CN111314505B - Network address conversion method and device - Google Patents
Network address conversion method and device Download PDFInfo
- Publication number
- CN111314505B CN111314505B CN202010319242.2A CN202010319242A CN111314505B CN 111314505 B CN111314505 B CN 111314505B CN 202010319242 A CN202010319242 A CN 202010319242A CN 111314505 B CN111314505 B CN 111314505B
- Authority
- CN
- China
- Prior art keywords
- port
- address
- conversion
- target
- conversion table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The method is applied to network equipment, and the network equipment is preset with a conversion table, wherein the conversion table item comprises a pre-conversion IP address, a post-conversion port block and an occupation mark; the port block after conversion is a set of a plurality of available ports divided from a set of available ports corresponding to the IP address after conversion; the method comprises the following steps: extracting a source IP address of a message from the message needing network address conversion; querying a target conversion table item corresponding to the source IP address in the conversion table; acquiring a corresponding converted IP address from the target conversion table item, and replacing a source IP address in the message with the converted IP address; and reading the occupation mark to determine any unoccupied port as a target port, further replacing the source port number in the message with the port number of the target port, and updating the occupation mark to indicate that the target port is occupied.
Description
Technical Field
The present application relates to the field of computer networks, and in particular, to a method and apparatus for converting a network address.
Background
With the continuous development of computer networks, IPv4 addresses are gradually exhausted, and network address translation (Network Address Translation, NAT) is widely used. Specifically, NAT can make multiple private IP addresses share one public IP address, and can alleviate the condition of IPv4 address exhaustion to some extent.
In NAT, one typically uses a method of hashing (hash) the IP and port number before translation to determine the translated IP and port number; in this way, although there is an advantage that the relationship between the addresses before and after conversion can be predicted, there may be a case where part of the IP and part of the ports in the address pool are not used at all times, resulting in a problem of address resource waste.
Disclosure of Invention
In view of the above, the application discloses a network address translation method and a device.
According to a first aspect of an embodiment of the present application, a network address translation method is disclosed, which is applied to a network device, where the network device is preset with a translation table, the translation table includes at least one translation table entry, where the translation table entry includes a pre-translation IP address, a post-translation port block, and an occupation flag indicating that each port in the post-translation port block is occupied;
the converted port block is a set of a plurality of available ports divided from a set of available ports corresponding to the converted IP address;
the method comprises the following steps:
extracting a source IP address of a message from the message needing network address conversion;
querying a target conversion table item corresponding to the source IP address in the conversion table;
acquiring a corresponding converted IP address from the target conversion table item, and replacing a source IP address in the message with the converted IP address;
and reading an occupation mark from the target conversion table item, determining any unoccupied port as a target port from the corresponding converted port block, further replacing a source port number in the message with the port number of the target port, and updating the occupation mark to indicate that the target port is occupied.
According to a second aspect of an embodiment of the present application, a network address translation device is disclosed, which is applied to a network device, where the network device is preset with a translation table, and the translation table includes at least one translation table entry, where the translation table entry includes a pre-translation IP address, a post-translation port block, and an occupation flag indicating that each port in the post-translation port block is occupied;
the converted port block is a set of a plurality of available ports divided from a set of available ports corresponding to the converted IP address;
the device comprises:
the source IP address extraction module extracts the source IP address of a message from the message needing network address conversion;
the conversion table inquiring module inquires a target conversion table item corresponding to the source IP address in the conversion table;
the IP address conversion module acquires a corresponding converted IP address from the target conversion table item, and replaces the source IP address in the message with the converted IP address;
and the port number conversion module is used for reading an occupation mark from the target conversion table item, determining any unoccupied port from the corresponding converted port block as a target port, further replacing a source port number in the message with the port number of the target port, and updating the occupation mark to indicate that the target port is occupied.
In the above technical solution, on one hand, because the set of available ports corresponding to the converted IP address is divided into a plurality of port blocks in advance, and the allocation relationship of the port blocks is managed by the conversion table, multiplexing of the converted IP address resources can be more flexibly completed; on the other hand, the occupation mark in the conversion table entry can indicate the situation that each port in the corresponding port block is occupied, so that resource waste can be reduced when the ports in the port block are utilized.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the specification and together with the description, serve to explain the principles.
FIG. 1 is a diagram illustrating an exemplary division of port blocks described herein;
FIG. 2 is a flowchart illustrating a network address translation method according to the present disclosure;
fig. 3 is a diagram showing a structural example of the conversion table described in the present specification;
fig. 4 is a diagram showing an example of the structure of the network address translation device described in the present specification.
Detailed Description
In order to better understand the technical solutions in one or more embodiments of the present specification, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the accompanying drawings in one or more embodiments of the present specification. It will be apparent that the described embodiments are only some embodiments and not all embodiments. All other embodiments, which can be made by one or more embodiments of the present disclosure without inventive effort, shall fall within the scope of the present application.
When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present specification. Rather, they are merely examples of systems and methods that are consistent with some aspects of the present description as detailed in the accompanying claims.
The terminology used in the description presented herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in this specification to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
With the continued development of computer networks, internet communication protocol version four (Internet Protocol version, ipv 4) addresses are gradually exhausted, and network address translation (Network Address Translation, NAT) is widely used. Specifically, NAT can make a plurality of private IP addresses share one common IP address, and can alleviate the condition of IPv4 address exhaustion to some extent.
In the related art, when NAT is required, people generally determine the translated IP and port number by hashing (hash) the IP and port number before translation; in this way, although there is an advantage that the relationship between the addresses before and after conversion can be predicted, there may be a case where part of the IP and part of the ports in the address pool are not used at all times, resulting in a problem of address resource waste.
Based on this, the present specification proposes a technical solution of dividing a port block in advance from a set of available ports corresponding to a converted IP address, converting a converted IP address to a converted IP address corresponding to the port block by querying a conversion table maintained in advance, and converting a port number before conversion to a port number in the port block.
When the method is realized, the corresponding relation between the IP address before conversion and the port block after conversion and the IP address after conversion can be determined by a table look-up mode, so that the network address conversion can be completed by only using a part (namely the port block after conversion) which is divided out of all available ports corresponding to the IP address after conversion.
In the above technical solution, on one hand, since the port block is only a part of the available port set corresponding to the converted IP address, a plurality of IP addresses before conversion can be mapped to different port blocks of the same converted IP address, multiplexing of the converted IP address is achieved, and resources of the converted IP address are saved;
on the other hand, the conversion table item contains the occupation mark for indicating the occupation condition of the port block after the conversion, so that the resource waste can be reduced when the ports in the port block are utilized.
The present application is described below by way of specific embodiments and in connection with specific application scenarios.
In the present specification, a plurality of available ports may be divided from a set of available ports corresponding to the converted IP address, to form a converted port block; the available ports refer to ports which can be used for network address conversion; for example, from among the ports corresponding to a certain converted IP address, 20000 port to 30000 port are set as ports suspected for network address conversion, and thus the above 20000 port to 30000 port can be regarded as available ports; as another example, since a portion of port numbers have been commonly used to agree on a particular purpose, e.g., 23 ports are commonly used for Telnet services, such port numbers that have been commonly used to agree on a particular purpose may not be considered as available ports when dividing port blocks.
After the division is completed, the divided port blocks are regarded as a port block pool, and the port blocks in the pool can be dynamically allocated as resources to each network address conversion process for use; it will be appreciated that for IP addresses exceeding one port block for some ports that need to be used, it is possible to allocate a plurality of available port blocks to meet its needs.
It can be appreciated that the specific manner of dividing the port blocks described above, such as dividing the length of the port blocks to a preset fixed value or a variable value; the dividing action is completed in advance or is dynamically divided according to the requirements; the port block consists of a plurality of ports with continuous port numbers, or a plurality of ports with intervals of the port numbers, and the like; such as this, specific partitioning means can be designed by those skilled in the art according to specific requirements, and the present specification is not limited specifically.
In an embodiment, the converted port block may be obtained by dividing a set of available ports corresponding to the converted IP address according to a preset length; for example, the length may be preset to be 100, and the set of available ports may be divided into a plurality of port blocks with the length of 100 according to the order of port numbers.
Referring to fig. 1, fig. 1 is a diagram illustrating an example of a division manner of a port block described in the present specification; in this example, the available ports corresponding to the converted IP, such as IP address A, IP address B, IP address C, are divided into port blocks in advance by a preset length of 100; taking IP address a as an example, its corresponding available ports are 100 to x+99 ports, which are divided into x port blocks of 100 to 199, 200 to 299, etc. in this example, in steps of 100.
The port blocks are divided by adopting the scheme of fixing the lengths of the port blocks and completing the division in advance, and the lengths actually adopted by the port blocks can be designed by a technician in a self-defined way, so that the port blocks are not required to be divided again when the ports are allocated each time while the flexibility of port allocation is ensured, and the efficiency of port allocation is improved.
Referring to fig. 2, fig. 2 is a flowchart illustrating a network address translation method according to an embodiment of the present application; the method is applied to network equipment, the network equipment is preset with a conversion table, the conversion table comprises at least one conversion table item, wherein the conversion table item comprises a pre-conversion IP address, a post-conversion port block and an occupation mark for indicating the occupation condition of each port in the post-conversion port block;
the converted port block is a set of a plurality of available ports divided from a set of available ports corresponding to the converted IP address; the method performs the steps of:
s201, extracting a source IP address of a message from the message needing network address conversion;
s202, inquiring a target conversion table item corresponding to the source IP address in the conversion table;
s203, obtaining the corresponding converted IP address from the target conversion table item, and replacing the source IP address in the message with the converted IP address;
s204, reading an occupation mark from the target conversion table item, determining any unoccupied port as a target port from the corresponding converted port block, further replacing a source port number in the message with the port number of the target port, and updating the occupation mark to indicate that the target port is occupied.
The network device includes any network device having a function of network address translation, such as NAT router, NAT gateway, etc.; in terms of hardware implementation, an FPGA (Field Programmable Gate Array ) may be adopted, or a pure CPU may be adopted as a hardware architecture of the processor, or a hardware architecture combining the FPGA and the CPU is adopted, which is not required to be specifically limited in this specification.
In this specification, a conversion table may be preset in the network device, and is used to store information related to network address conversion; specifically, the conversion table entry in the conversion table may store a pre-conversion IP address, a post-conversion port block, and an occupation flag indicating a situation in which each port in the post-conversion port block is occupied; the information recorded in the table entry may be interpreted as an IP address hitting the pre-translation IP address field, which after the network address translation process will be translated into a translated IP address in the translation table entry, and the pre-translation port number will be translated into a translated port block field in the translation table entry, and the unoccupied port will be determined via the occupancy flag.
The converted port block refers specifically to a set of a plurality of available ports divided from a set of available ports corresponding to the corresponding converted IP address, and specific dividing modes may refer to fig. 1 and corresponding foregoing description parts, which are not described herein again.
The message to be converted may be a message received through a network, for example, a message sent by an intranet client to an external network, or a message read from a preset storage space, for example, a message sent at a preset timing without an external network address being allocated; therefore, the source of the present application is not particularly limited.
In this specification, the message to be converted from the network address generally has a five-tuple, where the five-tuple is composed of a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number; the network address conversion mainly comprises conversion of a source IP address and conversion of a source port number; in this scheme, the source IP address may be used as information for querying the conversion table, so the network device may extract the source IP address of the message from the message that needs to be converted into the network address; the manner in which the source IP address is specifically extracted may also be determined by those skilled in the art according to the related art and specific needs, and the present disclosure is not limited in detail.
In this specification, after the network device extracts the source IP address, the network device may query a conversion table entry corresponding to the source IP address in a preset conversion table, and record the conversion table entry as a target conversion table entry.
Referring to fig. 3, fig. 3 is an implementation form of the conversion table according to the present application, which includes a plurality of conversion table entries, each of which stores a pre-conversion IP address, a post-conversion port block, and an occupation flag; assuming that the source IP address obtained in the above-described process of extracting the source IP address is the IP address Y, the conversion table entry having the IP address Y before conversion in the above-described example may be hit, and the conversion table entry may be determined as the target conversion table entry.
It will be appreciated that, assuming that the source IP address hits in more than one translation table, this means that the IP address is allocated with more than one port block for network address translation, so that when determining the target translation table, one or more of the translation tables that are not fully occupied by the contained port block may be selected as the target translation table, or other selection policies in the above scenario may be set by those skilled in the art at their own discretion, which is not specifically limited in this specification.
In the present specification, the conversion process of the source IP address may be completed according to the converted IP address information described in the target conversion table item hit by the source IP address; specifically, the source IP address in the message may be replaced by the converted IP address in the target conversion table entry, so that the conversion of the source IP address in the message may be completed;
for example, continuing to take the message with the source IP address being the IP address Y as an example, the network device may replace the source IP address field in the message with the corresponding converted IP address "IP address a", that is, the conversion of the source IP address of the message is completed.
In this specification, the network device may further complete the conversion process of the source port number according to the converted port block recorded in the destination conversion table item hit by the source IP address and the occupation flag information; specifically, based on the occupation mark, any unoccupied port in the corresponding converted port block is determined to be a target port, and the source port number in the message is replaced by the port number of the target port, so that the conversion of the source port number of the message can be completed; since the occupation mark needs to indicate the situation that each port in the corresponding port block is occupied, after the conversion relation is determined, the occupation mark needs to be updated to indicate that the target port is already occupied;
for example, referring to the translation table shown in fig. 3, and taking the source IP address as the IP address Y as an example, since the corresponding port block is the port block A2 and n ports are already occupied from the occupied flag, any port other than n ports may be selected from the port block A2 as the target port, the source port number in the message is replaced with the port number of the target port, and the occupied flag is further updated to indicate that the target port is also occupied.
It can be appreciated that the above-mentioned occupation mark may have various implementation manners, for example, directly record the port number of the occupied port, or code the occupied condition of the port number in the corresponding port block, etc.; correspondingly, the process of determining the target port according to the occupation mark may also be different, for example, the ports are scanned according to a preset sequence to find the unoccupied port as the target port, etc., and those skilled in the art may determine the implementation manner according to specific requirements and related technical documents, which need not be limited in this specification.
In the illustrated embodiment, the occupation mark may indicate an occupation mark corresponding to a last occupied port in the converted port block, and the corresponding manner of determining the target port may be to determine the last occupied port according to the occupation mark first, and an nth port after taking the last occupied port is the target port, where N is a preset positive integer, and is used as a port allocation interval;
for example, when N is 1, that means that the destination port is determined successively in order of from the smaller port number to the larger port number, taking the converted port block A2 as an example, the occupation flag indicates that the newly occupied port is N ports, meaning that N and the previous ports are already occupied, therefore, n+1 ports can be determined as the destination ports, and the source port number in the packet can be replaced with the port number of the destination port; the newly occupied port indicated by the above-described occupancy flag may then be modified to the target port, i.e., the n+1 port.
In this specification, there may be a case where a translation table entry corresponding to the extracted source IP address cannot be queried, which means that the source IP address has not established a network address translation relationship yet, and thus there is no corresponding record in the translation table; in this case, a corresponding conversion relationship may be separately assigned to the source IP address.
In the illustrated embodiment, if the target translation table corresponding to the source IP address does not exist in the preset translation table, the target translation table corresponding to the source IP address may be constructed based on any available port block and the IP address corresponding to the available port block; specifically, any available port block can be taken from the port block pool formed by the available port blocks, and an IP address corresponding to the available port block is used as a converted IP address to construct a target conversion table item corresponding to the source IP address; it will be appreciated that, since the source IP address is the first to use the translated port block in the newly created translation table, the occupation flag in the translation table may indicate that the corresponding translated port block is in a state where it is all unoccupied.
In addition, if the target translation table is found, but the translated port block in the target translation table is already fully occupied, the corresponding translation relationship may be additionally allocated to the source IP address through the same operation as that of the above-mentioned case that the target translation table is not found.
In this specification, a reclamation mechanism may be set up in the network device for the conversion table to reclaim port block resources that are no longer occupied; specifically, the specific design can be performed according to the information of the time occupied by the port, the number of sessions, the priority of the sessions and the like, and the specific design can be determined by a person skilled in the art according to specific requirements, so that specific limitation is not needed in the specification.
In one embodiment, the conversion table item may further include a reference count for indicating the number of network sessions referencing the conversion table item, and when the reference count drops to 0, it means that no network session needs to reference the conversion table item, so the conversion table item may be deleted; it can be appreciated that after the conversion table entry is deleted, the corresponding port block can also be restored to the available state and returned to the pool of available port blocks.
In this specification, the above-mentioned rule of network address conversion may be regarded as a set of network address conversion policies, and the network device may configure a plurality of sets of network address conversion policies, and record the identity of the network address conversion policies in the corresponding conversion table; specifically, the identifier may point to different versions of the same network address translation policy, or may directly point to different network address translation policies;
for example, assume that two sets of network address translation policies K1 and K2 are configured in the network device, wherein the network address translation policy K1 is further divided into a K1-a version and a K1-b version; in the network address translation policies K1-a, K1-b, K2, the translated IP addresses corresponding to the pre-translation IP addresses may not be the same; therefore, when performing network address translation, it is necessary to determine the network address translation policy to be adopted according to a user instruction or a preset selection logic, and select a translation table containing the identifier of the corresponding network address translation policy to perform network address translation operation.
The above is all embodiments of the present application directed to the network address translation method. The application also provides an embodiment of the corresponding network address translation device as follows:
referring to fig. 4, fig. 4 is a schematic diagram of a network address translation device according to an embodiment of the present application; the device is applied to network equipment, the network equipment is preset with a conversion table, the conversion table comprises at least one conversion table item, wherein the conversion table item comprises a pre-conversion IP address, a post-conversion port block and an occupation mark for indicating the occupation condition of each port in the post-conversion port block;
the converted port block is a set of a plurality of available ports divided from a set of available ports corresponding to the converted IP address;
the device comprises:
the source IP address extracting module 401 extracts a source IP address of a message from the message requiring network address conversion;
a translation table query module 402 configured to query the translation table for a target translation table entry corresponding to the source IP address;
the IP address conversion module 403 obtains a corresponding converted IP address from the target conversion table entry, and replaces the source IP address in the packet with the converted IP address;
the port number conversion module 404 reads the occupation flag from the destination conversion table entry, so as to determine any unoccupied port from the corresponding converted port block as a destination port, further replace the source port number in the packet with the port number of the destination port, and update the occupation flag to indicate that the destination port is occupied.
In the present specification, a plurality of available ports may be divided from a set of available ports corresponding to the converted IP address, to form a converted port block; after the division is completed, the divided port blocks are regarded as a port block pool, and the port blocks in the pool can be dynamically allocated as resources to each network address conversion process for use; the specific manner of the above division can be designed by a person skilled in the art according to specific requirements, and the present specification is not limited specifically.
In an embodiment, the converted port block may be obtained by dividing a set of available ports corresponding to the converted IP address according to a preset length; for example, the length may be preset to be 100, and the set of available ports may be divided into a plurality of port blocks with the length of 100 according to the order of port numbers.
In this specification, the port number conversion module 404 may further complete the conversion process of the source port number according to the converted port block recorded in the destination conversion table item hit by the source IP address and the occupation flag information; specifically, based on the occupation mark, any unoccupied port in the corresponding converted port block is determined to be a target port, and the source port number in the message is replaced by the port number of the target port, so that the conversion of the source port number of the message can be completed; since the occupation flag needs to indicate that each port in the corresponding port block is occupied, after the conversion relationship is determined, the occupation flag needs to be updated to indicate that the target port is already occupied.
In the illustrated embodiment, the occupation flag may indicate an occupation flag corresponding to a last occupied port in the converted port block, and the port number conversion module 404 may first determine the last occupied port according to the occupation flag, and take, according to the order of the port numbers, an nth port after the last occupied port as a target port, where N is a preset positive integer, and use the N as a port allocation interval.
In one embodiment, the apparatus may further include a conversion table entry creation module; if the preset conversion table does not have a target conversion table item corresponding to the source IP address, the conversion table item creation module can construct a target conversion table item corresponding to the source IP address based on any available port block and the IP address corresponding to the available port block; specifically, any available port block can be taken from the port block pool formed by the available port blocks, and an IP address corresponding to the available port block is used as a converted IP address to construct a target conversion table item corresponding to the source IP address; it will be appreciated that, since the source IP address is the first to use the translated port block in the newly created translation table, the occupation flag in the translation table may indicate that the corresponding translated port block is in a state where it is all unoccupied.
In one embodiment, the apparatus may further include a conversion table item deletion module, and the conversion table item may further include a reference count for indicating a number of network sessions referencing the conversion table item; in the case that the reference count drops to 0, which means that no network session needs to reference the conversion table entry, the conversion table entry deletion module may delete the conversion table entry; it will be appreciated that after the conversion table entry is deleted, the corresponding port block may also be restored to the available state and returned to the pool of available port blocks.
From the foregoing description of embodiments, it will be apparent to those skilled in the art that the present embodiments may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be embodied in essence or what contributes to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present specification.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The apparatus embodiments described above are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the functions of the modules may be implemented in the same piece or pieces of software and/or hardware when implementing the embodiments of the present disclosure. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.
The foregoing is merely a specific implementation of the embodiments of this disclosure, and it should be noted that, for a person skilled in the art, several improvements and modifications may be made without departing from the principles of the embodiments of this disclosure, and these improvements and modifications should also be considered as protective scope of the embodiments of this disclosure.
Claims (10)
1. The network address conversion method is applied to network equipment, the network equipment is preset with a conversion table, the conversion table comprises at least one conversion table item, wherein the conversion table item comprises a pre-conversion IP address, a post-conversion port block and an occupation mark for indicating the occupation condition of each port in the post-conversion port block, and the pre-conversion IP address corresponds to the post-conversion port block one by one;
the converted port block is a set of a plurality of available ports divided from a set of available ports corresponding to the converted IP address;
the method comprises the following steps:
extracting a source IP address of a message from the message needing network address conversion;
querying a target conversion table item corresponding to the source IP address in the conversion table;
acquiring a corresponding converted IP address from the target conversion table item, and replacing a source IP address in the message with the converted IP address;
reading an occupation mark from the target conversion table item, determining any unoccupied port as a target port from a corresponding converted port block, further replacing a source port number in the message with the port number of the target port, and updating the occupation mark to indicate that the target port is occupied;
and under the condition that the port blocks after conversion in the target conversion table item are occupied completely, constructing the target conversion table item corresponding to the source IP address based on any available port block and the IP address corresponding to the available port block, wherein the ports in any available port block recorded in the constructed target conversion table item are used for carrying out network address conversion on the message corresponding to the source IP address.
2. The method according to claim 1,
the occupation mark comprises an occupation mark for indicating the latest occupied port in the port block after conversion;
and determining any unoccupied port from the corresponding converted port blocks as a target port, wherein the method comprises the following steps of:
determining the latest occupied port according to the occupation mark in the target conversion table item, and determining the port number which is the port number of the latest occupied port plus N as the target port; wherein, N is a preset positive integer, and indicates port allocation intervals;
said and updating said occupancy flags comprises:
and modifying the port indicated by the occupation mark into the target port.
3. The method of claim 1, the method further comprising:
if the target conversion table item corresponding to the source IP address does not exist in the preset conversion table, constructing the target conversion table item corresponding to the source IP address based on any available port block and the IP address corresponding to the available port block.
4. The method of claim 1, wherein the converted port block is obtained by dividing a set of available ports corresponding to the converted IP address by a preset length.
5. The method of claim 1, further comprising a reference count in the translation table entry; the reference count indicating a number of network sessions referencing the translation table entry;
the method further comprises the steps of:
and deleting the conversion table item when the reference count is reduced to 0.
6. A network address translation device is applied to network equipment, the network equipment is preset with a translation table, the translation table comprises at least one translation table item, wherein the translation table item comprises a pre-translation IP address, a post-translation port block and an occupation mark for indicating the occupation condition of each port in the post-translation port block, and the pre-translation IP address corresponds to the post-translation port block one by one;
the converted port block is a set of a plurality of available ports divided from a set of available ports corresponding to the converted IP address;
the device comprises:
the source IP address extraction module extracts the source IP address of a message from the message needing network address conversion;
the conversion table inquiring module inquires a target conversion table item corresponding to the source IP address in the conversion table;
the IP address conversion module acquires a corresponding converted IP address from the target conversion table item, and replaces the source IP address in the message with the converted IP address;
the port number conversion module reads an occupation mark from the target conversion table item, determines any unoccupied port from the corresponding converted port block as a target port, further replaces a source port number in the message with a port number of the target port, and updates the occupation mark to indicate that the target port is occupied;
the conversion table entry new module: and under the condition that the port blocks after conversion in the target conversion table item are occupied completely, constructing the target conversion table item corresponding to the source IP address based on any available port block and the IP address corresponding to the available port block, wherein the ports in any available port block recorded in the constructed target conversion table item are used for carrying out network address conversion on the message corresponding to the source IP address.
7. The device according to claim 6,
the occupation mark comprises an occupation mark for indicating the latest occupied port in the port block after conversion;
the port number conversion module further:
determining the latest occupied port according to the occupation mark in the target conversion table item, and determining the port number which is the port number of the latest occupied port plus N as the target port; wherein, N is a preset positive integer, and indicates port allocation intervals; and is combined with
And modifying the port indicated by the occupation mark into the target port.
8. The apparatus of claim 6, the apparatus further comprising:
and the conversion table entry newly-built module is used for constructing a target conversion table entry corresponding to the source IP address based on any available port block and the IP address corresponding to the available port block under the condition that the target conversion table entry corresponding to the source IP address does not exist in the preset conversion table.
9. The apparatus of claim 6, the converted port block is obtained by dividing a set of available ports corresponding to the converted IP address by a preset length.
10. The apparatus of claim 6, further comprising a reference count in the translation table entry; the reference count indicating a number of network sessions referencing the translation table entry;
the apparatus further includes a translation table entry deletion module that deletes the translation table entry if the reference count falls to 0.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010319242.2A CN111314505B (en) | 2020-04-21 | 2020-04-21 | Network address conversion method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010319242.2A CN111314505B (en) | 2020-04-21 | 2020-04-21 | Network address conversion method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111314505A CN111314505A (en) | 2020-06-19 |
| CN111314505B true CN111314505B (en) | 2023-08-29 |
Family
ID=71161112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010319242.2A Active CN111314505B (en) | 2020-04-21 | 2020-04-21 | Network address conversion method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314505B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988445B (en) * | 2020-08-19 | 2022-12-20 | 北京天融信网络安全技术有限公司 | Message forwarding method and device, storage medium and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701941A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Method for allocating ports of address translation equipment and address translation equipment |
| CN104144226A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Port assignment method and network address translation device |
| CN107566549A (en) * | 2017-09-30 | 2018-01-09 | 东软集团股份有限公司 | A kind of processing method, device and the equipment of network address translation mapping table |
| CN109639845A (en) * | 2017-10-09 | 2019-04-16 | 中兴通讯股份有限公司 | The resource allocation methods and equipment of network address translation NAT |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9083587B2 (en) * | 2009-08-21 | 2015-07-14 | Cisco Technology, Inc. | Port chunk allocation in network address translation |
-
2020
- 2020-04-21 CN CN202010319242.2A patent/CN111314505B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701941A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Method for allocating ports of address translation equipment and address translation equipment |
| CN104144226A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Port assignment method and network address translation device |
| CN107566549A (en) * | 2017-09-30 | 2018-01-09 | 东软集团股份有限公司 | A kind of processing method, device and the equipment of network address translation mapping table |
| CN109639845A (en) * | 2017-10-09 | 2019-04-16 | 中兴通讯股份有限公司 | The resource allocation methods and equipment of network address translation NAT |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111314505A (en) | 2020-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110166570B (en) | Service session management method and device, and electronic device | |
| WO2021078281A1 (en) | Message forwarding and domain name address query | |
| US20070162968A1 (en) | Rule-based network address translation | |
| TW201029422A (en) | Methods, apparatuses, and computer program products for determining a network interface to access a network resource | |
| WO2012088917A1 (en) | Homogeneous address bundle convergence method and homogeneous convergence network routing system | |
| CN113014692A (en) | Network address translation method, device, equipment and storage medium | |
| CN107580079B (en) | Message transmission method and device | |
| CN110932934B (en) | Network packet loss detection method and device | |
| CN105991660B (en) | System for resource sharing among multiple cloud storage systems | |
| US11012358B2 (en) | Forwarding table management | |
| CN107547346B (en) | Message transmission method and device | |
| US10826868B2 (en) | NAT aware DNS | |
| CN111314505B (en) | Network address conversion method and device | |
| US8838563B2 (en) | Method and system for routing a telephone call | |
| WO2021135492A1 (en) | Routing table entry processing method and device | |
| CN109726144B (en) | Data message processing method and device | |
| CN107547684B (en) | IPv6 address allocation method and device | |
| CN114157633B (en) | Message forwarding method and device | |
| CN112968915B (en) | Processing method, processing system and processing device for DNS (Domain name Server) attack | |
| CN113472911B (en) | Subnet dividing method and device | |
| CN112787932B (en) | Method, device and system for generating forwarding information | |
| CN107547687B (en) | Message transmission method and device | |
| Wang et al. | Towards variable length addressing for scalable Internet routing | |
| CN111107142A (en) | Service access method and device | |
| CN115442328B (en) | Network address conversion method, device, gateway, medium and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |