CN109495596B - Method and device for realizing address conversion - Google Patents
Method and device for realizing address conversion Download PDFInfo
- Publication number
- CN109495596B CN109495596B CN201710822932.8A CN201710822932A CN109495596B CN 109495596 B CN109495596 B CN 109495596B CN 201710822932 A CN201710822932 A CN 201710822932A CN 109495596 B CN109495596 B CN 109495596B
- Authority
- CN
- China
- Prior art keywords
- address
- service
- message
- network
- fixed outlet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
- H04L61/2532—Clique of NAT servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method and a device for realizing address translation, wherein the method comprises the following steps: setting IP address information of a fixed outlet IP service aiming at each NAT in the cluster; the NAT detects that the message is an IP tunnel message of a fixed outlet IP service of an access public network, and the IP tunnel message finds the IP address information of the fixed outlet IP service set by the NAT; and performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing session, and sending the message subjected to NAT conversion to the NSW.
Description
Technical Field
The present application relates to computer technologies, and more particularly, to a method and apparatus for address translation.
Background
Network Address Translation (NAT) is a Translation technique for converting a private Address into a valid IP Address, and is applied to various types of Internet access modes and various types of networks. Taking an active/standby mode ari NAT (ANAT, Alibaba NAT) as an example, the ANAT is a high-performance NAT host developed based on a dpdk (intel Data Plane Development kit), operates on a general X86 platform, and has the characteristics of high performance, strong customizability and the like. Although the active/standby mode ana cluster can meet the existing service requirements in terms of performance, there are some disadvantages, such as relatively poor redundancy, high cost due to stacking, and the like.
The basic principle of NAT translation roughly includes: the request message in the OUT direction (i.e. the direction from the internal Network to the public Network) actively accesses the public Network, when the flow passes through the NAT host (also called Network Address converter), the NAT host converts the Source IP Address of the message into the IP Address configured in the Address pool, i.e. converts the Source Address in the data packet (SNAT: Source Network Address conversion), establishes a session (session) after the NAT conversion is completed, and sends the message to the public Network; when the response message IN the IN direction (i.e. the direction from the public Network to the intranet) passes through the NAT host, the Destination IP of the message is restored to the source IP of the previous request message according to the previously established session, that is, the Destination Address IN the data packet is converted (DNAT, Destination Network Address Translation), and sent to the intranet host.
Disclosure of Invention
The application provides a method and a device for realizing address translation, which can solve the problem of address translation of fixed outlet IP services.
The application provides a method for realizing address translation, which comprises the following steps:
setting IP address information of fixed outlet IP service for each network address converter in the cluster;
the network address converter detects that the message is an IP tunnel message of a fixed outlet IP service for accessing a public network, and the IP tunnel message finds the IP address information of the fixed outlet IP service set by the network address converter;
performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing a session, and sending the message converted by the network address converter to a network switch;
the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
Optionally, the method further comprises, before:
configuring different routing priorities for each network address translator, and advertising the routing priorities to the network switches.
Optionally, if it is detected that the packet is a non-IP tunnel packet accessing a public network, but the IP address information of the fixed egress IP service bound by the network address translator is found, the method further includes:
and the IP address information of the fixed outlet IP service set in the network address converter is used as the destination address of the newly constructed IP tunnel message, and the original non-IP tunnel message is packaged to the data part of the newly constructed IP tunnel message and then is sent to the network switch.
Optionally, the performing source address conversion on the IP tunnel packet includes:
and replacing the source IP address in the IP tunnel message with the IP address corresponding to the found fixed outlet IP service.
Optionally, the method further comprises:
and when the network address converter receives the response message of the IP tunnel message, the network address converter restores the destination IP address in the response message into the source IP address of the IP tunnel message according to the established session.
The application also provides a method for realizing address translation, which comprises the following steps:
setting IP address information of a fixed outlet IP service aiming at least one network address converter in a cluster;
the network address converter detects that the message is an IP tunnel message of a fixed outlet IP service for accessing a public network, and the IP tunnel message finds the IP address information of the fixed outlet IP service set by the network address converter;
performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing a session, and sending the message converted by the network address converter to a network switch;
the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
The application further provides a device for realizing address translation, which comprises a setting module, a first processing module and a second processing module; wherein the content of the first and second substances,
the setting module is used for setting the IP address information of the fixed outlet IP service;
the first processing module is used for detecting that the message is an IP tunnel message of a fixed outlet IP service accessing a public network, and the IP tunnel message finds the set IP address information of the fixed outlet IP service;
the second processing module is used for carrying out source address conversion on the IP tunnel message by utilizing the found IP address information of the fixed outlet IP service, establishing a session and sending the message converted by the network address converter to the network switch;
the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
Optionally, the setting module is further configured to: configuring a routing priority;
the apparatus also includes an advertising module to advertise the set routing priority to the NSW.
Optionally, the first processing module is further configured to: detecting that the message is a non-IP tunnel message for accessing a public network, and finding out the IP address information of the set fixed outlet IP service;
the second processing module is further configured to: and the IP address information of the set fixed outlet IP service is used as the destination address of the newly constructed IP tunnel message, and the original non-IP tunnel message is packaged to the data part of the newly constructed IP tunnel message and then is sent to the network switch.
The application also provides a device for realizing address translation, which comprises one or more processors; and one or more machine readable media storing a plurality of instructions that, when executed by the one or more processors, cause the apparatus to: setting IP address information of a fixed outlet IP service; detecting that the message is an IP tunnel message of a fixed outlet IP service accessing a public network, and finding the IP address information of the fixed outlet IP service set by a network address converter by the IP tunnel message; performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing a session, and sending the message converted by the network address converter to a network switch; the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
The address translation problem of the fixed outlet IP service is processed through the NAT process running on the NAT host, on one hand, a switch does not need to be dynamically configured, and the possibility that other services on the switch cannot normally run is avoided; on the other hand, because the NAT host is a common server, the automatic operation and maintenance can be completely realized in the operation and maintenance, and the operation and maintenance difficulty is greatly reduced.
Drawings
The accompanying drawings are included to provide a further understanding of the claimed subject matter and are incorporated in and constitute a part of this specification, illustrate embodiments of the subject matter and together with the description serve to explain the principles of the subject matter and not to limit the subject matter.
Fig. 1 is a schematic diagram of an embodiment of a network of BGP-based NAT clusters according to an aspect of the present application;
FIG. 2 is a flow diagram of a method of implementing address translation in accordance with an aspect of the present application;
FIG. 3 is a flow diagram of an embodiment of a method of implementing address translation in accordance with an aspect of the present application;
FIG. 4 is a block diagram illustrating an architecture of an apparatus for implementing address translation in accordance with an aspect of the subject application;
fig. 5 is a schematic diagram of a component structure of an apparatus for implementing address translation according to another aspect of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
In one exemplary configuration of the present application, a computing device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
In order to meet the harsh requirements of high performance, high reliability, load balancing and the like of a production environment, the inventor of the application provides an NAT solution which takes a Border Gateway Protocol (BGP) as a clustering scheme and has the main characteristics of high performance, high reliability, load balancing and the like. On one hand, because a plurality of NAT exist in the cluster, when one NAT fails, a plurality of standby NAT can exist, and the reliability of NAT conversion is improved compared with a main/standby mode; on the other hand, a plurality of NAT in the cluster can work simultaneously, and compared with a main standby mode that only one NAT can work, the efficiency of the NAT cluster realized based on BGP is improved; on the other hand, the NAT cluster realized based on BGP also realizes load balance, and well solves the problem of the NAT cluster in the main/standby mode.
Fig. 1 is a schematic diagram of an embodiment of the present invention according to one aspect of the present application, where as shown in fig. 1, a BGP-based NAT cluster includes four address translation devices, NAT1, NAT2, NAT3, and NAT4, and an OUT direction is taken as an example to illustrate an operation process of the BGP-based NAT cluster:
firstly, each Network Switch (NSW) advertises the priority of its own default route to its upstream switch, and in this embodiment, it is assumed that the route priority advertised by NSW1 is high, and the route priority advertised by NSW2 is low, so that on the path from the upstream switch of the NSW to the NSW, the upstream switch of the NSW will divert all traffic (SIP and DIP are the same) to the same NSW, i.e. the higher priority NSW 1; wherein, SIP is Source IP address, DIP is Destination IP address. Then, hash (hash) calculation is carried out based on a binary group (SIP + DIP) in NSW1, and the same flow is hashed to the same NAT host, so that the purpose of load balancing is achieved, and the same source and destination are guaranteed; here, four NAT hosts within the cluster will advertise the same priority VIP routing to the NSW. Then, NAT carries on the source address translation, because the address in an address pool is divided to every NAT host computer equally, therefore, NAT can always use the address in the address pool of the local configuration to realize the NAT translation to the source address; after completing the address translation of the source IP address, the message is forwarded to the NSW according to the default route. Finally, the NSW forwards the traffic to the downstream switch via policy routing.
When performing NAT translation on a source address, there is a special service requirement that only one fixed source IP address is allowed to be used when accessing multiple destination IP addresses, that is, for a certain specific service (also referred to as fixed egress IP service), the inventors of the present application found that if a policy for traffic of the fixed egress IP is added to a switch, it can be ensured that the traffic of the fixed egress IP is homologously homed, that is, the traffic is always directed to the same device. On one hand, repeated operation on the switch may cause other services on the switch to be incapable of operating normally; on the other hand, the automatic operation and maintenance of the switch is still a difficult problem at present, and therefore, the difficulty of operation and maintenance is greatly increased. Therefore, the application provides a technical scheme for realizing address translation aiming at the problems brought by the traffic of the fixed outlet IP under the BGP NAT cluster.
Fig. 2 is a flowchart illustrating a method for implementing address translation according to an aspect of the present application, as shown in fig. 2, based on the networking architecture of the NAT cluster shown in fig. 1, where the NAT may be a set of processes running on a server, and at least includes:
as shown in block 200, IP address information for fixed egress IP traffic is set for each NAT in the cluster.
Alternatively, the IP address of the fixed egress IP traffic may be set (also referred to as bound) into each NAT host in the cluster in units of an address pool. That is, each NAT host is configured with an IP address corresponding to the fixed egress IP service.
As shown in block 201, the NAT detects that the packet is an IP tunnel (IP tunnel) packet accessing a fixed-egress IP service of the public network, and the IP tunnel packet hits the IP address information of the fixed-egress IP service bound by the NAT.
In the OUT direction, the NAT process on the NAT host can distinguish whether the packet flowing through the NAT is a fixed-egress IP service packet through the service identifier.
As shown in block 202, the source address of the IP tunnel message is translated by using the IP address information of the found (also called hit) fixed egress IP service, a session is established, and the message translated by the NAT is sent to the NSW.
Wherein, NSW refers to the switch for mounting ANAT.
Optionally, the source address converting the IP tunnel message may include: and replacing the source IP address in the IP tunnel message with the IP address corresponding to the hit fixed outlet IP service.
Optionally, establishing the session may include: and establishing a corresponding relation between the source IP address of the IP tunnel message and the hit IP address.
The address translation problem of the fixed outlet IP service is processed through the NAT process running on the NAT host, on one hand, a switch does not need to be dynamically configured, and the possibility that other services on the switch cannot normally run is avoided; on the other hand, because the NAT host is a common server, the automatic operation and maintenance can be completely realized in the operation and maintenance, and the operation and maintenance difficulty is greatly reduced.
The address translation problem of the fixed outlet IP service is processed on the NAT based on the IP tunnel, and the performance and the stability of the original NAT cannot be influenced.
The method of the application also comprises the following steps: and configuring different routing priorities for each NAT, and informing the routing priorities to the NSW.
And the NSW forwards the IP tunnel message to the NAT host with the highest priority according to the routing priority announced by each NAT host in the cluster.
Table 1 shows an example of a configuration of fixed egress IP addresses and routing priorities.
TABLE 1
Table 1 shows that the IP address of the fixed egress IP service (i.e., 192.168.1.1 in table 1) is bound to all NAT hosts by using an address pool as a unit, the address pool of the fixed egress IP service is provided with a corresponding matching policy, and here, only an address hitting the matching policy will select the address pool corresponding to the fixed egress IP; a plurality of pairs of 1 relations exist between the matching strategy and the address pool of the fixed outlet IP address, and the matching strategy is based on destination address matching and the like;
each NAT needs to notify the NSW of the priority of an IP address in different priorities, that is, each IP address needs to notify the NSW of a route with different priority, AS shown in table 1, the NATs in a cluster are divided into 4 priorities in total, and the priorities are distinguished by values of AS _ PATH;
alternatively,
if the detected message is a non-IP tunnel message for accessing the public network, but the IP address information of the fixed outlet IP service bound by the NAT is hit, the method also comprises the following steps:
the IP address information of the fixed outlet IP service bound in the NAT is used as the destination address of the newly constructed IP tunnel message, and the original non-IP tunnel message is packaged to the data part of the newly constructed IP tunnel message and then sent to the NSW (namely the switch connected with the NAT).
Optionally, the method for implementing address translation provided by the present application may further include:
IN the IN direction, when the NAT receives the response message of the IP tunnel message, the destination IP address IN the response message is reduced to the source IP address of the IP tunnel message according to the previously established session.
Fig. 3 is a schematic flow chart of an embodiment of a method for implementing address translation according to an aspect of the present application, and in combination with the cluster architecture diagram shown in fig. 1, it is assumed that a packet in the OUT direction has a packet accessing a fixed egress IP service, and the packet is forwarded to the NAT1 after a Hash operation of the NSW, as shown in fig. 3, where the method includes:
as shown in block 300 and block 304 to block 307, the NAT process on the NAT1 receives the packet, finds that the packet is a normal IP packet, i.e., a non-IP tunnel packet, and after processing, finds that the packet matches the address pool corresponding to the fixed egress IP service, i.e., hits the address pool corresponding to the fixed egress IP service, then the NAT1 takes the IP address from the address pool, and uses the IP address as the destination IP address of the newly constructed IP tunnel packet, and encapsulates the original packet into the data part of the newly constructed IP tunnel packet and sends the packet to the NSW; the NSW forwards the IP tunnel message to the NAT host with the highest priority according to the routing priority advertised by the 4 NAT hosts, for example: if the priority is the NAT2, the IP tunnel message is forwarded to the NAT 2;
as shown in blocks 300 to 303, after receiving the message, the NAT2 determines that the message is an IP tunnel message, and then the NAT2 decapsulates the received IP tunnel message to obtain an original message; and processing the original message, performing source NAT (network Address translation) by using the IP address in the hit address pool to enable the IP address in the hit address pool to replace the source IP address of the original message, and transmitting the original message to the NSW after Session is established so that the NSW forwards the message to a downstream switch according to a routing strategy.
Fig. 4 is a schematic structural diagram of an apparatus for implementing address translation according to an aspect of the present application, as shown in fig. 4, including at least a setting module, a first processing module, and a second processing module; wherein the content of the first and second substances,
the setting module is used for binding the IP address information of the fixed outlet IP service;
the first processing module is used for detecting that the message is an IP tunnel (IP tunnel) message of a fixed outlet IP service accessing a public network, and the IP tunnel message hits the IP address information of the bound fixed outlet IP service;
and the second processing module is used for performing source address conversion on the IP tunnel message by using the IP address information of the hit fixed outlet IP service, establishing a session, and sending the message subjected to the NAT conversion to the NSW.
Optionally, the setting module is further configured to: configuring a routing priority; correspondingly, the apparatus further includes an advertisement module configured to advertise the set routing priority to the NSW.
Alternatively,
the first processing module is further configured to: detecting that the message is a non-IP tunnel message for accessing a public network, but the bound IP address information of the fixed outlet IP service is hit;
the second processing module is further configured to: and using the bound IP address information of the fixed outlet IP service as the destination address of the newly constructed IP tunnel message, encapsulating the original non-IP tunnel message to the data part of the newly constructed IP tunnel message and then sending the encapsulated non-IP tunnel message to the NSW.
Alternatively,
the second processing module is further configured to: and when a response message of the IP tunnel message is received, reducing the destination IP address in the response message into the source IP address of the IP tunnel message according to the previously established session.
FIG. 5 is an illustration of an apparatus according to various embodiments. The apparatus may include one or more processors 500, system control logic 501 coupled to at least one of the processors 500, system Memory 503 coupled to the system control logic 501, Non-Volatile Memory (NVM) coupled to the system control logic 501, and a network interface 505 coupled to the system control logic 501.
In one embodiment, system control logic 501 may include one or more memory controllers to provide an interface to system memory 503. System memory 503 may be used to load and store data and/or instructions for the system of the apparatus shown in fig. 5. In one embodiment, system memory 503 may include any suitable volatile memory, such as Dynamic Random Access Memory (DRAM), for example.
The non-volatile memory/storage 504 may include one or more tangible, non-transitory computer-readable media for storing data and/or instructions, for example. The non-volatile memory/storage 504 may include any suitable non-volatile memory, such as flash memory, and/or may include any suitable non-volatile storage, such as one or more Hard Disk Drives (HDDs), one or more Compact Discs (CDs), and/or one or more Digital Versatile Discs (DVDs).
The non-volatile memory/storage 504 may comprise a storage resource that is physically part of the device shown in FIG. 5, or that is accessible by but not necessarily part of the device shown in FIG. 5. For example, the nonvolatile memory/storage 504 may be accessed by a network via the network interface 505.
The system memory 503 and the non-volatile memory/storage 504 may each include: temporal and persistent instructions 507. The instructions 507 include instructions that, when executed by the at least one processor 500, may cause the apparatus shown in fig. 5 to implement the method described in fig. 2 or fig. 3. In various embodiments, the instructions 507, or hardware, solid, and/or software portions thereof, may additionally/alternatively be located in the system control logic 501, the network interface 505, and/or the processor 500.
The network interface 505 may have a transceiver to provide a radio interface to the device shown in fig. 5 to communicate over one or more networks and/or to communicate with any other suitable device. The network interface 505 may comprise any suitable hardware and/or solid. The network interface 505 may include multiple antennas to provide a multiple-input multiple-output radio interface. In an embodiment, the network interface 505 may include: a network connector, a wireless network connector, a telephone modem, and/or a wireless modem.
In one embodiment, at least one of processors 500 may be packaged with logic for one or more controllers of system control logic 501. In one embodiment, at least one of the processors 500 may be packaged with logic for one or more controllers of the system control logic 501 to form a System In Package (SiP). In one embodiment, at least one of the processors 500 may be integrated with logic on a same chip for one or more controllers of the system control logic 501. In one embodiment, at least one of the processors 500 may be integrated with logic on a same chip for one or more controllers of the system control logic 501 to form a system on a chip (SoC).
The device shown in FIG. 5 may further include an input/output (I/O) device 732. The input/output device 506 may include: a user interface designed to allow a user to interact with the device shown in fig. 5, a peripheral component interface designed to allow peripheral components to interact with the device shown in fig. 5, and/or a sensor designed to determine environmental conditions and/or location information related to the device shown in fig. 5.
In various embodiments, the user interface may include, but is not limited to: a display (e.g., a liquid crystal display, a touch screen display, etc.), a speaker, a microphone, one or more cameras (e.g., a camera and/or a video recorder), a flash (e.g., a light emitting diode flash), and a keyboard.
In various embodiments, the peripheral component interface may include, but is not limited to: a non-volatile memory port, an audio jack, and a power supply interface.
In various embodiments, the sensors may include, but are not limited to: a gyroscope sensor, an accelerometer, a proximity sensor, an ambient light sensor, and a positioning unit. The location unit may also be part of the network interface 505 or interact with the network interface 505 to communicate with a location network, such as a Global Positioning System (GPS) satellite.
The device shown in fig. 5 may have more or fewer components, and/or a different configuration, in different embodiments.
The application also provides a device for realizing address translation, one or more processors; and one or more machine readable media storing a plurality of instructions that, when executed by the one or more processors, cause the apparatus to: binding IP address information of the fixed outlet IP service; detecting that the message is an IP tunnel message of a fixed outlet IP service accessing a public network, and the IP tunnel message hits IP address information of the fixed outlet IP service bound by the NAT; and performing source address conversion on the IP tunnel message by using the IP address information of the hit fixed outlet IP service, establishing session, and sending the message subjected to NAT conversion to the NSW.
Although the embodiments disclosed in the present application are described above, the descriptions are only for the convenience of understanding the present application, and are not intended to limit the present application. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims.
Claims (8)
1. A method for implementing address translation, comprising:
configuring different routing priorities for each network address converter, and announcing the routing priorities to a network switch;
setting IP address information of fixed outlet IP service for each network address converter in the cluster;
the network address converter detects that the message is an IP tunnel message of a fixed outlet IP service for accessing a public network, and the IP tunnel message finds the IP address information of the fixed outlet IP service set by the network address converter;
performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing a session, and sending the message converted by the network address converter to a network switch;
the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
2. The method of claim 1, wherein if the packet is detected to be a non-IP tunneling packet accessing a public network but the IP address information of the fixed egress IP service bound by the network address translator is found, the method further comprises:
and the IP address information of the fixed outlet IP service set in the network address converter is used as the destination address of the newly constructed IP tunnel message, and the original non-IP tunnel message is packaged to the data part of the newly constructed IP tunnel message and then is sent to the network switch.
3. The method of claim 2, wherein the performing source address translation on the IP tunnel packet comprises:
and replacing the source IP address in the IP tunnel message with the IP address corresponding to the found fixed outlet IP service.
4. The method of claim 1, further comprising:
and when the network address converter receives the response message of the IP tunnel message, the network address converter restores the destination IP address in the response message into the source IP address of the IP tunnel message according to the established session.
5. A method for implementing address translation, comprising:
configuring different routing priorities for each network address converter, and announcing the routing priorities to a network switch;
setting IP address information of a fixed outlet IP service aiming at least one network address converter in a cluster;
the network address converter detects that the message is an IP tunnel message of a fixed outlet IP service for accessing a public network, and the IP tunnel message finds the IP address information of the fixed outlet IP service set by the network address converter;
performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing a session, and sending the message converted by the network address converter to a network switch;
the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
6. A device for realizing address translation is characterized by comprising a setting module, a first processing module and a second processing module; wherein the content of the first and second substances,
the setting module is used for setting the IP address information of the fixed outlet IP service; and is also used for configuring the routing priority;
the notification module is used for notifying the set routing priority to the network switch;
the first processing module is used for detecting that the message is an IP tunnel message of a fixed outlet IP service accessing a public network, and the IP tunnel message finds the set IP address information of the fixed outlet IP service;
the second processing module is used for carrying out source address conversion on the IP tunnel message by utilizing the found IP address information of the fixed outlet IP service, establishing a session and sending the message converted by the network address converter to the network switch;
the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
7. The apparatus of claim 6, wherein the first processing module is further configured to: detecting that the message is a non-IP tunnel message for accessing a public network, and finding out the IP address information of the set fixed outlet IP service;
the second processing module is further configured to: and the IP address information of the set fixed outlet IP service is used as the destination address of the newly constructed IP tunnel message, and the original non-IP tunnel message is packaged to the data part of the newly constructed IP tunnel message and then is sent to the network switch.
8. An apparatus for implementing address translation, comprising one or more processors; and one or more machine readable media storing a plurality of instructions that, when executed by the one or more processors, cause the apparatus to: configuring different routing priorities for each network address converter, and announcing the routing priorities to a network switch; setting IP address information of a fixed outlet IP service; detecting that the message is an IP tunnel message of a fixed outlet IP service accessing a public network, and finding the IP address information of the fixed outlet IP service set by a network address converter by the IP tunnel message; performing source address conversion on the IP tunnel message by using the found IP address information of the fixed outlet IP service, establishing a session, and sending the message converted by the network address converter to a network switch; the fixed outlet IP service is a service adopting a fixed source IP address when accessing a plurality of destination IP addresses.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710822932.8A CN109495596B (en) | 2017-09-13 | 2017-09-13 | Method and device for realizing address conversion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710822932.8A CN109495596B (en) | 2017-09-13 | 2017-09-13 | Method and device for realizing address conversion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109495596A CN109495596A (en) | 2019-03-19 |
| CN109495596B true CN109495596B (en) | 2022-04-05 |
Family
ID=65689024
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710822932.8A Active CN109495596B (en) | 2017-09-13 | 2017-09-13 | Method and device for realizing address conversion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109495596B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110650222B (en) * | 2019-10-31 | 2022-07-22 | 北京奇艺世纪科技有限公司 | Network access method and device |
| CN111314497B (en) * | 2020-01-20 | 2022-03-11 | 广州芯德通信科技股份有限公司 | Method and system for simultaneously supporting multiple NAT types to take effect |
| CN112333135B (en) * | 2020-07-16 | 2022-09-06 | 北京京东尚科信息技术有限公司 | Gateway determination method, device, server, distributor, system and storage medium |
| CN113765801B (en) * | 2020-07-16 | 2024-02-09 | 北京京东尚科信息技术有限公司 | Message processing method and device applied to data center, electronic equipment and medium |
| CN112272157B (en) * | 2020-09-15 | 2022-07-26 | 杭州数梦工场科技有限公司 | Method and device for converting host IP address, computer equipment and storage medium |
| CN112711465B (en) * | 2021-03-23 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Data processing method and device based on cloud platform, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1471275A (en) * | 2002-07-23 | 2004-01-28 | ��Ϊ��������˾ | Enterprise external virtual special network system and method using virtual router structure |
| CN1859292A (en) * | 2005-12-16 | 2006-11-08 | 华为技术有限公司 | Household gateway and method for ensuring household network service terminal QoS |
| US8416711B1 (en) * | 2009-08-31 | 2013-04-09 | Skype | Systems and methods for sharing availability status information between network nodes |
| CN103067292A (en) * | 2012-12-26 | 2013-04-24 | 华为技术有限公司 | Websocket-transmission-based load balancing method and device |
| CN103139189A (en) * | 2011-12-05 | 2013-06-05 | 京信通信系统(中国)有限公司 | Internet protocol security (IPSec) tunnel sharing method, IPSec tunnel sharing system and IPSec tunnel sharing equipment |
| CN103179226A (en) * | 2013-03-20 | 2013-06-26 | 国家电网公司 | Method for connecting power distribution terminal into scheduling data network through NAT (Network Address Translation) manner |
| CN104852832A (en) * | 2015-06-03 | 2015-08-19 | 上海斐讯数据通信技术有限公司 | Method and system for testing performance of stun server in socket cluster |
-
2017
- 2017-09-13 CN CN201710822932.8A patent/CN109495596B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1471275A (en) * | 2002-07-23 | 2004-01-28 | ��Ϊ��������˾ | Enterprise external virtual special network system and method using virtual router structure |
| CN1859292A (en) * | 2005-12-16 | 2006-11-08 | 华为技术有限公司 | Household gateway and method for ensuring household network service terminal QoS |
| US8416711B1 (en) * | 2009-08-31 | 2013-04-09 | Skype | Systems and methods for sharing availability status information between network nodes |
| CN103139189A (en) * | 2011-12-05 | 2013-06-05 | 京信通信系统(中国)有限公司 | Internet protocol security (IPSec) tunnel sharing method, IPSec tunnel sharing system and IPSec tunnel sharing equipment |
| CN103067292A (en) * | 2012-12-26 | 2013-04-24 | 华为技术有限公司 | Websocket-transmission-based load balancing method and device |
| CN103179226A (en) * | 2013-03-20 | 2013-06-26 | 国家电网公司 | Method for connecting power distribution terminal into scheduling data network through NAT (Network Address Translation) manner |
| CN104852832A (en) * | 2015-06-03 | 2015-08-19 | 上海斐讯数据通信技术有限公司 | Method and system for testing performance of stun server in socket cluster |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109495596A (en) | 2019-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109495596B (en) | Method and device for realizing address conversion | |
| CN107566441B (en) | Method and system for fast routing transmission between virtual machine and cloud service computing device | |
| CN107645444B (en) | System, device and method for fast routing transmission between virtual machines and cloud service computing devices | |
| US10541836B2 (en) | Virtual gateways and implicit routing in distributed overlay virtual environments | |
| US10129137B2 (en) | Transferring data in a gateway | |
| CN106998286B (en) | VX L AN message forwarding method and device | |
| US9515930B2 (en) | Intelligent handling of virtual machine mobility in large data center environments | |
| US9141420B2 (en) | Overload control in a cloud computing environment | |
| US9477506B2 (en) | Dynamic virtual machines migration over information centric networks | |
| TWI626537B (en) | Methods and systems for analyzing record and usage in post package repair | |
| CN108718278B (en) | Message transmission method and device | |
| US9582307B2 (en) | Efficient data transmission in an overlay virtualized network | |
| JP2008295043A (en) | Intelligent load balancing and failover of network traffic | |
| CN112350918B (en) | Service traffic scheduling method, device, equipment and storage medium | |
| JP2008295041A (en) | Intelligent load balancing and failover of network traffic | |
| CN112333135B (en) | Gateway determination method, device, server, distributor, system and storage medium | |
| CN113676564B (en) | Data transmission method, device and storage medium | |
| US20200084146A1 (en) | Routing between software defined networks and physical networks | |
| CN113765801B (en) | Message processing method and device applied to data center, electronic equipment and medium | |
| CN116170406A (en) | System and method for implementing virtual machine to public network communication | |
| CN113839876B (en) | Transmission path optimization method and equipment for internal network | |
| CN115065730B (en) | Data processing method, first container, electronic equipment and storage medium | |
| US20140064270A1 (en) | Using Fabric Port-Channels to Scale IP Connectivity to Hosts in Directly Connected Subnets in Massive Scale Data Centers | |
| CN110768888A (en) | Data transmission device and system | |
| WO2024001549A1 (en) | Address configuration method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |