CN110365807A - A kind of network session flow alignment methods based on address translation - Google Patents

A kind of network session flow alignment methods based on address translation Download PDF

Info

Publication number
CN110365807A
CN110365807A CN201910500388.4A CN201910500388A CN110365807A CN 110365807 A CN110365807 A CN 110365807A CN 201910500388 A CN201910500388 A CN 201910500388A CN 110365807 A CN110365807 A CN 110365807A
Authority
CN
China
Prior art keywords
data packet
address
server
session
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910500388.4A
Other languages
Chinese (zh)
Inventor
张树壮
吴志刚
罗浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201910500388.4A priority Critical patent/CN110365807A/en
Publication of CN110365807A publication Critical patent/CN110365807A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5061Pools of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of network session flow alignment methods based on address translation, detailed process are as follows: distributes corresponding available address pond for every flow processing server, includes one group of available IP address in address pool;When traffic server obtains upstream data packet, an IP address is chosen from its corresponding address pond to replace the source IP address in the data packet, then extracts the five-tuple of upstream data packet, is stored into session mapping table;When target receives upstream data packet, downlink data packet is generated, when downlink data packet passes through another traffic server, downlink data packet is sent to the corresponding flow processing server of uplink;Traffic server, which receives, to be obtained the five-tuple of data packet after downlink data packet and then completes to be aligned, otherwise be recycled into network when determining that it is same session data packet after it is compared with the session mapping table stored.The present invention realizes the function that specified point only uses particular ip address, meets the scene for needing to handle bidirectional traffics in the related applications such as network audit, network security, method is quickly and efficiently.

Description

A kind of network session flow alignment methods based on address translation
Technical field
The network session flow alignment methods based on address translation that the invention proposes a kind of, belong to network flow session skill Art field.
Different regions server is identified by being encoded to IP address, solves flow pair using address translation techniques Quasi- problem realizes the function that specified point only uses particular ip address, meets in the related applications such as network audit, network security The scene handled bidirectional traffics is needed, method is quickly and efficiently.
Background technique
In network audit, the relevant application of network security, there are many situations to need the bidirectional traffics of session could be normal It carries out.In actual engineer application, ideally (symmetrical routing), the request message and server that user sends are returned to The response message of user can walk identical network path, that is to say, that, can when network boundary is obtained and analyzed to flow To get the uplink and downlink flow of user simultaneously, to get complete message, be conducive to the visit for identifying and analyzing user in this way Ask behavior.In actual internet environment, when user and internet interact, especially interacted with internet overseas When, if carrying out flow processing and analysis in backbone router, it just will appear the one-way flow caused due to asymmetric routing and ask Topic.
As shown in Figure 1, upstream data packet is transmitted by the backbone routing in the area A when user accesses internet, interconnect The downlink data packet that net returns to user is transmitted by the backbone routing in the area C, thus will appear asymmetric Routing Loop The more places of uplink and downlink flow under border disperse session problem, i.e., unidirectional flow problem, so the development of specific transactions, example can not be carried out Such as the convergence processing of encryption data.Therefore the data for needing will be dispersed in different location are aligned, i.e., will be on a direction Data merging moves on another direction.
For user when initiating to access the request of interconnection Online Target, flow flows through the router for being distributed in different regions, this A little routers are all located at greatly the computer room (hereinafter referred to as node) of different places.When user accesses internet target, upstream data packet It is transmitted by certain node, the downlink data packet that internet returns to user is transmitted by other node.Traditional moves Shifting method is roughly divided into two kinds, and a kind of to be directed at method for the broadcast based on connection tracking, another kind is the flow alignment based on coding Method.
Broadcast alignment method basic principle is tracked based on connection are as follows: when user accesses interconnection Online Target, by flowing through certain The upstream data packet of node can obtain its five-tuple (source address, source port, destination address, destination port, agreement), and by this five Tuple characteristic information is sent to other all nodes with the forms of broadcasting, other all nodes pass through the five-tuple characteristic information in this way The transmission node that the upstream data packet is subordinate to can be found.Downlink data packet, lower line number are generated after target receives user's request Correspond to the node that upstream data packet transmits since the downlink data packet can be found in node-node transmission procedure according to packet, therefore by the downlink Data packet is transferred in corresponding node, ensure that the integrality of session, but broadcast needs to increase cost on network communication cost in itself, And if the connection tracked information broadcasted in transmission process is lost, and is necessarily malfunctioned.
Flow based on coding is directed at method basic principle are as follows: it is encoded in the source port of communication data packet, that is, It is encoded on 16 bit positions based on certain algorithm (such as MD5 algorithm), for distinguishing the flow for flowing through different server. Basic principle are as follows: the five-tuple accessed user in the upstream data packet that internet target generates takes out, and is constructed based on certain algorithm The mapping relations of source port and (source address, destination address, destination port, agreement), and ground domain identifier is done to source port, work as target Downlink data packet is generated after receiving user's request, after flow processing server obtains its five-tuple, is obtained by retrieving algorithm Row data packet corresponds to the ground domain identifier of the source port in five-tuple, thus by downstream packet transmission to corresponding upstream data packet On node, achieve the effect that flow is aligned.But there are many server due to actual deployment in different regions, and less bit It is not enough to support this demand, therefore the flow alignment methods applicability based on coding is poor.
From the foregoing, it will be observed that the broadcast alignment method based on connection tracking increases communication network to solve session more ground misalignment problem Network expense cost can not be aligned if transmission five-tuple connection tracked information is not in time;Based on coding flow alignment method by In having used the source port of communication to be encoded, and need to verify, the node of support is less, and error rate is also relatively high.
Summary of the invention
In view of this, the present invention proposes a kind of network session flow alignment methods based on address translation, may be implemented Specific computer room only uses the purpose of particular ip address, achievees the purpose that flow is aligned.
Realize that technical scheme is as follows:
A kind of network session flow alignment methods based on address translation, detailed process are as follows:
Corresponding available address pond is distributed for every flow processing server, in address pool comprising one group of available IP Location;
When traffic server obtains upstream data packet, an IP address is chosen from its corresponding address pond to replace the number According to the source IP address in packet, the five-tuple of upstream data packet is then extracted, is stored into session mapping table;
When target receives upstream data packet, downlink data packet is generated, when downlink data packet passes through another traffic service When device, traffic server calculates destination address, and the downlink data packet is sent to the corresponding flow processing clothes of uplink Business device;
Traffic server receives the five-tuple of acquisition data packet after downlink data packet, when it is mapped with the session stored When table determines that it is same session data packet after comparing, then completes to be aligned, otherwise be recycled into network.
Further, the present invention is that every flow processing server constructs ID number, the ID number and flow processing server There are corresponding relationships for IP address.
Further, when the present invention is that every flow processing server prepares available address pond, the ID number and the service There are corresponding relationships for all IP address in the available address pond of device distribution.
Beneficial effect
The network session flow alignment methods based on address translation that the invention proposes a kind of (are utilized based on address translation Address pool carries out address replacement) technology solves flow alignment issues, the function that specified point only uses particular ip address is realized, The scene for needing to handle bidirectional traffics in the related applications such as network audit, network security is met, method is quickly and efficiently.
Detailed description of the invention
The schematic diagram of the more area dispersion computer rooms of Fig. 1;
Fig. 2 uplink and downlink data packet processing schematic;
Fig. 3 data packet process flow diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical scheme in the embodiment of the invention is clearly and completely described.
When user and interconnection Online Target interact, the uplink and downlink data packet of generation can be passed by each routing It is defeated.In fact, the considerations of for related applications such as network audit, network securitys, need to carry out the flow of various regions audit point Analysis so corresponding flow processing server can be disposed, but also can prepare available address pond for every server, be used for address Translation.The embodiment of the present invention provides a kind of network session flow alignment methods based on address translation and is divided into three processes: pre- Treatment process, upstream data packet treatment process and downlink data packet treatment process.
One, preprocessing process
Code identification is carried out firstly the need of to every flow processing server, that is, will be dispersed at the flow of each department It manages server ip address and carries out unique number, be every server construction ID number, since the IP address of every server has only One property, so the ID number of every server also has uniqueness.
After every flow processing server ID number has been determined, next should be every server preparation accordingly can land used Location pond in fact includes multiple IP address in each available address pond, carries out source IP for flowing through the different sessions of server Address is replaced, and function fashion can be used by all IP address in available address pond in the method that the embodiment of the present invention is proposed It is mapped with server ID number.
As shown in table 1, it is numbered first for flow processing server 192.168.132.1 in preprocessing process, takes this Then number of the mantissa value 1 of address as the server is the mantissa of all IP address in the available address pond of its preparation Value is also 1.
1 server ip address of table, number and address pool IP address mapping table
Two, upstream data packet treatment process
When user is when initiating to access the request of interconnection Online Target, generation upstream data packet, upstream data packet passes through each A routing carries out in transmission process, obtains upstream data packet by flow processing server x, and can choose from available address pond IP address, and the source IP address of upstream data packet is replaced, then replaced IP address corresponds server x's just ID number, then server x extracts the five-tuple of the upstream data packet from the data packet after replacement IP address, constructs the meeting of user Mapping item a is talked about, is stored in session mapping table.
Three, downlink data packet treatment process
After target receives user access request, downlink data packet is generated, downlink data packet is passed by each routing During defeated, when through inflow-rate of water turbine processing server y, server y first calculates purpose IP address, obtains handling the session The flow processing server of upstream data packet is x, and this downlink data packet is sent to server x.
After downlink data packet reaches flow processing server x, server x obtains the five-tuple of downlink data packet, and looks into Session mapping table is ask to judge whether this data packet is flow that user once sent.If it is, being patrolled according to own service It collects and is handled, if it is not, then data packet is directly recycled into network, such downlink data packet is always flowed to correspondence On the flow processing server of upstream data packet, so as to realize purpose that the uplink and downlink data of different computer rooms are aligned. Upstream data packet and the detailed process of downlink data packet processing can refer to shown in Fig. 2.
As shown in figure 3, generating upstream data packet, and transmit when user is when initiating to access the request of interconnection Online Target To flow processing server x (1. referring to Fig. 3 process), it is assumed that server x get upstream data packet five-tuple be < 192.168.132.1,3368,8.8.8.8,1002, TCP >, from available address pond choose public ip address 106.187.36.d into Row address translates (2. referring to Fig. 3 process), and wherein d is the mark that can recognize this area's server, in fact, every flow processing Server can all be numbered, once and this number determined, for this node prepare available address pond when, address pool In the mantissa of IP address also determine that the number of server x is d here.So five-tuple after address translation be < 106.187.36.d, 8.8.8.8,1002, TCP >, and session mapping table is constructed with this five-tuple, finally by replaced data Packet is transmitted to target (3. referring to Fig. 3 process).
After intended recipient to user is requested, downlink data packet is generated, and be transferred to flow processing server y (referring to Fig. 3 Process is 4.), server y get downlink data packet correspond to five-tuple be<8.8.8.8,1002,106.187.36.d, TCP>, from And d is identified according to the mantissa section of purpose IP address 106.187.36.d and obtains the corresponding server in machine room x of upstream data packet simultaneously It is forwarded (5. referring to Fig. 3 process), it is same for then inquiring session mapping table by the five-tuple and find with upstream data packet User's (6. referring to Fig. 3 process) of a session, and downstream packet transmission is corresponded on user to the session, to reach up and down The purpose of row data alignment.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention Within protection scope.

Claims (3)

1. a kind of network session flow alignment methods based on address translation, which is characterized in that detailed process are as follows:
Corresponding available address pond is distributed for every flow processing server, includes one group of available IP address in address pool;
When traffic server obtains upstream data packet, an IP address is chosen from its corresponding address pond to replace the data packet In source IP address, then extract upstream data packet five-tuple, store into session mapping table;
When target receives upstream data packet, downlink data packet is generated, when downlink data packet passes through another traffic server, Traffic server calculates destination address, and the downlink data packet is sent to the flow that upstream data packet is passed through and is handled Server;
Traffic server obtains data packet five-tuple after receiving downlink data packet, when it is compared with the session mapping table stored After when determining that it is same session data packet, then complete to be aligned, otherwise be recycled into network.
2. the network session flow alignment methods based on address translation according to claim 1, which is characterized in that for every stream It measures processing server and constructs ID number, there are corresponding relationships with flow processing server IP address for the ID number.
3. the network session flow alignment methods based on address translation according to claim 2, which is characterized in that for every stream When measuring processing server distribution available address pond, all IP address are deposited in the available address pond that the ID number is distributed with the server In corresponding relationship.
CN201910500388.4A 2019-06-11 2019-06-11 A kind of network session flow alignment methods based on address translation Pending CN110365807A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910500388.4A CN110365807A (en) 2019-06-11 2019-06-11 A kind of network session flow alignment methods based on address translation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910500388.4A CN110365807A (en) 2019-06-11 2019-06-11 A kind of network session flow alignment methods based on address translation

Publications (1)

Publication Number Publication Date
CN110365807A true CN110365807A (en) 2019-10-22

Family

ID=68216840

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910500388.4A Pending CN110365807A (en) 2019-06-11 2019-06-11 A kind of network session flow alignment methods based on address translation

Country Status (1)

Country Link
CN (1) CN110365807A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995184A (en) * 2021-03-05 2021-06-18 中电积至(海南)信息技术有限公司 Multi-source network flow content complete restoration method and device
CN115412465A (en) * 2022-07-11 2022-11-29 中国人民解放军国防科技大学 Method and system for generating distributed real network traffic data set based on client

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136926A (en) * 2007-10-12 2008-03-05 杭州华三通信技术有限公司 Packet forwarding method under asymmetric routing condition and network address conversion gateway
CN101335709A (en) * 2008-08-07 2008-12-31 杭州华三通信技术有限公司 Method for implementing load sharing among flow analysis servers and shunting equipment
WO2009082439A1 (en) * 2007-12-18 2009-07-02 Solarwinds Worldwide, Llc Method for configuring acls on network device based on flow information
CN104734897A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Conversation alignment and forwarding system
CN109743414A (en) * 2019-02-18 2019-05-10 国家计算机网络与信息安全管理中心 The method and computer readable storage medium of address translation availability are improved using redundancy link

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136926A (en) * 2007-10-12 2008-03-05 杭州华三通信技术有限公司 Packet forwarding method under asymmetric routing condition and network address conversion gateway
WO2009082439A1 (en) * 2007-12-18 2009-07-02 Solarwinds Worldwide, Llc Method for configuring acls on network device based on flow information
CN101335709A (en) * 2008-08-07 2008-12-31 杭州华三通信技术有限公司 Method for implementing load sharing among flow analysis servers and shunting equipment
CN104734897A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Conversation alignment and forwarding system
CN109743414A (en) * 2019-02-18 2019-05-10 国家计算机网络与信息安全管理中心 The method and computer readable storage medium of address translation availability are improved using redundancy link

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995184A (en) * 2021-03-05 2021-06-18 中电积至(海南)信息技术有限公司 Multi-source network flow content complete restoration method and device
CN112995184B (en) * 2021-03-05 2022-07-12 中电积至(海南)信息技术有限公司 Multi-source network flow content complete restoration method and device
CN115412465A (en) * 2022-07-11 2022-11-29 中国人民解放军国防科技大学 Method and system for generating distributed real network traffic data set based on client
CN115412465B (en) * 2022-07-11 2023-06-20 中国人民解放军国防科技大学 Method and system for generating distributed real network flow data set based on client

Similar Documents

Publication Publication Date Title
Islam et al. A survey on multicasting in software-defined networking
CN104717304B (en) A kind of CDN P2P content optimizations select system
CN105556916B (en) The information statistical method and device of network flow
CN110365807A (en) A kind of network session flow alignment methods based on address translation
Hou et al. Theil-based countermeasure against interest flooding attacks for named data networks
CN102801727A (en) DDoS attacker tracing method based on autonomous system
CN105337819A (en) Data processing method of broadband access gateway, broadband access gateway and network system
Szabo et al. Traffic analysis of mobile broadband networks
Jin et al. On maximizing tree bandwidth for topology-aware peer-to-peer streaming
CN103281211B (en) Large-scale network node system for managing in groups and management method
CN106716939A (en) Improved qos in data stream delivery
CN102340409A (en) Network equipment management method
Suthir et al. SNT algorithm and DCS protocols coalesced a contemporary hasty file sharing with network coding influence
CN101309157B (en) Multicast service management method and apparatus thereof
Léty et al. SCORE: a scalable communication protocol for large-scale virtual environments
CN108965288A (en) A method of it is traced to the source based on stream the cross-domain of fingerprint
CN103795818A (en) NAT traversal method
CN105099725A (en) Multicast realizing method and apparatus for edge network
CN106789999B (en) Method and device for tracking video source
Li et al. MWBS: An efficient many-to-many wireless big data delivery scheme
CN101120553A (en) Method for aggregating data traffic over an access domain and nodes therefor
Ru et al. Status-aware resource adaptation in information-centric and software-defined network
Wong et al. Lateral error recovery for application-level multicast
CN105404797A (en) Dual-redundancy based active network flow digital watermarking method
Yan et al. Efficient dynamic service function chain combination of network function virtualization

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20191022

WD01 Invention patent application deemed withdrawn after publication