CN108124022A - A kind of network address translation management method and device - Google Patents

A kind of network address translation management method and device Download PDF

Info

Publication number
CN108124022A
CN108124022A CN201611064558.1A CN201611064558A CN108124022A CN 108124022 A CN108124022 A CN 108124022A CN 201611064558 A CN201611064558 A CN 201611064558A CN 108124022 A CN108124022 A CN 108124022A
Authority
CN
China
Prior art keywords
nat device
nat
session
address
address field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611064558.1A
Other languages
Chinese (zh)
Other versions
CN108124022B (en
Inventor
胡淑军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201611064558.1A priority Critical patent/CN108124022B/en
Publication of CN108124022A publication Critical patent/CN108124022A/en
Application granted granted Critical
Publication of CN108124022B publication Critical patent/CN108124022B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses

Abstract

This application involves Internet technical field more particularly to a kind of network address translation management method and device, to solve the problems, such as in the prior art to efficiently use publicly-owned address resource and more NAT device resource can be consumed;Network address translation management method provided by the embodiments of the present application includes:Resource management server is after the resource allocation request of network address translation device is received, address field is distributed for the NAT device, so that session of the NAT device based on described address section to establish carries out network address translation, and update session state information corresponding with the session in the nat translation table of the NAT device;It is ageing state by the state information updating of the session in the nat translation table when receiving the ageing state information for any session that the NAT device reports;When session all in the nat translation table of the NAT device is all in ageing state, described address section is recycled.

Description

A kind of network address translation management method and device
Technical field
This application involves Internet technical field more particularly to a kind of network address translation management method and devices.
Background technology
At present, computer is all to use Internet protocol fourth edition (Internet mostly when accessing internet Protocol Version 4, IPV4) address resource, but with access internet number of computers surge at full speed, IPV4 address resources are further nervous, in order to solve the problems, such as that IPV4 address resources are short, introduce network address translation (Network Address Translation, NAT) technology and Internet protocol sixth version (Internet Protocol Version 6, IPV6).Wherein, NAT technologies refer to the IP in procotol (Internet Protocol, IP) data packet Address conversion generally converts (Network Address Port into the process of another IP address using network address port Translation, NAPT) technology realizes.
Specifically, the private IP address of private network host is converted into public network IP address, while changes transmission control protocol (Transmission Control Protocol, TCP)/User Datagram Protocol (User Datagram Protocol, UDP) port information a, in this way, LAN only needs to realize private address network using a small amount of legitimate ip address The communication issue of interior all computers and internet, therefore, NAT technologies can not only solve that IPV4 address resources are insufficient to ask Topic, and the attack of network-external can also be effectively prevented from, hide and protect the computer of network internal.But due to interconnection Net can not possibly be transitioned into IPV6, IPV4 and IPV6 by Long Coexistence from IPV4 in a short time, and therefore, NAT technologies cause industry Concern.
Traditional NAT technologies are mainly used in the smaller government and enterprise customers of network size and group customer, when network size expands When greatly to Working level, the key point of network construction concentrates on large capacity, highly reliable, user traces to the source, the set with existing Metropolitan Area Network (MAN) Etc., to adapt to the deployment of the large-scale commercial applications of operator, meet the working level networks such as operator's Metropolitan Area Network (MAN), mobile grouping field net Needs, it is proposed that carrier class networks address conversion (Carrier Grade NAT, CGN), CGN is also referred to as large scale deployment Network address translation (Large Scale NAT, LSN).In practical applications, CGN deployment and operation need emphasis solve two A problem:
1) limited publicly-owned address resource how to be made full use of to cut operating costs;
2) hot standby, the promotion user experience between CGN equipment how is realized.
In the prior art, each self-configuring of NAT device that operator is disposed respectively for each region communally location Pooled resources, should Publicly-owned address Pooled resources distribute to NAT device and just immobilize later, and pass through nat translation table between two NAT device Real-time synchronization is hot standby to realize.In the following, the workflow of CGN in the prior art is illustrated.
First, publicly-owned address pool is distributed for each region, as shown in Figure 1, it is assumed that certain is saved there are two prefecture-level city, is respectively A cities With B cities.Wherein, A cities are assigned to the publicly-owned address pool 211.1.*.* of a B class, and by its static configuration on A cities NAT device, Afterwards, externally issue route 211.1.*.*, so that the backhaul data flow of the session information sent to A cities NAT device can return To A cities NAT device;Similarly, B cities are assigned to the publicly-owned address pool 211.2.*.* of a B class, also by its static configuration in B cities On NAT device, afterwards, external issue routing 211.2.*.*, so as to the backhaul data of session information sent to B cities NAT device Flow may return to B cities NAT device.
It is assumed that a publicly-owned address can be used for 45 users, then a B classes address pool can at most supply 300 simultaneously General-purpose family uses, i.e. the maximum concurrent user number in A cities and B cities is 3,000,000.If A cities concurrent user number is flown up to 400 Ten thousand, then the publicly-owned address pool in A cities will be completely depleted and have 100 general-purpose families and can not surf the Internet, and at this point, B cities may only have It is surfing the Internet at 100 general-purpose families, then the publicly-owned address Pooled resources in B cities will be a large amount of idle.
Secondly, carried out between two NAT device of different zones it is hot standby, as illustrated in fig. 2, it is assumed that A cities and B cities carry out heat It is standby.When A cities user surfs the Internet, A cities NAT device establishes the NAT conversions of user conversation in the range of publicly-owned address pool 211.1.*.* Table, and NAT operations are performed for user conversation according to the nat translation table, wherein, the session, which often receives a message, can all refresh Corresponding session status in A cities nat translation table, and it is synchronized to B cities NAT device;Similarly, when B cities user surfs the Internet, B cities NAT Equipment establishes the nat translation table of user conversation in the range of publicly-owned address pool 211.2.*.*, and is converted to use according to the NAT Family session performs NAT operations, wherein, the session, which often receives a message, can also refresh corresponding session in B cities nat translation table State, and it is synchronized to A cities NAT device.In this way, the newly-built of each nat translation table item in nat translation table, state update and old Change is required for synchronizing between two NAT device, and the mode of this real-time synchronization provides the CPU for consuming NAT device significantly Source reduces the performance of NAT device.
It is provided as it can be seen that existing in the prior art to efficiently use publicly-owned address resource and more NAT device can be consumed The problem of source.
The content of the invention
The embodiment of the present application provides a kind of network address translation management method and device, to solve to exist in the prior art The problem of cannot efficiently using publicly-owned address resource and more NAT device resource can be consumed.
A kind of network address translation management method provided by the embodiments of the present application, including:
Resource management server distributes address field after the resource allocation request of NAT device is received, for NAT device, with Just session of the NAT device based on described address section to establish carries out network address translation, and updates the NAT conversions of the NAT device Session state information corresponding with the session in table;
When receiving the ageing state information for any session that NAT device reports, by the shape of the session in nat translation table State information is updated to ageing state;
When session all in the nat translation table of NAT device is all in ageing state, described address section is recycled.
Optionally, before distributing address field for NAT device, the method further includes:
Public address pond is divided into multiple address fields, so as to resource management server in units of address field to publicly The address resource in location pond is allocated and recycles.
Optionally, after public address pond being divided into multiple address fields, the method further includes:
When receiving the first message of any session of user, whether judgement is before to use family instead to be assigned segment port;
If so, a port is selected to distribute to any session from the segment port distributed for the user, and turn in NAT Change in table is any one nat translation table item of session establishment;
Otherwise, distribute described address section corresponding a port section for the user, and an end is selected from the segment port Mouth distributes to any session, is any one nat translation table item of session establishment in nat translation table.
Optionally, when session all in the nat translation table of NAT device is all in ageing state, described address is recycled Section, including:
When the corresponding all sessions of either port section are all in ageing state, the segment port is discharged;
It is all released if the corresponding all of the port section of address field of NAT device distribution, then recycles the address field.
Optionally, the method further includes:
An address is distributed when the corresponding segment port of the address field distributed for NAT device has been allocated, then for NAT device Section;
In the multiple address fields distributed for NAT device, for the address field of allocated complete segment port, if the address Section ports section in section is released, then distributes a port section for user, including:
According to the resource utilization for the segment port for being multiple address fields that NAT device distributes, in multiple address fields An address field is selected, and the segment port in the address field is distributed for the user.
Optionally, address field is distributed for NAT device, including:
Issue instruction is issued to NAT device;Wherein, issue instruction is based on dynamic routing protocol pair for triggering NAT device The corresponding routing of address field that outer issue NAT device occupies;
Described address section is recycled, including:
Recovery command is issued to NAT device;Wherein, recovery command is returned for triggering NAT device based on dynamic routing protocol Receive the corresponding routing of address field that NAT device occupies.
Optionally, the method further includes:
Based on the connection established with each NAT device, the operating status of each NAT device is detected;
When detecting that any NAT device breaks down, by the address field distributed for the NAT device that breaks down and The nat translation table established for the NAT device is sent to other NAT device in normal operating condition.
The embodiment of the present application also provides a kind of network address translation management method, including:
NAT device sends resource allocation request to resource management server, so that resource management server sets for the NAT Back-up matches somebody with somebody address field;
Session based on described address section to establish carries out network address translation, and updates in the nat translation table of NAT device Session state information corresponding with the session;
When the session is in ageing state, the status information of the conversation aging is reported to resource management server.
Optionally, when the session is in ageing state, the shape of the conversation aging is reported to resource management server State information, including:
If the session is UDP sessions, the ageing state information reporting of UDP sessions is given to the resource management service Device.
Optionally, when the session is in ageing state, the shape of the conversation aging is reported to resource management server State information, including:
If the session is TCP sessions, the ageing state information of TCP sessions, three-way handshake and four times are torn open chain State information report give the resource management server.
A kind of resource management server provided by the embodiments of the present application, including:
Distribution module, for after the resource allocation request of network address translation device is received, dividing for NAT device With address field, so that session of the NAT device based on described address section to establish carries out network address translation, and update the NAT and set Session state information corresponding with the session in standby nat translation table;
Update module, for when receiving the ageing state information for any session that NAT device reports, NAT to be converted The state information updating of the session is ageing state in table;
Recycling module, for when session all in the nat translation table of NAT device is all in ageing state, recycling institute State address field.
Optionally, distribution module is additionally operable to:
Public address pond is divided into multiple address fields, so as in units of address field to the address resource in public address pond It is allocated and recycles.
Optionally, distribution module is additionally operable to:
When receiving the first message of any session of user, whether judgement is before that the user is assigned segment port;
If so, a port is selected to distribute to any session from the segment port distributed for the user, and turn in NAT Change in table is any one nat translation table item of session establishment;
Otherwise, distribute described address section corresponding a port section for the user, and an end is selected from the segment port Mouth distributes to any session, is any one nat translation table item of session establishment in nat translation table.
Optionally, recycling module is specifically used for:
When the corresponding all sessions of either port section are all in ageing state, the segment port is discharged;
It is all released if the corresponding all of the port section of address field of NAT device distribution, then recycles the address field.
Optionally, distribution module is specifically used for:
An address is distributed when the corresponding segment port of the address field distributed for NAT device has been allocated, then for NAT device Section;
In the multiple address fields distributed for NAT device, for the address field of allocated complete segment port, if the address Section ports section in section is released, then according to the utilization of resources of the segment port for the multiple address fields for being NAT device distribution Rate selects an address field in multiple address fields, and the segment port in the address field is distributed for the user.
Optionally, distribution module is specifically used for:
Issue instruction is issued to NAT device;Wherein, issue instruction is based on dynamic routing protocol pair for triggering NAT device The corresponding routing of address field that outer issue NAT device occupies;
Recycling module is specifically used for:
Recovery command is issued to NAT device;Wherein, recovery command is returned for triggering NAT device based on dynamic routing protocol Receive the corresponding routing of address field that NAT device occupies.
Optionally, the resource management server further includes:
Detection module, for based on the connection established with each NAT device, detecting the operating status of each NAT device;When By the address field distributed for the NAT device to break down and it is the NAT device when detecting that any NAT device breaks down The nat translation table of foundation is sent to other NAT device in normal operating condition.
A kind of NAT device provided by the embodiments of the present application, including:
Sending module, for sending resource allocation request to resource management server, so that resource management server is NAT Equipment distributes address field;
Modular converter, the session for being established based on described address section carries out network address translation, and updates NAT device Nat translation table in session state information corresponding with the session;
Reporting module, for when the session is in ageing state, reporting the session old to resource management server The status information of change.
Optionally, reporting module is specifically used for:
If the session is UDP sessions, by the ageing state information reporting of the UDP sessions to resource management service Device.
Optionally, reporting module is specifically used for:
If the session is TCP sessions, the ageing state information of the TCP sessions, three-way handshake and four times are torn open The state information report of chain is to resource management server.
In the embodiment of the present application, resource management server is set after the resource allocation request of NAT device is received for NAT Back-up matches somebody with somebody address field, so that session of the NAT device based on the address field to establish carries out network address translation, and updates the NAT Session state information corresponding with the session in the nat translation table of equipment, when receiving the old of any session that NAT device reports It is ageing state by the state information updating of the session in nat translation table, further, when the NAT is set when changing status information When all sessions are all in ageing state in standby nat translation table, described address section is recycled.In the embodiment of the present application, provide Source control server can distribute address resource in units of address field for NAT device, and can be by being established for NAT device Nat translation table, the status information of conversation aging that NAT device reports is preserved, when all in the nat translation table of NAT device When session is all in ageing state, the address field of NAT device distribution can be recovered as, in this way, resource management server is not only Address resource total amount every time for NAT device distribution is small, but also can be recycled, it is thereby achieved that between different geographical Address resource complementation with it is shared, improve the utilization rate of publicly-owned address, cut operating costs.In addition, resource management server can With using NAT device nat translation table and address field, realize to the hot standby of the NAT device, the NAT device do not have to again with it is other The NAT device synchronous session state information of oneself, therefore the resource of NAT device can also be saved in real time.
Description of the drawings
Fig. 1 is the schematic diagram that NAT device carries out network address translation in the prior art;
Fig. 2 is that NAT device carries out hot standby schematic diagram in the prior art;
Fig. 3 is the framework relation schematic diagram between resource management server and each NAT device in the embodiment of the present application;
Fig. 4 is network address translation management method flow chart provided by the embodiments of the present application;
Fig. 5 is another network address translation management method flow chart provided by the embodiments of the present application;
Fig. 6 is resource management server structure chart provided by the embodiments of the present application;
Fig. 7 is NAT device structure chart provided by the embodiments of the present application.
Specific embodiment
In the embodiment of the present application, resource management server is set after the resource allocation request of NAT device is received for NAT Back-up matches somebody with somebody address field, so that session of the NAT device based on the address field to establish carries out network address translation, and updates the NAT Session state information corresponding with the session in the nat translation table of equipment, when receiving the old of any session that NAT device reports It is ageing state by the state information updating of the session in nat translation table, further, when the NAT is set when changing status information When all sessions are all in ageing state in standby nat translation table, described address section is recycled.In the embodiment of the present application, provide Source control server can distribute address resource in units of address field for NAT device, and can be by being established for NAT device Nat translation table, the status information of conversation aging that NAT device reports is preserved, when all in the nat translation table of NAT device When session is all in ageing state, the address field of NAT device distribution can be recovered as, in this way, resource management server is not only Address resource total amount every time for NAT device distribution is small, but also can be recycled, it is thereby achieved that between different geographical Address resource complementation with it is shared, improve the utilization rate of publicly-owned address, cut operating costs.In addition, resource management server can With using NAT device nat translation table and address field, realize to the hot standby of the NAT device, the NAT device do not have to again with it is other The NAT device synchronous session state information of oneself, therefore the resource of NAT device can also be saved in real time.
As shown in figure 3, the framework relation signal between resource management server in the embodiment of the present application and each NAT device Figure, wherein, resource management server is newly-increased network element.In the embodiment of the present application, resource management server is unified for each NAT and sets Back-up is matched somebody with somebody, management address resource, and NAT device is provided as network element is performed using address of the resource management server for oneself distribution Source carries out network address translation for the session of foundation.
The embodiment of the present application is described in further detail with reference to Figure of description.
Embodiment one
As shown in figure 4, it is network address translation management method flow chart provided by the embodiments of the present application, including following step Suddenly:
S401:Resource management server distributes address after the resource allocation request of NAT device is received, for NAT device Section so that session of the NAT device based on the address field to establish carries out network address translation, and updates the NAT conversions of NAT device Session state information corresponding with the session in table.
Here, resource management server for NAT device before address field is distributed, if can be divided into entire address pool A dry small address field, for example, by a B classes address be divided into 256 C classes address fields and then in units of address field it is right NAT device carries out the distribution and recycling of address resource.It, can be in addition, for each address in the address field that marks off The corresponding port in the address is divided according to certain amount, it is optional so as to obtain multiple segment ports corresponding with the address Ground, the distribution object of segment port is the user under NAT device.
In specific implementation process, after NAT device comes into operation, when the first message for receiving user conversation for the first time When, resource allocation request can be sent to resource management server, resource management server is receiving the money of NAT device transmission After the distribution request of source, in the multiple address fields that can be marked off from public address pond an address field is selected to distribute to the NAT to set It is standby.Wherein, the resource allocation request that NAT device is sent can be the first message of the user conversation.
Optionally, when resource management server distributes address field for NAT device, issue instruction is issued to NAT device, it should The corresponding road of address field of NAT device occupancy is externally issued in issue instruction for triggering NAT device based on dynamic routing protocol By.Here, the corresponding routing of address field refers to the routing forwarding path in address field corresponding to each address.
In addition, resource management server for NAT device distribute address field when, can also be corresponding multiple in the address field A port section is selected to distribute to the user in segment port, and then from the segment port a port is selected to distribute to this time meeting Words, and be one nat translation table item of this session establishment in the nat translation table of NAT device, so that NAT device can be based on The nat translation table item is forwarded to the message in this session, and updates the session information in nat translation table item.Wherein, Source IP address, source port, purpose IP address, destination interface, transport layer protocol, transformed is included at least in nat translation table item The session information of IP address, transformed port and this time session.
In specific implementation process, when the first message of any session of the subsequently received user of resource management server When, it can be determined that whether it is before that the user is assigned segment port, if being assigned segment port before for the user, from for the use Selection a port distributes to any session in the segment port of family distribution, and any for this in the nat translation table of NAT device One nat translation table item of session establishment;Otherwise, selected in multiple segment ports corresponding to the address field of the NAT device are distributed to It selects a port section and distributes to the user, then from the segment port a port is selected to distribute to any session, and set in NAT It is any one nat translation table item of session establishment in standby nat translation table.For any session establishment nat translation table item Afterwards, which is handed down to NAT device.
S402:When receiving the ageing state information for any session that NAT device reports, by the meeting in nat translation table The state information updating of words is ageing state.
In above process, resource management server establishes each session corresponding nat translation table item, and Nat translation table item is handed down to NAT device.Therefore, NAT device can forward corresponding in each session according to the nat translation table item Message, and update the session information in nat translation table item.When user conversation aging, NAT device is to resource management server Report the ageing state information of the session.Further, when resource management server receives any session that NAT device reports Ageing state information when, can by the state information updating of the session in nat translation table be ageing state.In this way, NAT device It only needs locally recording the update of each session, and without synchronizing in real time with other NAT device again, it therefore, can be with Save the resource of NAT device.
Optionally, if the status information of certain session is aging in nat translation table, resource management server will can be somebody's turn to do immediately The corresponding nat translation table entry deletion of session, can also be more than preset duration, such as 5 seconds, afterwards by the corresponding NAT of the session Transformation table entries are deleted.
S403:When session all in the nat translation table of NAT device is all in ageing state, address field is recycled.
In specific implementation process, resource management server is that each user under NAT device distributes a port section, respectively Message in all sessions of user is all forwarded in the segment port of oneself.When the corresponding all sessions of either port section are all located When ageing state, resource management server can discharge the segment port, further, if the address field of NAT device distribution Corresponding all of the port section is all released, then recycles the address field.
Optionally, when the address field of resource management server recycling NAT device, recovery command is issued to NAT device, it should Recovery command is used to trigger the corresponding routing of address field that NAT device recycles NAT device occupancy based on dynamic routing protocol.
In addition, in above-mentioned steps S401, whenever the first message of the subsequently received user conversation of NAT device, will just use The first message of family session is sent to resource management server request distribution address resource.Resource management server is receiving user It, can be with after the corresponding all of the port section of address field for being determined as NAT device distribution has been allocated after the first message of session Again an address field is distributed for the NAT device.In this way, when if the user under NAT device is more, resource management server is just May be that the NAT device distributes multiple address fields.
In specific implementation process, when being assigned multiple address fields for NAT device, for allocated complete segment port Address field, if the section ports section in the address field is released, then, may have in multiple address fields under the NAT device and deposit It, can be according to being the NAT device at this point, when resource management server distributes segment port for user again in idle port section The resource utilization of the segment port of multiple address fields of distribution selects an address field from multiple address fields, and in the address Selection a port section distributes to the user in the corresponding idle port section of section.
For example, resource management server is distributed for certain NAT device there are two address field add1 and add2, wherein, each Location section corresponds to 10 segment ports, has 3 idle port sections in add1, there is 6 idle port sections in add2.At this point, for add1 And the resource utilization for the segment port that the resource utilization of the segment port of add2, add1 is 70%, add2 is 40%.So, when When resource management server distributes segment port to the user under the NAT device again, it can be corresponded in the high add1 of resource utilization Idle port section in selection one distribute to the user.
In addition, in specific implementation process, in order to realize that, to the hot standby of NAT device, resource management server can be based on The connection established with each NAT device detects the operating status of each NAT device.When detecting that any NAT device breaks down When, by the address field distributed for the NAT device that breaks down and to be that nat translation table that the NAT device is established is sent to other NAT device in normal operating condition, so as to fulfill from the NAT device to break down to the NAT device of normal operation Be switched fast, and then promoted user experience.
In the embodiment of the present application, resource management server is set after the resource allocation request of NAT device is received for NAT Back-up matches somebody with somebody address field, so that session of the NAT device based on the address field to establish carries out network address translation, and updates the NAT Session state information corresponding with the session in the nat translation table of equipment, when receiving the old of any session that NAT device reports It is ageing state by the state information updating of the session in nat translation table, further, when the NAT is set when changing status information When all sessions are all in ageing state in standby nat translation table, described address section is recycled.In the embodiment of the present application, provide Source control server can distribute address resource in units of address field for NAT device, and can be by being established for NAT device Nat translation table, the status information of conversation aging that NAT device reports is preserved, when all in the nat translation table of NAT device When session is all in ageing state, the address field of NAT device distribution can be recovered as, in this way, resource management server is not only Address resource total amount every time for NAT device distribution is small, but also can be recycled, it is thereby achieved that between different geographical Address resource complementation with it is shared, improve the utilization rate of publicly-owned address, cut operating costs.In addition, resource management server can With using NAT device nat translation table and address field, realize to the hot standby of the NAT device, the NAT device do not have to again with it is other The NAT device synchronous session state information of oneself, therefore the resource of NAT device can also be saved in real time.
Embodiment two
As shown in figure 5, it is another network address translation management method flow chart provided by the embodiments of the present application, including following Step:
S501:NAT device sends resource allocation request to resource management server, so that resource management server is oneself Distribute address field.
Here, when NAT device receives the first message of user conversation, the first message of the user's session can be sent out Resource management server is given, resource management server is being determined without distributing address field for the NAT device, alternatively, determining After being finished for the address field that the NAT device distributes, address field is distributed for the NAT device.Also, when resource management server is Can also be that the NAT device establishes nat translation table when NAT device distributes address field, it is all under the NAT device for recording User session information, and the nat translation table is sent to NAT device.
S502:Session based on described address section to establish carries out network address translation, and the NAT for updating NAT device turns Change session state information corresponding with the session in table.
In specific implementation process, when NAT device receives the first message of user conversation, just by the first of user conversation Message is sent to resource management server, and resource management server can be each session distribution nat translation table item of user, and Nat translation table item is handed down to NAT device, afterwards, NAT device completes the net of session according to the nat translation table item of each session Network address conversion, and update the session information in the nat translation table of NAT device.
Specifically, after the source IP address of each message in user conversation and source port are substituted for conversion by NAT device IP address and transformed port, afterwards, according to specified transport layer protocol, by the message after IP address and port translation, The destination interface of purpose IP address is forwarded to, and during E-Packeting, the session in local update nat translation table item Information.
S503:When the session is in ageing state, the state for reporting the conversation aging to resource management server is believed Breath.
In above process, the session information of NAT device user in local update nat translation table item, works as conversation aging When, which can be reported to resource management server by NAT device.It optionally, can if the session is UDP sessions With by the ageing state information reporting of UDP sessions to resource management server;If the session is TCP sessions, except by TCP meetings The aging shape of the words state information reporting can also tear the three-way handshake of TCP sessions and four times open chain to resource management server Status information be reported to resource management server together, so that the resource management server when hot standby can be according to these information The TCP sessions are updated.
In the embodiment of the present application, NAT device according to resource management server for oneself distribute address field to user's meeting Message in words is forwarded to, and during E-Packeting, and updates the information of the session in nat translation table item, when with When family session is in ageing state, the ageing state information of the user's session is reported to resource management server.In this way, NAT is set It is standby only need to it is local update nat translation table item in real time in session state information, without the session status is believed in real time again Breath passes to other NAT device, therefore, can save the resource of NAT device.
Embodiment three
With reference to specific example, network address translation management method provided by the embodiments of the present application is carried out in detail Explanation.
For example, unified configuration is on resource management server after the publicly-owned address pool of all districts and cities is concentrated, resource pipe Entire address pool can be divided into several small address fields by reason server, and address resource is divided in units of address field Match somebody with somebody and recycle.
For the NAT device A in A cities, when receiving the first message of user conversation, the first message of the session is reported to Resource management server.Resource management server is determining not to be after NAT device A distributes address field, to be from entire address pool NAT device A applies for an address field, and in the corresponding multiple segment ports of the address field a port section is selected to distribute to the use Family, then in the corresponding multiple ports of the segment port a port is selected to distribute to this session, and in the NAT of NAT device For one nat translation table item of this session establishment in conversion table, so as to NAT device A according to the nat translation table item in the port The message of this session is forwarded to.Afterwards, nat translation table item is handed down to NAT device A by resource management server, simultaneously It issues issue instruction and gives NAT device A, indicate that it externally issues the routing corresponding to the address field.
Further, NAT device A forwards the subsequent packet of this session according to the nat translation table item received, and is turning While sending out these messages, the information of this time session in local update nat translation table item.When this session is locally in old After change state, NAT device A can be by the ageing state information reporting to resource management server, so as to resource management server The state of this time session in nat translation table is updated to aging.
In specific implementation process, for the first message of subsequent user session under NAT device A, resource management server Still in the address field distributed for NAT device A address resource is distributed for it.Specifically, if the first message belongs to above-mentioned use Another session at family is only then this session establishment nat translation table item;If the first message belongs to the difference of different user Session then first can distribute segment port for the subsequent user, then select a port in the corresponding multiple ports of the segment port The subsequent user is distributed to, and is this time one nat translation table item of session establishment of the subsequent user.In this way, whenever NAT device A receives the first message of user conversation, and the first message of user conversation just is sent to resource management server asks to this User distributes address resource.Resource management server distributes after the first message of user conversation is received when being determined as NAT device Address field be finished after, resource management server can also be that NAT device A applies for new address field.
In specific implementation process, a user corresponds to a port section, and all sessions of the user are all in the segment port Interior completion network address translation, if corresponding all sessions all agings in certain segment port, resource management server if, discharges this Segment port, further, if the corresponding all of the port section of certain address field is all released, resource management recycles the address if clothes Section.
In specific implementation process, the workflow of the NAT device B in B cities is consistent with the workflow of NAT device A, herein It repeats no more.Assuming that NAT device B breaks down suddenly, the work of the resource management server later to NAT device B failures below It is illustrated as flow.
Optionally, resource management server can monitor the state of all NAT device, break down in discovery NAT device B Afterwards, the relevant address resources of NAT device B (including address field and nat translation table) can be all associated on NAT device A.Tool Body, the nat translation table of NAT device B is handed down to NAT device A by resource management server, and triggers the dynamic of NAT device A Routing Protocol externally notices the address field routing of NAT device B.Hereafter, each NAT by NAT device A in the nat translation table Transformation table entries, are updated the session under NAT device B and aging.In this way, the session under NAT device B can rapidly be cut It changes on NAT device A, so as to conveniently realize to the hot standby of NAT device B.
In the embodiment of the present application, resource management server is set after the resource allocation request of NAT device is received for NAT Back-up matches somebody with somebody address field, so that session of the NAT device based on the address field to establish carries out network address translation, and updates the NAT Session state information corresponding with the session in the nat translation table of equipment, when receiving the old of any session that NAT device reports It is ageing state by the state information updating of the session in nat translation table, further, when the NAT is set when changing status information When all sessions are all in ageing state in standby nat translation table, described address section is recycled.In the embodiment of the present application, provide Source control server can distribute address resource in units of address field for NAT device, and can be by being established for NAT device Nat translation table, the status information of conversation aging that NAT device reports is preserved, when all in the nat translation table of NAT device When session is all in ageing state, the address field of NAT device distribution can be recovered as, in this way, resource management server is not only Address resource total amount every time for NAT device distribution is small, but also can be recycled, it is thereby achieved that between different geographical Address resource complementation with it is shared, improve the utilization rate of publicly-owned address, cut operating costs.In addition, resource management server can With using NAT device nat translation table and address field, realize to the hot standby of the NAT device, the NAT device do not have to again with it is other The NAT device synchronous session state information of oneself, therefore the resource of NAT device can also be saved in real time.
Based on same inventive concept, additionally provided in the embodiment of the present application a kind of corresponding with network address translation management method Resource management server and NAT device, the principle solved the problems, such as due to them and the embodiment of the present application network address translation pipe Reason method is similar, therefore the implementation of resource management server and NAT device may refer to the implementation of method, and it is no longer superfluous to repeat part It states.
As shown in fig. 6, be 60 structure chart of resource management server provided by the embodiments of the present application, including:
Distribution module 601, for after the resource allocation request of network address translation device is received, being NAT device Address field is distributed, so that session of the NAT device based on described address section to establish carries out network address translation, and updates the NAT Session state information corresponding with the session in the nat translation table of equipment;
Update module 602, for when receiving the ageing state information for any session that NAT device reports, NAT to be turned The state information updating for changing the session in table is ageing state;
Recycling module 603, for when session all in the nat translation table of NAT device is all in ageing state, recycling Described address section.
Optionally, distribution module 601 is additionally operable to:
Public address pond is divided into multiple address fields, so as in units of address field to the address resource in public address pond It is allocated and recycles.
Optionally, distribution module 601 is additionally operable to:
When receiving the first message of any session of user, whether judgement is before that the user is assigned segment port;
If so, a port is selected to distribute to any session from the segment port distributed for the user, and turn in NAT Change in table is any one nat translation table item of session establishment;
Otherwise, distribute described address section corresponding a port section for the user, and an end is selected from the segment port Mouth distributes to any session, is any one nat translation table item of session establishment in nat translation table.
Optionally, recycling module 603 is specifically used for:
When the corresponding all sessions of either port section are all in ageing state, the segment port is discharged;
It is all released if the corresponding all of the port section of address field of NAT device distribution, then recycles the address field.
Optionally, distribution module 601 is specifically used for:
An address is distributed when the corresponding segment port of the address field distributed for NAT device has been allocated, then for NAT device Section;
In the multiple address fields distributed for NAT device, for the address field of allocated complete segment port, if the address Section ports section in section is released, then according to the utilization of resources of the segment port for the multiple address fields for being NAT device distribution Rate selects an address field in multiple address fields, and the segment port in the address field is distributed for the user.
Optionally, distribution module 601 is specifically used for:
Issue instruction is issued to NAT device;Wherein, issue instruction is based on dynamic routing protocol pair for triggering NAT device The corresponding routing of address field that outer issue NAT device occupies;
Recycling module 603 is specifically used for:
Recovery command is issued to NAT device;Wherein, recovery command is returned for triggering NAT device based on dynamic routing protocol Receive the corresponding routing of address field that NAT device occupies.
Optionally, the resource management server further includes:
Detection module 604, for based on the connection established with each NAT device, detecting the operation shape of each NAT device State;By the address field distributed for the NAT device to break down and it is this when detecting that any NAT device breaks down The nat translation table that NAT device is established is sent to other NAT device in normal operating condition.
As shown in fig. 7, be 70 structure chart of NAT device provided by the embodiments of the present application, including:
Sending module 701, for sending resource allocation request to resource management server, so that resource management server is NAT device distributes address field;
Modular converter 702, the session for being established based on described address section carries out network address translation, and updates NAT Session state information corresponding with the session in the nat translation table of equipment;
Reporting module 703, for when the session is in ageing state, the session to be reported to resource management server The status information of aging.
Optionally, reporting module 703 is specifically used for:
If the session is UDP sessions, by the ageing state information reporting of the UDP sessions to resource management service Device.
Optionally, reporting module 703 is specifically used for:
If the session is TCP sessions, the ageing state information of the TCP sessions, three-way handshake and four times are torn open The state information report of chain is to resource management server.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the application Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the application The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is with reference to according to the method, apparatus (system) of the embodiment of the present application and the flow of computer program product Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, those skilled in the art once know basic creation Property concept, then can make these embodiments other change and modification.So appended claims be intended to be construed to include it is excellent It selects embodiment and falls into all change and modification of the application scope.
Obviously, those skilled in the art can carry out the application essence of the various modification and variations without departing from the application God and scope.In this way, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies Within, then the application is also intended to comprising including these modification and variations.

Claims (20)

1. a kind of network address translation management method, which is characterized in that this method includes:
Resource management server is after the resource allocation request of network address translation device is received, for the NAT device point With address field, so that session of the NAT device based on described address section to establish carries out network address translation, and update and be somebody's turn to do Session state information corresponding with the session in the nat translation table of NAT device;
When receiving the ageing state information for any session that the NAT device reports, by the session in the nat translation table State information updating be ageing state;
When session all in the nat translation table of the NAT device is all in ageing state, described address section is recycled.
2. the method as described in claim 1, which is characterized in that before distributing address field for the NAT device, the method is also Including:
Public address pond is divided into multiple address fields, so as to the resource management server in units of address field to the public affairs The address resource of address pool is allocated and recycles altogether.
3. method as claimed in claim 2, which is characterized in that described after public address pond is divided into multiple address fields Method further includes:
When receiving the first message of any session of user, whether judgement is before that the user is assigned segment port;
If so, a port is selected to distribute to any session from the segment port distributed for the user, and turn in the NAT Change in table is any one nat translation table item of session establishment;
Otherwise, distribute described address section corresponding a port section for the user, and a port point is selected from the segment port Any session described in dispensing is any one nat translation table item of session establishment in the nat translation table.
4. method as claimed in claim 3, which is characterized in that when session all in the nat translation table of the NAT device all During in ageing state, described address section is recycled, including:
When the corresponding all sessions of either port section are all in ageing state, the segment port is discharged;
It is all released if the corresponding all of the port section of address field of NAT device distribution, then recycles the address field.
5. method as claimed in claim 4, which is characterized in that the method further includes:
One is distributed when the corresponding segment port of address field distributed for the NAT device has been allocated, then for the NAT device Address field;
In the multiple address fields distributed for the NAT device, for the address field of allocated complete segment port, if the address Section ports section in section is released, then distributes a port section for user, including:
According to the resource utilization for the segment port for being multiple address fields that the NAT device distributes, in the multiple address An address field is selected in section, and the segment port in the address field is distributed for the user.
6. the method as described in claim 1, which is characterized in that address field is distributed for the NAT device, including:
Issue instruction is issued to the NAT device;Wherein, issue instruction is assisted for triggering the NAT device based on dynamic routing View externally issues the corresponding routing of address field that the NAT device occupies;
The recycling described address section, including:
Recovery command is issued to the NAT device;Wherein, recovery command is assisted for triggering the NAT device based on dynamic routing View recycles the corresponding routing of address field that the NAT device occupies.
7. the method as described in claim 1~6 is any, which is characterized in that the method further includes:
Based on the connection established with each NAT device, the operating status of each NAT device is detected;
By the address field distributed for the NAT device to break down and it is this when detecting that any NAT device breaks down The nat translation table that NAT device is established is sent to other NAT device in normal operating condition.
8. a kind of network address translation management method, which is characterized in that this method includes:
Network address translation device sends resource allocation request to resource management server, so as to the resource management service Device distributes address field for the NAT device;
Session based on described address section to establish carries out network address translation, and updates in the nat translation table of the NAT device Session state information corresponding with the session;
When the session is in ageing state, the status information of the conversation aging is reported to the resource management server.
9. method as claimed in claim 8, which is characterized in that when the session is in ageing state, to the resource pipe Reason server reports the status information of the conversation aging, including:
If the session is datagram protocol UDP sessions, the ageing state information reporting of the UDP sessions is given to the money Source control server.
10. method as claimed in claim 8, which is characterized in that when the session is in ageing state, to the resource pipe Reason server reports the status information of the conversation aging, including:
If the session is transmission control protocol TCP session, by the ageing state information of the TCP sessions, three-way handshake And four state information reports for tearing chain open give the resource management server.
11. a kind of resource management server, which is characterized in that the resource management server includes:
Distribution module, for after the resource allocation request of network address translation device is received, dividing for the NAT device With address field, so that session of the NAT device based on described address section to establish carries out network address translation, and update and be somebody's turn to do Session state information corresponding with the session in the nat translation table of NAT device;
Update module, for when receiving the ageing state information for any session that the NAT device reports, by the NAT The state information updating of the session is ageing state in conversion table;
Recycling module, for when session all in the nat translation table of the NAT device is all in ageing state, recycling institute State address field.
12. resource management server as claimed in claim 11, which is characterized in that the distribution module is additionally operable to:
Public address pond is divided into multiple address fields, so as in units of address field to the address resource in the public address pond It is allocated and recycles.
13. resource management server as claimed in claim 12, which is characterized in that the distribution module is additionally operable to:
When receiving the first message of any session of user, whether judgement is before that the user is assigned segment port;
If so, a port is selected to distribute to any session from the segment port distributed for the user, and turn in the NAT Change in table is any one nat translation table item of session establishment;
Otherwise, distribute described address section corresponding a port section for the user, and a port point is selected from the segment port Any session described in dispensing is any one nat translation table item of session establishment in the nat translation table.
14. resource management server as claimed in claim 13, which is characterized in that the recycling module is specifically used for:
When the corresponding all sessions of either port section are all in ageing state, the segment port is discharged;
It is all released if the corresponding all of the port section of address field of NAT device distribution, then recycles the address field.
15. resource management server as claimed in claim 14, which is characterized in that the distribution module is specifically used for:
One is distributed when the corresponding segment port of address field distributed for the NAT device has been allocated, then for the NAT device Address field;
In the multiple address fields distributed for the NAT device, for the address field of allocated complete segment port, if the address Section ports section in section is released, then according to the resource of the segment port for the multiple address fields for being the NAT device distribution Utilization rate selects an address field in the multiple address field, and the segment port in the address field is distributed for the user.
16. resource management server as claimed in claim 11, which is characterized in that the distribution module is specifically used for:
Issue instruction is issued to the NAT device;Wherein, issue instruction is assisted for triggering the NAT device based on dynamic routing View externally issues the corresponding routing of address field that the NAT device occupies;
The recycling module is specifically used for:
Recovery command is issued to the NAT device;Wherein, recovery command is assisted for triggering the NAT device based on dynamic routing View recycles the corresponding routing of address field that the NAT device occupies.
17. the resource management server as described in claim 11~16 is any, which is characterized in that the resource management server It further includes:
Detection module, for based on the connection established with each NAT device, detecting the operating status of each NAT device;Work as detection By the address field distributed for the NAT device to break down and it is that the NAT device is established when breaking down to any NAT device Nat translation table be sent to other NAT device in normal operating condition.
18. a kind of network address translation device, which is characterized in that the NAT device includes:
Sending module, for sending resource allocation request to resource management server, so that the resource management server is institute State NAT device distribution address field;
Modular converter, the session for being established based on described address section carries out network address translation, and updates the NAT device Nat translation table in session state information corresponding with the session;
Reporting module, for when the session is in ageing state, reporting the session old to the resource management server The status information of change.
19. NAT device as claimed in claim 18, which is characterized in that the reporting module is specifically used for:
If the session is datagram protocol UDP sessions, the ageing state information reporting of the UDP sessions is given to the money Source control server.
20. NAT device as claimed in claim 18, which is characterized in that the reporting module is specifically used for:
If the session is transmission control protocol TCP session, by the ageing state information of the TCP sessions, three-way handshake And four state information reports for tearing chain open give the resource management server.
CN201611064558.1A 2016-11-28 2016-11-28 Network address translation management method and device Active CN108124022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611064558.1A CN108124022B (en) 2016-11-28 2016-11-28 Network address translation management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611064558.1A CN108124022B (en) 2016-11-28 2016-11-28 Network address translation management method and device

Publications (2)

Publication Number Publication Date
CN108124022A true CN108124022A (en) 2018-06-05
CN108124022B CN108124022B (en) 2020-04-14

Family

ID=62225086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611064558.1A Active CN108124022B (en) 2016-11-28 2016-11-28 Network address translation management method and device

Country Status (1)

Country Link
CN (1) CN108124022B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430117A (en) * 2019-08-13 2019-11-08 广州竞远安全技术股份有限公司 A kind of high concurrent tunnel system and method connecting cloud network and user's Intranet
CN112600765A (en) * 2020-12-02 2021-04-02 杭州迪普科技股份有限公司 Method and device for scheduling configuration resources
CN114374667A (en) * 2021-12-28 2022-04-19 中国电信股份有限公司 Method, device and storage medium for distributing NAT IP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003096653A1 (en) * 2002-05-13 2003-11-20 Sony Computer Entertainment America Inc. Peer to peer network communication with network address translation
CN101409732A (en) * 2008-11-19 2009-04-15 福建星网锐捷网络有限公司 System and method for managing network address conversion information
CN102647486A (en) * 2012-04-28 2012-08-22 华为技术有限公司 Address distributing method, address distributing equipment and address distributing system
CN104184840A (en) * 2013-05-23 2014-12-03 中国电信股份有限公司 Dynamic address management method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003096653A1 (en) * 2002-05-13 2003-11-20 Sony Computer Entertainment America Inc. Peer to peer network communication with network address translation
CN101409732A (en) * 2008-11-19 2009-04-15 福建星网锐捷网络有限公司 System and method for managing network address conversion information
CN102647486A (en) * 2012-04-28 2012-08-22 华为技术有限公司 Address distributing method, address distributing equipment and address distributing system
CN105245638A (en) * 2012-04-28 2016-01-13 华为技术有限公司 Address distribution method, equipment and system
CN104184840A (en) * 2013-05-23 2014-12-03 中国电信股份有限公司 Dynamic address management method, device and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430117A (en) * 2019-08-13 2019-11-08 广州竞远安全技术股份有限公司 A kind of high concurrent tunnel system and method connecting cloud network and user's Intranet
CN112600765A (en) * 2020-12-02 2021-04-02 杭州迪普科技股份有限公司 Method and device for scheduling configuration resources
CN114374667A (en) * 2021-12-28 2022-04-19 中国电信股份有限公司 Method, device and storage medium for distributing NAT IP
CN114374667B (en) * 2021-12-28 2024-04-16 中国电信股份有限公司 Method, device and storage medium for distributing NAT IP

Also Published As

Publication number Publication date
CN108124022B (en) 2020-04-14

Similar Documents

Publication Publication Date Title
CN106878166B (en) Route notification method and device
CN101605084B (en) Method and system for processing virtual network messages based on virtual machine
CN102473114B (en) Dynamically migrating computer networks
CN111638957B (en) Method for realizing cluster sharing type public cloud load balance
CN104468397B (en) The method and apparatus that a kind of live migration of virtual machine forwards not packet loss
CN106878288B (en) message forwarding method and device
CN105162704B (en) The method and device of multicast replication in Overlay network
CN104852840B (en) A kind of method and device exchanged visits between control virtual machine
CN101883029A (en) Application implantation method and system in the cloud
CN105471744A (en) Virtual machine migration method and device
CN108124022A (en) A kind of network address translation management method and device
US20130182605A1 (en) Method and system for providing a mobile virtual router
CN106385354B (en) Message forwarding method and device
CN101562576B (en) Route distribution method and equipment thereof
CN100563194C (en) The method for building up of LSP
US20190215191A1 (en) Deployment Of Virtual Extensible Local Area Network
CN104699522A (en) Virtual machine dynamic migration method
CN107659930A (en) A kind of AP connection control methods and device
CN101325588A (en) Method for preventing network equipment from attacking and network equipment
CN108933844A (en) The method and apparatus of DHCP service is provided
CN104426759B (en) Host routes acquisition methods, apparatus and system
CN103581353A (en) Method and system of automatic configuration of gateway device
CN107979630A (en) A kind of information acquisition method and device
CN106878075A (en) A kind of message processing method and device
CN106453367A (en) Method and system for preventing address scanning attack based on SDN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant