CN110365807A - A kind of network session flow alignment methods based on address translation - Google Patents
A kind of network session flow alignment methods based on address translation Download PDFInfo
- Publication number
- CN110365807A CN110365807A CN201910500388.4A CN201910500388A CN110365807A CN 110365807 A CN110365807 A CN 110365807A CN 201910500388 A CN201910500388 A CN 201910500388A CN 110365807 A CN110365807 A CN 110365807A
- Authority
- CN
- China
- Prior art keywords
- data packet
- address
- server
- session
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5061—Pools of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of network session flow alignment methods based on address translation, detailed process are as follows: distributes corresponding available address pond for every flow processing server, includes one group of available IP address in address pool;When traffic server obtains upstream data packet, an IP address is chosen from its corresponding address pond to replace the source IP address in the data packet, then extracts the five-tuple of upstream data packet, is stored into session mapping table;When target receives upstream data packet, downlink data packet is generated, when downlink data packet passes through another traffic server, downlink data packet is sent to the corresponding flow processing server of uplink;Traffic server, which receives, to be obtained the five-tuple of data packet after downlink data packet and then completes to be aligned, otherwise be recycled into network when determining that it is same session data packet after it is compared with the session mapping table stored.The present invention realizes the function that specified point only uses particular ip address, meets the scene for needing to handle bidirectional traffics in the related applications such as network audit, network security, method is quickly and efficiently.
Description
Technical field
The network session flow alignment methods based on address translation that the invention proposes a kind of, belong to network flow session skill
Art field.
Different regions server is identified by being encoded to IP address, solves flow pair using address translation techniques
Quasi- problem realizes the function that specified point only uses particular ip address, meets in the related applications such as network audit, network security
The scene handled bidirectional traffics is needed, method is quickly and efficiently.
Background technique
In network audit, the relevant application of network security, there are many situations to need the bidirectional traffics of session could be normal
It carries out.In actual engineer application, ideally (symmetrical routing), the request message and server that user sends are returned to
The response message of user can walk identical network path, that is to say, that, can when network boundary is obtained and analyzed to flow
To get the uplink and downlink flow of user simultaneously, to get complete message, be conducive to the visit for identifying and analyzing user in this way
Ask behavior.In actual internet environment, when user and internet interact, especially interacted with internet overseas
When, if carrying out flow processing and analysis in backbone router, it just will appear the one-way flow caused due to asymmetric routing and ask
Topic.
As shown in Figure 1, upstream data packet is transmitted by the backbone routing in the area A when user accesses internet, interconnect
The downlink data packet that net returns to user is transmitted by the backbone routing in the area C, thus will appear asymmetric Routing Loop
The more places of uplink and downlink flow under border disperse session problem, i.e., unidirectional flow problem, so the development of specific transactions, example can not be carried out
Such as the convergence processing of encryption data.Therefore the data for needing will be dispersed in different location are aligned, i.e., will be on a direction
Data merging moves on another direction.
For user when initiating to access the request of interconnection Online Target, flow flows through the router for being distributed in different regions, this
A little routers are all located at greatly the computer room (hereinafter referred to as node) of different places.When user accesses internet target, upstream data packet
It is transmitted by certain node, the downlink data packet that internet returns to user is transmitted by other node.Traditional moves
Shifting method is roughly divided into two kinds, and a kind of to be directed at method for the broadcast based on connection tracking, another kind is the flow alignment based on coding
Method.
Broadcast alignment method basic principle is tracked based on connection are as follows: when user accesses interconnection Online Target, by flowing through certain
The upstream data packet of node can obtain its five-tuple (source address, source port, destination address, destination port, agreement), and by this five
Tuple characteristic information is sent to other all nodes with the forms of broadcasting, other all nodes pass through the five-tuple characteristic information in this way
The transmission node that the upstream data packet is subordinate to can be found.Downlink data packet, lower line number are generated after target receives user's request
Correspond to the node that upstream data packet transmits since the downlink data packet can be found in node-node transmission procedure according to packet, therefore by the downlink
Data packet is transferred in corresponding node, ensure that the integrality of session, but broadcast needs to increase cost on network communication cost in itself,
And if the connection tracked information broadcasted in transmission process is lost, and is necessarily malfunctioned.
Flow based on coding is directed at method basic principle are as follows: it is encoded in the source port of communication data packet, that is,
It is encoded on 16 bit positions based on certain algorithm (such as MD5 algorithm), for distinguishing the flow for flowing through different server.
Basic principle are as follows: the five-tuple accessed user in the upstream data packet that internet target generates takes out, and is constructed based on certain algorithm
The mapping relations of source port and (source address, destination address, destination port, agreement), and ground domain identifier is done to source port, work as target
Downlink data packet is generated after receiving user's request, after flow processing server obtains its five-tuple, is obtained by retrieving algorithm
Row data packet corresponds to the ground domain identifier of the source port in five-tuple, thus by downstream packet transmission to corresponding upstream data packet
On node, achieve the effect that flow is aligned.But there are many server due to actual deployment in different regions, and less bit
It is not enough to support this demand, therefore the flow alignment methods applicability based on coding is poor.
From the foregoing, it will be observed that the broadcast alignment method based on connection tracking increases communication network to solve session more ground misalignment problem
Network expense cost can not be aligned if transmission five-tuple connection tracked information is not in time;Based on coding flow alignment method by
In having used the source port of communication to be encoded, and need to verify, the node of support is less, and error rate is also relatively high.
Summary of the invention
In view of this, the present invention proposes a kind of network session flow alignment methods based on address translation, may be implemented
Specific computer room only uses the purpose of particular ip address, achievees the purpose that flow is aligned.
Realize that technical scheme is as follows:
A kind of network session flow alignment methods based on address translation, detailed process are as follows:
Corresponding available address pond is distributed for every flow processing server, in address pool comprising one group of available IP
Location;
When traffic server obtains upstream data packet, an IP address is chosen from its corresponding address pond to replace the number
According to the source IP address in packet, the five-tuple of upstream data packet is then extracted, is stored into session mapping table;
When target receives upstream data packet, downlink data packet is generated, when downlink data packet passes through another traffic service
When device, traffic server calculates destination address, and the downlink data packet is sent to the corresponding flow processing clothes of uplink
Business device;
Traffic server receives the five-tuple of acquisition data packet after downlink data packet, when it is mapped with the session stored
When table determines that it is same session data packet after comparing, then completes to be aligned, otherwise be recycled into network.
Further, the present invention is that every flow processing server constructs ID number, the ID number and flow processing server
There are corresponding relationships for IP address.
Further, when the present invention is that every flow processing server prepares available address pond, the ID number and the service
There are corresponding relationships for all IP address in the available address pond of device distribution.
Beneficial effect
The network session flow alignment methods based on address translation that the invention proposes a kind of (are utilized based on address translation
Address pool carries out address replacement) technology solves flow alignment issues, the function that specified point only uses particular ip address is realized,
The scene for needing to handle bidirectional traffics in the related applications such as network audit, network security is met, method is quickly and efficiently.
Detailed description of the invention
The schematic diagram of the more area dispersion computer rooms of Fig. 1;
Fig. 2 uplink and downlink data packet processing schematic;
Fig. 3 data packet process flow diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical scheme in the embodiment of the invention is clearly and completely described.
When user and interconnection Online Target interact, the uplink and downlink data packet of generation can be passed by each routing
It is defeated.In fact, the considerations of for related applications such as network audit, network securitys, need to carry out the flow of various regions audit point
Analysis so corresponding flow processing server can be disposed, but also can prepare available address pond for every server, be used for address
Translation.The embodiment of the present invention provides a kind of network session flow alignment methods based on address translation and is divided into three processes: pre-
Treatment process, upstream data packet treatment process and downlink data packet treatment process.
One, preprocessing process
Code identification is carried out firstly the need of to every flow processing server, that is, will be dispersed at the flow of each department
It manages server ip address and carries out unique number, be every server construction ID number, since the IP address of every server has only
One property, so the ID number of every server also has uniqueness.
After every flow processing server ID number has been determined, next should be every server preparation accordingly can land used
Location pond in fact includes multiple IP address in each available address pond, carries out source IP for flowing through the different sessions of server
Address is replaced, and function fashion can be used by all IP address in available address pond in the method that the embodiment of the present invention is proposed
It is mapped with server ID number.
As shown in table 1, it is numbered first for flow processing server 192.168.132.1 in preprocessing process, takes this
Then number of the mantissa value 1 of address as the server is the mantissa of all IP address in the available address pond of its preparation
Value is also 1.
1 server ip address of table, number and address pool IP address mapping table
Two, upstream data packet treatment process
When user is when initiating to access the request of interconnection Online Target, generation upstream data packet, upstream data packet passes through each
A routing carries out in transmission process, obtains upstream data packet by flow processing server x, and can choose from available address pond
IP address, and the source IP address of upstream data packet is replaced, then replaced IP address corresponds server x's just
ID number, then server x extracts the five-tuple of the upstream data packet from the data packet after replacement IP address, constructs the meeting of user
Mapping item a is talked about, is stored in session mapping table.
Three, downlink data packet treatment process
After target receives user access request, downlink data packet is generated, downlink data packet is passed by each routing
During defeated, when through inflow-rate of water turbine processing server y, server y first calculates purpose IP address, obtains handling the session
The flow processing server of upstream data packet is x, and this downlink data packet is sent to server x.
After downlink data packet reaches flow processing server x, server x obtains the five-tuple of downlink data packet, and looks into
Session mapping table is ask to judge whether this data packet is flow that user once sent.If it is, being patrolled according to own service
It collects and is handled, if it is not, then data packet is directly recycled into network, such downlink data packet is always flowed to correspondence
On the flow processing server of upstream data packet, so as to realize purpose that the uplink and downlink data of different computer rooms are aligned.
Upstream data packet and the detailed process of downlink data packet processing can refer to shown in Fig. 2.
As shown in figure 3, generating upstream data packet, and transmit when user is when initiating to access the request of interconnection Online Target
To flow processing server x (1. referring to Fig. 3 process), it is assumed that server x get upstream data packet five-tuple be <
192.168.132.1,3368,8.8.8.8,1002, TCP >, from available address pond choose public ip address 106.187.36.d into
Row address translates (2. referring to Fig. 3 process), and wherein d is the mark that can recognize this area's server, in fact, every flow processing
Server can all be numbered, once and this number determined, for this node prepare available address pond when, address pool
In the mantissa of IP address also determine that the number of server x is d here.So five-tuple after address translation be <
106.187.36.d, 8.8.8.8,1002, TCP >, and session mapping table is constructed with this five-tuple, finally by replaced data
Packet is transmitted to target (3. referring to Fig. 3 process).
After intended recipient to user is requested, downlink data packet is generated, and be transferred to flow processing server y (referring to Fig. 3
Process is 4.), server y get downlink data packet correspond to five-tuple be<8.8.8.8,1002,106.187.36.d, TCP>, from
And d is identified according to the mantissa section of purpose IP address 106.187.36.d and obtains the corresponding server in machine room x of upstream data packet simultaneously
It is forwarded (5. referring to Fig. 3 process), it is same for then inquiring session mapping table by the five-tuple and find with upstream data packet
User's (6. referring to Fig. 3 process) of a session, and downstream packet transmission is corresponded on user to the session, to reach up and down
The purpose of row data alignment.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention
Within protection scope.
Claims (3)
1. a kind of network session flow alignment methods based on address translation, which is characterized in that detailed process are as follows:
Corresponding available address pond is distributed for every flow processing server, includes one group of available IP address in address pool;
When traffic server obtains upstream data packet, an IP address is chosen from its corresponding address pond to replace the data packet
In source IP address, then extract upstream data packet five-tuple, store into session mapping table;
When target receives upstream data packet, downlink data packet is generated, when downlink data packet passes through another traffic server,
Traffic server calculates destination address, and the downlink data packet is sent to the flow that upstream data packet is passed through and is handled
Server;
Traffic server obtains data packet five-tuple after receiving downlink data packet, when it is compared with the session mapping table stored
After when determining that it is same session data packet, then complete to be aligned, otherwise be recycled into network.
2. the network session flow alignment methods based on address translation according to claim 1, which is characterized in that for every stream
It measures processing server and constructs ID number, there are corresponding relationships with flow processing server IP address for the ID number.
3. the network session flow alignment methods based on address translation according to claim 2, which is characterized in that for every stream
When measuring processing server distribution available address pond, all IP address are deposited in the available address pond that the ID number is distributed with the server
In corresponding relationship.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910500388.4A CN110365807A (en) | 2019-06-11 | 2019-06-11 | A kind of network session flow alignment methods based on address translation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910500388.4A CN110365807A (en) | 2019-06-11 | 2019-06-11 | A kind of network session flow alignment methods based on address translation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110365807A true CN110365807A (en) | 2019-10-22 |
Family
ID=68216840
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910500388.4A Pending CN110365807A (en) | 2019-06-11 | 2019-06-11 | A kind of network session flow alignment methods based on address translation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110365807A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112995184A (en) * | 2021-03-05 | 2021-06-18 | 中电积至(海南)信息技术有限公司 | Multi-source network flow content complete restoration method and device |
CN115412465A (en) * | 2022-07-11 | 2022-11-29 | 中国人民解放军国防科技大学 | Method and system for generating distributed real network traffic data set based on client |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136926A (en) * | 2007-10-12 | 2008-03-05 | 杭州华三通信技术有限公司 | Packet forwarding method under asymmetric routing condition and network address conversion gateway |
CN101335709A (en) * | 2008-08-07 | 2008-12-31 | 杭州华三通信技术有限公司 | Method for implementing load sharing among flow analysis servers and shunting equipment |
WO2009082439A1 (en) * | 2007-12-18 | 2009-07-02 | Solarwinds Worldwide, Llc | Method for configuring acls on network device based on flow information |
CN104734897A (en) * | 2013-12-18 | 2015-06-24 | 国家计算机网络与信息安全管理中心 | Conversation alignment and forwarding system |
CN109743414A (en) * | 2019-02-18 | 2019-05-10 | 国家计算机网络与信息安全管理中心 | The method and computer readable storage medium of address translation availability are improved using redundancy link |
-
2019
- 2019-06-11 CN CN201910500388.4A patent/CN110365807A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136926A (en) * | 2007-10-12 | 2008-03-05 | 杭州华三通信技术有限公司 | Packet forwarding method under asymmetric routing condition and network address conversion gateway |
WO2009082439A1 (en) * | 2007-12-18 | 2009-07-02 | Solarwinds Worldwide, Llc | Method for configuring acls on network device based on flow information |
CN101335709A (en) * | 2008-08-07 | 2008-12-31 | 杭州华三通信技术有限公司 | Method for implementing load sharing among flow analysis servers and shunting equipment |
CN104734897A (en) * | 2013-12-18 | 2015-06-24 | 国家计算机网络与信息安全管理中心 | Conversation alignment and forwarding system |
CN109743414A (en) * | 2019-02-18 | 2019-05-10 | 国家计算机网络与信息安全管理中心 | The method and computer readable storage medium of address translation availability are improved using redundancy link |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112995184A (en) * | 2021-03-05 | 2021-06-18 | 中电积至(海南)信息技术有限公司 | Multi-source network flow content complete restoration method and device |
CN112995184B (en) * | 2021-03-05 | 2022-07-12 | 中电积至(海南)信息技术有限公司 | Multi-source network flow content complete restoration method and device |
CN115412465A (en) * | 2022-07-11 | 2022-11-29 | 中国人民解放军国防科技大学 | Method and system for generating distributed real network traffic data set based on client |
CN115412465B (en) * | 2022-07-11 | 2023-06-20 | 中国人民解放军国防科技大学 | Method and system for generating distributed real network flow data set based on client |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Islam et al. | A survey on multicasting in software-defined networking | |
CN104717304B (en) | A kind of CDN P2P content optimizations select system | |
CN105556916B (en) | The information statistical method and device of network flow | |
CN110365807A (en) | A kind of network session flow alignment methods based on address translation | |
Hou et al. | Theil-based countermeasure against interest flooding attacks for named data networks | |
CN102801727A (en) | DDoS attacker tracing method based on autonomous system | |
CN105337819A (en) | Data processing method of broadband access gateway, broadband access gateway and network system | |
Szabo et al. | Traffic analysis of mobile broadband networks | |
Jin et al. | On maximizing tree bandwidth for topology-aware peer-to-peer streaming | |
CN103281211B (en) | Large-scale network node system for managing in groups and management method | |
CN106716939A (en) | Improved qos in data stream delivery | |
CN102340409A (en) | Network equipment management method | |
Suthir et al. | SNT algorithm and DCS protocols coalesced a contemporary hasty file sharing with network coding influence | |
CN101309157B (en) | Multicast service management method and apparatus thereof | |
Léty et al. | SCORE: a scalable communication protocol for large-scale virtual environments | |
CN108965288A (en) | A method of it is traced to the source based on stream the cross-domain of fingerprint | |
CN103795818A (en) | NAT traversal method | |
CN105099725A (en) | Multicast realizing method and apparatus for edge network | |
CN106789999B (en) | Method and device for tracking video source | |
Li et al. | MWBS: An efficient many-to-many wireless big data delivery scheme | |
CN101120553A (en) | Method for aggregating data traffic over an access domain and nodes therefor | |
Ru et al. | Status-aware resource adaptation in information-centric and software-defined network | |
Wong et al. | Lateral error recovery for application-level multicast | |
CN105404797A (en) | Dual-redundancy based active network flow digital watermarking method | |
Yan et al. | Efficient dynamic service function chain combination of network function virtualization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20191022 |
|
WD01 | Invention patent application deemed withdrawn after publication |