CN107547690B - Port allocation method and device in NAT, NAT equipment and storage medium - Google Patents

Port allocation method and device in NAT, NAT equipment and storage medium Download PDF

Info

Publication number
CN107547690B
CN107547690B CN201710874097.2A CN201710874097A CN107547690B CN 107547690 B CN107547690 B CN 107547690B CN 201710874097 A CN201710874097 A CN 201710874097A CN 107547690 B CN107547690 B CN 107547690B
Authority
CN
China
Prior art keywords
port
address
destination
nat
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710874097.2A
Other languages
Chinese (zh)
Other versions
CN107547690A (en
Inventor
易勇平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN201710874097.2A priority Critical patent/CN107547690B/en
Publication of CN107547690A publication Critical patent/CN107547690A/en
Application granted granted Critical
Publication of CN107547690B publication Critical patent/CN107547690B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the application provides a port allocation method and device in Network Address Translation (NAT), NAT equipment and a storage medium, which are applied to the technical field of computer communication, wherein the method comprises the following steps: aiming at a message which comes from a private network and needs to be forwarded to a public network, when a session corresponding to the connection to which the message belongs is not established, acquiring a destination IP address of the message; and selecting one port from the unused port set corresponding to the destination IP address as a port allocated when the NAT is carried out on the message. According to the method and the device, the destination IP address of the message is used as the index when the port is allocated, different unused port sets are used according to different destination IP addresses, the port allocation is guaranteed not to conflict, the effective port can be allocated only once, the port allocation efficiency is improved, and the problem that the port allocation fails on the premise that port resources exist is solved.

Description

Port allocation method and device in NAT, NAT equipment and storage medium
Technical Field
The present application relates to the field of computer communications technologies, and in particular, to a method and an apparatus for port allocation in NAT, NAT devices, and storage media.
Background
Currently, the global IPV4(Internet Protocol version 4) address is already allocated, and the IPV6(Internet Protocol version 6) address has not been widely used. Therefore, global IP Address shortage will be faced with, and NAT (Network Address Translation) can delay the problem of IPV4 Address exhaustion.
NAT is the process of translating an IP address in a message to another IP address. In practice, NAT can be applied to network devices connecting two networks, such as firewall devices, to enable internal network users to access an external public network, and external public networks to access an internal network (e.g., servers of the internal network).
Taking NAT on a firewall device as an example, the process may be as follows:
when a message sent to a public network from an internal network reaches firewall equipment, the firewall equipment converts a source IP address of the message to convert the source IP address of the message into a public network IP address which can be used by the firewall equipment, and the conversion mode comprises the following steps: nopat mode and pat mode. The nopat mode only converts the source IP address of the message, but not the source port of the message, and the pat mode converts the source IP address and the source port of the message. Because of the limitation of the number of public network IP addresses which can be used by the firewall device, for one public network IP address, the converted IP addresses can be distinguished by using different ports, so that the conversion modes adopted in actual use are more in a pat mode. In the pat method, ports 0 to 1023 are used as known ports and are not used as translation ports in NAT, so ports used by default in NAT are 1024 to 65535.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for port allocation in NAT, NAT device, and storage medium, so as to improve the efficiency of port allocation and avoid the problem of failure of port allocation when there is an available port. The specific technical scheme is as follows:
the embodiment of the application provides a port allocation method in NAT, which comprises the following steps:
aiming at a message which comes from a private network and needs to be forwarded to a public network, when a session corresponding to the connection to which the message belongs is not established, acquiring a destination Internet Protocol (IP) address of the message;
and selecting one port from the unused port set corresponding to the destination IP address as a port allocated when the NAT is carried out on the message.
The embodiment of the application provides a port distribution device in NAT, the device includes:
the destination IP address acquisition module is used for acquiring a destination Internet protocol IP address of a message from a private network and needing to be forwarded to a public network when a session corresponding to the connection to which the message belongs is not established;
and the first port allocation module is used for selecting one port from the unused port set corresponding to the destination IP address as a port allocated when the NAT is carried out on the message.
An embodiment of the present application provides a NAT device, including: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: and implementing the steps of the port allocation method in the NAT.
Embodiments of the present application provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: and implementing the steps of the port allocation method in the NAT.
According to the port allocation method, the port allocation device, the NAT equipment and the storage medium in the NAT, provided by the embodiment of the application, aiming at the message which comes from the private network and needs to be forwarded to the public network, when the session corresponding to the connection to which the message belongs is not established, the destination IP address of the message is obtained; and selecting one port from the unused port set corresponding to the destination IP address as a port allocated for NAT aiming at the message. According to the embodiment of the application, the destination IP address is used as the index, one port can be selected from the unused port set corresponding to the destination IP address and used as the port allocated for the message during NAT, the port is guaranteed not to conflict when allocated, the effective port can be allocated only once, and the efficiency of port allocation is improved. Of course, it is not necessary for any product or method of the present application to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of NAT performed when transmitting a message between a public network and a private network;
FIG. 2 is a flow chart of port assignment in NAT using PAT;
fig. 3 is a flowchart of a port allocation method in NAT according to an embodiment of the present application;
fig. 4 is another flowchart of a port allocation method in NAT according to an embodiment of the present application;
fig. 5 is a block diagram of a port assignment device in the NAT according to an embodiment of the present application;
fig. 6 is another block diagram of a port assignment device in the NAT according to the embodiment of the present application;
fig. 7 is a block diagram of a NAT device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Due to the limitation of the address of the IPV4, if NAT is performed on the firewall device, the message transmission can be realized by using a small number of IPV4 addresses, so that the resources of IPV4 addresses can be saved. The more the number of public network IP addresses used by the firewall device for NAT is, the more the number of IP addresses of private network users can be converted is, so that the number of public network IP addresses used for NAT determines the number of private network users and the NAT efficiency of the firewall device.
Referring to fig. 1, fig. 1 is a schematic diagram of performing NAT during message transmission between a public network and a private network, where for each connection established between a private network device and a public network device, a corresponding session is established on a firewall device, and related information before and after the NAT is recorded to ensure a conversion manner of a forward subsequent message and a reverse message of a connection, and the session may be distinguished based on five-tuple information (a source IP address, a source port, a protocol, a destination IP address, and a destination port) of the message, as with a conversion manner of a first message of the connection.
Private network users access the public network, when the firewall device performs source IP address conversion, port resources can be multiplexed according to different destination IP addresses in order to utilize public network IP address resources to the maximum extent, namely, the same port is allocated according to messages belonging to the same session, and the same port can be allocated according to messages of different sessions if the destination IP addresses of the messages are different. As shown in fig. 1, a private network user 192.168.1.2 accesses a public network server 20.20.20.2 and a public network server 20.20.20.3, namely a message 1 and a message 2, respectively, and when performing NAT, the source IP addresses of the message 1 and the message 2 are both converted into 20.20.20.1, and because the destination IP addresses are different, 1024 ports can be multiplexed, so as to save port resources; then, when the private network user 192.168.1.3 sends the message 3 to access the public network server 20.20.20.3, the port 1024 cannot be multiplexed since the destination IP address of the session between the established private network user 192.168.1.2 and the public network server 20.20.20.3 is the same, so the port allocated for the message 3 is 1025.
After receiving a message from a private network user and needing to be forwarded to a public network, and after determining that a session corresponding to a connection to which the message belongs is not established at present, a firewall device needs to allocate a port to the message, and fig. 2 shows a flow chart of port allocation in an NAT currently adopting a PAT method for such a situation, which includes the following steps:
s201, determining that the port to be allocated for the message is X + n, wherein X is the port allocated for the last message, and the initial value of n is 1.
In this step, after the firewall device is started, the port allocated for the first received packet is 1024.
S202, searching the established session, determining whether the port X + n to be allocated for the packet satisfies the port allocation condition, i.e. the above-mentioned port multiplexing condition, if yes, entering S203, and if not, entering S204.
S203, when the port X + n to be distributed meets the port distribution condition, the port X + n is distributed to the message, and the message is modified and forwarded based on the distributed port.
S204, determining whether n is larger than a preset threshold, if so, entering S205, and if not, entering S206. Wherein the preset threshold represents a number of attempts to allocate a port.
S205, when n is greater than the preset threshold, indicating that the preset number of times has been tried, then no attempt is made to allocate a port to the packet, and the packet is discarded.
S206, adding 1 to the value of n, and entering S201.
Therefore, under the condition that more private network users access the same public network server, the number of times of session inquiry required in the port distribution process is more, and the message forwarding performance is influenced. And when the port conflict is serious, the port is not necessarily allocated when the number of times of allocating the port reaches a preset threshold, and all the ports (1024-65535) cannot be queried once due to efficiency. Then, the port cannot be allocated when there is an unused port, and the packet forwarding fails. Therefore, the efficiency of the port allocation is low, and there is a problem that the port allocation fails. In order to solve the problem, embodiments of the present application provide a method and an apparatus for port allocation in NAT, NAT devices, and a storage medium, so as to improve the efficiency of port allocation and avoid the problem of failure in port allocation when there is an available port.
First, a detailed description is given below of a port allocation method in NAT according to an embodiment of the present application.
Referring to fig. 3, fig. 3 is a flowchart of a port allocation method in NAT according to an embodiment of the present application, including the following steps:
s301, aiming at the message from the private network and needing to be forwarded to the public network, when the session corresponding to the connection to which the message belongs is not established, the destination IP address of the message is obtained.
In the embodiment of the application, when a private network user accesses a public network, a message is sent to the public network, the NAT is performed after the message reaches NAT equipment, meanwhile, a corresponding session is established on the NAT equipment, and related information before and after the message NAT is recorded, so that the conversion mode of a forward subsequent message (the message sent by the private network user to the public network) and a reverse message (the message returned by the public network to the private network user) is ensured to be the same as that of a first message, and the session is distinguished according to quintuple (a source IP address, a source port, a protocol, a destination IP address and a destination port). It can be seen that, when receiving the first message, the NAT device establishes a session corresponding to the first message, and the session of the forward subsequent message and the reverse message is the same as the session of the first message. For example, if the private network user 192.168.1.2 accesses the public network server 20.20.20.2 for the first time, when performing NAT, the NAT device records relevant information before and after the message NAT (source IP address 192.168.1.2, source port 1025, destination IP address 20.20.20.2, destination port 2017, etc.), and the session when the public network server 20.20.20.2 returns the message to the private network user 192.168.1.2, and the session when the private network user 192.168.1.2 continues to access the public network server 20.20.20.2 is the same as the session established when the private network user 192.168.1.2 accesses the public network server 20.20.20.2 for the first time.
The message carries out source IP address conversion on the NAT equipment, in order to utilize public network IP address resources to the maximum extent, port resources can be multiplexed according to the destination IP address of the message, one public network IP address can support infinite connections as long as the destination IP addresses are different, and infinite sessions can be established on the NAT equipment. Then, for the received message, when a session corresponding to the connection to which the message belongs is not established, the destination IP address of the message needs to be acquired.
S302, one port is selected from the unused port set corresponding to the destination IP address and is used as a port allocated for NAT aiming at the message.
In the embodiment of the application, since the destination IP addresses are distinguished, and the unused port sets corresponding to the destination IP addresses are independent of each other, after the destination IP addresses are obtained, the unused port set corresponding to the destination IP addresses can be determined according to the destination IP addresses, and one port is selected from the unused port sets corresponding to the destination IP addresses as a port allocated for performing NAT on a message. Therefore, the port allocation is associated with the destination IP address, and the effective port can be allocated only by once port allocation, so that the efficiency of port allocation is improved.
It can be understood that, when a session corresponding to a connection to which a message belongs is established, a port allocated to the established session, for example, a port allocated to a header message corresponding to the session, is obtained as a port allocated when performing NAT for the message. It can be seen that the ports allocated to the messages with the same session are the same.
According to the port allocation method in the NAT provided by the embodiment of the application, aiming at the message which comes from the private network and needs to be forwarded to the public network, when the session corresponding to the connection to which the message belongs is not established, the destination IP address of the message is obtained; and selecting one port from the unused port set corresponding to the destination IP address as a port allocated for NAT aiming at the message. According to the embodiment of the application, the destination IP address is used as the index, one port can be selected from the unused port set corresponding to the destination IP address and used as the port allocated for the message during NAT, the port is guaranteed not to conflict when allocated, the effective port can be allocated only once, and the efficiency of port allocation is improved.
Referring to fig. 4, fig. 4 is another flowchart of a port allocation method in NAT according to an embodiment of the present application, including the following steps:
s401, aiming at the message which comes from the private network and needs to be forwarded to the public network, when the session corresponding to the connection to which the message belongs is not established, the destination IP address of the message is obtained.
S402, if the unused port set corresponding to the destination IP address does not exist, determining that the unused port set corresponding to the destination IP address is a preset port set, and determining that the used port set corresponding to the destination IP address is empty.
For the session corresponding to the connection to which the message belongs, the destination IP address of the message has a corresponding unused port set and a corresponding used port set; for a session to which the connection to which the message belongs is not established, the destination IP address of the message does not have a corresponding unused port set and a used port set, and then the unused port set and the used port set corresponding to the destination IP address of the message need to be determined. In an implementation manner of the present application, in order to maximize the utilization of port resources (0 to 65535), a set of used ports corresponding to a destination IP address may be null, and ports 0 to 1023 are used as known ports and are not used as translation ports in NAT, so that a set of unused ports may be 1024 to 65535, that is, a set of preset ports is 1024 to 65535, and the set of preset ports is a set of ports that can be used for NAT translation other than the known ports. The used port set and the unused port set may be in a table form, or may be in other forms, which is not limited herein.
S403, selecting one port from the unused port set corresponding to the destination IP address as the port allocated for NAT aiming at the message.
S404, the selected port is moved from the unused port set corresponding to the destination IP address to the used port set corresponding to the destination IP address.
In this embodiment of the application, in step S403, one port is selected from the unused port set corresponding to the destination IP address, and is used as the port allocated for performing NAT on the packet, and then, after the port is allocated to the packet, the selected port is changed from the unused state to the used state, so that the selected port can be moved from the unused port set corresponding to the destination IP address to the used port set corresponding to the destination IP address. Therefore, for the message with the subsequent destination IP address as the destination IP address, repeated ports cannot be allocated when port allocation is carried out.
Since S401 and S403 are respectively the same as S301 and S302 in the embodiment of fig. 3, all implementation manners of S301 and S302 are applicable to fig. 4, and can achieve the same or similar beneficial effects, and are not described herein again.
The embodiment of the application provides a port allocation method in NAT, aiming at a message which comes from a private network and needs to be forwarded to a public network, and when a session corresponding to the connection to which the message belongs is not established, a destination IP address of the message is obtained; determining an unused port set and a used port set corresponding to a destination IP address, and selecting one port from the unused port set corresponding to the destination IP address as a port allocated for NAT aiming at a message; and moving the selected port from the unused port set corresponding to the destination IP address to the used port set corresponding to the destination IP address. In the embodiment of the application, the destination IP address is used as an index, when an unused port set corresponding to the destination IP address does not exist, an unused port set corresponding to the destination IP address is determined first, then one port is selected from the unused port set corresponding to the destination IP address and used as a port allocated for NAT for a message, and the selected port is moved from the unused port set corresponding to the destination IP address to a used port set corresponding to the destination IP address, so that no conflict is generated when the ports are allocated, the ports can be allocated to effective ports only once, and the efficiency of port allocation is improved.
In an implementation manner of the present application, for a port in a used port set corresponding to a destination IP address, after a session allocated with the port is deleted, the port is moved from the used port set corresponding to the destination IP address to an unused port set corresponding to the destination IP address.
In the embodiment of the application, because one session occupies one port resource, if one session is deleted, the port occupied by the session can be recycled for allocation of other subsequent session ports. If a session is deleted, a port in the used port set corresponding to the destination IP address in the session can be determined, and the port is moved from the used port set corresponding to the destination IP address to the unused port set corresponding to the destination IP address, that is, the unused port can be recycled, thereby saving port resources. In another implementation manner of the present application, after all sessions including the destination IP address are deleted, the unused port set corresponding to the destination IP address is deleted. Of course, the used port set corresponding to the destination IP address can also be deleted. In this way, the storage space consumed by the NAT device can be saved.
Corresponding to the foregoing method embodiment, an embodiment of the present application further provides a port allocation apparatus in an NAT, referring to fig. 5, where fig. 5 is a structural diagram of the port allocation apparatus in the NAT of the embodiment of the present application, and includes:
the destination IP address obtaining module 501 is configured to, for a packet that comes from a private network and needs to be forwarded to a public network, obtain a destination IP address of the packet when a session corresponding to a connection to which the packet belongs is not established.
The first port allocating module 502 is configured to select one port from an unused port set corresponding to the destination IP address, as a port allocated for performing NAT on the packet.
The port allocation device in the NAT provided in the embodiment of the present application, for a packet from a private network and to be forwarded to a public network, obtains a destination IP address of the packet when a session corresponding to a connection to which the packet belongs is not established; and selecting one port from the unused port set corresponding to the destination IP address as a port allocated for NAT aiming at the message. According to the embodiment of the application, the destination IP address is used as the index, one port can be selected from the unused port set corresponding to the destination IP address and used as the port allocated for the message during NAT, the port is guaranteed not to conflict when allocated, the effective port can be allocated only once, and the efficiency of port allocation is improved.
It should be noted that, the apparatus in the embodiment of the present application is an apparatus applying the port allocation method in the NAT, and all embodiments of the port allocation method in the NAT are applicable to the apparatus and can achieve the same or similar beneficial effects.
Referring to fig. 6, fig. 6 is another structural diagram of a port allocation apparatus in NAT according to an embodiment of the present application, and based on the embodiment of fig. 5, the apparatus further includes:
the port set determining module 601 is configured to determine, if there is no unused port set corresponding to the destination IP address, that the unused port set corresponding to the destination IP address is a preset port set, and determine that the used port set corresponding to the destination IP address is empty.
A port set modifying module 602, configured to move the selected port from an unused port set corresponding to the destination IP address to a used port set corresponding to the destination IP address.
In an implementation manner of the present application, the port allocating apparatus in the NAT further includes:
and the port deleting module is used for moving the port from the used port set corresponding to the destination IP address to the unused port set corresponding to the destination IP address after the session distributed with the port is deleted.
In an implementation manner of the present application, the port allocating apparatus in the NAT further includes:
and the port set deleting module is used for deleting the unused port set corresponding to the destination IP address after all the sessions including the destination IP address are deleted.
In an implementation manner of the present application, the port allocating apparatus in the NAT further includes:
and the second port allocation module is used for acquiring a port allocated for the established session when the session corresponding to the connection to which the message belongs is established, and taking the port allocated for the established session as a port allocated for NAT aiming at the message.
An embodiment of the present application further provides a NAT device, see fig. 7, where fig. 7 is a structural diagram of the NAT device in the embodiment of the present application, including: a processor 701 and a machine-readable storage medium 702, the machine-readable storage medium 702 storing machine-executable instructions executable by the processor 701, the processor 701 being caused by the machine-executable instructions to: and implementing the steps of the port allocation method in any NAT.
The processor 701 may be a general-purpose processor, and includes: a CPU (Central Processing Unit), an NP (Network Processor), and the like; but also a DSP (Digital Signal Processing), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
The machine-readable storage medium 702 may include a RAM (Random Access Memory) and a non-volatile Memory (non-volatile Memory), such as at least one disk Memory, wherein the machine-readable storage medium 702 may also be at least one storage device located remotely from the processor 701.
Embodiments of the present application also provide a machine-readable storage medium having stored therein machine-executable instructions that, when invoked and executed by a processor, cause the processor to: and implementing the steps of the port allocation method in any NAT.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.

Claims (8)

1. A method for allocating ports in Network Address Translation (NAT), the method comprising:
aiming at a message which comes from a private network and needs to be forwarded to a public network, when a session corresponding to the connection to which the message belongs is not established, acquiring a destination Internet Protocol (IP) address of the message;
selecting one port from the unused port set corresponding to the destination IP address as a port allocated when NAT is carried out on the message; the unused port sets corresponding to the destination IP addresses are mutually independent;
when a session corresponding to the connection to which the message belongs is established, acquiring a port allocated to the established session as a port allocated when NAT is performed on the message;
after selecting one port from the set of unused ports corresponding to the destination IP address as a port allocated when performing NAT for the packet, the method further includes:
and moving the selected port from the unused port set corresponding to the destination IP address to the used port set corresponding to the destination IP address.
2. The method according to claim 1, wherein before selecting one port from the set of unused ports corresponding to the destination IP address as the port to be allocated for NAT for the packet, the method further includes:
and if the unused port set corresponding to the destination IP address does not exist, determining that the unused port set corresponding to the destination IP address is a preset port set, and determining that the used port set corresponding to the destination IP address is empty.
3. The method of port assignment in NAT of claim 1, further comprising:
and for a port in the used port set corresponding to the destination IP address, after the session allocated with the port is deleted, moving the port from the used port set corresponding to the destination IP address to the unused port set corresponding to the destination IP address.
4. An apparatus for port assignment in Network Address Translation (NAT), the apparatus comprising:
the destination IP address acquisition module is used for acquiring a destination Internet protocol IP address of a message from a private network and needing to be forwarded to a public network when a session corresponding to the connection to which the message belongs is not established;
a first port allocation module, configured to select a port from an unused port set corresponding to the destination IP address, as a port allocated when performing NAT on the packet; the unused port sets corresponding to the destination IP addresses are mutually independent;
the device further comprises:
a second port allocation module, configured to, when a session corresponding to a connection to which the packet belongs is established, obtain a port allocated to the established session, and use the port allocated to the established session as a port allocated when performing NAT for the packet;
the device further comprises:
and the port set modifying module is used for moving the selected port from the unused port set corresponding to the destination IP address to the used port set corresponding to the destination IP address.
5. The port assignment arrangement in a NAT of claim 4, wherein said arrangement further comprises:
and the port set determining module is used for determining that the unused port set corresponding to the destination IP address is a preset port set and determining that the used port set corresponding to the destination IP address is empty if the unused port set corresponding to the destination IP address does not exist.
6. The port assignment arrangement in a NAT of claim 4, wherein said arrangement further comprises:
and the port deleting module is used for moving the port from the used port set corresponding to the destination IP address to the unused port set corresponding to the destination IP address after the session distributed with the port is deleted.
7. A network address translation, NAT, device comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: implementing the steps of the method for port allocation in NAT according to any of claims 1-3.
8. A machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to: implementing the steps of the method for port assignment in network address translation NAT as claimed in any of claims 1-3.
CN201710874097.2A 2017-09-25 2017-09-25 Port allocation method and device in NAT, NAT equipment and storage medium Active CN107547690B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710874097.2A CN107547690B (en) 2017-09-25 2017-09-25 Port allocation method and device in NAT, NAT equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710874097.2A CN107547690B (en) 2017-09-25 2017-09-25 Port allocation method and device in NAT, NAT equipment and storage medium

Publications (2)

Publication Number Publication Date
CN107547690A CN107547690A (en) 2018-01-05
CN107547690B true CN107547690B (en) 2021-06-18

Family

ID=60963329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710874097.2A Active CN107547690B (en) 2017-09-25 2017-09-25 Port allocation method and device in NAT, NAT equipment and storage medium

Country Status (1)

Country Link
CN (1) CN107547690B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109688237B (en) 2018-03-26 2020-05-12 新华三技术有限公司 NAT (network Address translation) conversion method and device and NAT equipment
CN111698337B (en) * 2020-07-21 2022-08-09 杭州海康威视数字技术股份有限公司 Method, device and equipment for establishing communication connection
CN113783806B (en) * 2021-08-31 2023-10-17 上海新氦类脑智能科技有限公司 Shunt route jump method, device, medium, equipment and multi-core system applied by same

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1408088A (en) * 2000-03-03 2003-04-02 能联有限公司 Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses
CN102594942A (en) * 2012-02-23 2012-07-18 汉柏科技有限公司 Method and system for achieving network address translation
CN103945014A (en) * 2013-01-21 2014-07-23 中国科学院声学研究所 Port multiplexing method in PAT mode and network address translation equipment
CN106254577A (en) * 2016-09-18 2016-12-21 东软集团股份有限公司 The method and device of port assignment
CN106506724A (en) * 2016-11-23 2017-03-15 杭州华三通信技术有限公司 A kind of method and device of distribution port block

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7191331B2 (en) * 2002-06-13 2007-03-13 Nvidia Corporation Detection of support for security protocol and address translation integration
CN103338275B (en) * 2013-05-30 2016-05-25 中国联合网络通信集团有限公司 Port assignment method and apparatus
CN103442093A (en) * 2013-07-22 2013-12-11 汉柏科技有限公司 Method for achieving network address translation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1408088A (en) * 2000-03-03 2003-04-02 能联有限公司 Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses
CN102594942A (en) * 2012-02-23 2012-07-18 汉柏科技有限公司 Method and system for achieving network address translation
CN103945014A (en) * 2013-01-21 2014-07-23 中国科学院声学研究所 Port multiplexing method in PAT mode and network address translation equipment
CN106254577A (en) * 2016-09-18 2016-12-21 东软集团股份有限公司 The method and device of port assignment
CN106506724A (en) * 2016-11-23 2017-03-15 杭州华三通信技术有限公司 A kind of method and device of distribution port block

Also Published As

Publication number Publication date
CN107547690A (en) 2018-01-05

Similar Documents

Publication Publication Date Title
US10320738B2 (en) Address allocation method, CGN device, and CGN dual-active system
EP2556438B1 (en) Reverse dns lookup with modified reverse mappings
US8228848B2 (en) Method and apparatus for facilitating push communication across a network boundary
WO2020248963A1 (en) Method and apparatus for establishing end-to-end network connection, and network system
EP2608491B1 (en) Method, apparatus and system for allocating public IP address
US20120324063A1 (en) Method, network device, and system for automatically configuring network device in ipv6 network
EP2605486A1 (en) Method and system for handling a domain name service request
CN107547690B (en) Port allocation method and device in NAT, NAT equipment and storage medium
EP2890091A1 (en) Address allocation method, device and system
US10038646B2 (en) Method and apparatus for acquiring port range resource, and method and apparatus for allocating port range resource
US11784963B2 (en) NAT traversal method, device, and system
US8606937B2 (en) Information providing method, home gateway, and home network system
WO2016134624A1 (en) Routing method, device and system, and gateway dispatching method and device
US20140294009A1 (en) Communication apparatus, communication system, control method of communication apparatus and program
CN114095430B (en) Access message processing method, system and working node
CA2774281C (en) User access method, system, access server, and access device
WO2011157126A2 (en) Packet forwarding method and inter-network routing apparatus
CN109120741B (en) Duplicate address detection method and device and computer readable storage medium
US10432579B2 (en) Internet protocol address allocation method and router
CN103795581A (en) Address processing method and address processing device
WO2013013477A1 (en) Data packet processing and tracing method, device and system
KR101709874B1 (en) Ip address allocation method and ip address allocation server for performing the method
CN105939398B (en) IPv6 transition method and device
CN108337331B (en) Network penetration method, device and system and network connectivity checking method
CN114531417A (en) Communication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant