CN110012118B - Method and controller for providing Network Address Translation (NAT) service - Google Patents

Method and controller for providing Network Address Translation (NAT) service Download PDF

Info

Publication number
CN110012118B
CN110012118B CN201910178099.7A CN201910178099A CN110012118B CN 110012118 B CN110012118 B CN 110012118B CN 201910178099 A CN201910178099 A CN 201910178099A CN 110012118 B CN110012118 B CN 110012118B
Authority
CN
China
Prior art keywords
host server
controller
nat
flow table
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910178099.7A
Other languages
Chinese (zh)
Other versions
CN110012118A (en
Inventor
贾毫杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910178099.7A priority Critical patent/CN110012118B/en
Publication of CN110012118A publication Critical patent/CN110012118A/en
Priority to PCT/CN2019/103258 priority patent/WO2020181735A1/en
Application granted granted Critical
Publication of CN110012118B publication Critical patent/CN110012118B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2532Clique of NAT servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1036Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a method and a controller for providing Network Address Translation (NAT) service, wherein the method comprises the following steps: the method comprises the steps that a controller establishes communication with a plurality of host servers, the controller generates a flow table for a first host server, the first host server is any one of the host servers which establish communication with the controller, the flow table comprises a plurality of table entries, and each table entry in the plurality of table entries records an NAT forwarding rule; the controller sends the flow table to the first host server, and the flow table is used for the first host server to provide NAT service for a cloud host on the first host server. The embodiment of the application improves the efficiency of the NAT service and eliminates the bottleneck point of the NAT gateway.

Description

Method and controller for providing Network Address Translation (NAT) service
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and a controller for providing a network address translation NAT service.
Background
Because public Network Address resources in an actual Network are limited, a gateway device usually uses a Network Address Translation (NAT) function to realize access of an intranet to the Internet, the NAT is a process of translating an IP Address in an IP data packet header into another IP Address, that is, the NAT translates a private Network Address in data into a public Network Address to realize access of the private Network to a public Network, and the NAT represents more private Network addresses by using a small number of public Network addresses, so that exhaustion of an available Address space can be reduced.
The industry generally provides NAT services by using NAT gateway instances, which may be deployed in a virtual machine manner or in a physical machine cluster manner, and in any manner, traffic needs to be distributed to the NAT gateway instances, which has a high performance requirement on the NAT gateway itself, and once the traffic exceeds a designed upper performance limit, the NAT gateway easily becomes a bottleneck point.
Disclosure of Invention
The embodiment of the application provides a method and a controller for providing Network Address Translation (NAT) service, the NAT service is dispersed to each computing node through the controller, and each computing node provides the NAT service in a flow table mode, so that the NAT service efficiency is improved, and meanwhile, the bottleneck point of an NAT gateway is eliminated.
In a first aspect, an embodiment of the present application provides a method for providing a network address translation NAT service, where the method includes:
the controller establishes communication with a plurality of host servers;
the controller generates a flow table for a first host server, the first host server is any one of the plurality of host servers which establish communication with the controller, the flow table comprises a plurality of entries, and each entry in the plurality of entries records an NAT forwarding rule;
the controller sends the flow table to the first host server, and the flow table is used for the first host server to provide NAT service for the cloud host on the first host server.
According to the embodiment of the application, the NAT service is dispersed to each computing node through the controller, and each computing node provides the NAT service in a flow table mode, so that the NAT service efficiency is improved, and meanwhile, the bottleneck point of an NAT gateway is eliminated.
With reference to the first aspect, in a first possible implementation manner of the first aspect, after the controller sends the flow table to the first host server, the method further includes:
the controller receives a message sent by the first host server;
the controller determines a table entry containing an NAT forwarding rule of the message according to the message;
and the controller sends the entry containing the NAT forwarding rule of the message to the first host server, and the entry containing the NAT forwarding rule of the message is used for the first host server to execute NAT operation on the message.
By adopting the embodiment of the application, when the message sent by the cloud host carried by the host server fails to be matched with the table entry according to the flow table, the controller can generate the message or select the corresponding table entry from the existing flow table and send the table entry to the host server, so that the host server can successfully provide NAT service for the message.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the receiving, by the controller, a packet sent by the first host server includes:
and the controller receives the message sent by the first host server after the matching of the table item for the message fails.
With reference to the first aspect, the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, before the generating, by the controller, a flow table for the first host server, the method further includes:
and the controller receives a NAT service request instruction sent by the first host server, wherein the request instruction is used for requesting the controller to generate the flow table for the first host server.
In this embodiment, the request instruction requests the controller to generate the flow table for the host server, so that the resource of the controller is optimized and the NAT service request of the host server is responded in time, thereby further improving the processing efficiency of the NAT service.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, the NAT forwarding rule includes a conversion rule between private network information and public network information, where the private network information includes an internet protocol IP address and private network port information of a private network, the public network information includes an IP address and public network port information of a public network, and the private network is a private network to which a cloud host on the first host server belongs.
The embodiment of the application provides a method and a controller for providing Network Address Translation (NAT) service, the NAT service is dispersed to each computing node through the controller, and each computing node provides the NAT service in a flow table mode, so that the NAT service efficiency is improved, and meanwhile, the bottleneck point of an NAT gateway is eliminated.
In a second aspect, an embodiment of the present application provides a controller, including:
a configuration unit for establishing communication with a plurality of host servers;
a generating unit, configured to generate a flow table for a first host server, where the first host server is any one of the multiple host servers that establish communication with the controller, and the flow table includes multiple entries, and each entry in the multiple entries records one NAT forwarding rule;
the first sending unit is configured to send the flow table to the first host server, where the flow table is used by the first host server to provide NAT service for a cloud host on the first host server.
The embodiment of the application provides a method and a controller for providing Network Address Translation (NAT) service, the NAT service is dispersed to each computing node through the controller, and each computing node provides the NAT service in a flow table mode, so that the NAT service efficiency is improved, and meanwhile, the bottleneck point of an NAT gateway is eliminated.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the controller further includes a first receiving unit, a determining unit, and a second sending unit; wherein:
the first receiving unit is configured to receive a packet sent by the first host server after the first sending unit sends the flow table to the first host server;
the determining unit is configured to determine, according to the packet, an entry including an NAT forwarding rule of the packet;
the second sending unit is configured to send the entry that includes the NAT forwarding rule for the packet to the first host server, where the entry that includes the NAT forwarding rule for the packet is used by the first host server to perform NAT operation on the packet.
By adopting the embodiment of the application, when the message sent by the cloud host carried by the host server fails to be matched with the table entry according to the flow table, the controller can generate the message or select the corresponding table entry from the existing flow table and send the table entry to the host server, so that the host server can successfully provide NAT service for the message.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the receiving unit is configured to receive a packet sent by the first host server, and specifically:
and the message sending module is used for receiving the message sent by the first host server after the matching of the message with the table entry fails.
With reference to the second aspect, the first possible implementation manner of the second aspect, or the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the controller further includes:
a second receiving unit, configured to receive, before the generating unit generates a flow table for a first host server, an NAT service request instruction sent by the first host server, where the request instruction is used to request the controller to generate the flow table for the first host server.
In this embodiment, the request instruction requests the controller to generate the flow table for the host server, so that the resource of the controller is optimized and the NAT service request of the host server is made in time, thereby further improving the processing efficiency of the NAT service.
With reference to the second aspect, in a fourth possible implementation manner of the second aspect, the NAT forwarding rule includes a conversion rule between private network information and public network information, where the private network information includes an internet protocol IP address and private network port information of a private network, the public network information includes an IP address and public network port information of a public network, and the private network is a private network to which a cloud host on the first host server belongs.
In a third aspect, the present application provides a computer-readable storage medium, which stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processor to execute the method of the first aspect.
In a fourth aspect, an embodiment of the present application provides a server, including a processor, a communication interface, and a computer-readable storage medium, where the processor, the communication interface, and the computer-readable storage medium are connected to each other, where the computer-readable storage medium is used for storing application program codes, and the processor is configured to call the application program codes to execute the method according to the first aspect.
To sum up, in the embodiment of the present application, the NAT service is distributed to each computing node through the controller, and each computing node provides the NAT service in a flow table manner, so that the NAT service efficiency is improved, and a bottleneck point of the NAT gateway is eliminated.
Drawings
The drawings to be used in the embodiments of the present application will be described below.
Fig. 1 is a schematic system architecture diagram of a method for providing NAT service according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for providing NAT service according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating that a host server provides an NAT service for a packet sent by a cloud host carried by the host server according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a controller according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The method and the controller for providing the NAT service disperse the NAT service to each computing node through the controller, and each computing node provides the NAT service in a flow table mode, so that the efficiency of the NAT service is improved, and meanwhile, the bottleneck point of an NAT gateway is eliminated.
The terms "comprising" and "having," and any variations thereof, as appearing in the specification, claims, and drawings of the present application, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus. Furthermore, the terms "first," "second," and "third," etc. are used to distinguish between different objects and are not used to describe a particular order.
In order to make those skilled in the art better understand the technical solutions of the embodiments of the present application, the technical solutions in the embodiments of the present application will be described below clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort shall fall within the protection scope of the present application.
The following are detailed below.
In order to better understand the method and the controller for providing the NAT service for network address translation provided in the embodiments of the present application, a system architecture of a method for providing the NAT service for network address translation applicable in the embodiments of the present application is described below. Referring to fig. 1, fig. 1 is a schematic diagram of a system architecture of a method for providing a network address translation NAT service according to an embodiment of the present disclosure. As shown in fig. 1, the system architecture may include one controller 101, one or more host servers 102, and one or more cloud hosts 103. The controller 101 may communicate with the home servers 102, each home server 102 carrying one or more cloud hosts 103, and the home server 102 and its own cloud host 103 may communicate with each other.
It should be noted that the system architecture of a method for providing a network address translation NAT service provided in the present application is not limited to the system architecture shown in fig. 1.
Based on the system architecture of a method for providing a network address translation NAT service given in fig. 1, the following provides a method for providing a network address translation NAT service, and a flowchart of the method for providing a network address translation NAT service is shown in fig. 2, and may include the following steps:
step S201: the controller establishes communication with a plurality of host servers.
Specifically, the controller may configure network addresses (which may be addresses in the internet, addresses in a local area network, or other communication addresses) of the plurality of home servers, so as to identify data packets from the plurality of home servers and to specifically send the data packets to the plurality of home servers; accordingly, the network address of the controller can be configured on each of the plurality of home servers, so as to identify the data packet from the controller and send the data packet to the controller in a targeted manner. In addition, data transmission can be carried out between the controller and the plurality of host servers in a wired or wireless mode.
S202, the controller generates a flow table for the first host server.
Specifically, the first host server is any one of a plurality of host servers that establish communication with the controller, the flow table includes a plurality of entries, and each entry in the plurality of entries records an NAT forwarding rule.
In a specific embodiment, when the first host server establishes communication with the controller for the first time or when the first host server sends an NAT service request instruction to the controller, the controller generates a corresponding flow table for the first host server. The flow table contains a plurality of entries, and each entry records a NAT forwarding rule.
In one possible implementation, the NAT forwarding rule may include a conversion rule between private network information and public network information, where the private network information includes an internet protocol IP address of a private network and port information of the private network, the public network information includes an IP address of a public network and port information of the public network, and the private network is a private network to which a cloud host on the first host server belongs. For a specific example of the NAT forwarding rule, reference may be made to table 1, where table 1 gives an example of information included in the NAT forwarding rule, mainly an address and port mapping table for a private network accessing a public network. The private network IP address is 10.0.0.2, the corresponding cloud host with the port number of 1723 accesses the public network, the private network IP address and the port number of the cloud host need to be replaced by the public network IP address and the port number of the public network, according to the table 1, the private network IP address of the cloud host is 10.0.0.2 and 131.107.0.1 can be replaced, the port number of 1723 can be replaced by 4000, and after the replacement is completed, the cloud host can access the public network by using a new IP address and a new port number 131.107.0.1/4000.
Table 1 address and port mapping table for private network accessing public network
- Private network IP address Private network port number Public network IP address Public network port number
First table item 10.0.0.2 1723 131.107.0.1 4000
Second table entry 10.0.0.3 1723 131.107.0.1 4001
Third entry 10.0.0.4 1724 131.107.0.1 4002
In one possible implementation, before the controller generates the flow table for the first host server, the method further includes: the controller receives a NAT service request instruction sent by the first host server, wherein the request instruction is used for requesting the controller to generate the flow table for the first host server.
Specifically, when a cloud host on a first host server needs to access a public network and send a message to the first host server, the first host server sends an NAT service request instruction to a controller according to message information, the request instruction is used for requesting the controller to generate a flow table for the first host server, after receiving the request instruction, the controller generates a corresponding flow table for the first host server according to the request instruction, and then sends the flow table to the first host server.
In this embodiment, the request instruction requests the controller to generate the flow table for the host server, so that the resource of the controller is optimized and the NAT service request of the host server is made in time, thereby further improving the processing efficiency of the NAT service.
S203, the controller sends the flow table to the first host server.
Specifically, the flow table is used by the first host server to provide NAT service for the cloud host on the first host server. In a specific embodiment, the controller generates a corresponding flow table for the first host server, and then sends the flow table to the first host server.
S204, the first host server receives the flow table.
In a specific embodiment, after receiving the flow table sent by the controller, the first host server stores the flow table in the local memory. When a cloud host on a first host server needs to access a public network and send a message to the first host server, the first host server calls a flow table stored locally, a flow table entry is matched for the message according to the flow table, after the flow table entry is matched, a private network IP address and a private network port number of the message are replaced by a public network IP address and a public network port number according to the flow table entry, and then the message with the IP address and the port replaced is forwarded to the public network.
For convenience of understanding, fig. 3 shows a schematic diagram that the host server provides the NAT service for the packet sent by the cloud host carried by the host server. Supposing that a cloud host needs to access a public network server with destination IP addresses and port numbers of 202.99.160.2 and 80 respectively, the private network IP address and the port number of the cloud host are 10.0.0.2 and 1723 respectively, and the cloud host cannot access a server of an external network by using the private network IP address, so that the private network IP address of the cloud host needs to be replaced by the IP address of the external network, and corresponding port information also needs to be added so that the information can be accurately fed back to the corresponding cloud host when the external network feeds back the information. Therefore, in fig. 3, the cloud host sends the packet carrying the private network IP address and port number and the destination IP address and port number to the host server, the host server matches the flow table entry for the packet according to the flow table, the specific table entry may refer to table 1, the private network IP address and port number of the packet are replaced by 131.107.0.1/4000 according to the flow table entry after the flow table entry is matched, the destination IP address and port number are not changed, and thus the source IP address and source port number of the packet belong to the IP address and port number of the public network, so that the cloud host can access the public network server with the destination IP address and port number being 202.99.160.2 and 80, respectively.
In one possible implementation, after the controller sends the flow table to the first host server, the method further includes: the controller receives a message sent by the first host server; the controller determines a table entry containing the NAT forwarding rule of the message according to the message; and the controller sends the table entry containing the NAT forwarding rule of the message to the first host server.
Specifically, when the first host server fails to match a flow entry for the packet according to the flow table, the first host server sends the packet to the controller, the controller receives the packet, and generates a corresponding flow entry for the packet according to the packet, and similarly, the entry contains an NAT forwarding rule of the packet, which is used for the first host server to perform NAT operation on the packet, and then the controller sends the flow entry to the first host server, and after receiving the flow entry, the first host server replaces an IP address and a port number for the packet according to the flow entry, and then forwards the packet to the public network.
By adopting the embodiment of the application, when the message sent by the cloud host carried by the host server fails to be matched with the table entry according to the flow table, the controller can generate the message or select the corresponding table entry from the existing flow table and send the table entry to the host server, so that the host server can successfully provide NAT service for the message.
Or, in another possible case, after receiving the packet sent by the first host server due to failure in matching the table entry, the controller matches the flow table entry for the packet from the flow table maintained by the controller, after determining the flow table entry, sends the flow table entry to the first host server, and the first host server receives the flow table entry in the same way, replaces the IP address and the port number for the packet according to the flow table entry, and then forwards the packet to the public network.
Or, in another possible implementation manner, after receiving a message sent by the first host server due to a failure in matching the table entry, the controller returns, to the first host server, information indicating that the message matches the table entry for a failure in matching the table entry for the message matching, and the first host server discards the message.
In one possible implementation manner, in a case that the first host server fails to match a flow entry for the packet according to the flow table, the packet is directly discarded.
In summary, in the method, the NAT service is distributed to each computing node by the controller, and each computing node provides the NAT service in a flow table manner, so that the NAT service efficiency is improved, and a bottleneck point of the NAT gateway is eliminated.
In order to better implement the above solution of the present application, embodiments of the present application further provide a controller, which is described in detail below with reference to the accompanying drawings:
fig. 4 is a schematic structural diagram of a controller 400, where the controller 400 may be the controller 101 in the system architecture for providing the method for providing the NAT service in fig. 1, and the controller 400 includes: a configuration unit 401, a generation unit 402 and a first sending unit 403, wherein:
a configuration unit 401, configured to establish communication with a plurality of host servers;
a generating unit 402, configured to generate a flow table for a first host server, where the first host server is any one of the multiple host servers that establish communication with the controller, and the flow table includes multiple entries, and each entry in the multiple entries records one NAT forwarding rule;
a first sending unit 403, configured to send the flow table to the first host server, where the flow table is used for the first host server to provide NAT service for the cloud host on the first host server.
In one embodiment, the controller 400 further comprises a first receiving unit, a determining unit and a second transmitting unit, wherein:
the first receiving unit is configured to receive a packet sent by the first host server after the first sending unit sends the flow table to the first host server;
the determining unit is configured to determine, according to the packet, an entry including an NAT forwarding rule of the packet;
the second sending unit is configured to send the entry containing the NAT forwarding rule of the packet to the first host server, where the entry containing the NAT forwarding rule of the packet is used for the first host server to perform NAT operation on the packet.
In one embodiment, the receiving unit is configured to receive a packet sent by the first host server, and specifically is:
and the message sending module is used for receiving the message sent by the first host server after the matching of the message with the table entry fails.
In one embodiment, the controller 400 further comprises:
a second receiving unit, configured to receive, before the generating unit generates the flow table for the first host server, a NAT service request instruction sent by the first host server, where the request instruction is used to request the controller to generate the flow table for the first host server.
In one embodiment, the NAT forwarding rule includes a conversion rule between private network information and public network information, where the private network information includes an internet protocol IP address and private network port information of a private network, the public network information includes an IP address and public network port information of a public network, and the private network is a private network to which a cloud host on the first host server belongs.
The specific implementation and beneficial effects of each unit in the server 400 shown in fig. 4 may correspond to the corresponding descriptions in the method embodiment shown in fig. 2, and are not described herein again.
Referring to fig. 5, fig. 5 is a server 500 according to an embodiment of the present application, where the server 500 includes a processor 501, a memory 502 (i.e., a computer-readable storage medium), and a communication interface 503, and the processor 501, the memory 502, and the communication interface 503 are connected to each other through a bus 504.
The memory 502 includes, but is not limited to, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or a portable read-only memory (CD-ROM), and the memory 502 is used for storing related instructions and data. The communication interface 503 is used to receive and transmit data.
The processor 501 may be one or more Central Processing Units (CPUs), and in the case that the processor 501 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.
The processor 501 in the server 500 is configured to read the program code stored in the memory 502, and perform the following operations:
processor 501 establishes communication with a plurality of home servers;
processor 501 generates a flow table for a first home server, where the first home server is any one of the plurality of home servers that establish communication with the controller, and the flow table includes a plurality of entries, and each entry in the plurality of entries records one NAT forwarding rule;
the processor 501 sends the flow table to the first host server through the communication interface 503, where the flow table is used by the first host server to provide NAT service for the cloud host on the first host server.
In one embodiment, after the processor 501 sends the flow table to the first host server through the communication interface 503, the method further includes:
the processor 501 receives the message sent by the first host server through the communication interface 503;
the processor 501 determines an entry containing the NAT forwarding rule of the message according to the message;
the processor 501 sends the entry containing the NAT forwarding rule of the packet to the first host server through the communication interface 503, where the entry containing the NAT forwarding rule of the packet is used for the first host server to perform NAT operation on the packet.
In one embodiment, the processor 501 receives, through the communication interface 503, a message sent by the first host server, specifically:
processor 501 receives the message sent by the first host server after the matching of the table entry for the message fails through communication interface 503.
In one embodiment, before the processor 501 generates the flow table for the first host server, the method further includes:
the processor 501 receives, through the communication interface 503, a NAT service request instruction sent by the first host server, where the request instruction is used to request the controller to generate the flow table for the first host server.
In one embodiment, the NAT forwarding rule includes a conversion rule between private network information and public network information, where the private network information includes an internet protocol IP address and private network port information of a private network, the public network information includes an IP address and public network port information of a public network, and the private network is a private network to which a cloud host on the first host server belongs.
It should be noted that, the implementation of the above operations may also correspond to the corresponding description of the method embodiment shown in fig. 2.
The server 500 described in fig. 5 disperses the NAT service to each computing node through the controller, and each computing node provides the NAT service in a flow table manner, so that the NAT service efficiency is improved, and a bottleneck point of the NAT gateway is also eliminated.
Embodiments of the present application further provide a computer-readable storage medium, in which a computer program is stored, where the computer program includes program instructions, and when the program instructions are executed by a processor, the method flow shown in fig. 2 is implemented.
To sum up, the embodiments of the present application provide a method and a controller for providing a network address translation NAT service, where NAT services are dispersed to each computing node through the controller, and each computing node provides NAT services in a flow table manner, so that the NAT service efficiency is improved, and a bottleneck point of an NAT gateway is also eliminated.
Those skilled in the art can understand that all or part of the processes in the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium and can include the processes of the method embodiments described above when executed. And the aforementioned storage medium includes: various media capable of storing program codes, such as ROM or RAM, magnetic or optical disks, etc.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (5)

1. A method for providing network address translation, NAT, services, comprising:
the controller establishes communication with a plurality of host servers;
when a first host server establishes communication with the controller for the first time or when the first host server sends an NAT service request instruction to the controller, the controller generates a flow table for the first host server, the first host server is any one of the plurality of host servers that establish communication with the controller, the flow table includes a plurality of entries, each entry in the plurality of entries records an NAT forwarding rule, and the request instruction is used for requesting the controller to generate the flow table for the first host server;
the controller sends the flow table to the first host server, wherein the flow table is used for the first host server to provide NAT service for a cloud host on the first host server;
the controller receives the message sent by the first host server after the matching of the table entry for the message fails;
the controller determines a table entry containing an NAT forwarding rule of the message according to the message;
the controller sends the entry containing the NAT forwarding rule of the message to the first host server, and the entry containing the NAT forwarding rule of the message is used for the first host server to execute NAT operation on the message;
if the controller does not determine the table entry containing the NAT forwarding rule of the message according to the message, returning the information of failure of matching the table entry for the message to the first host server so that the first host server discards the message.
2. The method of claim 1, wherein the NAT forwarding rules include translation rules between private network information and public network information, wherein the private network information includes an internet protocol IP address and private network port information of a private network, the public network information includes an IP address and public network port information of a public network, and the private network is a private network to which the cloud host on the first host server belongs.
3. A controller, comprising:
a configuration unit for establishing communication with a plurality of host servers;
a generating unit, configured to generate a flow table for a first host server when the first host server establishes communication with the controller for the first time or when the first host server sends a NAT service request instruction to the controller, where the first host server is any one of the plurality of host servers that establish communication with the controller, the flow table includes a plurality of entries, each entry in the plurality of entries records a NAT forwarding rule, and the request instruction is used to request the controller to generate the flow table for the first host server;
a first sending unit, configured to send the flow table to the first host server, where the flow table is used by the first host server to provide an NAT service for a cloud host on the first host server;
the device also comprises a first receiving unit, a determining unit and a second sending unit, wherein:
the first receiving unit is configured to receive, after the first sending unit sends the flow table to the first host server, the packet sent by the first host server after a failure in matching a table entry for the packet;
the determining unit is used for determining a table entry containing the NAT forwarding rule of the message according to the message;
the second sending unit is configured to send the entry that includes the NAT forwarding rule for the packet to the first host server, where the entry that includes the NAT forwarding rule for the packet is used for the first host server to perform NAT operation on the packet;
the second sending unit is further configured to, when the entry containing the NAT forwarding rule of the packet is not determined according to the packet, return information that the entry is failed to be matched with the packet to the first host server, so that the first host server discards the packet.
4. A controller comprising a processor, a computer readable storage medium for storing program instructions, and a communication interface for performing data receiving and transmitting operations under the control of the processor, the processor being configured to invoke the program instructions to perform the method of claim 1 or 2.
5. A computer-readable storage medium, characterized in that it is used to store program instructions which, when run on a processor, implement the method of claim 1 or 2.
CN201910178099.7A 2019-03-08 2019-03-08 Method and controller for providing Network Address Translation (NAT) service Active CN110012118B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910178099.7A CN110012118B (en) 2019-03-08 2019-03-08 Method and controller for providing Network Address Translation (NAT) service
PCT/CN2019/103258 WO2020181735A1 (en) 2019-03-08 2019-08-29 Method for providing network address translation (nat) service and controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910178099.7A CN110012118B (en) 2019-03-08 2019-03-08 Method and controller for providing Network Address Translation (NAT) service

Publications (2)

Publication Number Publication Date
CN110012118A CN110012118A (en) 2019-07-12
CN110012118B true CN110012118B (en) 2022-07-22

Family

ID=67166686

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910178099.7A Active CN110012118B (en) 2019-03-08 2019-03-08 Method and controller for providing Network Address Translation (NAT) service

Country Status (2)

Country Link
CN (1) CN110012118B (en)
WO (1) WO2020181735A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110012118B (en) * 2019-03-08 2022-07-22 平安科技(深圳)有限公司 Method and controller for providing Network Address Translation (NAT) service
CN112333298B (en) * 2020-12-01 2022-09-02 武汉绿色网络信息服务有限责任公司 Message transmission method and device, computer equipment and storage medium
CN113645188B (en) * 2021-07-07 2023-05-09 中国电子科技集团公司第三十研究所 A Fast Forwarding Method of Data Packet Based on Security Association
CN114710465B (en) * 2022-04-07 2023-05-02 中国联合网络通信集团有限公司 Network address translation method, device, equipment and storage medium
CN116032837B (en) * 2022-12-22 2025-04-18 珠海星云智联科技有限公司 A flow table unloading method and device
CN119892431B (en) * 2024-12-30 2025-12-09 浙江吉利控股集团有限公司 Method, device, equipment, medium and program product for accessing intranet equipment to extranet

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035900B (en) * 2009-09-24 2015-05-06 日电(中国)有限公司 NAT (network address translation) traversal method, system and relay server by relay mode
CN103581324B (en) * 2013-11-11 2016-09-07 中国联合网络通信集团有限公司 A kind of cloud computing resources cell system and implementation method thereof
CN104780232B (en) * 2014-01-13 2018-07-31 华为技术有限公司 A kind of resource allocation methods, controller and system
CN103795805B (en) * 2014-02-27 2017-08-25 中国科学技术大学苏州研究院 Distributed server load-balancing method based on SDN
US9930008B2 (en) * 2014-03-25 2018-03-27 Cisco Technology, Inc. Dynamic service chain with network address translation detection
JP2016092485A (en) * 2014-10-30 2016-05-23 富士通株式会社 Information processing system, management device and information processing system control method
CN104601738B (en) * 2014-12-09 2018-04-10 国家计算机网络与信息安全管理中心 A kind of distributed network address conversion system
CN104601432B (en) * 2014-12-31 2018-03-13 新华三技术有限公司 A kind of message transmitting method and equipment
WO2017032300A1 (en) * 2015-08-25 2017-03-02 华为技术有限公司 Data transmission method, virtual network management apparatus, and data transmission system
CN105554065B (en) * 2015-12-03 2019-06-18 华为技术有限公司 Method, conversion unit and application unit for processing message
US10382392B2 (en) * 2016-08-01 2019-08-13 Big Switch Networks, Inc. Systems and methods for network address translation
CN107172120B (en) * 2017-03-27 2022-06-28 联想(北京)有限公司 Information processing method, processing node and network node
CN108040134A (en) * 2017-12-06 2018-05-15 杭州迪普科技股份有限公司 A kind of method and device of DNS Transparent Proxies
CN110012118B (en) * 2019-03-08 2022-07-22 平安科技(深圳)有限公司 Method and controller for providing Network Address Translation (NAT) service

Also Published As

Publication number Publication date
CN110012118A (en) 2019-07-12
WO2020181735A1 (en) 2020-09-17

Similar Documents

Publication Publication Date Title
CN110012118B (en) Method and controller for providing Network Address Translation (NAT) service
CN108449282B (en) A load balancing method and device thereof
US8650326B2 (en) Smart client routing
CN107872542B (en) A data transmission method and network device
CN110166570B (en) Service session management method and device, and electronic device
US10608866B2 (en) Forwarding Ethernet packets
CN109525684B (en) Message forwarding method and device
US11356410B2 (en) Packet transmission method and device, and computer readable storage medium
CN109040243B (en) Message processing method and device
CN105554065A (en) Method, conversion unit and application unit for message processing
EP3780885B1 (en) Method, apparatus and system for establishing subflows of multipath connection
CN111193773A (en) Load balancing method, device, equipment and storage medium
CN114095430B (en) A method, system and working node for processing access messages
CN112583655A (en) Data transmission method and device, electronic equipment and readable storage medium
CN105554176A (en) Method and device for sending message and communication system
US9055117B1 (en) Distributed network address translation
CN109413224B (en) Message forwarding method and device
CN109474713B (en) Message forwarding method and device
CN109246024B (en) Method, device, terminal equipment and storage medium for load sharing in networking
CN107517129B (en) Method and device for configuring uplink interface of equipment based on OpenStack
CN112787932B (en) Method, device and system for generating forwarding information
CN106330492B (en) A kind of method, apparatus and system configuring user equipment forwarding table
US20090292796A1 (en) Method and device for providing routing policies to user terminals according to applications executed on user terminals
CN112929277B (en) Message processing method and device
CN115913597A (en) Method and device for determining lost host

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant