CN109639845B - Network Address Translation (NAT) resource allocation method and equipment - Google Patents
Network Address Translation (NAT) resource allocation method and equipment Download PDFInfo
- Publication number
- CN109639845B CN109639845B CN201710929605.2A CN201710929605A CN109639845B CN 109639845 B CN109639845 B CN 109639845B CN 201710929605 A CN201710929605 A CN 201710929605A CN 109639845 B CN109639845 B CN 109639845B
- Authority
- CN
- China
- Prior art keywords
- port
- nat
- session
- network side
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a resource allocation method and equipment for NAT (network address translation), wherein the method comprises the following steps: distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of a user; s102, establishing the session table of the external network side of the user according to the NAT port distribution table entry so as to complete the establishment of the session of the external network side. The invention effectively solves the problem that the same user uses the same NAT address and the port block distribution mode of the user, and expands the reusability of the NAT address by means of the port distribution table, thereby effectively solving the problem of insufficient NAT address.
Description
Technical Field
The present invention relates to the field of network technologies, and in particular, to a resource allocation method and device for network address translation NAT.
Background
The NAT (Network Address Translation) technology is a basic service for solving the lack of IPv4 addresses at present. The NAT Port-range technology enables the source tracing to be simpler by assigning a Port range of an NAT address to a user. The a + P (Address plus Port) technology enables a user to perform network Address translation with a Port range of a designated Address by issuing the designated public network Address plus the Address Port range.
In the network address translation process, no matter v 4-v 4 translation or v4 and v6 mutual translation, state translation inevitably exists, that is, a translation device such as CGN (Carrier Grade NAT) must store information before and after translation. The information before and after the conversion generally includes source IP, source PORT, destination IP, destination PORT, protocol number, NAT IP and NAT PORT. The intranet side can see the source IP, source PORT, destination IP, destination PORT, protocol number, referred to herein as an intranet side session. The extranet side can see the source IP2 (i.e., NAT IP), the source PORT2 (i.e., NAT PORT), the destination IP (DST IP), the destination PORT (DST PORT), the protocol number (PROTOCAL), referred to herein as the extranet side session.
For the session of the internal network side, corresponding session of the external network side is quickly established and correlated with each other, which is a key technology of NAT conversion. When the session on the external network side is established, the corresponding NAT IP and NAT PORT are allocated as key technologies, which are called resource allocation herein. In the prior art of resource allocation, bitmap allocation is adopted more, one NAT IP has 65535 ports at most, and multiple users can share the 65535 ports. For example, 2048 ports are allocated to each user, 65535 and 2048 are 32, and one NAT IP is used by 32 users at most. When 65535 ports of NAT IP are distributed completely, the resources are exhausted, and the user can not establish new connection.
Disclosure of Invention
In order to overcome the above drawbacks, the present invention provides a method and device for allocating NAT resources for network address translation, so as to solve the problem of NAT address shortage.
In order to solve the above technical problem, a resource allocation method for network address translation NAT in the present invention includes:
distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of a user;
and establishing an external network side session table of the user according to the NAT port distribution table entry so as to complete the establishment of the external network side session.
In order to solve the above technical problem, a network address translation NAT device in the present invention includes a memory and a processor, where the memory stores a resource allocation computer program for network address translation NAT, and the processor executes the program to implement the following steps:
distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of a user;
and establishing an external network side session table of the user according to the NAT port distribution table entry so as to complete the establishment of the external network side session.
The invention has the following beneficial effects:
the method and the device of the invention allocate NAT port allocation table items in a preset port allocation table through the NAT IP of a user, and establish an external network side session table of the user according to the NAT port allocation table items to finish the establishment of external network side sessions, thereby solving the problem that the same user uses the same NAT address, and the problem that the NAT address is insufficient by means of the port allocation table in a port block allocation mode of the user.
Drawings
Fig. 1 is a flowchart of a resource allocation method of network address translation NAT in an embodiment of the present invention;
FIG. 2 is a schematic diagram of port allocation in an embodiment of the present invention;
FIG. 3 is a flow chart of an alternative resource allocation method in an embodiment of the present invention;
FIG. 4 is a flow chart of an alternative resource allocation method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a network address translation NAT device in the embodiment of the present invention.
Detailed Description
In order to solve the problem of insufficient NAT addresses, the present invention provides a method and device for allocating resources for network address translation NAT, which are described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
Example one
As shown in fig. 1, an embodiment of the present invention provides a method for allocating resources for network address translation NAT, where the method includes:
s101, distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of a user;
s102, establishing the session table of the external network side of the user according to the NAT port distribution table entry so as to complete the establishment of the session of the external network side.
The embodiment of the invention allocates the NAT port allocation table item in the preset port allocation table through the NAT IP of the user, and establishes the external network side session table of the user according to the NAT port allocation table item to finish the establishment of the external network side session, thereby better solving the problem that the same user uses the same NAT address and the problem that the NAT address is not enough by means of the port allocation table in the port block allocation mode of the user.
As shown in fig. 2, only 1 NAT IP in the NAT address pool is taken as an example, if there are a plurality of similar NAT IPs. The NAT port segment is a port range, such as 1-2048, 2049-.
On the basis of the above embodiment, a modification of the above embodiment is further proposed.
In this embodiment of the present invention, optionally, the allocating, according to the NAT IP of the user, a NAT port allocation table entry in a preset port allocation table includes:
and searching the NAT port distribution table item which does not conflict with the existing external network side session table item in the port distribution table according to the NAT IP of the user.
The NAT port allocation table entry comprises preset external network side resource parameter information and a port array PortCurrent.
The external network side resource parameter information comprises SRC IP2(NAT IP), DST IP, DST PORT and PROTOCAL.
Further, the searching, according to the NAT IP of the user, for an entry that does not conflict with an existing session entry on the external network side in a preset port allocation table includes:
selecting a port numerical value from the port array in the port distribution table corresponding to the NAT IP of the user, and assigning the port numerical value to an NAT port value;
and if the NAT port value and the external network side resource parameter information do not conflict with the existing external network side session table entry, taking the NAT port value and the external network side resource parameter information as the NAT port allocation table entry.
Further, the selecting a port number from the port array and using the port number as a NAT port number includes:
selecting a port numerical value from the port array in an accumulation mode according to a preset accumulation stepping value (for example, 1); alternatively, the first and second electrodes may be,
randomly selecting a port value from the port array.
That is to say, in the embodiment of the present invention, when the port allocation table entry is used subsequently, the PortCurrent adopts an accumulation mode, and 1 session of the external network side is accumulated by 1 every time 1 session of the external network side is newly created. It can also be randomly allocated within a designated port range (i.e. the range of the port array).
Wherein, according to the predetermined step value of accumulation, through the mode of accumulation, choose the port number value from the port array, include:
and accumulating the current port numerical value in the port array according to the accumulated stepping value until the accumulated port numerical value is assigned to an NAT port value, wherein the NAT port value and the external network side resource parameter information do not conflict with the existing external network side session table entry.
For example, one PortCurrent (range customizable, e.g., 2048 to 65535) is maintained for each PROTOCAL, each DST IP, each DST PORT per NAT IP. And writing the NAT IP, the PROTOCAL, the DST IP, the DST PORT and the PortCurrent into a table, and establishing HASH search so as to generate a PORT distribution table.
And adding 1 to the PortCurrent of the corresponding PORT distribution table and assigning the value to SRC PORT2(NAT PORT) every time 1 session on the external network side is newly established. Looking up the session table on the external network side, if the same SRC IP2(NAT IP), SRC PORT2(NAT PORT), DST IP, DST PORT, PROTOCAL are found, then the PortCurrent is repeated and 1 is added. If there is no same session table on the external network side, the allocated SRC PORT2(NAT PORT) is used to form the NAT session insertion on the external network side. And the HASH table value of the table item of the session table at the external network side is established, thereby being convenient for quick search. When 1 NAT IP is available to 100 users, who access a destination at the same time, the cumulative conflict of PortCurrent 65535 should not be large.
The following specific scenario describes the effects of the embodiments of the present invention. In the existing scene, the hardware part consists of 1 NAT device and 5 terminals with network communication function. The terminal 1 and the terminal 2 are in the intranet; the terminals 3, 4, and 5 are external networks and serve as servers.
The first step is as follows: performing related configuration of NAT on the NAT equipment:
(1) rule is configured, 11.1.1.2 as NAT IP. Such as:
ip nat pool zte 11.1.1.2 11.1.1.2 prefiex 24
ip nat inside source list 1 pool zte overload
(2) configuring an internal network side interface and an external network side interface of the NAT, such as:
interface fei_1/1
ip address 10.1.1.1 255.255.255.0
interface fei_1/2
ip address 11.1.1.1 255.255.255.0
the second step is that: and configuring the terminal. The address of terminal 1 is 10.1.1.2 and the address of terminal 2 is 10.1.1.3. The terminal 3 address is 110.1.1.2, the terminal 4 address is 110.1.1.3, and the terminal 5 address is 110.1.1.4. And starting the webpage service on the terminal 3, the terminal 4 and the terminal 5, and monitoring at a TCP 80 port.
The third step: the terminal 1 accesses the terminal 3 to form an internal network side session table item 1, an external network side session table item 1 and a port allocation table item 1 (PortCurrent initial value 2048).
The terminal 1 accesses the terminal 3 again to form an intranet side session table entry 2, an extranet side session table entry 2, and the 1 st entry of the port allocation table entry is updated (the PortCurrent is accumulated from 2048 to 2049).
The terminal 2 accesses the terminal 3 to form an intranet side session table item 3, an extranet side session table item 3 and an update port distribution table item 1 (PortCurrent is accumulated from 2049 to 2050).
The terminal 1 accesses the terminal 4 to form an intranet side session table entry 4, an extranet side session table entry 4 and a port allocation table entry 2 (PortCurrent initial value 2048).
The terminal 1 accesses the terminal 5 to form an intranet side session table entry 5, an extranet side session table entry 5 and a port allocation table entry item 2048.
The fourth step: looking at the entry on the NAT device is roughly as follows.
Port allocation table:
session table on the extranet side:
session table on intranet side:
in this embodiment of the present invention, optionally, the port array includes a port initial value and a port maximum value;
and when the port numerical value obtained by accumulation is larger than the maximum numerical value of the port, setting the port numerical value obtained by accumulation back to the initial numerical value of the port, and continuing to accumulate further until the NAT port numerical value is assigned to the NAT port numerical value, wherein the NAT port numerical value and the external network side resource parameter information do not conflict with the existing external network side session table entry.
For example, the PortCurrent initial value (i.e., the port initial value) may be determined as follows when the port allocation table entry is first used. May be a fixed value such as 2048. Command configuration values, such as those with range restrictions on NAT IP assigned ports, may also be provided. If the user is assigned in port blocks, the port blocks may be started with port numbers. The method can also be an accumulated value under the NAT IP (or a port block allocated by a user), the initial value of the accumulated value can be a fixed value or a command configuration value, when a port allocation table entry is newly established for the NAT IP (or the port block allocated by the user), the accumulated value is added by 1, and the accumulated value is set back to the initial value after reaching the maximum value (the maximum value of the port). Random allocation can also be adopted, and random allocation is carried out within the range of the designated ports.
In this embodiment of the present invention, optionally, after the establishing the session table of the extranet side of the user according to the NAT port allocation table entry to complete the creation of the extranet side session, the method includes:
adding 1 to a session count SessionCount value of a preset count field in a port allocation table, and when the session count value added with 1 is greater than a preset threshold value, no NAT port allocation table entry is allocated from the port allocation table;
and when the session at the external network side is deleted, releasing the corresponding NAT port distribution table entry, and subtracting 1 from the session count value of the count field.
For example, a count field is added to the port allocation table entry, a SessionCount (initial value is 0) is set, the session table entry is allocated to one session table entry, the SessionCount is added by 1, one session table entry is released, and the SessionCount is subtracted by 1. When the value is greater than a certain value, no more allocations may be made and an error returned. This can effectively suppress the collision from being too large.
In this embodiment of the present invention, optionally, before searching, according to the NAT IP of the user, a NAT port allocation table entry that does not conflict with an existing session table entry on the external network side in a preset port allocation table, the method includes:
selecting the NAT IP with the least number of current users to distribute to the users; alternatively, the first and second electrodes may be,
distributing the port block resources pre-allocated with NAT IP to the users; alternatively, the first and second electrodes may be,
and acquiring the NAT IP used by the user.
For example, when the NAT device receives an intranet side message and needs to create a new session, the processing is performed in the following three cases:
(1) if the user has not allocated the session, selecting a NAT IP with the least current user number from a NAT POOL (NAT resource POOL) to allocate the resource. This can be done through sharing rate management of NAT IP.
(2) If the user has already allocated a session, resources are allocated using the previously used NAT IP. This can be done through user management.
(3) Optionally, the user allocates resources in a manner of pre-allocating port blocks of the NAT IP (a segment of a port range of the NAT IP, such as a range of 1 to 1024 ports). After all port blocks of the NAT IP are distributed, the distributed port blocks can be distributed to different users again, or even multiple times. I.e., the same port block may be used by multiple users simultaneously.
In this embodiment of the present invention, optionally, the allocating, according to the NAT IP of the user, a NAT port allocation table entry in a preset port allocation table includes:
distributing the NAT port distribution table entry according to the port bitmap corresponding to the NAT IP;
and when the port bitmap is exhausted, distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of the user.
For example, the NAT IP enables a port bitmap, with 1 port represented every 1 bit. And allocating ports from the port bitmap, allocating corresponding bits on the position of one port, and recovering a port to clear the corresponding bits. And preferentially allocating the port bitmap, and multiplexing port allocation by using the port allocation table entry when the port bitmap is exhausted. When there is a session table entry of a certain port, the port bitmap is set with corresponding bits, and when all session table entries of a certain port are deleted, the port bitmap clears corresponding bits (the session table entries of the same NAT IP, the same NAT port and the same protocol number can be organized through a HASH table, or the usage count of each port is performed). Therefore, the multiplexing of the ports can be ensured after all the ports are used up.
In this embodiment of the present invention, optionally, after the establishing the session table of the extranet side of the user according to the NAT port allocation table entry to complete the creation of the extranet side session, the method includes:
establishing an intranet side session table to complete intranet side session;
and associating the session of the external network side with the session of the internal network side, and adding the table entry index of the opposite side in the session table of the external network side and the session table of the internal network side respectively.
For example, after the session on the extranet side is established, the corresponding session on the intranet side is established. The entry includes fields: SRC IP, SRC PORT, DST IP, DST PORT, PROTOCAL.
The HASH table value of the table entry is established, which is convenient for quick search.
After the session table entries on the two sides are established, the session on the internal network side and the session on the external network side are associated, and the table entry index of the other side is added in the respective table entry.
The session of the internal network side and the session of the external network side can be the same session table, the port multiplex table can also share a common field with the session table, and different HASH collision chains are processed in the table entries.
The following examples illustrate embodiments of the invention.
As shown in fig. 3, the resource allocation procedure includes:
step 11, the NAT device receives the intranet side message, and the user needs to create a new session table entry.
And step 12, acquiring the NAT IP of the user.
Step 13, searching the port distribution table entry, and judging whether the port distribution table entry exists.
And 14, if yes, adding 1 to the PortCurrent to form an external network side session table item, inquiring whether the external network side session table has the same session table item, if so, adding 1 to the PortCurrent, and if not, executing the step 16.
Step 15, if not, newly building a port distribution table entry, a PortCurrent initial value, and executing step 16.
Step 16, establishing a new session table entry on the extranet side.
And step 17, establishing an intranet side session table item and associating the intranet side session table item with the intranet side session table item.
As shown in fig. 4, the resource allocation procedure includes:
step 21, the NAT device receives the intranet side message, and the user needs to create a new session table entry.
And step 22, acquiring the NAT IP of the user.
Step 23, searching the port bitmap, and if the port bitmap can be allocated, searching the port allocation table entry, if yes, executing step 24, and if not, executing step 27.
Step 24, allocating ports, searching for port allocation table entries, and if so, executing step 26, and if not, executing step 27.
Step 25, newly building a port distribution table item, and setting an initial value by the PortCurrent. And step 30 is executed by using the allocated ports to form an extranet side session table entry.
Step 26, adding 1 to the SessionCount of the port allocation table entry, allocating a port to the PortCurrent value, forming an external network side session table entry by using the allocated port, and executing step 30.
Step 27, find the port allocation table entry, if it already exists. If not, go to step 28, and if so, go to step 29.
Step 28, create new port distribution table entry, PortCurrent set initial value, form session table entry of external network side, and execute step 30.
And 29, adding 1 to the PortCurrent to form an external network side session table item. And inquiring whether the session table on the external network side has the same session table item, if so, adding 1 to the PortCurrent, and if not, executing the step 30.
And step 30, establishing a session table item on the external network side.
Step 31, establishing a new session table item on the intranet side, and associating the session table item with the internal session table item and the external session table item.
Example two
The embodiment of the invention provides a Network Address Translation (NAT) device, which comprises a memory and a processor, wherein the memory stores a resource allocation computer program of the NAT, and the processor executes the program to realize the steps of the method in any one of the embodiment.
The embodiment of the invention allocates the NAT port allocation table item in the preset port allocation table through the NAT IP of the user, and establishes the external network side session table of the user according to the NAT port allocation table item to finish the establishment of the external network side session, thereby better solving the problem that the same user uses the same NAT address and the problem that the NAT address is not enough by means of the port allocation table in the port block allocation mode of the user.
Specifically, the processor executes the program to realize the following steps:
distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of a user;
and establishing an external network side session table of the user according to the NAT port distribution table entry so as to complete the establishment of the external network side session.
In this embodiment of the present invention, optionally, the allocating, according to the NAT IP of the user, a NAT port allocation table entry in a preset port allocation table includes:
and searching the NAT port distribution table item which does not conflict with the existing external network side session table item in the port distribution table according to the NAT IP of the user.
The NAT port allocation table entry comprises preset external network side resource parameter information and a port array.
In this embodiment of the present invention, optionally, the searching, according to the NAT IP of the user, for an entry that does not conflict with an existing session entry on the external network side in a preset port allocation table includes:
selecting a port numerical value from the port array in the port distribution table corresponding to the NAT IP of the user, and assigning the port numerical value to an NAT port value;
and if the NAT port value and the external network side resource parameter information do not conflict with the existing external network side session table entry, taking the NAT port value and the external network side resource parameter information as the NAT port allocation table entry.
In this embodiment of the present invention, optionally, the selecting a port number from the port array and taking the port number as the NAT port number includes:
selecting a port numerical value from the port array in an accumulation mode according to a preset accumulation stepping value; alternatively, the first and second electrodes may be,
randomly selecting a port value from the port array.
Further, selecting a port value from the port array in an accumulation manner according to a preset accumulation step value includes:
and accumulating the current port numerical value in the port array according to the accumulated stepping value until the accumulated port numerical value is assigned to an NAT port value, wherein the NAT port value and the external network side resource parameter information do not conflict with the existing external network side session table entry.
Further, the port array includes a port initial value and a port maximum value;
and when the port numerical value obtained by accumulation is larger than the maximum numerical value of the port, setting the port numerical value obtained by accumulation back to the initial numerical value of the port, and continuing to accumulate further until the NAT port numerical value is assigned to the NAT port numerical value, wherein the NAT port numerical value and the external network side resource parameter information do not conflict with the existing external network side session table item.
In this embodiment of the present invention, optionally, after the establishing the session table of the extranet side of the user according to the NAT port allocation table entry to complete the creation of the extranet side session, the method includes:
adding 1 to a session count value of a preset count field in a port allocation table, and when the session count value after 1 is added is greater than a preset threshold value, no NAT port allocation table entry is allocated from the port allocation table;
and when the session at the external network side is deleted, releasing the corresponding NAT port distribution table entry, and subtracting 1 from the session count value of the count field.
In this embodiment of the present invention, optionally, before searching, according to the NAT IP of the user, a NAT port allocation table entry that does not conflict with an existing session table entry on the external network side in a preset port allocation table, the method includes:
selecting the NAT IP with the least number of current users to distribute to the users; alternatively, the first and second electrodes may be,
distributing the port block resources pre-allocated with NAT IP to the users; alternatively, the first and second electrodes may be,
and acquiring the NAT IP used by the user.
In this embodiment of the present invention, optionally, the allocating, according to the NAT IP of the user, a NAT port allocation table entry in a preset port allocation table includes:
distributing the NAT port distribution table entry according to the port bitmap corresponding to the NAT IP;
and when the port bitmap is exhausted, distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of the user.
In this embodiment of the present invention, optionally, after the establishing the session table of the extranet side of the user according to the NAT port allocation table entry to complete the creation of the extranet side session, the method includes:
establishing an intranet side session table to complete intranet side session;
and associating the session of the external network side with the session of the internal network side, and adding the table entry index of the opposite side in the session table of the external network side and the session table of the internal network side respectively.
The embodiment of the invention can be realized in detail by referring to the first embodiment, and has the technical effect of the first embodiment.
EXAMPLE III
An embodiment of the present invention provides a computer-readable storage medium, which stores a resource allocation computer program for network address translation NAT, where the program is executed by at least one processor to implement the steps of the method according to any one of the embodiments.
Computer-readable storage media in embodiments of the invention may be RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage media known in the art. A storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium; or the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit.
In the embodiment of the invention, reference can be made to the first embodiment and the second embodiment during specific implementation, and based on corresponding technical effects.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (11)
1. A resource allocation method for Network Address Translation (NAT), the method comprising:
obtaining NAT IP of a user, and distributing NAT port distribution table entries according to a port bitmap corresponding to the NAT IP;
when the port bitmap is exhausted, distributing NAT port distribution table entries in a preset port distribution table according to the NAT IP of the user;
establishing an external network side session table of the user according to the NAT port distribution table entry so as to complete the establishment of the external network side session;
the allocating the NAT port allocation table entry according to the port bitmap corresponding to the NAT IP comprises:
when the port bitmap corresponding to the NAT IP can allocate ports, allocating the ports for the NAT IP, and searching whether an NAT port allocation table entry which does not conflict with an existing external network side session table entry exists or not;
when the NAT port distribution table entry which does not conflict with the existing external network side session table entry exists, establishing the external network side session table of the user according to the NAT port distribution table entry so as to complete the establishment of the external network side session;
when the NAT port distribution table entry which does not conflict with the existing external network side session table entry does not exist, a port distribution table entry is newly established, and the external network side session table of the user is established according to the newly established port distribution table entry so as to complete the establishment of the external network side session;
wherein, when a port is allocated by the port bitmap, the port is set to a corresponding position.
2. The method of claim 1, wherein the allocating NAT port allocation table entries in a preset port allocation table according to the NAT IP of the user comprises:
and searching the NAT port distribution table item which does not conflict with the existing external network side session table item in the port distribution table according to the NAT IP of the user.
3. The method of claim 2, wherein the NAT port allocation table entry includes preset external network side resource parameter information and a port array.
4. The method of claim 3, wherein the searching for the entry that does not conflict with the existing session entry on the external network side in the preset port allocation table according to the NAT IP of the user comprises:
selecting a port numerical value from the port array in the port distribution table corresponding to the NAT IP of the user, and assigning the port numerical value to an NAT port value;
and if the NAT port value and the external network side resource parameter information do not conflict with the existing external network side session table entry, taking the NAT port value and the external network side resource parameter information as the NAT port allocation table entry.
5. The method of claim 4, wherein said selecting a port number from said port array as a NAT port number comprises:
selecting a port numerical value from the port array in an accumulation mode according to a preset accumulation stepping value; alternatively, the first and second electrodes may be,
randomly selecting a port value from the port array.
6. The method of claim 5, wherein said selecting port values from said port array by accumulation according to a predetermined accumulation step value comprises:
and accumulating the current port numerical value in the port array according to the accumulated stepping value until the accumulated port numerical value is assigned to an NAT port value, wherein the NAT port value and the external network side resource parameter information do not conflict with the existing external network side session table entry.
7. The method of claim 6, wherein the port array comprises a port initial value and a port maximum value;
and when the port numerical value obtained by accumulation is larger than the maximum numerical value of the port, setting the port numerical value obtained by accumulation back to the initial numerical value of the port, and continuing to accumulate further until the NAT port numerical value is assigned to the NAT port numerical value, wherein the NAT port numerical value and the external network side resource parameter information do not conflict with the existing external network side session table item.
8. The method of claim 1, wherein after establishing the session table of the user on the extranet side according to the NAT port allocation table entry to complete the creation of the session on the extranet side, the method comprises:
adding 1 to a session count value of a preset count field in a port allocation table, and when the session count value after 1 is added is greater than a preset threshold value, no NAT port allocation table entry is allocated from the port allocation table;
and when the session at the external network side is deleted, releasing the corresponding NAT port distribution table entry, and subtracting 1 from the session count value of the count field.
9. The method of claim 1, wherein before looking up a NAT port allocation table entry that does not conflict with an existing session entry on the external network side in a preset port allocation table according to the NAT IP of the user, the method comprises:
selecting the NAT IP with the least number of current users to distribute to the users; alternatively, the first and second electrodes may be,
distributing the port block resources pre-allocated with NAT IP to the users; alternatively, the first and second electrodes may be,
and acquiring the NAT IP used by the user.
10. The method according to any one of claims 1-9, wherein after establishing the extranet side session table of the user according to the NAT port allocation table entry to complete the creation of the extranet side session, the method includes:
establishing an intranet side session table to complete intranet side session;
and associating the session of the external network side with the session of the internal network side, and adding the table entry index of the opposite side in the session table of the external network side and the session table of the internal network side respectively.
11. A network address translation NAT device comprising a memory storing a resource allocation computer program for network address translation NAT and a processor executing the program to perform the steps of the method of any of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710929605.2A CN109639845B (en) | 2017-10-09 | 2017-10-09 | Network Address Translation (NAT) resource allocation method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710929605.2A CN109639845B (en) | 2017-10-09 | 2017-10-09 | Network Address Translation (NAT) resource allocation method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109639845A CN109639845A (en) | 2019-04-16 |
| CN109639845B true CN109639845B (en) | 2022-03-29 |
Family
ID=66051208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710929605.2A Active CN109639845B (en) | 2017-10-09 | 2017-10-09 | Network Address Translation (NAT) resource allocation method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109639845B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314505B (en) * | 2020-04-21 | 2023-08-29 | 杭州迪普科技股份有限公司 | Network address conversion method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6381638B1 (en) * | 1999-02-24 | 2002-04-30 | 3Com Corporation | System and method for options based address reuse |
| CN101159693A (en) * | 2007-10-16 | 2008-04-09 | 中兴通讯股份有限公司 | Static PAT supporting arbitrary port method of multiplexing router interface address |
| CN101335770A (en) * | 2008-08-06 | 2008-12-31 | 杭州华三通信技术有限公司 | Method and apparatus for network port address conversion |
| CN103945014A (en) * | 2013-01-21 | 2014-07-23 | 中国科学院声学研究所 | Port multiplexing method in PAT mode and network address translation equipment |
-
2017
- 2017-10-09 CN CN201710929605.2A patent/CN109639845B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6381638B1 (en) * | 1999-02-24 | 2002-04-30 | 3Com Corporation | System and method for options based address reuse |
| CN101159693A (en) * | 2007-10-16 | 2008-04-09 | 中兴通讯股份有限公司 | Static PAT supporting arbitrary port method of multiplexing router interface address |
| CN101335770A (en) * | 2008-08-06 | 2008-12-31 | 杭州华三通信技术有限公司 | Method and apparatus for network port address conversion |
| CN103945014A (en) * | 2013-01-21 | 2014-07-23 | 中国科学院声学研究所 | Port multiplexing method in PAT mode and network address translation equipment |
| CN103945014B (en) * | 2013-01-21 | 2017-09-26 | 中国科学院声学研究所 | Multiplexed port method and network address translation apparatus under a kind of PAT patterns |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109639845A (en) | 2019-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10320738B2 (en) | Address allocation method, CGN device, and CGN dual-active system | |
| CN108924268B (en) | Container cloud service system and pod creation method and device | |
| EP2683138A1 (en) | Public network address allocation method and device | |
| CN109981493B (en) | Method and device for configuring virtual machine network | |
| CN108259218B (en) | IP address allocation method and device | |
| US10764243B2 (en) | Method and apparatus for keeping network address translation mapping alive | |
| CN105791254B (en) | Network request processing method and device and terminal | |
| CN112965824A (en) | Message forwarding method and device, storage medium and electronic equipment | |
| EP3197119A1 (en) | Method and device for allocating network address translation (nat) resources | |
| CN103795622A (en) | Message forwarding method and device using same | |
| CN112040030A (en) | Message transmission method and device, computer equipment and storage medium | |
| US20160205063A1 (en) | Method, device and system for implementing address sharing | |
| CN109639845B (en) | Network Address Translation (NAT) resource allocation method and equipment | |
| CN106302861B (en) | Address allocation method and device | |
| CN113727394A (en) | Method and device for realizing shared bandwidth | |
| CN104486453A (en) | Ageing-time adjusting method and device | |
| CN107547690B (en) | Port allocation method and device in NAT, NAT equipment and storage medium | |
| CN112040029B (en) | NAT conversion method, device, computer equipment and storage medium | |
| TWI504213B (en) | Method for address translator traversal in 3gpp networks | |
| CN111294316B (en) | Network isolation method and device based on user mode protocol stack virtual router | |
| CN109039957B (en) | Message forwarding method and device and CB equipment | |
| CN103051544A (en) | Method and equipment for access of Internet protocol version 4 (IPv4) private network to Internet protocol version 6 (IPv6) network | |
| CN105847143A (en) | VRRP (virtual router redundancy protocol)-based load balancing method and system | |
| CN107547684B (en) | IPv6 address allocation method and device | |
| CN110798538A (en) | NAT address allocation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |