007.0A CN201710090007A CN106992963A CN 106992963 A CN106992963 A CN 106992963A CN 201710090007 A CN201710090007 A CN 201710090007A CN 106992963 A CN106992963 A CN 106992963A
Authority
CN
China
Prior art keywords
gateway
network address
electronic equipment
packet
public network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710090007.0A
Other languages
Chinese (zh)
Other versions
CN106992963B (en
Inventor
李彦君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201710090007.0A priority Critical patent/CN106992963B/en
Publication of CN106992963A publication Critical patent/CN106992963A/en
Application granted granted Critical
Publication of CN106992963B publication Critical patent/CN106992963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of information processing method and gateway, method includes:First gateway connects multiple electronic equipments, and the first gateway receives the packet that any electronic equipment is sent in multiple electronic equipments, and the packet includes the first public network address and first end slogan;Wherein, the first public network address is one at least one public network address that the first gateway is distributed;Packet and network address information are sent to the second gateway so that the second gateway sends packet according to first public network address and first end slogan;And the corresponding backhaul data bag of packet is forwarded according to network address information;Wherein, network address information includes the private address of any electronic equipment, the first public network address and first end slogan corresponding relation.Method disclosed by the invention, which solves network address translation in existing cloud platform technology, causes the problem of cloud platform has various potential safety hazards.

Description

A kind of information processing method and gateway
Technical field
The present invention relates to electronic communication field, more particularly to a kind of information processing method and gateway.
Background technology
The problem of in order to solve IPv4 address exhaustions, existing cloud platform can typically use substantial amounts of network address translation (Network Address Translation, NAT) technology, and source address conversion (Source Network Address Translation, SNAT) it is the important step that flow goes out net, it is to turn the private IP address inside cloud platform that it, which is acted on, The address of public network can be accessed by changing into.The function is generally by the server node or virtual machine node in cloud platform are Lai complete Into, it is so, whole to go out net flow and have to pass through the node to be handled, form the "bottleneck" and flow congestion of system.
The scheme solved the above problems in the prior art is double-deck NAT, double-deck NAT thoughts be by shared public network IP be put into At mouth hardware physical gateway, and after gateway carries out NAT conversions, then second of NAT conversion of progress at each calculate node. Realize that flow distribution formula goes out net and there is problems with using traditional NAT technologies:
Reached by cloud platform after gateway, flow needs to carry out a NAT conversion, and NAT conversions can not be by cloud platform Control, NAT conversions can be changed to the IP heads of flow, and the replacing can cause packet content to change, so as to can bring Certain potential safety hazard.
The content of the invention
The present invention provides a kind of information processing method and gateway, to solve network address translation in existing cloud platform technology Cause the problem of cloud platform has various potential safety hazards.
The present invention provides a kind of information processing method, and the first gateway connects multiple electronic equipments, including:
First gateway receives the packet that any electronic equipment is sent in the multiple electronic equipment, the packet Include the first public network address and first end slogan;Wherein, first public network address is at least one that the first gateway is distributed One in public network address;
The packet and network address information are sent to second gateway so that second gateway is according to described First public network address and first end slogan send the packet;And the packet pair is forwarded according to the network address information The backhaul data bag answered;Wherein, the network address information includes the private address of any electronic equipment, described first Public network address and the first end slogan corresponding relation.
Optionally, first packet and the network address information are sent to before second gateway, the party Method further comprises:The packet is encrypted.
Optionally, this method also includes:
First gateway obtains the flow information corresponding to each electronic equipment in the multiple electronic equipment;
The port numbers of the public network address and respective amount are distributed for each electronic equipment according to the flow information.
Optionally, included according to the flow information for the port numbers that each electronic equipment distributes respective amount:
The principle that quantity according to port numbers is directly proportional to flow information, is each electronic equipment distribution respective amount Port numbers.
Optionally, this method further comprises:
The corresponding current traffic information of each electronic equipment in current period is gathered according to predetermined period;
And the port numbers of respective amount are distributed for each electronic equipment according to the current traffic information.
The embodiment of the present invention also provides a kind of gateway, and the gateway is connected with the second gateway and multiple electronic equipments, including Transceiver and processor:
The processor, when the transceiver receives the number that any electronic equipment is sent in the multiple electronic equipment During according to bag, for obtaining the corresponding network address information of the packet;Wherein, the network address information includes described appoint The private address of one electronic equipment, first public network address and the first end slogan corresponding relation;
The transceiver, for receiving the packet that any electronic equipment is sent in the multiple electronic equipment, and will The packet and the network address information are sent to the second gateway so that second gateway is according to first public network Location and first end slogan send the packet;And the corresponding backhaul number of the packet is forwarded according to the network address information According to bag.
Optionally, the processor is additionally operable to the packet and the network address information being sent to second net Before pass, the packet is encrypted.
Optionally, the processor is additionally operable to obtain the flow corresponding to each electronic equipment in the multiple electronic equipment Information;The port numbers of respective amount are distributed for each electronic equipment according to the flow information.
Optionally, the principle that the processor is directly proportional specifically for the quantity according to port numbers to flow information, is institute State the port numbers that each electronic equipment distributes respective amount.
Optionally, the processor is additionally operable to gather each electronic equipment correspondence in current period according to predetermined period Current traffic information;And the port numbers of respective amount are distributed for each electronic equipment according to the current traffic information.
The embodiment of the present invention also provides a kind of gateway, and the gateway is connected with multiple electronic equipments and the second gateway, including:
Receiving module, for receiving the packet that any electronic equipment is sent in the multiple electronic equipment, the number Include the first public network address and first end slogan according to bag;Wherein, first public network address is that the first gateway is distributed at least One in one public network address;
Sending module, for the packet and network address information to be sent into second gateway so that described Two gateways send the packet according to first public network address and first end slogan;And turned according to the network address information Send out the corresponding backhaul data bag of packet described;Wherein, the network address information includes the private of any electronic equipment There are address, first public network address and the first end slogan corresponding relation.
The present invention has the beneficial effect that:
The scheme that the embodiment of the present invention is provided, multiple electronic equipments in cloud platform can use a public network address Can share and access outer net function, save substantial amounts of valuable public network IP address;
The rate of discharge of each electronic equipment in cloud platform can connect each via physical network card and switching equipment are direct-connected Receive with sending, without carrying out source address conversion by a centralized node again.
Gateway in cloud platform can be according to the statistics flow information dynamically distributes public network address of each electronic equipment and end Mouthful, it is ensured that each network flow can obtain available connection resource (public network IP address+port), effectively prevent traditional NAT The problem of issuable port resource of technology exhausts.Meanwhile, realized by dynamically distributes and explicit notifying mechanism to difference Tenant network provides flexible IP isolation and port isolation strategy, and the security of cloud platform has been effectively ensured.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet for information processing method that the embodiment of the present invention one is provided;
Fig. 2 is a kind of schematic flow sheet for information processing method that the embodiment of the present invention two is provided;
System structure diagram practical for a kind of information processing method that the embodiment of the present invention two is provided Fig. 3;
Fig. 4 is a kind of structural representation for gateway that the embodiment of the present invention four is provided;
Fig. 5 is the structural representation for another gateway that the embodiment of the present invention five is provided.
Embodiment
The application provides a kind of information processing method and gateway, there is safety to solve existing network address translation technique The problem of hidden danger.Technical scheme in the embodiment of the present invention is in order to solve the above technical problems, general thought is as follows:
All rates of discharge of multiple electronic equipments for connecting gateway in the embodiment of the present invention pass through one or more public networks Distributed submitting is realized in address in each electronic equipment, greatlys save the quantity consumed of public network address so that full distributed net Network is provided with real deployable.And first gateway interact with the second gateway with standard routing protocol and (send network Address information is to the second gateway), public network address, port numbers used in the packet that the second gateway private network is sent out are informed, And the next-hop private address of the backhaul traffic corresponding to packet, the second gateway is with then using the network based on port+IP Location information carries out corresponding flow forward table configuration, so as to eliminate the step of privately owned net distributed traffic need to carry out NAT conversions.
Technical scheme is described in detail below by accompanying drawing and specific embodiment, it should be understood that the present invention Specific features in embodiment and embodiment are the detailed description to technical scheme, rather than to present techniques The restriction of scheme, in the case where not conflicting, the technical characteristic in the embodiment of the present invention and embodiment can be mutually combined.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, represents there may be three kinds of passes System, for example, A and/or B, can be represented:Individualism A, while there is A and B, these three situations of individualism B.In addition, herein Middle character "/", it is a kind of relation of "or" to typically represent forward-backward correlation object.
Embodiment one
As shown in figure 1, the embodiment of the present invention provides a kind of information processing method, the first gateway connects multiple electronic equipments, This method can apply to cloud platform, implement including:
Step 101, the first gateway receives the packet that any electronic equipment is sent in the multiple electronic equipment, institute Stating packet includes the first public network address and first end slogan;Wherein, first public network address is what the first gateway was distributed One at least one public network address;
In this embodiment, public network address and port numbers are distributed to each electronic equipment, Ran Hou electricity by the first gateway in advance Sub- equipment then can generate packet when sending packet according to the public network address and port numbers being assigned to.
Step 102, the packet and network address information are sent to second gateway so that second gateway The packet is sent according to first public network address and first end slogan;And according to network address information forwarding The corresponding backhaul data bag of packet;Wherein, the network address information include any electronic equipment private address, First public network address and the first end slogan corresponding relation.
Each electronic equipment is delivered a packet to before gateway, the public network address and port numbers distributed in advance using gateway Generate packet, it is possible to realize multiple electronic equipments using public network address can share and access outer net function, section Substantial amounts of valuable public network IP address is saved.
In addition, public network address and port numbers situation of first gateway according to included by itself, are in advance each electronic equipment Corresponding public network address and port numbers are distributed, even if so a large amount of private networks (the first gateway of correspondence company included in cloud platform The electronic equipment connect) produced by traffic aggregation to hardware gateway equipment when, will not also produce address conflict issues.
In this embodiment, in order to improve Information Security, packet can also be encrypted, specific implementation can To be:
(1) packet and the network address information are sent to before second gateway, the first gateway is to institute Packet is stated to be encrypted.
(2) because electronic equipment just with the addition of public network address and port numbers when packet is generated, in data The subsequent transmission process of bag would not be adjusted to packet again, so electronic equipment just can be with after generation packet The packet is encrypted, the packet of encryption is then sent to the first gateway.In this way
The rate of discharge of each electronic equipment can be received with sending each via physical network card and switching equipment are direct-connected, without Again SNAT address conversions are carried out by a centralized node.So as to which security gateway can directly be deployed in platform exit and thing Hardware gateway connection is managed, the flow for reaching security gateway has been mapped as public network IP flow, cause IP conversion without Zai Jin guilds NAT conversion.
In addition, statistics flow information dynamically distributes of first gateway also according to each electronic equipment are every in the embodiment of the present invention The quantity of the corresponding public network address of individual electronic equipment and port numbers, it is ensured that each electronic equipment can obtain available connection money Source (public network address+port), effectively prevent the problem of traditional issuable port resource of NAT technologies exhausts.Implement Mode can be:
A1, first gateway obtains the flow information corresponding to each electronic equipment in the multiple electronic equipment;
In the platform that the first gateway is formed with the multiple electronic equipments being connected, each electronic equipment can produce internal stream Amount and external flow, because public network address is the outside transmission for data, outside the flow information in the embodiment Flow information corresponding to flow.
A2, the port of the public network address and respective amount is distributed according to the flow information for each electronic equipment Number.
Can be in this embodiment flow big electronic equipment point to improve the utilization rate of public network address and port numbers With the port numbers and public network address more than quantity, so implementing to be:
The principle that quantity according to port numbers is directly proportional to flow information, is each electronic equipment distribution respective amount Port numbers.
Optionally, each electronic equipment also has real-time change according to the different flow information of service condition, in the reality Apply in example, can also be dynamic according to flow information in the available connection resource embodiment in order to ensure that each electronic equipment can be obtained Port numbers quantity corresponding to each electronic equipment of adjustment of state, implementing to be:
The corresponding current traffic information of each electronic equipment in current period is gathered according to predetermined period;
And the port numbers of respective amount are distributed for each electronic equipment according to the current traffic information.
Multiple electronic equipments in the scheme that the embodiment of the present invention is provided, cloud platform can use a public network address i.e. Can share and access outer net function, save substantial amounts of valuable public network IP address;
The rate of discharge of each electronic equipment can be received with sending each via physical network card and switching equipment are direct-connected, without Again source address conversion is carried out by a centralized node.And the security gateway of cloud platform can directly be deployed in platform outlet Place is connected with physical hardware gateway, and the packet for reaching security gateway with the addition of public network address, cause IP heads without Zai Jin guilds The NAT conversions of conversion, so security gateway can correct verification data bag.
Gateway can be according to the statistics flow information dynamically distributes public network address of each electronic equipment and port, it is ensured that every Individual network flow can obtain available connection resource (public network IP address+port), effectively prevent traditional NAT technologies there may be Port resource the problem of exhaust.Meanwhile, realized by dynamically distributes and explicit notifying mechanism and different tenant networks are provided Flexible IP isolation and port isolation strategy, have been effectively ensured the security of cloud platform.
Embodiment two
As shown in Fig. 2 the embodiment of the present invention provides another information processing method, this method is applied to an electronic equipment In, the electronic equipment is connected with the first gateway (first gateway can be cloud platform internal gateway);The first webmaster connection Multiple to electronically form cloud platform system, this method includes:
Step 201, when electronic equipment sends packet to outer net, the public network address distributed according to the first gateway and port Number formed packet;
Step 202, the packet is sent to the first gateway;So that first gateway is by the packet and described The corresponding network address information of packet is sent to the second gateway (gateway can be carrier gateway);Second gateway is according to institute State the first public network address and the data are forwarded a packet to outer net by first end slogan;And institute is forwarded according to the network address information State the corresponding backhaul data bag of packet;Wherein, the network address information includes the demesne of any electronic equipment Location, first public network address and the first end slogan corresponding relation.
In the embodiment of the present invention, each electronic equipment is delivered a packet to before gateway, is distributed in advance using gateway Public network address and port numbers generation packet, it is possible to realize that multiple electronic equipments can share visit using a public network address The function of outer net is asked, substantial amounts of valuable public network IP address is saved.
Embodiment three
Application environment with reference to shown in Fig. 3, with the place of OpenStack (but the flow can be not limited to OpenStack platforms) A kind of information processing method provided exemplified by reason the embodiment of the present invention does further detailed description, and implementing can be with It is:
The gateway (or being platform courses node) of OpenStack platforms can be with platform exterior physical gateway equipment (example Such as carrier gateway) communicate interacts with routeing.It is provided with OpenStack platforms and multiple electronics being connected with the gateway Equipment (or being calculate node), when the private network of platform interior produces flow, each calculate node is according to flow purpose point For inner stream flow and external flow, after external flow is by traffic filtering and internal routing forwarding, into SNAT processing procedures.
Gateway is according to the statistics to each privately owned net flow number in each calculate node, by the public network IP and source of configuration Mouth scope carries out dynamic reasonable distribution, and distribution follows the positively related principle of flow information, i.e. node more than flow information, distributes Larger port range.
Platform courses node is communicated with physical hardware gateway device by bgp protocol, by the private of each calculate node There is the public network IP corresponding to IP gateway address to be sent to hardware with port range information (network address information i.e. in embodiment 1) Gateway device, hardware gateway equipment carries out network address information configuration according to these information, and some implementation can be as follows:
Match IP1address Port1
Set next-hop pIP
Wherein, IP1 is the public network IP of cloud platform SNAT gateways, the outer net flow that Port1 is sent for some calculate node Corresponding port range, pIP is the private address of the calculate node.
After the flow that platform courses node sends individual calculate node is sent with one or more public network IPs, backhaul traffic When by physical gateway equipment, the network address information the being pre-configured with letter that the equipment is sent according to platform courses node Breath, by the next-hop of corresponding Target IP+source port flow, is appointed as private address corresponding with calculate node, realizes flow Correct forwarding.
Example IV
As shown in figure 4, the embodiment of the present invention also provides a kind of gateway, the gateway and the second gateway and multiple electronic equipments It is connected, including processor 401 and transceiver 402:
The processor 401, sends when the transceiver receives any electronic equipment in the multiple electronic equipment Packet when, for obtaining the corresponding network address information of the packet;Wherein, the network address information includes institute State the private address, first public network address and the first end slogan corresponding relation of any electronic equipment;
The transceiver 402, for receiving the packet that any electronic equipment is sent in the multiple electronic equipment, and The packet and the network address information are sent to the second gateway so that second gateway is according to first public network Address and first end slogan send the packet;And the corresponding backhaul of the packet is forwarded according to the network address information Packet.
Optionally, processor 402 is additionally operable to the packet and the network address information being sent to second net Before pass, the packet is encrypted.
Optionally, processor 402 is additionally operable to obtain the flow corresponding to each electronic equipment in the multiple electronic equipment Information;The port numbers of respective amount are distributed for each electronic equipment according to the flow information.
Optionally, the principle that processor 402 is directly proportional specifically for the quantity according to port numbers to flow information, is described Each electronic equipment distributes the port numbers of respective amount.
Optionally, the processor 402 is additionally operable to gather each electronic equipment pair in current period according to predetermined period The current traffic information answered;And the port of respective amount is distributed for each electronic equipment according to the current traffic information Number.
A kind of various change mode in information processing method and instantiation in the embodiment of earlier figures 1 are equally applicable to The electronic equipment of the present embodiment, by the foregoing detailed description to information processing method, those skilled in the art can be clear Know the implementation of electronic equipment in the present embodiment, thus it is succinct for specification, it will not be described in detail herein.
Embodiment five
As shown in figure 5, the embodiment of the present invention also provides another gateway, the gateway 500 and multiple electronic equipments and Second gateway is connected, including:
Receiving module 501, it is described for receiving the packet that any electronic equipment is sent in the multiple electronic equipment Packet includes the first public network address and first end slogan;Wherein, first public network address is that the first gateway is distributed extremely One in a few public network address;
Sending module 502, for the packet and network address information to be sent into second gateway so that described Second gateway sends the packet according to first public network address and first end slogan;And according to the network address information Forward the corresponding backhaul data bag of the packet;Wherein, the network address information includes any electronic equipment Private address, first public network address and the first end slogan corresponding relation.
Optionally, the gateway also includes:
Encrypting module, described is sent in the sending module 502 by the packet and the network address information Before two gateways, for the packet to be encrypted.
Optionally, the gateway also includes:
Network address distribute module, for obtaining the flow letter in the multiple electronic equipment corresponding to each electronic equipment Breath;The port numbers of respective amount are distributed for each electronic equipment according to the flow information.
Optionally, the original that the network address distribute module is directly proportional specifically for the quantity according to port numbers to flow information Then, it is the port numbers of each electronic equipment distribution respective amount.
Optionally, the network address distribute module is additionally operable to gather each electricity in current period according to predetermined period The corresponding current traffic information of sub- equipment;And distribute respective amount according to the current traffic information for each electronic equipment Port numbers.
Various change mode in information processing method and instantiation in the embodiment of earlier figures 1 are equally applicable to this reality The electronic equipment of example is applied, by the foregoing detailed description to information processing method, those skilled in the art are clear that The implementation of electronic equipment in the present embodiment, thus it is succinct for specification, it will not be described in detail herein.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the application can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the application can be used in one or more computers for wherein including computer usable program code The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Specifically, the corresponding computer program instructions of a kind of information processing method in the embodiment of the present invention can be deposited Storage is on the storage mediums such as CD, hard disk, USB flash disk, when computer journey corresponding with a kind of information processing method in storage medium When sequence instruction is read or is performed by an electronic equipment, comprise the following steps:
First gateway receives the packet that any electronic equipment is sent in the multiple electronic equipment, the packet Include the first public network address and first end slogan;Wherein, first public network address is at least one that the first gateway is distributed One in public network address;
The packet and network address information are sent to second gateway so that second gateway is according to described First public network address and first end slogan send the packet;And the packet pair is forwarded according to the network address information The backhaul data bag answered;Wherein, the network address information includes the private address of any electronic equipment, described first Public network address and the first end slogan corresponding relation.
Alternatively, stored in the storage medium and step:The first electronic equipment is controlled to enter distance control mode pair The computer program instructions answered when executed, specifically include following steps:
First packet and the network address information are sent to before second gateway, to the packet It is encrypted.
Alternatively, stored in the storage medium and step:The first electronic equipment is controlled to enter distance control mode pair The computer program instructions answered when executed, specifically include following steps:
First gateway obtains the flow information corresponding to each electronic equipment in the multiple electronic equipment;
The port numbers of the public network address and respective amount are distributed for each electronic equipment according to the flow information.
Alternatively, stored in the storage medium and step:The first electronic equipment is controlled to enter distance control mode pair The computer program instructions answered when executed, specifically include following steps:
The principle that quantity according to port numbers is directly proportional to flow information, is each electronic equipment distribution respective amount Port numbers.
Alternatively, stored in the storage medium and step:The first electronic equipment is controlled to enter distance control mode pair The computer program instructions answered when executed, specifically include following steps:
The corresponding current traffic information of each electronic equipment in current period is gathered according to predetermined period;
And the port numbers of respective amount are distributed for each electronic equipment according to the current traffic information.
Although having been described for the preferred embodiment of the application, those skilled in the art once know basic creation Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent Select embodiment and fall into having altered and changing for the application scope.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies Within, then the application is also intended to comprising including these changes and modification.

Claims (11)

1. a kind of information processing method, the first gateway connects multiple electronic equipments, including:
First gateway is received in the packet that any electronic equipment is sent in the multiple electronic equipment, the packet and wrapped Include the first public network address and first end slogan;Wherein, first public network address is at least one public network that the first gateway is distributed One in address;
The packet and network address information are sent to second gateway so that second gateway is according to described first Public network address and first end slogan send the packet;And forward the packet corresponding according to the network address information Backhaul data bag;Wherein, the network address information includes the private address of any electronic equipment, first public network Address and the first end slogan corresponding relation.
2. the method as described in claim 1, it is characterised in that send first packet and the network address information To before second gateway, this method further comprises:The packet is encrypted.
3. method as claimed in claim 2, it is characterised in that this method also includes:
First gateway obtains the flow information corresponding to each electronic equipment in the multiple electronic equipment;
The port numbers of the public network address and respective amount are distributed for each electronic equipment according to the flow information.
4. method as claimed in claim 3, it is characterised in that distributed according to the flow information for each electronic equipment The port numbers of respective amount include:
The principle that quantity according to port numbers is directly proportional to flow information, is the end that each electronic equipment distributes respective amount Slogan.
5. the method as described in claim 3 or 4, it is characterised in that this method further comprises:
The corresponding current traffic information of each electronic equipment in current period is gathered according to predetermined period;
And the port numbers of respective amount are distributed for each electronic equipment according to the current traffic information.
6. a kind of gateway, the gateway is connected with the second gateway and multiple electronic equipments, including transceiver and processor:
The processor, when the transceiver receives the packet that any electronic equipment is sent in the multiple electronic equipment When, for obtaining the corresponding network address information of the packet;Wherein, the network address information includes any electricity The private address of sub- equipment, first public network address and the first end slogan corresponding relation;
The transceiver, for receiving the packet that any electronic equipment is sent in the multiple electronic equipment, and will be described Packet and the network address information are sent to the second gateway so that second gateway according to first public network address and First end slogan sends the packet;And the corresponding backhaul data of the packet is forwarded according to the network address information Bag.
7. gateway as claimed in claim 6, it is characterised in that the processor is additionally operable to the packet and the network Address information is sent to before second gateway, and the packet is encrypted.
8. gateway as claimed in claim 7, it is characterised in that the processor is additionally operable to obtain in the multiple electronic equipment Flow information corresponding to each electronic equipment;It is each electronic equipment distribution respective amount according to the flow information Port numbers.
9. gateway as claimed in claim 8, it is characterised in that the processor is specifically for the quantity and stream according to port numbers The principle that amount information is directly proportional, is the port numbers that each electronic equipment distributes respective amount.
10. gateway as claimed in claim 6, it is characterised in that the processor is additionally operable to current according to predetermined period collection The corresponding current traffic information of each electronic equipment in cycle;And be each electronics according to the current traffic information Equipment distributes the port numbers of respective amount.
11. a kind of gateway, the gateway is connected with multiple electronic equipments and the second gateway, including:
Receiving module, for receiving the packet that any electronic equipment is sent in the multiple electronic equipment, the packet Include the first public network address and first end slogan;Wherein, first public network address is at least one that the first gateway is distributed One in public network address;
Sending module, for the packet and network address information to be sent into second gateway so that second net Close and the packet is sent according to first public network address and first end slogan;And institute is forwarded according to the network address information State the corresponding backhaul data bag of packet;Wherein, the network address information includes the demesne of any electronic equipment Location, first public network address and the first end slogan corresponding relation.
CN201710090007.0A 2017-02-20 2017-02-20 Information processing method and gateway Active CN106992963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710090007.0A CN106992963B (en) 2017-02-20 2017-02-20 Information processing method and gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710090007.0A CN106992963B (en) 2017-02-20 2017-02-20 Information processing method and gateway

Publications (2)

Publication Number Publication Date
CN106992963A true CN106992963A (en) 2017-07-28
CN106992963B CN106992963B (en) 2021-05-18

Family

ID=59413821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710090007.0A Active CN106992963B (en) 2017-02-20 2017-02-20 Information processing method and gateway

Country Status (1)

Country Link
CN (1) CN106992963B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120746A (en) * 2018-09-30 2019-01-01 新华三技术有限公司 Method for network address translation, device and address-translating device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082837A (en) * 2010-12-31 2011-06-01 华为技术有限公司 Method and device for distributing public network address for IP (Internet protocol) terminal
CN102546407A (en) * 2011-12-29 2012-07-04 中兴通讯股份有限公司 Message sending method and device
CN102594933A (en) * 2011-12-20 2012-07-18 华为技术有限公司 Method, device and system for address allocation of public networks
US20130185404A1 (en) * 2012-01-18 2013-07-18 Microsoft Corporation Efficient port management for a distributed network address translation
CN103780492A (en) * 2012-10-25 2014-05-07 华为技术有限公司 Message forwarding method and corresponding equipment
CN104519097A (en) * 2013-09-29 2015-04-15 中兴通讯股份有限公司 Port block resource acquisition method, port block resource allocation method and devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082837A (en) * 2010-12-31 2011-06-01 华为技术有限公司 Method and device for distributing public network address for IP (Internet protocol) terminal
CN102594933A (en) * 2011-12-20 2012-07-18 华为技术有限公司 Method, device and system for address allocation of public networks
CN102546407A (en) * 2011-12-29 2012-07-04 中兴通讯股份有限公司 Message sending method and device
US20130185404A1 (en) * 2012-01-18 2013-07-18 Microsoft Corporation Efficient port management for a distributed network address translation
CN103780492A (en) * 2012-10-25 2014-05-07 华为技术有限公司 Message forwarding method and corresponding equipment
CN104519097A (en) * 2013-09-29 2015-04-15 中兴通讯股份有限公司 Port block resource acquisition method, port block resource allocation method and devices

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120746A (en) * 2018-09-30 2019-01-01 新华三技术有限公司 Method for network address translation, device and address-translating device
CN109120746B (en) * 2018-09-30 2022-04-15 新华三技术有限公司 Network address translation method and device and address translation equipment

Also Published As

Publication number Publication date
CN106992963B (en) 2021-05-18

Similar Documents

Publication Publication Date Title
CN103685467B (en) A kind of Internet of Things interconnects platform and its communication means
CN104335532B (en) The method and apparatus for routing the packet to the far-end address of Virtual Switch Instance
US10623505B2 (en) Integrating service appliances without source network address translation in networks with logical overlays
CN102577256B (en) For the method and apparatus of transparent cloud computing in virtual network infrastructure situation
CN102334111B (en) Providing logical networking functionality for managed computer networks
CN104113879B (en) It is deployed with cloud AC WiFi communication system and communication means
CN104685507B (en) Virtual secure device architecture is provided to virtual cloud foundation structure
CN104954253B (en) For the mainframe network accelerator (HNA) based on PCIe of data center's overlay network
CN103797774B (en) A kind of network address translation apparatus and method
CN104243302B (en) Business route message processing method, device and network system
CN104054067B (en) The framework and interface of processing data packets based on burden-alleviating device
CN111612466B (en) Consensus and resource transmission method, device and storage medium
CN103051510B (en) The method and apparatus that network strategy unloads to the safety and efficiently of network interface unit
CN103716213B (en) The method run in fixed access network and in a user device
CN107026890A (en) A kind of message forming method and load equalizer based on server cluster
CN109450852A (en) Network communication encrypting and decrypting method and electronic equipment
CN103109516A (en) Multiple virtual machines sharing a single ip address
CN106533890A (en) Message processing method, device and system
CN106603550B (en) A kind of Network Isolation method and device
CN103917967A (en) Network control system for configuring middleboxes
CN105847108B (en) Communication means and device between container
CN110290093A (en) The SD-WAN network architecture and network-building method, message forwarding method
CN105282191A (en) Load balancing system, controller and method
CN112822037B (en) Flow arrangement method and system for security resource pool
CN110089078A (en) The method and apparatus of business transponder via dynamic coverage network is provided

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant