CN112671939A - Method for distinguishing NAT deletion and NAT unbinding elastic public network IP - Google Patents
Method for distinguishing NAT deletion and NAT unbinding elastic public network IP Download PDFInfo
- Publication number
- CN112671939A CN112671939A CN202010826658.3A CN202010826658A CN112671939A CN 112671939 A CN112671939 A CN 112671939A CN 202010826658 A CN202010826658 A CN 202010826658A CN 112671939 A CN112671939 A CN 112671939A
- Authority
- CN
- China
- Prior art keywords
- nat
- snat
- dnat
- unbinding
- deletion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for distinguishing NAT deletion and NAT unbinding elastic public network IP, which comprises an SNAT deletion unbinding method and a DNAT deletion unbinding method, and is characterized in that the SNAT deletion unbinding method comprises the following steps: s1, deleting the SNAT, firstly inquiring whether the key is delete-SNAT-dnat { snatId } in the cache; s2, obtaining the eipId and natId of the SNAT; s3, removing the cache Key value as the snatId to be deleted in the eip-unbound-nat; s4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0; s5, if equal to 0, EIP unbinding is successful. The method for distinguishing the NAT deletion and the NAT unbinding elastic public network IP can accurately distinguish the NAT deletion operation or the NAT unbinding EIP operation through deleting the SNAT or DNAT rule at the bottom layer.
Description
Technical Field
The invention belongs to the technical field of elastic public network IP, and particularly relates to a method for distinguishing NAT deletion and NAT unbinding elastic public network IP.
Background
A NAT (Network Address Translation Gateway) is an enterprise-level public Network Gateway, and provides NAT agents (SNAT and DNAT) to translate an IP Address in an IP data packet header to another IP Address. In practical applications, NAT is mainly applied to an edge device connecting two networks, and is used for the purpose of allowing an internal network user to access an external public network and allowing the external public network to access a part of internal network resources (such as an internal elastic cloud host, a GPU, and the like). The NAT gateway can bind a plurality of EIPs, issues SNAT and DNAT rules under the EIPs, does not issue configuration when the NAT binds the EIPs, only issues the SNAT or DNAT rules, and asynchronously notifies an upper layer after successful issuing. The method is characterized in that SNAT and DNAT rules are deleted when the NAT gateway is deleted or the NAT gateway unbinds the EIP, configuration issuing and asynchronous callback are involved, but the deletion result of the SNAT or the DNAT which is asynchronously notified by the bottom layer by the upper layer cannot distinguish whether NAT deletion is successful or EIP unbinding is successful.
Disclosure of Invention
In view of this, the present invention is directed to a method for distinguishing NAT deletion from NAT unbinding for an elastic public network IP, where the distinction between NAT deletion and NAT unbinding EIP is made by using a flag bit in a cache.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method for distinguishing NAT deletion and NAT unbinding elastic public network IP comprises a SNAT deletion unbinding method and a DNAT deletion unbinding method, wherein the SNAT deletion unbinding method comprises the following steps:
s1, deleting the SNAT, firstly inquiring whether the key is delete-SNAT-dnat { snatId } in the cache;
s2, obtaining the eipId and natId of the SNAT;
s3, removing the cache Key value as the snatId to be deleted in the eip-unbound-nat;
s4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0;
s5, if equal to 0, EIP unbinding is successful;
s6, removing the cache Key value as the snatId to be deleted in delete-nat { natId };
s7, inquiring whether the number of snat and dnat contained in the cache Key value is delete-nat { nat Id } is more than 0 according to the acquired nat Id;
s8, if equal to 0, deleting SNAT successfully.
Further, the DNAT deletion unbinding method comprises the following steps:
a1, deleting DNAT, firstly, inquiring whether key is delete-snat-DNAT { dnatId } exists in a cache;
a2, obtaining eipId and natId of the DNAT;
a3, removing the buffer Key value as the dnatId to be deleted in the eip-unbound-nat;
a4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0;
a5, if equal to 0, EIP unbinding is successful;
a6, removing the dnateD to be deleted in the cache Key value of delete-nat: { natId };
a7, inquiring whether the number of snat and dnat contained in the cache Key value is delete-nat { nat Id } is more than 0 according to the acquired nat Id;
a8, if equal to 0, then the deletion of DNAT was successful.
Compared with the prior art, the method for distinguishing the NAT deletion and the NAT unbinding elastic public network IP has the following advantages that:
the method for distinguishing the NAT deletion and the NAT unbinding elastic public network IP can accurately distinguish the NAT deletion operation or the NAT unbinding EIP operation through deleting the SNAT or DNAT rule at the bottom layer.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart illustrating steps of a method for distinguishing NAT deletion from NAT unbinding an elastic public network IP according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1, a method for distinguishing NAT deletion from NAT unbinding of an elastic public network IP includes a SNAT deletion unbinding method and a DNAT deletion unbinding method, where the SNAT deletion unbinding method includes the following steps:
s1, deleting the SNAT, firstly inquiring whether the key is delete-SNAT-dnat { snatId } in the cache;
s2, obtaining the eipId and natId of the SNAT;
s3, removing the cache Key value as the snatId to be deleted in the eip-unbound-nat;
s4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0;
s5, if equal to 0, EIP unbinding is successful;
s6, removing the cache Key value as the snatId to be deleted in delete-nat { natId };
s7, inquiring whether the number of snat and dnat contained in the cache Key value is delete-nat { nat Id } is more than 0 according to the acquired nat Id;
s8, if equal to 0, deleting SNAT successfully.
The DNAT deletion unbinding method comprises the following steps:
a1, deleting DNAT, firstly, inquiring whether key is delete-snat-DNAT { dnatId } exists in a cache;
a2, obtaining eipId and natId of the DNAT;
a3, removing the buffer Key value as the dnatId to be deleted in the eip-unbound-nat;
a4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0;
a5, if equal to 0, EIP unbinding is successful;
a6, removing the dnateD to be deleted in the cache Key value of delete-nat: { natId };
a7, inquiring whether the number of snat and dnat contained in the cache Key value is delete-nat { nat Id } is more than 0 according to the acquired nat Id;
a8, if equal to 0, then the deletion of DNAT was successful.
In a specific implementation process, the invention provides a method for accurately distinguishing whether NAT deletion is successful or EIP unbinding is successful by deleting SNAT or DNAT results of bottom layer asynchronous notification under a public cloud platform, and in order to achieve the purpose, the invention provides the following technical scheme:
1. when the NAT is deleted, all SNAT and DNAT rules below the NAT are deleted, and key values of delete-NAT in the cache are stored in instance Id of SNAT and DNAT to be deleted under the NAT;
2. when the EIP unbinds the NAT, the SNAT and DNAT rules related to the EIP under the NAT are deleted, the Key value in the cache is EIP-unbound-NAT: { eipId } is stored into the instance Id of the SNAT and the DNAT to be deleted, the Key value is delete-SNAT-NAT: { snatId } is stored into the eipId and natId which the SNAT to be deleted belongs to, and the Key value is delete-SNAT-NAT: { dnatId } is stored into the eipId and natId which the DNAT to be deleted belongs to;
3. distinguishing through the flag bits in the cache;
the specific operation steps are as follows:
the flow of deleting the SNAT and DNAT rules is the same, taking deleting the SNAT as an example:
1. deleting the SNAT, firstly inquiring whether key is delete-SNAT-dnat { snatId } exists in a cache;
2. obtaining the eipId and natId of the SNAT;
3. removing the SnatId to be deleted in the caching Key value of eip-unbound-nat: { eipId };
4. according to the obtained eipID, inquiring whether the caching Key value is eip-unbound-nat, wherein the quantity of snat and dnat contained in { eipID } is more than 0;
5. if equal to 0, EIP unbinding is successful;
6. removing the snatId to be deleted in the delete-nat { natId } of the caching Key value;
7. inquiring whether the number of snat and dnat contained in { natId } is greater than 0 according to the acquired natId, wherein the caching Key value is delete-nat;
8. if the NAT is equal to 0, deleting the NAT successfully;
the above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (2)
1. A method for distinguishing NAT deletion and NAT unbinding elastic public network IP is characterized by comprising an SNAT deletion unbinding method, and comprising the following steps:
s1, deleting the SNAT, firstly inquiring whether the key is delete-SNAT-dnat { snatId } in the cache;
s2, obtaining the eipId and natId of the SNAT;
s3, removing the cache Key value as the snatId to be deleted in the eip-unbound-nat;
s4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0;
s5, if equal to 0, EIP unbinding is successful;
s6, removing the cache Key value as the snatId to be deleted in delete-nat { natId };
s7, inquiring whether the number of snat and dnat contained in the cache Key value is delete-nat { nat Id } is more than 0 according to the acquired nat Id;
s8, if equal to 0, deleting SNAT successfully.
2. The method for distinguishing the NAT deletion and NAT unbinding elastic public network IP according to claim 1, further comprising a DNAT deletion unbinding method, comprising the steps of:
a1, deleting DNAT, firstly, inquiring whether key is delete-snat-DNAT { dnatId } exists in a cache;
a2, obtaining eipId and natId of the DNAT;
a3, removing the buffer Key value as the dnatId to be deleted in the eip-unbound-nat;
a4, inquiring whether the caching Key value is eip-unbound-nat or not according to the obtained eipId, wherein the { eipId } contains the number of snat and dnat which is greater than 0;
a5, if equal to 0, EIP unbinding is successful;
a6, removing the dnateD to be deleted in the cache Key value of delete-nat: { natId };
a7, inquiring whether the number of snat and dnat contained in the cache Key value is delete-nat { nat Id } is more than 0 according to the acquired nat Id;
a8, if equal to 0, then the deletion of DNAT was successful.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010826658.3A CN112671939B (en) | 2020-08-17 | 2020-08-17 | Method for distinguishing NAT deletion and NAT unbinding elastic public network IP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010826658.3A CN112671939B (en) | 2020-08-17 | 2020-08-17 | Method for distinguishing NAT deletion and NAT unbinding elastic public network IP |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112671939A true CN112671939A (en) | 2021-04-16 |
CN112671939B CN112671939B (en) | 2022-07-05 |
Family
ID=75403208
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010826658.3A Active CN112671939B (en) | 2020-08-17 | 2020-08-17 | Method for distinguishing NAT deletion and NAT unbinding elastic public network IP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112671939B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060185010A1 (en) * | 2000-03-03 | 2006-08-17 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
CN101409732A (en) * | 2008-11-19 | 2009-04-15 | 福建星网锐捷网络有限公司 | System and method for managing network address conversion information |
CN104407913A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | Method for implementing two-wire access through virtual machine with single network card |
CN108848204A (en) * | 2018-07-10 | 2018-11-20 | 新华三信息安全技术有限公司 | A kind of NAT business immediate processing method and device |
CN110933201A (en) * | 2019-12-31 | 2020-03-27 | 北京金山云网络技术有限公司 | IP address tracing method and device, electronic equipment and storage medium |
CN111030868A (en) * | 2019-12-19 | 2020-04-17 | 紫光云(南京)数字技术有限公司 | Method for solving failure of elastic public network IP issuing equipment |
CN111064793A (en) * | 2019-12-19 | 2020-04-24 | 紫光云技术有限公司 | Method and system for maintaining and managing elastic public network IP address pool under public cloud platform |
CN111327720A (en) * | 2020-02-21 | 2020-06-23 | 北京百度网讯科技有限公司 | Network address conversion method, device, gateway equipment and storage medium |
-
2020
- 2020-08-17 CN CN202010826658.3A patent/CN112671939B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060185010A1 (en) * | 2000-03-03 | 2006-08-17 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
CN101409732A (en) * | 2008-11-19 | 2009-04-15 | 福建星网锐捷网络有限公司 | System and method for managing network address conversion information |
CN104407913A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | Method for implementing two-wire access through virtual machine with single network card |
CN108848204A (en) * | 2018-07-10 | 2018-11-20 | 新华三信息安全技术有限公司 | A kind of NAT business immediate processing method and device |
CN111030868A (en) * | 2019-12-19 | 2020-04-17 | 紫光云(南京)数字技术有限公司 | Method for solving failure of elastic public network IP issuing equipment |
CN111064793A (en) * | 2019-12-19 | 2020-04-24 | 紫光云技术有限公司 | Method and system for maintaining and managing elastic public network IP address pool under public cloud platform |
CN110933201A (en) * | 2019-12-31 | 2020-03-27 | 北京金山云网络技术有限公司 | IP address tracing method and device, electronic equipment and storage medium |
CN111327720A (en) * | 2020-02-21 | 2020-06-23 | 北京百度网讯科技有限公司 | Network address conversion method, device, gateway equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112671939B (en) | 2022-07-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW200820678A (en) | Address resolution protocol cache management methods and devices | |
US9270519B2 (en) | Address translation device, address translation method, and computer product | |
CN105426321B (en) | Using RDMA close friend's caching method of remote location information | |
US10659363B2 (en) | Forwarding table management | |
CN110519265B (en) | Method and device for defending attack | |
KR20080083828A (en) | Stateful packet filter and table management method thereof | |
CN114095430B (en) | Access message processing method, system and working node | |
CN104579948A (en) | Method and device for fragmenting message | |
CN113900972A (en) | Data transmission method, chip and equipment | |
KR101330900B1 (en) | Apparatus and method for supporting higher data rates on links with variable frame sizes | |
JP2009237768A (en) | Data receiver, data reception method, and data processing program | |
WO2018195803A1 (en) | Packet processing method and related device | |
CN114500633A (en) | Data forwarding method, related device, program product and data transmission system | |
US20080267193A1 (en) | Technique for enabling network statistics on software partitions | |
CN113645140A (en) | Message statistical method, device, storage medium and network equipment | |
CN112671939B (en) | Method for distinguishing NAT deletion and NAT unbinding elastic public network IP | |
CN112015575A (en) | Message processing method, device and related equipment | |
CN110995881A (en) | Domain name storage method and device | |
CN108183926B (en) | Data packet processing method and device | |
CN114465750B (en) | Network topology confusion virtual path creating method, device, terminal and system | |
CN115865816A (en) | Network load balancing method and device | |
US9699072B2 (en) | Packet handling in information centric networking networks | |
CN108733598B (en) | Data transmission method and data transmission device | |
US20030163590A1 (en) | Directly transferring transmit data in an embedded adapter | |
CN104184727B (en) | A kind of method and apparatus of message transmission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |