CN113225405A - NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment - Google Patents

NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment Download PDF

Info

Publication number
CN113225405A
CN113225405A CN202110212409.XA CN202110212409A CN113225405A CN 113225405 A CN113225405 A CN 113225405A CN 202110212409 A CN202110212409 A CN 202110212409A CN 113225405 A CN113225405 A CN 113225405A
Authority
CN
China
Prior art keywords
nat
performing step
snat
dnat
cloud platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110212409.XA
Other languages
Chinese (zh)
Inventor
许勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unicloud Technology Co Ltd
Original Assignee
Unicloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unicloud Technology Co Ltd filed Critical Unicloud Technology Co Ltd
Priority to CN202110212409.XA priority Critical patent/CN113225405A/en
Publication of CN113225405A publication Critical patent/CN113225405A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Beans For Foods Or Fodder (AREA)

Abstract

The invention provides a method and electronic equipment for NAT suspension and opening operation under a public cloud platform, which comprises the following steps: s1: judging whether SNAT or DNAT rules exist in the NAT, if so, performing step S2, otherwise, performing step S6; s2: judging whether the SNAT exists, if so, modifying the SNAT to be in a pause state and carrying out a step S3, otherwise, carrying out a step S4; s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4; s4: judging whether DNAT exists, if so, modifying the DNAT into a pause state and performing step S5, otherwise, performing step S6; s5: deleting the DNAT configuration in the virtual firewall, and then performing step S6; s6: and modifying the NAT into a suspended state, and executing suspended timing operation of the NAT. The method and the electronic device for suspending and opening the NAT under the public cloud platform solve the problem that the NAT under the public cloud platform cannot be suspended and opened timely according to requirements in the prior art.

Description

NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment
Technical Field
The invention belongs to the field of NAT gateways, and particularly relates to a method for suspending and opening NAT operations under a public cloud platform and electronic equipment.
Background
A NAT (Network Address Translation Gateway) is an enterprise-level public Network Gateway, and provides a process of providing a NAT agent to translate an IP Address in an IP data packet header into another IP Address. In practical applications, NAT is mainly used in edge devices connecting two networks, and is used for the purpose of allowing internal network users to access external public networks and allowing external public networks to access parts of internal network resources. The NAT gateway can bind a plurality of EIPs, sends SNAT and DNAT rules below the EIPs, does not send configuration after the NAT binds the EIPs, and only sends the configuration when sending the SNAT or DNAT rules, for NAT products, if the products are overdue or owed, for users, the SNAT rules and the DNAT below the NAT still exist, for public cloud operators, the SNAT and the DNAT functions under the NAT do not play a role any more, and after the users charge or renew, the NAT function is opened again, and the prior art can not meet the technical requirements.
Disclosure of Invention
In view of this, the invention provides a method and an electronic device for suspending and opening an NAT under a public cloud platform to solve the problem that the NAT under the public cloud platform cannot be suspended and opened timely as required in the prior art.
In order to achieve the purpose, the technical method of the invention is realized as follows:
in a first aspect, a method for NAT suspension operation under a public cloud platform includes the following steps:
s1: judging whether the NAT has SNAT rules or DNAT rules, if so, performing step S2, otherwise, performing step S6;
s2: judging whether the SNAT rule exists, if so, modifying the state of the SNAT to be a pause state, and performing a step S3, otherwise, performing a step S4;
s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4;
s4: judging whether the DNAT rule exists, if so, modifying the state of the DNAT to be a pause state, and performing step S5, otherwise, performing step S6;
s5: deleting the DNAT configuration in the virtual firewall, and then performing step S6;
s6: and modifying the state of the NAT into a suspended state, and executing suspended timing operation of the NAT.
In a second aspect, a method for NAT opening operation under a public cloud platform includes the following steps:
s1: judging whether the NAT has SNAT rules or DNAT rules, if so, performing step S2, otherwise, performing step S6;
s2: judging whether the SNAT rule exists, if so, modifying the state of the SNAT to be a pause state and carrying out a step S3, otherwise, carrying out a step S4;
s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4;
s4: judging whether the DNAT rule exists, if so, modifying the state of the DNAT to be a normal state and performing step S5, otherwise, performing step S6;
s5: re-issuing DNAT configuration in the virtual firewall, and then performing step S6;
s6: and modifying the state of the NAT into a normal state, and executing the starting timing operation of the NAT.
In a third aspect, an electronic device includes a processor and a memory communicatively coupled to the processor and configured to store processor-executable instructions, wherein: the processor is configured to perform the method for NAT suspension operation under the public cloud platform according to the first aspect or the method for NAT opening operation under the public cloud platform according to the second aspect.
In a fourth aspect, a server includes at least one processor, and a memory communicatively connected to the processor, where the memory stores instructions executable by the at least one processor, and the instructions are executed by the processor to cause the at least one processor to perform the method for NAT suspension under a public cloud platform according to the first aspect or the method for NAT opening under a public cloud platform according to the second aspect.
In a fifth aspect, a computer readable storage medium stores a computer program, where the computer program is executed by a processor, where the method for suspending the NAT under the public cloud platform is described in the first aspect, or the method for opening the NAT under the public cloud platform is described in the second aspect.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a method for NAT pause and opening operation under a public cloud platform, and an electronic device only operates the configuration of SNAT and DNAT under NAT on a virtual firewall without removing the relation between SNAT and DNAT under an upper NAT; and the NAT is suspended, the relation between the SNAT and the DNAT under the upper-layer NAT is not released, and the function of the SNAT and the DNAT is unavailable, so that the user experience is more friendly, and the function requirement of a public cloud operator is met.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram illustrating a method for NAT suspension operation under a public cloud platform according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a method for NAT opening operation under a public cloud platform according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1, a method for NAT suspension operation under a public cloud platform includes the following steps:
s1: judging whether the NAT has SNAT rules or DNAT rules, if so, performing step S2, otherwise, performing step S6;
s2: judging whether the SNAT rule exists, if so, modifying the state of the SNAT to be a pause state, and performing a step S3, otherwise, performing a step S4;
s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4;
s4: judging whether the DNAT rule exists, if so, modifying the state of the DNAT to be a pause state, and performing step S5, otherwise, performing step S6;
s5: deleting the DNAT configuration in the virtual firewall, and then performing step S6;
s6: and modifying the state of the NAT into a suspended state, and executing suspended timing operation of the NAT.
As shown in fig. 2, a method for NAT opening operation under a public cloud platform includes the following steps:
s1: judging whether the NAT has SNAT rules or DNAT rules, if so, performing step S2, otherwise, performing step S6;
s2: judging whether the SNAT rule exists, if so, modifying the state of the SNAT to be a pause state and carrying out a step S3, otherwise, carrying out a step S4;
s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4;
s4: judging whether the DNAT rule exists, if so, modifying the state of the DNAT to be a normal state and performing step S5, otherwise, performing step S6;
s5: re-issuing DNAT configuration in the virtual firewall, and then performing step S6;
s6: and modifying the state of the NAT into a normal state, and executing the starting timing operation of the NAT.
An electronic device comprising a processor and a memory communicatively coupled to the processor and configured to store processor-executable instructions, wherein: the processor is used for the NAT pause operation method under the public cloud platform or the NAT opening operation method under the public cloud platform.
A server comprising at least one processor and a memory communicatively coupled to the processor, the memory storing instructions executable by the at least one processor to cause the at least one processor to perform the method for NAT suspension under a public cloud platform or the method for NAT opening under a public cloud platform.
A computer readable storage medium stores a computer program, and the computer program is executed by a processor by the method for NAT pause operation under a public cloud platform or the method for NAT opening operation under the public cloud platform.
The invention provides a method for NAT pause and opening operation under a public cloud platform, and an electronic device only operates the configuration of SNAT and DNAT under NAT on a virtual firewall without removing the relation between SNAT and DNAT under an upper NAT; and the NAT is suspended, the relation between the SNAT and the DNAT under the upper-layer NAT is not released, and the function of the SNAT and the DNAT is unavailable, so that the user experience is more friendly, and the function requirement of a public cloud operator is met.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (5)

1. A method for NAT pause operation under a public cloud platform is characterized by comprising the following steps:
s1: judging whether the NAT has SNAT rules or DNAT rules, if so, performing step S2, otherwise, performing step S6;
s2: judging whether the SNAT rule exists, if so, modifying the state of the SNAT to be a pause state, and performing a step S3, otherwise, performing a step S4;
s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4;
s4: judging whether the DNAT rule exists, if so, modifying the state of the DNAT to be a pause state, and performing step S5, otherwise, performing step S6;
s5: deleting the DNAT configuration in the virtual firewall, and then performing step S6;
s6: and modifying the state of the NAT into a suspended state, and executing suspended timing operation of the NAT.
2. A method for NAT opening operation under a public cloud platform is characterized by comprising the following steps:
s1: judging whether the NAT has SNAT rules or DNAT rules, if so, performing step S2, otherwise, performing step S6;
s2: judging whether the SNAT rule exists, if so, modifying the state of the SNAT to be a pause state and carrying out a step S3, otherwise, carrying out a step S4;
s3: judging whether the SNAT has issued the configuration, if so, adding a deny rule in the ACL corresponding to the virtual firewall, and then performing step S4;
s4: judging whether the DNAT rule exists, if so, modifying the state of the DNAT to be a normal state and performing step S5, otherwise, performing step S6;
s5: re-issuing DNAT configuration in the virtual firewall, and then performing step S6;
s6: and modifying the state of the NAT into a normal state, and executing the starting timing operation of the NAT.
3. An electronic device comprising a processor and a memory communicatively coupled to the processor and configured to store processor-executable instructions, wherein: the processor is configured to execute the method for NAT suspension operation under the public cloud platform according to claim 1 or the method for NAT opening operation under the public cloud platform according to claim 2.
4. A server, characterized by: the system comprises at least one processor and a memory communicatively connected with the processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the processor to cause the at least one processor to perform the method for NAT suspension under a public cloud platform of claim 1 or the method for NAT opening under a public cloud platform of claim 2.
5. A computer-readable storage medium storing a computer program, characterized in that: the computer program is executed by the processor to perform the method for NAT suspension operation under the public cloud platform of claim 1 or the method for NAT opening operation under the public cloud platform of claim 2.
CN202110212409.XA 2021-02-25 2021-02-25 NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment Pending CN113225405A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110212409.XA CN113225405A (en) 2021-02-25 2021-02-25 NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110212409.XA CN113225405A (en) 2021-02-25 2021-02-25 NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment

Publications (1)

Publication Number Publication Date
CN113225405A true CN113225405A (en) 2021-08-06

Family

ID=77084713

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110212409.XA Pending CN113225405A (en) 2021-02-25 2021-02-25 NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment

Country Status (1)

Country Link
CN (1) CN113225405A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546526A (en) * 2010-12-11 2012-07-04 上海博达数据通信有限公司 ACL (access control list) capable of simultaneously controlling access of IP (internet protocol) and MAC (multi-access computer) and filtering method
CN103067534A (en) * 2012-12-26 2013-04-24 中兴通讯股份有限公司 Network address translation (NAT) implementing system, method and openflow switch
US20190103991A1 (en) * 2017-10-02 2019-04-04 Nicira, Inc. Virtual network provider
CN111327720A (en) * 2020-02-21 2020-06-23 北京百度网讯科技有限公司 Network address conversion method, device, gateway equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546526A (en) * 2010-12-11 2012-07-04 上海博达数据通信有限公司 ACL (access control list) capable of simultaneously controlling access of IP (internet protocol) and MAC (multi-access computer) and filtering method
CN103067534A (en) * 2012-12-26 2013-04-24 中兴通讯股份有限公司 Network address translation (NAT) implementing system, method and openflow switch
US20190103991A1 (en) * 2017-10-02 2019-04-04 Nicira, Inc. Virtual network provider
CN111095876A (en) * 2017-10-02 2020-05-01 Vm维尔股份有限公司 Creating virtual networks across multiple public clouds
CN111327720A (en) * 2020-02-21 2020-06-23 北京百度网讯科技有限公司 Network address conversion method, device, gateway equipment and storage medium

Similar Documents

Publication Publication Date Title
US9917928B2 (en) Network address translation
CN109474687A (en) A kind of methods, devices and systems of different private internetwork communications
CN111314368B (en) Method for realizing tube renting intercommunication by using load balancer
CN106161335A (en) A kind for the treatment of method and apparatus of network packet
CN102685141B (en) Based on the fusion traversing method of voice accessibility in a kind of VoIP
CN103166824A (en) Interconnection method, device and system
CN101350833B (en) Method and system for managing remote host visibility in a proxy server environment
CN107483390A (en) A kind of cloud rendering web deployment subsystem, system and cloud rendering platform
CN103414799B (en) Relay address interoperability methods and terminal and system
CN107580082A (en) The penetrating method and device of a kind of symmetric NAT
CN106936791A (en) Intercept the method and apparatus that malice network address is accessed
EP3113539A1 (en) Load balancing user plane traffic in a telecommunication network
CN113810429B (en) Method for opening automatic strategy
CN108494623A (en) A kind of performance test methods and equipment of network forwarding equipment
CN106470251A (en) Domain name analytic method and virtual DNS authority server
CN103166960A (en) Access control method and access control device
CN105991442B (en) Message forwarding method and device
CN110392066A (en) A kind of method and apparatus of access service
CN101383818B (en) Processing method and device for access network
CN108965154A (en) Job flow control method and device in object storage system
CN113225405A (en) NAT (network Address translation) suspension and opening operation method under public cloud platform and electronic equipment
CN103259791B (en) One passes through communication route selecting method, terminal and system
CN108270689A (en) A kind of method and device for realizing service connection
CN104488240A (en) Session management method, address management method and relevant device
US10375175B2 (en) Method and apparatus for terminal application accessing NAS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210806