CN113709242A - Message forwarding method and communication device - Google Patents

Message forwarding method and communication device Download PDF

Info

Publication number
CN113709242A
CN113709242A CN202110991038.XA CN202110991038A CN113709242A CN 113709242 A CN113709242 A CN 113709242A CN 202110991038 A CN202110991038 A CN 202110991038A CN 113709242 A CN113709242 A CN 113709242A
Authority
CN
China
Prior art keywords
address
port
information
destination
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110991038.XA
Other languages
Chinese (zh)
Inventor
汪文明
皮礼富
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202110991038.XA priority Critical patent/CN113709242A/en
Publication of CN113709242A publication Critical patent/CN113709242A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2575NAT traversal using address mapping retrieval, e.g. simple traversal of user datagram protocol through session traversal utilities for NAT [STUN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a message forwarding method and a communication device, which can be applied to a communication scene of ping messages. The first NAT node may forward the first ping message according to the first information tuple in the payload of the received first ping message and the local first mapping relationship. The first ping message may be a ping message from a public network, so that the message forwarding method provided by the embodiment of the application can enable the ping message from the public network to penetrate through the NAT node to reach the private network. The method can solve the problem that the ping request message from the public network can not penetrate through the NAT node to reach the private network in the prior art.

Description

Message forwarding method and communication device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a message forwarding method and a communication device.
Background
An internet packet explorer (ping) is a program for testing network connection performance. The ping command is a service command of an application layer in a transmission control protocol/internet protocol (TCP/IP) network architecture. The source device may execute a ping command, and send a ping message (which may be an internet message control protocol (ICMP) call request message) to the destination device to test whether the destination device is reachable and to know the relevant status of the destination device.
If one of the source device and the destination device is in a public network and the other is in a private network, communication between the source device and the destination device needs to pass through a Network Address Translation (NAT) node, and the NAT node is responsible for address translation between the private network and the public network.
When a source device in a private network needs to detect connectivity of a destination device in a public network through a ping message, the ping message sent by the private network device reaches the destination device in the public network through an NAT node. If the destination device is in the private network, the source device cannot know the IP address of the destination device in the private network. At this time, the source device may obtain an IP address of the NAT node located on the public network and corresponding to the destination device, and carry the IP address of the NAT node as the destination IP address in the ping message. However, the NAT node corresponding to the destination device cannot determine the destination device located in the private network according to the destination IP address (IP address of the NAT node) carried in the ping message, and thus cannot forward the ping message to the destination device. In other words, in the prior art, the ping message of the public network cannot penetrate through the NAT node to reach the private network.
Disclosure of Invention
The embodiment of the application provides a message forwarding method and a communication device, which are used for solving the problem that a ping message of a public network cannot penetrate through an NAT node to reach a private network in the prior art.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
in a first aspect, a method of a packet forwarding method is provided, where a communication device executing the packet forwarding method may be a first NAT node; but also a module, e.g., a chip or a system of chips, applied in the first NAT node. The following description will be given taking the execution subject as the first NAT node as an example. The message forwarding method can comprise the following steps: the first NAT node may receive a first ping message from the first port. The first port is connected to a first network, and a payload of the first ping message may include a first information tuple. Then, the first NAT node may send the updated first ping message from the second port according to the first information tuple in the payload of the first ping message and the first mapping relationship. The second port is connected with the second network, the first mapping relation comprises a mapping relation between the first information tuple and the target address information, and the target address information in the first mapping relation comprises a target address and a target port. Based on the scheme, even if the ping message has no port number, the first NAT node can forward the ping message according to the first information tuple in the payload of the ping message.
With reference to the first aspect, as an optional implementation manner, the first network may be a public network, the second network may be a private network, and the destination address of the updated first ping packet may be a target address in the first mapping relationship. And the target address in the first mapping relation belongs to the private network address in the second network. Based on the scheme, for the ping message from the public network, the first NAT node can determine the private network device corresponding to the ping message. The NAT node can replace the destination address of the ping message with a private network address and then forward the ping message out, so that the ping message from the public network penetrates through the NAT node to reach the private network. The method can solve the problem that the ping request message from the public network can not penetrate through the NAT node to reach the private network in the prior art.
With reference to the first aspect, as an optional implementation manner, the first information tuple may be a quadruple, and may include a first source address, a first source port, a first destination address, and a first destination port. The message forwarding method may further include: the first NAT node updates the first information tuple into a second information tuple, the second information tuple comprises a first source address, a first source port, a target address in the first mapping relation and a target port in the first mapping relation, and the updated payload of the first ping message carries the second information tuple. Based on the scheme, when the first NAT node forwards the first ping message, the information tuple in the payload can also be updated, and the original destination address and destination port are replaced with the destination address and destination port in the mapping relationship, so that the next-hop NAT can continue to forward the first ping message according to the information tuple in the payload.
With reference to the first aspect, as an optional implementation manner, the first information tuple may be a five-tuple including a first source address, a first source port, a first destination address, a first destination port, and a first protocol type. The message forwarding method may further include: the first NAT node updates the first information tuple into a second information tuple, the second information tuple comprises a first source address, a first source port, a target address in the first mapping relation, a target port in the first mapping relation and a first protocol type, and the updated payload of the first ping message carries the second information tuple. Based on the scheme, the information tuple in the ping message payload can include a protocol type, so that the NAT node can query a mapping relationship corresponding to the information tuple according to the protocol type.
With reference to the first aspect, as an optional implementation manner, the first network is a private network, the second network is a public network, and the source address of the updated first ping packet is a target address in the first mapping relationship. And the target address in the first mapping relation belongs to the public network address of the first NAT node on the second network. Based on the scheme, for the ping message from the private network, the NAT node can determine the public network address used for forwarding the ping message according to the information tuple in the payload of the ping message, and replaces the source address of the ping message with the public network address for forwarding.
With reference to the first aspect, as an optional implementation manner, the first information tuple may be a quadruple, and may include a first source address, a first source port, a first destination address, and a first destination port. The message forwarding method may further include: and the first NAT node updates the first information element group into a second information element group, the second information element group comprises a target address in the first mapping relation, a target port in the first mapping relation, a first target address and a first target port, and the updated payload of the first ping message carries the second information element group. Based on the scheme, when the first NAT node forwards the first ping message, the information tuple in the payload may also be updated, and the original source address and source port are replaced with the target address in the first mapping relationship and the target port in the first mapping relationship in the mapping relationship, so that the next-hop NAT node can continue to forward the first ping message according to the information tuple in the payload.
With reference to the first aspect, as an optional implementation manner, the first information tuple may be a five-tuple including a first source address, a first source port, a first destination address, a first destination port, and a first protocol type. The message forwarding method may further include: the first NAT node updates the first information element group into a second information element group, the second information element group comprises a target address in the first mapping relation, a target port in the first mapping relation, a first target address, a first target port and a first protocol type, and the updated payload of the first ping message carries the second information element group. Based on the scheme, the information tuple in the ping message payload can include a protocol type, so that the NAT node can query a mapping relationship corresponding to the information tuple according to the protocol type.
With reference to the first aspect, as an optional implementation manner, a transmission control protocol TCP/user datagram protocol UDP connection is established between the first device and the second device, where the TCP/UDP connection includes one or more NAT nodes, and the one or more NAT nodes include the first NAT node.
With reference to the first aspect, as an optional implementation manner, the payload of the updated first ping packet carries the first information element group. Or the first NAT node discards the first information tuple, and the updated first ping message does not include the information tuple.
In a second aspect, a communication device is provided, where the communication device may be a first NAT node or a chip system in the first NAT node, and may also be a functional module in the first NAT node for implementing the method in any possible implementation manner of the first aspect. The communication apparatus may implement the function executed by the first NAT node in any possible implementation manner of the first aspect, where the function may be implemented by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions. Such as: the communication apparatus may include: a receiving and sending module and a processing module.
With reference to the second aspect, as an optional implementation manner, the transceiver module may be configured to receive a first ping message from the first port; the first port is connected with a first network, and the payload of the first ping message comprises a first information tuple. The receiving and sending module may be further configured to send the updated first ping packet from the second port according to a first information tuple in a payload of the first ping packet and the first mapping relationship; the second port is connected to the second network, and the first mapping relationship may include a mapping relationship between the first information tuple and destination address information, where the destination address information includes a destination address and a destination port.
With reference to the second aspect, as an optional implementation manner, the first network may be a public network, the second network may be a private network, and the destination address of the updated first ping packet is a destination address in the first mapping relationship; and the target address in the first mapping relation belongs to the private network address in the second network.
With reference to the second aspect, as an optional implementation manner, the first information tuple may be a quadruple, and may include a first source address, a first source port, a first destination address, and a first destination port. A processing module may be configured to update the first information tuple to the second information tuple. The second information element group comprises a first source address, a first source port, a target address in the first mapping relation and a target port in the first mapping relation, and the updated payload of the first ping message carries the second information element group.
With reference to the second aspect, as an optional implementation manner, the first information tuple may be a five-tuple, and may include a first source address, a first source port, a first destination address, a first destination port, and a first protocol type. A processing module may be configured to update the first information tuple to the second information tuple. The second information tuple comprises a first source address, a first source port, a target address in the first mapping relation, a target port in the first mapping relation and a first protocol type, and the updated payload of the first ping message carries the second information tuple.
With reference to the second aspect, as an optional implementation manner, the first network may be a private network, the second network may be a public network, and the source address of the updated first ping packet is a target address in the first mapping relationship; and the target address in the first mapping relation belongs to the public network address of the first NAT node on the second network.
With reference to the second aspect, as an optional implementation manner, the first information tuple may be a quadruple, and may include a first source address, a first source port, a first destination address, and a first destination port. A processing module may be configured to update the first information tuple to the second information tuple. The second information element group comprises a target address in the first mapping relation, a target port in the first mapping relation, a first target address and a first target port, and the updated payload of the first ping message carries the second information element group.
With reference to the second aspect, as an optional implementation manner, the first information tuple may be a five-tuple, and may include a first source address, a first source port, a first destination address, a first destination port, and a first protocol type. A processing module, configured to update the first information tuple to a second information tuple, where the second information tuple includes a destination address in the first mapping relationship, a destination port in the first mapping relationship, a first destination address, a first destination port, and a first protocol type; and the updated payload of the first ping message carries a second information tuple.
With reference to the second aspect, as an optional implementation manner, a transmission control protocol TCP/user datagram protocol UDP connection is established between the first device and the second device, where the TCP/UDP connection includes one or more NAT nodes, and the one or more NAT nodes may include the first NAT node.
With reference to the first aspect, as an optional implementation manner, the payload of the updated first ping packet carries the first information element group. Or the first NAT node discards the first information tuple, and the updated first ping message does not include the information tuple.
The technical effects of the second aspect can refer to the first aspect, and are not described herein again.
In a third aspect, a communication apparatus is provided, including: a processor; the processor is configured to be coupled to the memory and to execute the method according to any one of the above aspects after reading the computer instructions stored in the memory.
In one possible implementation, the communication device further includes a memory; the memory is for storing computer instructions.
In one possible implementation, the communication device further includes a communication interface; the communication interface is used for the communication device to communicate with other equipment. Illustratively, the communication interface may be a transceiver, an input/output interface, an interface circuit, an output circuit, an input circuit, a pin or related circuit, or the like.
In one possible implementation, the communication device may be a chip or a system of chips. When the communication device is a chip system, the communication device may be formed by a chip, or may include a chip and other discrete devices.
In a possible implementation, when the communication device is a chip or a chip system, the communication interface may be an input/output interface, an interface circuit, an output circuit, an input circuit, a pin or a related circuit on the chip or the chip system. The processor may also be embodied as a processing circuit or a logic circuit.
In a fourth aspect, a computer-readable storage medium is provided, having stored therein instructions, which when run on a computer, cause the computer to perform the method of any of the above aspects.
In a fifth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any of the above aspects.
For technical effects brought by any possible implementation manner of the third aspect to the fifth aspect, reference may be made to technical effects brought by different implementation manners of the first aspect or the second aspect, and details are not described here.
Drawings
Fig. 1 is a schematic diagram of a fully tapered NAT provided in the present application;
fig. 2 is a schematic diagram of a restricted cone NAT provided herein;
fig. 3 is a schematic diagram of a port-restricted conical NAT provided in the present application;
fig. 4 is a schematic diagram of a symmetric NAT provided in the present application;
fig. 5 is a schematic diagram of a process for establishing communication between the client 1 and the client 2 according to the present application;
fig. 6 is a schematic diagram of a process for establishing communication between the client 1 and the client 2 according to the present application;
fig. 7 is a schematic diagram of a process for establishing communication between the client 1 and the client 2 according to the present application;
fig. 8 is a schematic diagram illustrating a process of sending a ping message from a client to a server according to the present application;
fig. 9 is a schematic diagram of a partial format of an ICMP message provided in the present application;
FIG. 10 is a schematic diagram of a communication scenario provided herein;
fig. 11 is a schematic diagram of a communication scenario provided herein;
fig. 12 is a schematic diagram of a communication scenario provided herein;
fig. 13 is a schematic structural diagram of a communication device provided in the present application;
fig. 14 is a flowchart of a message forwarding method provided in the present application;
fig. 15 is a flow chart of a ping process provided herein;
fig. 16 is a flow chart of a ping process provided herein;
fig. 17 is a flow chart of a ping process provided herein;
fig. 18 is a schematic structural diagram of a communication device provided in the present application.
Detailed Description
Before introducing the embodiments of the present application, some terms referred to in the embodiments of the present application will be explained. It should be noted that the following explanation is for making the embodiments of the present application easier to understand, and should not be construed as limiting the scope of protection claimed by the embodiments of the present application.
Firstly, NAT: in a computer network, NAT may also be called network masking or Internet Protocol (IP) address masking (masquerading), and is a technology for rewriting a source IP address or a destination IP address carried by an IP packet when the IP packet passes through a NAT node (such as a router or a firewall). The NAT technology is proposed as a solution to address shortage of internet protocol version 4 (IPv 4), and has been developed to be applied to a private network configured for other purposes, so as to satisfy an application scenario in which multiple hosts in the private network access the internet through one public network IP address.
In the embodiment of the present application, a private network may also be referred to as an intranet, and a public network may also be referred to as an extranet. Devices located on a private network may be referred to as private network devices and devices located on a public network may be referred to as public network devices, as generally described herein.
Types of NATs may include cone (cone) NATs and symmetric (symmetry) NATs. Conical NATs may in turn include full cone NATs, restricted cone NATs, and port restricted cone NATs, among others.
1) Full cone NAT: the NAT node may forward all packets with the same source IP address and port sent by the private network side to the public network side with the same public network IP address and port, that is, the NAT node may map the same set of private network IP addresses and ports to the same set of public network IP addresses and ports. And for the message sent to the mapped public network IP address and port in the public network, the NAT node can replace the destination address and the destination address with the private network IP address and port in the mapping relation. Based on this, the public network device can communicate with the private network device through the NAT node.
For example, fig. 1 is a schematic diagram of a fully-tapered NAT, and as shown in fig. 1, a NAT node may map a private network address { X, y } (X represents a private network IP address of a private network device, and y represents a port) to a public network address { a, b } (a represents a mapped public network IP address, and b represents a mapped port), and bind the private network address { X, y }. The message sent by the private network device corresponding to the address { X, y } to the device with the IP address P can be forwarded to the device with the IP address P through the NAT node by using the source address { A, b }. After receiving the message with the destination address { A, b } from the device with the IP address P, the NAT node forwards the message to the private network device corresponding to the address { X, y } according to the mapping relation between the private network address { X, y } and the public network address { A, b }.
It should be understood that, as long as a mapping relationship between a private network IP address and port and a public network IP address and port is established in the NAT node, according to the mapping relationship, any packet sent to the public network IP address and port is forwarded to the private network IP address and port, so that any public network device can access the private network device through the NAT node.
For example, with continued reference to fig. 1, in addition to the public network device with IP address P, the public network device with IP address M or S may also send messages with destination address of the public network address { a, b }, and these messages are also forwarded to the private network device corresponding to the address { X, y } according to the mapping relationship between the private network address { X, y } and the public network address { a, b }.
2) Restricted cone NAT: the NAT node may forward all packets with the same source IP address and port sent by the private network side to the public network side with the same public network IP address and port, that is, the NAT node may map the same set of private network IP addresses and ports to the same set of public network IP addresses and ports. Different from the fully tapered NAT, in this scheme, even if the NAT node maps the private network address to the public network address, if the private network device corresponding to the private network address does not send a packet to the public network device, the packet whose destination address is the mapped public network address sent by the public network device will not be forwarded to the private network device through the NAT node. Only if and only if the private network device sends a message to the public network device through the NAT node, the message with the destination address being the mapped public network address sent by the public network device can be forwarded to the private network device through the NAT node.
For example, fig. 2 is a diagram of a restricted cone type NAT, and as shown in fig. 2, a NAT node maps a private network address { X, y } to a public network address { a, b }, and binds the private network address { X, y } to the public network address { a, b }. Because the private network device corresponding to the address { X, y } does not send the message to the public network device corresponding to the IP addresses M and S, the destination address { A, b } sent by the public network device corresponding to the IP addresses M and S, the NAT node will not forward the message to the private network device corresponding to the address { X, y }. And the private network device corresponding to the address { X, y } sends a message to the public network device with the IP address P, so that the NAT node can forward the message with the destination address { A, b } sent by the public network device with the IP address P to the private network device corresponding to the address { X, y } through the NAT node.
It should be understood that, in this scheme, for the packet sent by the public network device, the source port of the packet is not limited. As long as the private network device sends a message to the public network device, the message sent by any port of the public network device can be forwarded to the private network device through the NAT node.
Illustratively, with continued reference to fig. 2, the destination address of the packet sent by the private network device with address { X, y } to the public network device with IP address P may be { P, q }, and the source address of the packet sent by the public network device with destination address { a, b } may be { P, r }, and the packet may also be forwarded to the private network device with address { X, y } through the NAT node.
3) Port-restricted cone NAT: the limitation of the port is increased, and the limitation is further limited for the limited cone type NAT. In the scheme, the NAT node also maps the source IP addresses and the ports of all the messages from the same private network IP address and port to the same public network IP address and port. Different from the limited cone-shaped NAT, in this scheme, if and only if the private network device has sent a packet to the public network device through the NAT node, and the source port of the packet whose destination address is the mapped public network address sent by the public network device is the port that the private network device has accessed, the packet is forwarded to the private network device through the NAT node.
For example, fig. 3 is a schematic diagram of a port-restricted cone-type NAT, and as shown in fig. 3, a NAT node maps a private network address { X, y } to a public network address { a, b }, and binds the private network address { X, y } to the public network address { a, b }. The private network device corresponding to the address { X, y } sends a message with a destination address { M, n } (n is a port) to the public network device with an IP address M, so that the message with the destination address { A, b } sent by the public network device from the port n (namely, the source address is { M, n }) can be forwarded to the private network device corresponding to the address { X, y } through the NAT node. Because the destination port of the message sent by the private network device corresponding to the address { X, y } to the public network device with the IP address P is q, the public network device sends the message with the destination address { A, b } from the port r (namely, the source address is { P, r }), and the NAT node does not forward the message to the private network device corresponding to the address { X, y }; the public network device sends a message with a destination address of { a, b } from a port q (i.e., a source address of { P, q }), and the NAT node may forward the message to the private network device corresponding to the address of { X, y }. In addition, because the private network device corresponding to the address { X, y } has not sent the packet to the public network device with the IP address S, the packet with the destination address { a, b } sent by the public network device is not forwarded to the private network device corresponding to the address { X, y }.
4) Symmetrical NAT: the NAT node maps the source IP addresses and ports of all messages from the same private network IP address and port to the same destination IP address and port to the same public network IP address and port. If a private network device sends a message to different destination addresses and ports through the same port, the private network IP address and the port of the private network device can be mapped to different public network IPs and ports. In the scheme, if and only if the private network device sends a message to the public network device through the NAT node, and the source port of the message, whose destination address is the mapped public network address, sent by the public network device is the port accessed by the private network device, the message is forwarded to the private network device through the NAT node.
For example, fig. 4 is a schematic diagram of a symmetric NAT, and as shown in fig. 4, a NAT node maps a source address { X, y } of a message sent from an address { X, y } to an address { M, n } to a public network address { C, d } (where C is an IP address and d is a port) and binds the two addresses; and mapping the source address { X, y } of the message sent from the address { X, y } to the address { P, q } to the public network address { A, b }, and binding the source address { X, y } and the public network address { A, b }. The public network device with the IP address M sends a packet with the destination address { C, d } from the port n (i.e., the source address is { M, n }), and the NAT node may forward the packet to the private network device corresponding to the address { X, y }. The public network device with the IP address P sends a packet with the destination address { a, b } from the port q (i.e., the source address is { P, q }), and the NAT node may forward the packet to the private network device corresponding to the address { X, y }. And the public network device with the IP address P sends a message with the destination address { a, b } from the port r (i.e. the source address is { P, r }), and the NAT node does not forward the message to the private network device corresponding to the address { X, y }. In addition, because the private network device corresponding to the address { X, y } has not sent the message to the public network device with the IP address S, the NAT node will not forward the message from the public network device with the IP address S to the private network device.
It should be noted that, according to the various NAT schemes, in the NAT mechanism, connections are all initiated by the private network device actively, and the NAT node establishes a mapping relationship after the private network device sends a request, so that the private network device and the public network device can communicate through the NAT node. In the NAT mechanism, the NAT node automatically shields the connection actively initiated by the non-private network device, that is, the packet sent from the public network to the private network is discarded by the NAT node, so that the devices in different private networks corresponding to different NAT nodes cannot directly exchange information.
Secondly, NAT penetration: it can also be called private network/intranet penetration, where NAT penetration is performed to correctly route a packet having a certain source IP address and source port number to an intranet device without being shielded by NAT devices. NAT traversal allows two devices (which may be considered peers) in different private networks corresponding to different NAT nodes to establish a direct connection, which may also be referred to as peer-to-peer (P2P) connection, for data transmission.
It should be appreciated that for different types of NAT scenarios, the process of establishing a P2P connection between two devices in different private networks will be different when NAT traversal is implemented. The following describes the P2P connection establishment procedure in different types of NAT scenarios:
1) fully tapered NAT scenario:
in the complete conical NAT scheme, data transmission can be performed as long as the NAT nodes corresponding to the two devices map their private network addresses to public network addresses, and the two devices know the public network address of the other party, that is, the P2P connection is established. Therefore, in this scheme, two devices need to know their own public network addresses and exchange the public network addresses.
For example, as shown in fig. 5, the two devices may be a client (client)1 and a client 2, in this embodiment of the present application, taking fig. 5 as an example, actions performed by the client 1 side are described in detail, and a process of establishing communication between the client 1 and the client 2 may include the following steps:
1.1, configuring a server (server)1 positioned in a public network.
1.2, the client 1 sends an IP message to the server 1 through the NAT node.
Illustratively, as shown in fig. 5, the NAT node sends an IP packet from client 1, where the source address of the IP packet is the public network address of client 1.
1.3, the server 1 analyzes the IP message, thereby obtaining the public network address of the client 1.
1.4, the server 1 informs the obtained public network address of the client 1 to the client 1 through the NAT node.
For example, as shown in fig. 5, the server 1 sends the obtained public network address to the NAT node, and the NAT node forwards the public network address to the client 1.
It should be understood that the process of the client 2 obtaining its own public network address is the same as the above steps 1.1 to 1.4, and the client 2 may also obtain its own public network address through a server on the public network.
1.5, the client 1 and the client 2 exchange their respective public network addresses through a third party server 2, which third party server 2 is accessible to both parties.
For example, as shown in fig. 5, the client 1 may send its own public network address to the server 2, and may obtain the public network address of the client 2 from the server 2. It should be understood that only the action of client 1 sending its public network address to server 2 is shown in fig. 5, and it should be understood that client 2 will also send its public network address to server 2 and obtain the public network address of client 1 from server 2.
1.6, the client 1 and the client 2 can transmit data according to the public network address of the other party.
2) Restricted cone NAT scenario:
it should be understood that the procedure for establishing P2P connection between two devices in the solution of the restricted cone NAT is similar to the procedure for establishing P2P connection between two devices in the solution of the full cone NAT described above, and the two devices need to know their own public network addresses and exchange the public network addresses. Different from the limited cone-shaped NAT scheme, the two devices need to send a message to each other first and then perform data transmission subsequently.
For example, as shown in fig. 6, the two devices may be a client 1 and a client 2, and the embodiment of the present application takes fig. 6 as an example, and details the actions performed by the client 1 side, where the process of establishing communication between the client 1 and the client 2 may include the following steps:
2.1, configuring a server 1 located in a public network.
2.2, the client 1 sends an IP message to the server 1 through the NAT node.
2.3, the server 1 analyzes the IP message, so as to obtain the public network address of the client 1.
2.4, the server 1 informs the obtained public network address of the client 1 to the client 1 through the NAT node.
2.5 the client 1 and the client 2 exchange their respective public network addresses via a third party server 2, which third party server 2 is accessible to both parties.
It should be noted that, the above steps 2.1 to 2.5 can refer to the related descriptions of steps 1.1 to 1.5.
2.6, the client 1 and the client 2 firstly send a message to the public network address of the other side.
It should be understood that, in the restricted NAT scenario, the private network device needs to send a message to the destination device before receiving the message from the destination device through the NAT node, so that the client 1 and the client 2 first send a message to the public network address of the other party, so as to perform data transmission through the public network address in the following. For example, as shown in fig. 6, the client 1 may send a message to the public network address of the client 2 after knowing the public network address of the client 2.
2.7, the client 1 and the client 2 can transmit data according to the public network address of the other party.
3) The process of establishing the P2P connection between two devices in different private networks in the scenario of the port-restricted cone-shaped NAT is the same as that in the scenario of the restricted cone-shaped NAT, and is not described again.
4) Symmetric NAT scenario:
it should be understood that, in a symmetric NAT scenario, for different destination addresses, the public network addresses mapped by the private network device are different, and the public network address acquired by the private network device through the public network device can only communicate with the public network device, so that two devices in different private networks cannot communicate based on the known public network address. As an implementation manner, two devices in different private networks may be configured with respective proxy addresses on the public network, and data transmission is implemented through the proxy addresses.
For example, as shown in fig. 7, the two devices may be a client 1 and a client 2, and the embodiment of the present application takes fig. 7 as an example, and details the actions performed by the client 1 side, where the process of establishing communication between the client 1 and the client 2 may include the following steps:
4.1, configuring a server 1 located in a public network.
4.2, the client 1 sends an IP message to the server 1 through the NAT node.
4.3, the server 1 analyzes the IP message from the client 1, thereby obtaining the public network address { A1, P1} of the client 1 (A1 is the IP address, P1 is the port).
It should be understood that in the symmetric NAT scenario, the client 1 public network address { a1, P1} obtained by the server 1 can only be used to communicate with the server 1.
4.4, the server 1 generates a corresponding proxy address { a1, P1} for the public network address { a1, P1} of the client 1, and the proxy address { a1, P1} is configured to forward the received packets to the public network address { a1, P1} of the client 1.
4.5, the server 1 informs the client 1 of the generated proxy address { a1, p1} through the NAT node.
It should be understood that the actions on the client 2 side are the same as the above steps 4.1 to 4.5, and the client 2 will also have its corresponding proxy address, such as { a2, p2 }.
4.6, client 1 and client 2 exchange respective proxy addresses { a1, p1} and { a2, p2} through a third party server 2, which third party server 2 is accessible to both parties.
4.7, the client 1 and the client 2 firstly send a message to the proxy address of the other side.
It should be understood that, in a symmetric NAT scenario, a private network device needs to send a message to a destination device before receiving the message from the destination device through an NAT node, so that the client 1 and the client 2 first send a message to an agent address of the other party, so as to perform data transmission through the agent address later. For example, as shown in fig. 6, the client 1 may send a message to the proxy address of the client 2 after learning the proxy address of the client 2.
4.7, the client 1 and the client 2 can carry out data transmission according to the proxy address of the other party.
In the scheme shown in fig. 7, when sending a message, the client 1 and the client 2 are proxy addresses for the other party, and a message of the other party is received through the proxy address of the other party.
It should be understood that in the symmetric NAT scenario, as shown in fig. 7, when client 1 communicates with different public network addresses, the public network addresses mapped by the NAT nodes are different.
It should be noted that, the related contents for NAT and NAT traversal are described in a scenario where communication is performed between devices based on IP addresses and ports (for example, transmission of a TCP message or a User Datagram Protocol (UDP) message), and the above-mentioned NAT scheme is not applicable to a scenario where communication is performed only according to IP addresses. Thus, for scenarios where communication is not performed using IP address + port, some way to penetrate the NAT node is also required.
Three, ping
ping is a procedure for testing the performance of a network connection. The ping command can test the connectivity of the destination device through the ping message and know the relevant state of the destination device, such as packet loss rate, time delay, and the like.
For example, as shown in fig. 8, the client may send a ping message to a server in the public network, where the ping message is forwarded by the router to the server, and the server may also feed back the ping message after receiving the ping message. The client can determine the communication delay with the server according to the time difference between the sending of the ping message to the server and the receiving of the ping message fed back by the server.
It should be understood that the ping message also needs to be forwarded to the destination device through a router and/or a switch (such as the router shown in fig. 8), and in a scenario applying the NAT technology, the router, the switch, and the like are NAT nodes, so that the ping message also needs to traverse the NAT nodes. However, the ping message belongs to an ICMP message, the ICMP message has no port number, and the NAT node can only forward according to an IP address, so the NAT traversal scheme applied to the TCP/UDP scenario described above cannot be applied.
In the related art, for an ICMP message sent by a private network device to a public network device, an NAT node corresponding to the private network device may forward the ICMP message in a manner of forwarding a TCP/UDP message according to a virtual source port and a virtual destination port of a special field in the ICMP message.
For example, fig. 9 is a schematic diagram of a partial format of an ICMP message, and as shown in fig. 9, the ICMP message may include a type (type) field, a code (code) field, a checksum (checksum) field, an identifier (identifier) field, a sequence number (sequence number) field, an option (option) field, and the like. The NAT node may use the value of the type (type) field + the value of the code (code) field in the ICMP packet as the source port and the value of the identifier (identifier) field as the destination port.
Taking the communication scenario shown in fig. 8 as an example, the client may send an ICMP request message to the server, and assume that the IP address of the client is 192.168.0.2, the IP address of the router is 188.10.1.2, and the IP address of the server is 200.10.2.1. If the router regards the value of type + code (code) in the ICMP request message as the source port and the value of identifier as the destination port, the address information of the ICMP request message received by the router from the client may be, as shown in table 1, the source IP address is 192.168.0.2, the source port is type + code, the destination IP address is 200.10.2.1, and the destination port is identifier.
TABLE 1
Figure BDA0003232418610000091
Figure BDA0003232418610000101
After receiving the ICMP request message sent by the client, the router in fig. 8 performs source address translation (SNAT), and sends the ICMP request message after source address translation. It should be understood that after the source IP address of the ICMP request message is replaced, the value of the identifier field of the ICMP request message may change, which may be referred to as identifier-X, and the router may use the identifier-X as the source port of the ICMP request message after being converted by the router. As shown in table 2, the source IP address of the ICMP request packet after being converted by the router is 188.10.1.2, the source port is identifier-X, the destination IP address is 200.10.2.1, and the destination port is identifier.
TABLE 2
Source IP address Source port Destination IP address Destination port
188.10.1.2 identifier-X 200.10.2.1 identifier
In addition, the router also generates a NAT table locally, and the NAT table is the mapping relation between the private network address information of the client side and the public network address information. For example, the NAT table may be as shown in table 3, and the NAT table may be a five-tuple including a source IP, a source port, a destination IP, a destination port, and a type, where the source IP address is 192.168.0.2, the source port is type + code, the destination IP address is 188.10.1.2, the destination port is identifier-X, and the type is ICMP.
TABLE 3
Source IP address Source port Destination IP address Destination port Type (B)
192.168.0.2 type+code 188.10.1.2 identifier-X ICMP
It should be understood that the source IP and the source port in the NAT table shown in table 3 may be understood as private network address information (address information of the client) before mapping, and the destination IP and the destination port may be understood as public network address information (address information of the router) after mapping.
After receiving the ICMP request message, the server generates an ICMP response message, where the type + code in the response message is used as the source port and the identifier-X is used as the destination port. For example, the address information of the ICMP response packet may be as shown in table 4, where the source IP address is 200.10.2.1 (i.e., the IP address of the server), the source port is type + code, the destination IP address is 188.10.1.2 (public network address mapped by the client), and the destination port is identifier-X (public network port mapped by the client).
TABLE 4
Source IP address Source port Destination IP address Destination port
200.10.2.1 type+code 188.10.1.2 identifier-X
After the ICMP response packet reaches the router, the router may perform Destination Network Address Translation (DNAT) according to the NAT table generated before, replace the destination IP address of the ICMP response packet with 192.168.0.2, and replace the destination port with type + code, so that the router may forward the ICMP response packet to the client.
The ICMP message in the above description may be a ping message, and it can be seen that, in the related art, the private network device may actively send a ping message to the public network device, and the ping message may penetrate through the NAT node to reach the public network.
It should be noted that, in the above-mentioned scheme, the ICMP response message can penetrate through the NAT node to reach the private network, because when the private network device actively sends the ICMP request message to the external network, the NAT node establishes the NAT table (i.e. the mapping relationship between the private network address and the public network address) for forwarding the ICMP message according to the received ICMP message, so that the NAT node can forward the ICMP response message according to the NAT table. It should be understood that, if the NAT node receives an ICMP request message from the public network, at this time, the NAT node cannot determine the mapping relationship between the destination address of the ICMP request message and the private network address, and cannot forward the ICMP request message from the public network. Therefore, it can be understood that the ping request message from the public network cannot penetrate through the NAT node to reach the private network.
However, in some possible scenarios, a destination device that needs to be tested through a ping command may be in a private network, and the existing technology cannot implement sending a ping request message to a private network device.
Based on this, the embodiment of the present application provides a message forwarding method, where a payload of a ping request message in the embodiment of the present application may carry an information tuple, and an NAT node may determine a private network address according to the information tuple and a mapping relationship used for forwarding a TCP/UDP message, and further may forward the ping request message to a private network device corresponding to the private network address. The method provided by the application can enable the ping request message from the public network to penetrate through the NAT node to reach the private network, so that the source device can execute the ping operation on the destination device positioned in the private network.
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. Where in the description of the present application, "/" indicates a relationship where the objects associated before and after are an "or", unless otherwise stated, for example, a/B may indicate a or B; in the present application, "and/or" is only an association relationship describing an associated object, and means that there may be three relationships, for example, a and/or B, and may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. Also, in the description of the present application, "a plurality" means two or more than two unless otherwise specified. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple. In addition, in order to facilitate clear description of technical solutions of the embodiments of the present application, in the embodiments of the present application, terms such as "first" and "second" are used to distinguish the same items or similar items having substantially the same functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance. Also, in the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as examples, illustrations or illustrations. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present relevant concepts in a concrete fashion for ease of understanding.
In addition, the network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not constitute a limitation to the technical solution provided in the embodiment of the present application, and it can be known by a person skilled in the art that the technical solution provided in the embodiment of the present application is also applicable to similar technical problems along with the evolution of the network architecture and the appearance of a new service scenario.
First, a communication system to which the message forwarding method provided in the embodiment of the present application is applied is briefly introduced. Fig. 10 is a schematic diagram of a communication system applicable to the message forwarding method provided in the present application, where the communication system may include a device 1001, a NAT node 1002, and a device 1003, where the device 1001 is located in a private network, the device 1003 is located in a public network, and the NAT node 1002 is configured to perform translation between a public network address and a private network address. Fig. 11 is a schematic diagram of another communication system applicable to the message forwarding method provided in the present application, where the communication system may include a device 1101, a NAT node 1102, a NAT node 1103 and a device 1104, where the device 1101 and the device 1104 are located in different private networks, the NAT node 1102 provides translation between a private network address and a public network address for a private network where the device 1101 is located, and the NAT node 1103 provides translation between a private network address and a public network address for a private network where the device 1104 is located. Fig. 12 is a schematic diagram of another communication system applicable to the message forwarding method provided in the present application, where the communication system may include a device 1201, a NAT node 1202, a NAT node 1203, and a device 1204, where the NAT node 1202 is located in a private network, the device 1201 is located in a secondary private network below the NAT node 1202, the NAT node 1203 provides translation between a private network address and a public network address for the private network where the NAT node 1202 is located, and the device 1204 is located in a public network.
It should be noted that the description of the embodiments of the present application should be made for the purpose of more clearly explaining the technical solutions of the embodiments of the present application, and should not be construed as limiting the technical solutions provided in the embodiments of the present application. For example, the device on the public network shown in fig. 10 may not only be the device 1003, but also may have more other public network devices, and in addition, the private network where the device 1001 is located may also have other private network devices. In addition, there may be other numbers of devices in fig. 11 and 12. The embodiments of the present application are not limited to this.
Optionally, the first apparatus, the second apparatus, and the first NAT node in this embodiment may also be referred to as communication apparatuses, which may be a general device or a special device, and this is not limited in this embodiment of the present application.
Optionally, the related functions of the first apparatus, the second apparatus, or the NAT node in the embodiment of the present application may be implemented by one device, or may be implemented by multiple devices together, or may be implemented by one or more functional modules in one device, which is not specifically limited in this embodiment of the present application. It is understood that the above functions may be network elements in a hardware device, or software functions running on dedicated hardware, or a combination of hardware and software, or virtualization functions instantiated on a platform (e.g., a cloud platform).
For example, the related functions of the first apparatus, the second apparatus, or the first NAT node in the embodiment of the present application may be implemented by the communication device 130 in fig. 13. Fig. 13 is a schematic structural diagram of a communication device 130 according to an embodiment of the present application. The communication device 130 includes one or more processors 1301, a communication line 1302, and at least one communication interface (fig. 13 is only exemplary and includes a communication interface 1304 and a processor 1301 for example), and optionally may further include a memory 1303.
The processor 1301 may be a general processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more ics for controlling the execution of programs in accordance with the present disclosure.
The communication line 1302 may include a path for connecting different components.
The communication interface 1304, which may be a transceiver module, is used for communicating with other devices or communication networks, such as ethernet, RAN, Wireless Local Area Networks (WLAN), etc. For example, the transceiver module may be a transceiver, or the like. Optionally, the communication interface 1304 may also be a transceiver circuit located in the processor 1301, so as to realize signal input and signal output of the processor.
The memory 1303 may be a device having a storage function. Such as, but not limited to, read-only memory (ROM) or other types of static storage devices that may store static information and instructions, Random Access Memory (RAM) or other types of dynamic storage devices that may store information and instructions, electrically erasable programmable read-only memory (EEPROM), compact disk read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be separate and coupled to the processor via a communication line 1302. The memory may also be integral to the processor.
The memory 1303 is used for storing computer-executable instructions for executing the scheme of the present application, and is controlled by the processor 1301 to execute the instructions. The processor 1301 is configured to execute a computer execution instruction stored in the memory 1303, so as to implement the message forwarding method provided in this embodiment of the present application.
Alternatively, in this embodiment of the application, the processor 1301 may also execute a function related to processing in the message forwarding method provided in the following embodiments of the application, and the communication interface 1304 is responsible for communicating with other devices or a communication network, which is not specifically limited in this embodiment of the application.
Optionally, the computer-executable instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.
In particular implementations, processor 1301 may include one or more CPUs, such as CPU0 and CPU1 in fig. 13, as one embodiment.
In particular implementations, communication device 130 may include multiple processors, such as processor 1301 and processor 1308 of fig. 13, for one embodiment. Each of these processors may be a single-core (si) processor or a multi-core (multi-core) processor. The processor herein may include, but is not limited to, at least one of: various computing devices that run software, such as a Central Processing Unit (CPU), a microprocessor, a Digital Signal Processor (DSP), a Microcontroller (MCU), or an artificial intelligence processor, may each include one or more cores for executing software instructions to perform operations or processing.
In one implementation, the communication device 130 may also include an output device 1305 and an input device 1306, as an example. The output device 1305, which is in communication with the processor 1301, may display information in a variety of ways. For example, the output device 1305 may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. Input device 1306 is in communication with processor 1301 and may receive user input in a variety of ways. For example, the input device 1306 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.
The communication device 130 may also be referred to as a communication apparatus, which may be a general-purpose device or a special-purpose device. For example, the communication device 130 may be a desktop computer, a portable computer, a network destination device, a Personal Digital Assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, an embedded device, the terminal device, the network device, or a device having a similar structure as in fig. 13. The embodiment of the present application does not limit the type of the communication device 130.
The message forwarding method provided in the embodiment of the present application will be described in detail below with reference to fig. 1 to 13.
Fig. 14 is a message forwarding method provided in this embodiment, and as shown in fig. 14, the method may include the following steps.
S1401, the first NAT node receives a first ping message from the first port.
Wherein, the first port corresponds to the first network. In one possible implementation, the first network may be a public network, and thus the first NAT node is a first ping message received from the public network side.
Taking the communication system shown in fig. 10 as an example, the first NAT node may be the NAT node 1002, and the first ping message may be sent by the device 1003 to the NAT node 1002. Taking the communication system shown in fig. 11 as an example, the first NAT node may be the NAT node 1102, the first ping message may be sent by the NAT node 1103 to the NAT node 1002, or the first NAT node may be the NAT node 1103, and the first ping message may be sent by the NAT node 1102 to the NAT node 1003. Taking the communication system shown in fig. 12 as an example, the first NAT node may be the NAT node 1203, and the first ping message may be sent by the device 1204 to the NAT node 1203.
Optionally, the first NAT node may determine whether the first network is a public network or a private network according to local configuration information, where the configuration information may indicate whether the first port is connected to the private network or the public network. As an implementation manner, a local port of the first NAT node has a corresponding relationship with networks on both sides, for example, some ports are connected to a private network, some ports are connected to a public network, and if a first port receiving the first ping message is a port connected to the public network, it may be determined that the first network is the public network.
Optionally, the first NAT node may determine whether the first network is a public network or a private network according to the network segment to which the source address of the first ping message belongs. As an implementation manner, the public network address and the private network address may have different network segments, and the first network may be determined according to the network segment to which the source address of the first ping message belongs.
In this embodiment, a payload (payload) of the first ping packet may include a first information tuple. In one possible implementation, the first information tuple may be a quadruple that may include a first source address, a first source port, a first destination address, and a first destination port. The first source address may be a source address of the first ping message, and the first destination address may be a destination address of the first ping message. The first source port may be a port used by the device corresponding to the first source address when sending a TCP/UDP message, and the first destination port may be a port used by the device corresponding to the first destination address when receiving a TCP/UDP message from the device corresponding to the first source address. Therefore, the quadruple can be understood as the source address information + the destination address information of the TCP/UDP message sent by the device corresponding to the first source address.
It should be understood that in the embodiments of the present application, the source address information refers to a source address + a source port, and the destination address information refers to a destination address + a destination port, which are collectively described herein.
It should be appreciated that when the first network is a public network and the second network is a private network, the first source address is a public network address and the first destination address is a public network address of the first NAT node on the first network (i.e., the public network). For example, in the communication system shown in fig. 10, the source address of the first ping message may be the IP address of the device 1003 on the public network, and the destination address may be the IP address of the NAT node 1002 on the public network.
It should be noted that the first information tuple in the payload of the first ping message may be understood as address information corresponding to a TCP/UDP connection between devices. Continuing with fig. 10, taking the source address of the first ping message as the IP address of the device 1003 and the destination address as the IP address of the NAT node 1002 on the public network as an example, the first source port is the port of the TCP/UDP connection between the NAT node 1002 and the device 1003 on the device 1003, and the first destination port is the port of the TCP/UDP connection between the NAT node 1002 and the device 1003 on the NAT node 1002.
It can be seen that although the ping message has no port number, which results in that the NAT node cannot forward the ping message according to the existing method for processing the TCP/UDP message, in the embodiment of the present application, the payload of the first ping message carries address information related to TCP/UDP connection, so that it is possible for the NAT node to forward the first ping message.
S1402, the first NAT node sends the updated first ping message from the second port according to the first information element group in the payload of the first ping message and the first mapping relation.
Wherein the second port corresponds to a second network. As an implementation, when the first network is a public network, the second network may be a private network. That is, the first NAT node may forward the first ping packet from the public network to a certain device in the private network.
In this embodiment of the present application, the first NAT node locally has a first mapping relationship, where the first mapping relationship may include a mapping relationship between the first information tuple and the destination address information, and the destination address information in the first mapping relationship includes a destination address and a destination port.
It should be noted that the first mapping relationship is already established by the first NAT node before receiving the first ping message, and the first mapping relationship may be used for replacing the source address and the source port, or replacing the destination address and the destination port when the first NAT node forwards a TCP/UDP message between the first device and the second device. The first mapping relationship may include a mapping relationship between a quadruple and destination address information, where the quadruple includes a source IP address, a source port, a destination IP address, and a destination port of the TCP/UDP packet, and the quadruple may be written as: source IP address/source port + destination IP address/destination port, the quadruple can be considered as source address information + destination address information of the TCP/UDP message. When forwarding the TCP/UDP packet, the first NAT node may replace the source address and the source port of the TCP/UDP packet with the destination address and the destination port in the first mapping relationship, or replace the destination address and the destination port of the TCP/UDP packet with the destination address and the destination port in the first mapping relationship, according to the mapping relationship between the quadruple included in the first mapping relationship and the destination address information.
It should be understood that it is the source address and source port of the TCP/UDP message that is replaced, or the destination address and destination port of the TCP/UDP message that is replaced, depending on the transmission direction of the TCP/UDP message. For example, for a TCP/UDP packet transmitted from a public network to a private network (which may be referred to as downlink transmission), the NAT node may replace a destination address and a destination port of the packet and then forward the packet; on the contrary, for a TCP/UDP packet transmitted from the private network to the public network (which may be referred to as uplink transmission), the NAT node replaces the source address and the source port of the packet and forwards the packet.
It should be noted that the source address information + the destination address information of the TCP/UDP packet may represent the transmission direction of the TCP/UDP packet, and the transmission direction of the represented packet is determined, so that the mapping relationship between one quadruple in the first mapping relationship and the destination address information may be only used for forwarding the packet in one direction of uplink transmission and downlink transmission. Therefore, the first mapping relationship may include two types of mapping relationships, one type of mapping relationship is used for replacing the source address information of the message during uplink transmission, and the other type of mapping relationship is used for replacing the destination address information of the message during downlink transmission. It should be appreciated that if the first NAT node only forwards TCP/UDP packets for a pair of devices, the first mapping relationship in the first NAT node only includes a pair (i.e., two) of mapping relationships, for upstream and downstream transmissions, respectively. If the first NAT node forwards TCP/UDP packets for multiple pairs of devices at the same time, the first mapping relationship in the first NAT node may include multiple pairs of mapping relationships.
It should be noted that, according to the foregoing, when the first information tuple is a quadruple, the first information tuple may be source address information + destination address information of the TCP/UDP packet, and therefore the first mapping relationship may include a mapping relationship between the first information tuple and the destination address information.
In this embodiment, the first NAT node may send the updated first ping message from the second port according to the first information tuple in the payload of the first ping message and the first mapping relationship. It can be seen that, in the embodiment of the present application, even if the ping message itself does not have a port number, the first NAT node may also forward the first ping message according to the first information tuple in the payload of the first ping message. The method provided by the embodiment of the application can enable the ping message from the public network to penetrate through the NAT node to reach the private network.
As an implementation manner, after receiving the first ping message, the first NAT node may determine a first information tuple in a payload of the first ping message, and then may search a mapping relationship corresponding to the first information tuple in the first mapping relationship, and then may forward the first ping message after replacing the source address or the destination address. It should be understood that the determination by the first NAT node of whether to replace the source address or the destination address of the first ping message is the same as the processing logic of the first NAT node when forwarding the TCP/UDP message, and is not described in detail again.
Optionally, when the first network is a public network and the second network is a private network, the first NAT node may replace a destination address of the first ping message received from the public network with a destination address in the first mapping relationship according to a mapping relationship between the first information tuple and the destination address information, and then forward the destination address to the private network side. In other words, when the first network is a public network and the second network is a private network, the updated destination address of the first ping message is the destination address in the first mapping relationship. It should be understood that, when the first network is a public network and the second network is a private network, the destination address in the first mapping relationship is a private network address of a private network device in the second network. Thus, the first ping message may be forwarded to the private network device.
In summary, in the message forwarding method provided in the embodiment of the present application, the first NAT node may forward the first ping message according to the first information tuple in the payload of the received first ping message and the local first mapping relationship. The first ping message may be a ping message from a public network, so that the message forwarding method provided by the embodiment of the application can enable the ping message from the public network to penetrate through the NAT node to reach the private network. The method can solve the problem that the ping request message from the public network can not penetrate through the NAT node to reach the private network in the prior art.
Optionally, in this embodiment of the application, the first network may be a private network, the second network may be a public network, and the first ping message may be transmitted from the private network to the public network. And the destination address of the first ping message transmitted from the private network to the public network is not the address of the first NAT node. Taking the communication system shown in fig. 10 as an example, the first NAT node may be the NAT node 1002, and the destination address of the first ping message sent by the device 1001 is the address of the device 1003, and the first ping message may pass through the NAT node 1002. Taking the communication system shown in fig. 11 as an example, the first NAT node may be the NAT node 1102, and the destination address of the first ping message sent by the device 1101 may be the address of the NAT node 1103, and the first ping message may pass through the NAT node 1102; or the first NAT node may be the NAT node 1103, and the destination address of the first ping message sent by the device 1104 may be the address of the NAT node 1102, and the first ping message may pass through the NAT node 1103. Taking the communication system shown in fig. 12 as an example, the first NAT node may be a NAT node 1203, the destination address of the first ping message may be the address of the device 1204, and the first ping message may pass through the NAT node 1203. It should be understood that, by adopting the method provided by the embodiment of the present application to forward the ping message from the private network to the public network, the NAT node does not need to generate a virtual port according to the special field of the ping message, and the scheme reuses the prior art, so that the processing complexity of the NAT node can be reduced.
Optionally, in this embodiment of the application, the first network may be a secondary private network, the second network may be a primary private network, and the first ping packet may be transmitted from the secondary private network to the primary private network. It should be understood that, from the transmission direction, the first ping message is transmitted from the secondary private network to the primary private network, and also may be understood as being transmitted from the private network to the public network, both belonging to the uplink transmission. In this case, the destination address of the first ping message is not the address of the first NAT node. Illustratively, taking the communication system shown in fig. 12 as an example, the first NAT node may be the NAT node 1202, the first ping message may be sent by the device 1201 to the NAT node 1202, and the destination address of the first ping message may be the address of the device 1204.
Optionally, in this embodiment of the application, the first network may be a primary private network, the second network may be a secondary private network, and the first ping packet may be transmitted from the primary private network to the secondary private network. It should be understood that, from the transmission direction, the first ping message is transmitted from the primary private network to the secondary private network, and may also be understood as being transmitted from the public network to the private network, both belonging to downlink transmission. Because the public network side cannot know the address of the private network side, correspondingly, the device in the first-level private network cannot know the address of the device in the second-level private network, and in this case, the destination address of the first ping message is the address of the first NAT node on the first-level private network. For example, taking the communication system shown in fig. 12 as an example, the first NAT node may be the NAT node 1202, the first ping message may be sent by the NAT node 1203 to the NAT node 1202, and a destination address of the first ping message is an address of the NAT node 1202.
It can be seen that, when forwarding the ping message, the message forwarding method provided in the embodiment of the present application does not limit the transmission direction of the ping message, which greatly improves the flexibility of sending the ping message.
It should be noted that, in this embodiment of the present application, a TCP/UDP connection may be established between the first device and the second device, where the TCP/UDP connection includes one or more NAT nodes, and the one or more NAT nodes may include the first NAT node. In other words, the first NAT node may be a NAT node on a TCP/UDP connection established between the first device and the second device. The first device may be a client, and the second device may be a server.
For example, taking the communication system shown in fig. 10 as an example, the device 1001 may be a first device, the device 1003 may be a second device, a TCP/UDP connection may be established between the device 1001 and the device 1003, and the NAT node 1002 may be a first NAT node. Taking the communication system shown in fig. 11 as an example, the device 1101 may be a first device, the device 1104 may be a second device, a TCP/UDP connection may be established between the device 1101 and the device 1104, and the NAT node 1102 and/or the NAT node 1103 may be a first NAT node. The communication system shown in fig. 12 is the same as the TCP/UDP connection established in the communication system shown in fig. 11, and is not described again.
In this embodiment, the first mapping relationship may be generated by the first NAT node when the first device establishes a TCP/UDP connection with the second device. It should be appreciated that the first NAT node acts as a node on a TCP/UDP connection between the first device and the second device for which the first NAT node will also assign a forwarding interface. Moreover, the first NAT node needs to perform public network address and private network address translation on a TCP/UDP packet transmitted between the first device and the second device, and the first device and the second device can communicate through TCP/UDP connection. Thus, after the first NAT node allocates a forwarding interface for the TCP/UDP connection, the first NAT node may generate the first mapping relationship.
Optionally, before the step S1401, the first device may send a connection establishment request (connection establishment request) for establishing a TCP/UDP connection with the second device, and the first NAT node may generate the first mapping relationship according to the connection establishment request. The source IP address of the TCP/UDP connection establishment request is the IP address of the first device, the source port is a port used by the first device for establishing the TCP/UDP connection, the destination IP address is the public network IP address of the second device, and the destination port is a port used by the device corresponding to the public network IP address of the second device for establishing the TCP/UDP connection.
Exemplarily, taking the communication system shown in fig. 10 as an example, the device 1001 is located in a private network, and its private network IP address is 192.168.1.2, and its public network IP address (i.e., the IP address of the NAT node 1002) is 222.24.1.4; device 1003 is located on a public network with a public network IP address of 47.1.8.1.2. In this communication system, a device 1001 serves as a first device, a device 1003 serves as a second device, and a NAT node 1002 serves as a first NAT node. The first NAT node generating the first mapping from the TCP/UDP connection establishment request may include the following steps.
(1) Device 1001 sends a TCP/UDP connection establishment request.
It should be understood that device 1003 is located on a public network, so device 1001 may send a TCP/UDP connection establishment request directly to device 1003.
The port used by device 1001 to establish a TCP/UDP connection may be 2233 and the port used by device 1003 to establish a TCP/UDP connection may be 80. Thus, the TCP/UDP connection establishment request
(2) The NAT node 1002 establishes a first mapping relationship.
The NAT node 1002, upon receiving the TCP/UDP connection establishment request sent by the device 1001, may assign a forwarding port, e.g., 5544, for the TCP/UDP connection. The NAT node 1002 may replace the source address of the TCP/UDP connection establishment request with 222.24.1.4 and the source port with 5544 before forwarding to the device 1003.
It should be appreciated that NAT node 1002, acting as a node on a TCP/UDP connection, needs to forward in both directions, and therefore needs to establish a mapping relationship for address translation in both upstream and downstream transmissions. The mapping relationship established by the NAT node 1002 for address translation in uplink transmission may be expressed as: 192.168.1.2/2233+ 47.1.8.1.2/80222.24.1.4/5544, where 192.168.1.2/2233 and 47.1.8.1.2/80 are address information of TCP/UDP packets from device 1001, and 222.24.1.4/5544 is destination address information. In subsequent communications, the NAT node 1002 may replace the source address information (i.e., 192.168.1.2/2233) of the TCP/UDP packet from the device 1001 with 222.24.1.4/5544 according to the mapping relationship, and then forward the packet to the device 1003. The mapping relationship established by the NAT node 1002 for address translation in downstream transmission can be represented as 47.1.8.1.2/80+ 222.24.1.4/5544192.168.1.2/2233, where 47.1.8.1.2/80 and 222.24.1.4/5544 are address information of TCP/UDP packets from the device 1003, and 192.168.1.2/2233 is destination address information. The NAT node 1002 may replace the destination address information (i.e., 222.24.1.4/5544) of the TCP/UDP packet from the device 1003 with 192.168.1.2/2233 according to the mapping relationship, and then forward the packet to the device 1001.
The first mapping on NAT node 1102 may include: 192.168.1.2/2233+47.1.8.1.2/80
222.24.1.4/5544 and 47.1.8.1.2/80+ 222.24.1.4/5544192.168.1.2/2233.
It should be understood that after the NAT node 1002 establishes the first mapping relationship, the device 1001 and the device 1003 may be considered to establish a TCP/UDP connection, and the device 1001 and the device 1003 may implement bidirectional communication.
Further illustratively, taking the communication system shown in fig. 11 as an example, the device 1101 is a first device, and the device 1104 is a second device; the device 1101 is located in a private network, and its private network IP address is 192.168.1.2, and the allocated public network IP address (i.e., the IP address of the NAT node 1102) is 222.24.1.4; the device 1104 is located in a private network, and its private network IP address is 192.168.8.2, and the assigned public network IP address (i.e., the IP address of the NAT node 1103) is 47.1.8.1.2. Both the NAT node 1102 and the NAT node 1103 may be first NAT nodes, and the first NAT node generating the first mapping relationship according to the TCP/UDP connection establishment request may include the following steps.
(1) Device 1101 sends a TCP/UDP connection establishment request.
It should be appreciated that since the device 1104 is in a private network, the device 1101 cannot know the private network address of the device 1104, but only the corresponding public network address of the device 1104, and thus the destination address of the TCP/UDP connection establishment request is 47.1.8.1.2. The device 1101 may have a port 2233 for TCP/UDP connections and the NAT node 1103 may have a port 80 for TCP/UDP connections.
(2) NAT node 1102 establishes the first mapping relationship.
NAT node 1102, upon receiving the TCP/UDP connection establishment request sent by device 1101, may assign a forwarding port, e.g., 5544, for the TCP/UDP connection. The NAT node 1102 may replace the source address of the TCP/UDP connection establishment request with 222.24.1.4 and the source port with 5544 before forwarding to the NAT node 1103.
It should be appreciated that NAT node 1102, acting as a node on a TCP/UDP connection, needs to forward in both directions, and therefore needs to establish a mapping relationship for address translation in both upstream and downstream transmissions. The mapping relationship established by NAT node 1102 for address translation in uplink transmission may be expressed as: 192.168.1.2/2233+ 47.1.8.1.2/80222.24.1.4/5544, wherein 192.168.1.2/2233 and 47.1.8.1.2/80 are address information of TCP/UDP packets from the device 1101, and 222.24.1.4/5544 is destination address information. In subsequent communications, the NAT node 1102 may replace the source address information (i.e., 192.168.1.2/2233) of the TCP/UDP packet from the device 1101 with 222.24.1.4/5544 according to the mapping relationship, and then forward the packet to the NAT node 1103. The mapping relationship established by the NAT node 1102 for address translation in downlink transmission may be represented as 47.1.8.1.2/80+ 222.24.1.4/5544192.168.1.2/2233, where 47.1.8.1.2/80 and 222.24.1.4/5544 are address information of a TCP/UDP packet from the NAT node 1103, and 192.168.1.2/2233 is destination address information. The NAT node 1102 may replace the destination address information (i.e., 222.24.1.4/5544) of the TCP/UDP packet from the NAT node 1103 with 192.168.1.2/2233 according to the mapping relationship, and forward the packet to the device 1101.
The first mapping on NAT node 1102 may include: 192.168.1.2/2233+47.1.8.1.2/80
222.24.1.4/5544 and 47.1.8.1.2/80+ 222.24.1.4/5544192.168.1.2/2233.
(3) The NAT node 1103 establishes the first mapping relationship.
The NAT node 1103 is a public network device corresponding to the device 1104, and a mapping relationship between a port of the NAT node 1103 and a port of the device 1104 is arranged thereon. For example, the mapping relationship between NAT node 1103 and device 1104 is 47.1.8.1.2/80192.168.8.2/8080, which indicates that data received at port 80 of NAT node 1103 will be forwarded to port 8080 of device 1104. Therefore, NAT node 1103 forwards the TCP/UDP connection establishment request to device 1104.
It should be understood that, after receiving the TCP/UDP connection establishment request, the NAT node 1103 may know that it is a node on the TCP/UDP connection and needs to perform bidirectional forwarding, so that a mapping relationship for address translation in uplink transmission and downlink transmission needs to be established. The mapping relationship established by the NAT node 1103 for address translation in downlink transmission may be expressed as: 222.24.1.4/5544+ 47.1.8.1.2/80192.168.8.2/8080, wherein 222.24.1.4/5544 and 47.1.8.1.2/80 are address information of a TCP/UDP packet from the NAT node 1102, and 192.168.8.2/8080 is destination address information. In subsequent communications, the NAT node 1103 may replace the destination address information (i.e., 47.1.8.1.2/80) of the TCP/UDP packet from the NAT node 1102 with 192.168.8.2/8080 according to the mapping relationship, and forward the packet to the device 1104. The mapping relationship established by NAT node 1102 for address translation in uplink transmission may be expressed as: 192.168.8.2/8080+ 222.24.1.4/554447.1.8.1.2/80, wherein 192.168.8.2/8080 and 222.24.1.4/5544 are address information of TCP/UDP packet from device 1104, and 47.1.8.1.2/80 is destination address information. NAT node 1103 may replace the source address information (i.e., 192.168.8.2/8080) of the TCP/UDP packet from device 1104 with 47.1.8.1.2/80 based on the mapping, and forward the packet to NAT node 1102.
The first mapping relationship on the NAT node 1103 may include: 222.24.1.4/5544+47.1.8.1.2/80
192.168.8.2/8080 and 192.168.8.2/8080+ 222.24.1.4/554447.1.8.1.2/80.
It should be appreciated that after NAT node 1102 and NAT node 1103 establish the first mapping relationship, device 1101 and device 1104 may be considered to establish a TCP/UDP connection, and device 1101 and device 1104 may be enabled for bidirectional communication.
Further illustratively, taking the communication system shown in fig. 12 as an example, the device 1201 is a first device, and the device 1204 is a second device; the device 1201 accesses the network through the NAT node 1202, is located in a private network, and has a private network IP address of 192.168.1.2; NAT node 1202 accesses the network through NAT node 1203, and is also located in a private network, and its private network IP address is 192.168.5.2; the NAT node 1203 accesses the device 1201 and the NAT node 1202 to the public network, and the public network IP address of the device is 222.24.1.4; the device 1204 is located in a public network having a public network IP address of 47.1.8.1.2. Both the NAT node 1102 and the NAT node 1103 may be first NAT nodes, and the first NAT node generating the first mapping relationship according to the TCP/UDP connection establishment request may include the following steps.
(1) Device 1201 sends a TCP/UDP connection establishment request.
It should be understood that the device 1204 is located in a public network, and the device 1201 can know the address information of the device 1204, so the device 1201 can directly send a TCP/UDP connection establishment request to the device 1204, and the destination address of the TCP/UDP connection establishment request is 47.1.8.1.2.
The port of device 1201 for a TCP/UDP connection may be 2233 and the port of device 1204 for a TCP/UDP connection may be 80.
(2) NAT node 1202 establishes the first mapping relationship.
The NAT node 1202 is used for conversion between address information of a secondary private network where the device 1201 is located and address information of a primary private network where the NAT node 1202 is located. NAT node 1202 may assign a forwarding port, e.g., 5544, for the TCP/UDP connection upon receiving the TCP/UDP connection establishment request sent by apparatus 1201. NAT node 1202 may replace the source address of the TCP/UDP connection establishment request with 192.168.5.4 and the source port with 5544 before forwarding to NAT node 1203.
It should be appreciated that NAT node 1202, acting as a node on a TCP/UDP connection, needs to forward bi-directionally, and therefore needs to establish a mapping relationship for address translation in both upstream and downstream transmissions. The mapping relationship for upstream transmission established by NAT node 1202 may be expressed as: 192.168.1.2/2233+ 47.1.8.1.2/80192.168.5.2/5544, wherein 192.168.1.2/2233 and 47.1.8.1.2/80 are address information of TCP/UDP packets from the device 1201, and 222.24.1.4/5544 is destination address information. In subsequent communications, the NAT node 1202 may replace the source address information (i.e., 192.168.1.2/2233) of the TCP/UDP packet from the device 1201 with 192.168.5.2/5544 according to the mapping relationship, and then forward the packet to the NAT node 1203. The mapping relationship established by the NAT node 1202 for downlink transmission may be represented as 47.1.8.1.2/80+ 192.168.5.2/5544192.168.1.2/2233, where 47.1.8.1.2/80 and 192.168.5.2/5544 are address information of TCP/UDP packets from the NAT node 1203, and 192.168.1.2/2233 is destination address information. The NAT node 1202 may replace the destination address information (i.e., 192.168.5.2/5544) of the TCP/UDP packet from the NAT node 1203 with 192.168.1.2/2233 according to the mapping relationship, and then forward the packet to the apparatus 1201.
The first mapping on NAT node 1202 may include: 192.168.1.2/2233+47.1.8.1.2/80
192.168.5.2/5544 and 47.1.8.1.2/80+ 192.168.5.2/5544192.168.1.2/2233.
(3) NAT node 1203 establishes the first mapping relationship.
NAT node 1203 is used for converting address information of the first-level private network where NAT node 1202 is located with address information of the public network. NAT node 1203, upon receiving the TCP/UDP connection establishment request sent by NAT node 1202, may assign a forwarding port, e.g., 7788, for the TCP/UDP connection. NAT node 1203 may replace the source address of the TCP/UDP connection establishment request with 222.24.1.4 and the source port with 7788 before forwarding to device 1204.
It should be understood that NAT node 1203, as a node on a TCP/UDP connection, needs to perform bidirectional forwarding, and therefore needs to establish a mapping relationship for address translation in uplink transmission and downlink transmission. The mapping relationship for address translation in uplink transmission established by NAT node 1203: 192.168.5.2/5544+ 47.1.8.1.2/80222.24.1.4/7788, wherein 47.1.8.1.2/80 and 192.168.5.2/5544 are address information of TCP/UDP packets from the NAT node 1202, and 222.24.1.4/7788 is destination address information. In subsequent communications, the NAT node 1203 may replace the destination address information (i.e., 192.168.5.2/5544) of the TCP/UDP packet from the NAT node 1202 with 222.24.1.4/7788 according to the mapping relationship, and then forward the packet to the device 1204. The mapping relationship established by NAT node 1202 for address translation in downstream transmissions may be expressed as: 47.1.8.1.2/80+ 222.24.1.4/7788192.168.5.2/5544, wherein 47.1.8.1.2/80 and 222.24.1.4/7788 are address information of TCP/UDP packet from device 1204, and 192.168.5.2/5544 is destination address information. The NAT node 1203 may replace 192.168.5.2/5544 destination address information (i.e., 222.24.1.4/7788) of the TCP/UDP packet from the device 1204 with the mapping, and forward the packet to the NAT node 1202.
The first mapping on NAT node 1203 may include: 192.168.5.2/5544+47.1.8.1.2/80
222.24.1.4/7788 and 47.1.8.1.2/80+ 222.24.1.4/7788192.168.5.2/5544.
It should be appreciated that after NAT node 1202 and NAT node 1203 establish the first mapping, apparatus 1201 and apparatus 1204 may be considered to establish a TCP/UDP connection and apparatus 1201 and apparatus 1204 may be enabled for bidirectional communication.
Optionally, in this embodiment of the application, after receiving the first ping message, the first NAT node may replace the source address or the destination address of the first ping message according to the first information tuple and the first mapping relationship, and may also replace the source address and the source port, or the destination address and the destination port in the first information tuple.
As an implementation manner, when the first network is a public network and the second network is a private network, the first NAT node may replace the first destination address in the first information tuple with a destination address in the first mapping relationship, replace the first destination port with a destination port in the first mapping relationship, and the first information tuple after replacing the address information may be referred to as a second information tuple. In other words, the second information tuple includes the first source address, the first source port, the destination address in the first mapping relationship, and the destination port in the first mapping relationship, and the second information tuple is still carried in the payload of the first ping packet.
It should be understood that the replacement of the address information in the first information tuple by the first NAT node may enable the next-hop NAT node to forward the updated first ping message according to the updated first information tuple.
It should be noted that, if the next hop of the first NAT node is the destination device to which the first ping message is to arrive, the first information tuple in the first ping message is not used. As an implementation manner, the first NAT node may also not need to update the first information tuple in the payload of the first ping message, and the updated payload of the first ping message still carries the first information tuple. As another implementation, the first NAT node may also discard the first information tuple, and the updated first ping message does not include the information tuple. Based on the method, unnecessary work of the NAT node can be reduced, and the forwarding efficiency of the NAT node can be improved.
It should be appreciated that the first NAT node can be configured to forward both TCP and UDP packets, and thus the mapping established by the first NAT node corresponds to TCP or UDP transmissions. In one possible implementation, the first mapping relationship established by the first NAT node may have a protocol type corresponding thereto, so as to indicate a protocol used for transmission of the first mapping relationship. It should be noted that, the description above is described with the first information tuple being a quadruple. Optionally, in this embodiment of the application, the first information tuple in the first ping message payload may also be a five-tuple, and may further include a first protocol type in addition to a four-tuple including the first source address, the first source port, the first destination address, and the first destination port, where the first protocol type is used to indicate that the four-tuple in the first information tuple is address information used in what protocol transmission. Based on this, the first NAT node may be able to find a mapping relationship matching the quadruple according to the first protocol type in the first information tuple, and further determine target address information in the mapping relationship. Wherein the first protocol type may be TCP or UDP.
It should be noted that, when the first information tuple is a quintuple, the first NAT node may query the first mapping relationship according to the address information in the quintuple to determine the destination address information. And, the first NAT node may only replace the source address information or the destination address information in the first information tuple, and the first type information may not be processed. That is, after the first NAT node updates the first information tuple to the second information tuple, the second information tuple still includes the first type information.
It should be understood that the message forwarding method provided in the embodiment of the present application may forward a ping message from an external network to an internal network, or may forward a ping message from an internal network to an external network, so that the message forwarding method provided in the embodiment of the present application may implement a complete ping process, including sending a ping request message and receiving a ping response message. A complete ping process implemented by the message forwarding method provided in the embodiment of the present application will be described below with reference to the scenarios shown in fig. 10 to 12.
As an implementation manner, taking the communication system shown in fig. 10 as an example, as shown in fig. 15, the process may include the following steps.
1. Device 1001 sends a TCP/UDP connection establishment request.
The NAT node 1002 establishes a mapping relation: 192.168.1.2/2233+ 47.1.8.1.2/80222.24.1.4/5544 and 47.1.8.1.2/80+ 222.24.1.4/5544192.168.1.2/2233.
3. Device 1003 sends a ping request message, where the destination IP address of the ping request message is 222.24.1.4, and the quadruple in the payload is: 47.1.8.1.2/80+222.24.1.4/5544.
The NAT node 100 replaces the destination address of the ping request message with 192.168.1.2 and the quadruple in the payload with 47.1.8.1.2/80+192.168.1.2/2233, and forwards the message to the device 1001.
5. Device 1001 receives the ping request message and replies to the ping response message.
It should be understood that the manner in which the NAT node 1002 forwards the ping response message is the same as the principle in which the ping request message is forwarded, and only the address information of the ping response message needs to be replaced according to the mapping relationship for address replacement in uplink transmission, which is not described in detail in this embodiment of the present application.
As an implementation manner, taking the communication system shown in fig. 11 as an example, as shown in fig. 16, the process may include the following steps.
1. Device 1101 sends a TCP/UDP connection establishment request.
NAT node 1102 establishes a mapping relationship: 192.168.1.2/2233+ 47.1.8.1.2/80222.24.1.4/5544 and 47.1.8.1.2/80+ 222.24.1.4/5544192.168.1.2/2233. And the NAT node 1103 establishes a mapping relationship: 222.24.1.4/5544+ 47.1.8.1.2/80192.168.8.2/8080 and 192.168.8.2/8080+222.24.1.4/5544
47.1.8.1.2/80。
3. Device 1104 sends a ping request message with destination IP address 222.24.1.4 and quadruple in payload: 192.168.8.2/8080+222.24.1.4/5544.
The NAT node 1103 replaces the source address of the ping request message with 47.1.8.1.2 and the quadruple in the payload with 47.1.8.1.2/80+222.24.1.4/5544 and forwards it to the NAT node 1102.
The NAT node 1102 replaces the destination address of the ping request message with 192.168.8.2, replaces the quadruple in the payload with 47.1.8.1.2/80+192.168.1.2/2233, and forwards to the device 1101.
6. Device 1101 receives the ping request message and replies to the ping response message.
It should be understood that the NAT node 1102 and the NAT node 1103 forward the ping response message in the same manner as the ping request message forwarding principle, the NAT node 1102 may replace the address information of the ping response message according to the mapping relationship for address replacement in uplink transmission, and the NAT node 1103 may replace the address information of the ping response message according to the mapping relationship for address replacement in downlink transmission, which is not described in detail in this embodiment of the present application.
As an implementation manner, taking the communication system shown in fig. 12 as an example, as shown in fig. 17, the process may include the following steps.
1. Device 1201 sends a TCP/UDP connection establishment request.
NAT node 1202 establishes a mapping relationship: 192.168.1.2/2233+ 47.1.8.1.2/80192.168.5.2/5544 and 47.1.8.1.2/80+ 192.168.5.2/5544192.168.1.2/2233. And, NAT node 1203 establishes a mapping relationship: 192.168.5.2/5544+ 47.1.8.1.2/80222.24.1.4/7788 and 47.1.8.1.2/80+222.24.1.4/7788
192.168.5.2/5544。
3. Device 1204 sends a ping request message with destination IP address 222.24.1.4 and a quadruple in the payload: 47.1.8.1.2/80+222.24.1.4/7788.
The NAT node 1203 replaces the destination address of the ping request message with 192.168.5.2, replaces the quadruple in the payload with 47.1.8.1.2/80+192.168.5.2/5544, and then forwards to the NAT node 1202.
The NAT node 1202 replaces the destination address of the ping request message with 192.168.1.2 and replaces the quadruple in the payload with 47.1.8.1.2/80+192.168.1.2/2233 and forwards to the device 1201.
6. Device 1201 receives the ping request message and replies to the ping response message.
It should be understood that the manner in which NAT node 1202 and NAT node 1203 forward the ping response message is the same as the principle of forwarding the ping request message, and only the address information of the ping response message needs to be replaced according to the mapping relationship for address replacement in uplink transmission, which is not described in detail in this embodiment of the present application.
It should be noted that, in the above method embodiment, the processor 1301 in the communication apparatus 130 shown in fig. 13 may call the application program code stored in the memory 1302 to instruct the first NAT node to perform the action of the first apparatus, the processor 1301 in the communication apparatus 130 shown in fig. 13 may call the application program code stored in the memory 1302 to instruct the first apparatus to perform the action of the first apparatus, and the processor 1301 in the communication apparatus 130 shown in fig. 13 may call the application program code stored in the memory 1302 to instruct the second apparatus to perform the action of the second apparatus, which is not limited in this embodiment.
It is to be understood that, in the above embodiments, the method and/or the steps implemented by the terminal device may also be implemented by a component (e.g., a chip or a circuit) that can be used for the terminal device; the methods and/or steps implemented by the access network device may also be implemented by components (e.g., chips or circuits) that may be used in the access network device.
The above description mainly introduces the scheme provided by the embodiment of the present application from the perspective of interaction between various devices. Correspondingly, the embodiment of the application also provides a communication device, and the communication device is used for realizing the various methods. The communication device may be the terminal device in the above method embodiment, or a device including the above terminal device, or a component that can be used for the terminal device; alternatively, the communication device may be the access network device in the above method embodiment, or a device including the above access network device, or a component that can be used for the access network device. It is to be understood that the communication device comprises corresponding hardware structures and/or software modules for performing the respective functions in order to realize the above-mentioned functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the communication apparatus may be divided into functional modules according to the method embodiments, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.
Fig. 18 shows a schematic structural diagram of a communication device 180. The communication device 180 includes a transceiver module 1801 and a processing module 1802. The transceiver module 1801, which may also be referred to as a transceiver unit, is used to implement a transceiving function, and may be, for example, a transceiving circuit, a transceiver, or a communication interface.
Taking the communication device 180 as the first NAT node in the above method embodiment as an example:
a transceiver module 1801, configured to receive a first ping message from a first port; the first port is connected with a first network, and the payload of the first ping message comprises a first information tuple. The transceiver module 1801 is further configured to send the updated first ping packet through the second port according to the first information tuple in the payload of the first ping packet and the first mapping relationship; the second port is connected with the second network, the first mapping relation comprises a mapping relation between the first information tuple and the target address information, and the target address information in the first mapping relation comprises a target address and a target port.
Optionally, the first information tuple is a quadruple including a first source address, a first source port, a first destination address, and a first destination port. The processing module 1802 is configured to update the first information tuple to a second information tuple, where the second information tuple includes a first source address, a first source port, a target address in the first mapping relationship, and a target port in the first mapping relationship, and a payload of the updated first ping packet carries the second information tuple.
Optionally, the first information tuple is a five-tuple including a first source address, a first source port, a first destination address, a first destination port, and a first protocol type. The processing module 1802 is configured to update the first information tuple to a second information tuple, where the second information tuple includes a first source address, a first source port, a target address in the first mapping relationship, a target port in the first mapping relationship, and a first protocol type, and a payload of the updated first ping packet carries the second information tuple.
Optionally, the first information tuple is a quadruple including a first source address, a first source port, a first destination address, and a first destination port. The processing module 1802 is configured to update the first information tuple to a second information tuple, where the second information tuple includes a target address in the first mapping relationship, a target port in the first mapping relationship, a first target address, and a first target port, and a payload of the updated first ping packet carries the second information tuple.
Optionally, the first information tuple is a five-tuple including a first source address, a first source port, a first destination address, a first destination port, and a first protocol type. The processing module 1802 is configured to update the first information tuple to a second information tuple, where the second information tuple includes a target address in the first mapping relationship, a target port in the first mapping relationship, a first target address, a first target port, and a first protocol type, and a payload of the updated first ping packet carries the second information tuple.
It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again.
In the present embodiment, the communication device 180 is presented in a form of dividing each functional module in an integrated manner. A "module" herein may refer to a particular ASIC, a circuit, a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other device that provides the described functionality. In a simple embodiment, one skilled in the art will appreciate that the communication device 180 may take the form of the communication device 130 shown in FIG. 13.
For example, the processor 1301 in the communication apparatus 130 shown in fig. 13 may invoke a computer stored in the memory 1303 to execute the instructions, so that the communication apparatus 130 executes the message forwarding method in the foregoing method embodiment.
Specifically, the functions/implementation procedures of the transceiver module 1801 and the processing module 1802 in fig. 18 may be implemented by the processor 1301 in the communication apparatus 130 shown in fig. 13 calling a computer executing instruction stored in the memory 1303. Alternatively, the function/implementation procedure of the processing module 1802 in fig. 18 may be implemented by the processor 1301 in the communication apparatus 130 shown in fig. 13 calling a computer executing instruction stored in the memory 1303, and the function/implementation procedure of the transceiving module 1801 in fig. 18 may be implemented by the communication interface 1304 in the communication apparatus 130 shown in fig. 13.
Since the communication device 180 provided in this embodiment can execute the message forwarding method, the technical effect obtained by the communication device can refer to the method embodiment, and is not described herein again.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are all or partially generated upon loading and execution of computer program instructions on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or can comprise one or more data storage devices, such as a server, a data center, etc., that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
As used in this application, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being: a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of example, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component can be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
This application presents various aspects, embodiments, or features around a system that may include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, a combination of these schemes may also be used.
In addition, in the embodiments of the present application, the word "exemplary" is used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term using examples is intended to present concepts in a concrete fashion.
In the embodiment of the present application, information (information), signal (signal), message (message), channel (channel) may be mixed, and it should be noted that the intended meanings are consistent when the differences are not emphasized. "of", "corresponding", and "corresponding" may sometimes be used in combination, it being noted that the intended meaning is consistent when no distinction is made. The terms "system" and "network" may be sometimes used in a mixed manner, and are intended to be consistent when the distinction is not emphasized, for example, the term "communication system" is also intended to mean "communication network".
The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (21)

1. A message forwarding method is characterized in that the method comprises the following steps:
a first Network Address Translation (NAT) node receives a first Internet packet explorer ping message from a first port; the first port is connected with a first network, and the payload of the first ping message comprises a first information tuple;
the first NAT node sends the updated first ping message from the second port according to the first information element group in the payload of the first ping message and the first mapping relation; the second port is connected to a second network, the first mapping relationship includes a mapping relationship between the first information tuple and destination address information, and the destination address information in the first mapping relationship includes a destination address and a destination port.
2. The method according to claim 1, wherein the first network is a public network, the second network is a private network, and a destination address of the updated first ping message is a destination address in the first mapping relationship; and the target address in the first mapping relation belongs to the private network address in the second network.
3. The method of claim 2, wherein the first tuple of information is a quadruple comprising a first source address, a first source port, a first destination address, and a first destination port; the method further comprises the following steps:
the first NAT node updates the first information tuple to a second information tuple, where the second information tuple includes the first source address, the first source port, a destination address in the first mapping relationship, and a destination port in the first mapping relationship; and the updated payload of the first ping message carries the second information element group.
4. The method of claim 2, wherein the first information tuple is a five-tuple comprising a first source address, a first source port, a first destination address, a first destination port, and a first protocol type; the method further comprises the following steps:
the first NAT node updates the first information tuple to a second information tuple, the second information tuple including the first source address, the first source port, a destination address in the first mapping relationship, a destination port in the first mapping relationship, and the first protocol type; and the updated payload of the first ping message carries the second information element group.
5. The method according to claim 1, wherein the first network is a private network, the second network is a public network, and a source address of the updated first ping message is a destination address in the first mapping relation; and the target address in the first mapping relation belongs to a public network address of the first NAT node on a second network.
6. The method of claim 5, wherein the first tuple of information is a quadruple comprising a first source address, a first source port, a first destination address, and a first destination port; the method further comprises the following steps:
the first NAT node updates the first information tuple to a second information tuple, where the second information tuple includes a destination address in the first mapping relationship, a destination port in the first mapping relationship, the first destination address, and the first destination port; and the updated payload of the first ping message carries the second information element group.
7. The method of claim 5, wherein the first information tuple is a five-tuple comprising a first source address, a first source port, a first destination address, a first destination port, and a first protocol type; the method further comprises the following steps:
the first NAT node updates the first information tuple to a second information tuple, wherein the second information tuple comprises a target address in the first mapping relation, a target port in the first mapping relation, the first target address, the first target port and the first protocol type; and the updated payload of the first ping message carries the second information element group.
8. The method according to any one of claims 1 to 7,
a Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) connection is established between the first device and the second device, the TCP/UDP connection comprises one or more NAT nodes, and the one or more NAT nodes comprise the first NAT node.
9. The method according to any of claims 1-8, wherein the payload of the updated first ping message carries the first information tuple;
or the first NAT node discards the first information tuple, and the updated first ping message does not include the information tuple.
10. A communication apparatus, characterized in that the communication apparatus comprises:
a transceiver module, for receiving a first internet packet explorer ping message from a first port; the first port is connected with a first network, and the payload of the first ping message comprises a first information tuple;
the receiving and sending module is further configured to send the updated first ping message from the second port according to the first information tuple in the payload of the first ping message and the first mapping relationship; the second port is connected to a second network, the first mapping relationship includes a mapping relationship between the first information tuple and destination address information, and the destination address information in the first mapping relationship includes a destination address and a destination port.
11. The communication apparatus according to claim 10, wherein the first network is a public network, the second network is a private network, and a destination address of the updated first ping message is a destination address in the first mapping relationship; and the target address in the first mapping relation belongs to a private network address in a second network.
12. The communications apparatus of claim 11, wherein the first tuple of information is a quadruple comprising a first source address, a first source port, a first destination address, and a first destination port; the device further comprises:
a processing module, configured to update the first information tuple to a second information tuple, where the second information tuple includes the first source address, the first source port, a destination address in the first mapping relationship, and a destination port in the first mapping relationship; and the updated payload of the first ping message carries the second information element group.
13. The communications apparatus of claim 11, wherein the first information tuple is a five-tuple comprising a first source address, a first source port, a first destination address, a first destination port, and a first protocol type; the device further comprises:
a processing module, configured to update the first information tuple to a second information tuple, where the second information tuple includes the first source address, the first source port, a destination address in the first mapping relationship, a destination port in the first mapping relationship, and the first protocol type; and the updated payload of the first ping message carries the second information element group.
14. The communication apparatus according to claim 10, wherein the first network is a private network, the second network is a public network, and a source address of the updated first ping message is a destination address in the first mapping relationship; and the target address in the first mapping relation belongs to the public network address of the first network address translation NAT node on the second network.
15. The communications apparatus of claim 14, wherein the first tuple of information is a quadruple comprising a first source address, a first source port, a first destination address, and a first destination port; the device further comprises:
a processing module, configured to update the first information tuple to a second information tuple, where the second information tuple includes a destination address in the first mapping relationship, a destination port in the first mapping relationship, the first destination address, and the first destination port; and the updated payload of the first ping message carries the second information element group.
16. The communications apparatus of claim 14, wherein the first information tuple is a five-tuple comprising a first source address, a first source port, a first destination address, a first destination port, and a first protocol type; the device further comprises:
a processing module, configured to update the first information tuple to a second information tuple, where the second information tuple includes a destination address in the first mapping relationship, a destination port in the first mapping relationship, the first destination address, the first destination port, and the first protocol type; and the updated payload of the first ping message carries the second information element group.
17. The communications device of any one of claims 10-16, wherein the communications device is a first NAT node, wherein a transmission control protocol TCP/User Datagram Protocol (UDP) connection is established between the first device and a second device, wherein the TCP/UDP connection includes one or more NAT nodes, and wherein the one or more NAT nodes include the first NAT node.
18. A communication device according to any of claims 10-17, wherein the payload of the updated first ping message carries the first information tuple;
or the first NAT node discards the first information tuple, and the updated first ping message does not include the information tuple.
19. A communication apparatus, characterized in that the communication apparatus comprises: a processor and a memory;
the memory is to store computer-executable instructions that, when executed by the processor, cause the communication device to perform the method of any of claims 1-9 as a first network address translation, NAT, node.
20. A communication apparatus, characterized in that the communication apparatus comprises: a processor and an interface circuit;
the interface circuit is used for receiving computer execution instructions and transmitting the computer execution instructions to the processor;
the processor is configured to execute the computer-executable instructions to cause the communication device to perform the method of any of claims 1-9 as a first network address translation, NAT, node.
21. A computer-readable storage medium, having stored thereon a computer program which, when executed by a computer, causes the computer to perform the method of any of claims 1-9 as a first network address translation, NAT, node.
CN202110991038.XA 2021-08-26 2021-08-26 Message forwarding method and communication device Pending CN113709242A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110991038.XA CN113709242A (en) 2021-08-26 2021-08-26 Message forwarding method and communication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110991038.XA CN113709242A (en) 2021-08-26 2021-08-26 Message forwarding method and communication device

Publications (1)

Publication Number Publication Date
CN113709242A true CN113709242A (en) 2021-11-26

Family

ID=78655511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110991038.XA Pending CN113709242A (en) 2021-08-26 2021-08-26 Message forwarding method and communication device

Country Status (1)

Country Link
CN (1) CN113709242A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141420A (en) * 2007-09-05 2008-03-12 杭州华三通信技术有限公司 Method and system for performing data communication between private network and public network
CN102148767A (en) * 2011-05-12 2011-08-10 杭州华三通信技术有限公司 Network address translation (NAT)-based data routing method and device
CN102204191A (en) * 2011-05-31 2011-09-28 华为技术有限公司 A message transmission method and a network-network routing device
CN103634365A (en) * 2012-08-29 2014-03-12 中兴通讯股份有限公司 Third party application platform in wireless access network and communication method thereof
WO2016206511A1 (en) * 2015-06-26 2016-12-29 中兴通讯股份有限公司 Method and device for implementing nat
CN107071079A (en) * 2017-03-07 2017-08-18 上海斐讯数据通信技术有限公司 A kind of private net terminal obtains the method and system of public network IP
CN107493238A (en) * 2016-06-13 2017-12-19 华为技术有限公司 A kind of method for controlling network congestion, equipment and system
CN109151084A (en) * 2017-06-15 2019-01-04 中兴通讯股份有限公司 File transmitting method and device, system, CGN equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141420A (en) * 2007-09-05 2008-03-12 杭州华三通信技术有限公司 Method and system for performing data communication between private network and public network
CN102148767A (en) * 2011-05-12 2011-08-10 杭州华三通信技术有限公司 Network address translation (NAT)-based data routing method and device
CN102204191A (en) * 2011-05-31 2011-09-28 华为技术有限公司 A message transmission method and a network-network routing device
CN103634365A (en) * 2012-08-29 2014-03-12 中兴通讯股份有限公司 Third party application platform in wireless access network and communication method thereof
WO2016206511A1 (en) * 2015-06-26 2016-12-29 中兴通讯股份有限公司 Method and device for implementing nat
CN107493238A (en) * 2016-06-13 2017-12-19 华为技术有限公司 A kind of method for controlling network congestion, equipment and system
CN107071079A (en) * 2017-03-07 2017-08-18 上海斐讯数据通信技术有限公司 A kind of private net terminal obtains the method and system of public network IP
CN109151084A (en) * 2017-06-15 2019-01-04 中兴通讯股份有限公司 File transmitting method and device, system, CGN equipment

Similar Documents

Publication Publication Date Title
US10437775B2 (en) Remote direct memory access in computing systems
CN109831547B (en) NAT (network Address translation) penetration method, device, equipment and storage medium
KR101139675B1 (en) Traversal of symmetric network address translator for multiple simultaneous connections
CA2968964C (en) Source ip address transparency systems and methods
US8656017B2 (en) Peer-to-peer collaboration system with edge routing
US8650326B2 (en) Smart client routing
US9590898B2 (en) Method and system to optimize packet exchange between the control and data plane in a software defined network
WO2020248963A1 (en) Method and apparatus for establishing end-to-end network connection, and network system
CN100521663C (en) Method for crossing network address conversion in point-to-point communication
EP1892929A1 (en) A method, an apparatus and a system for message transmission
CN108702394B (en) Media sessions between network endpoints
JP2013543611A (en) Multiple virtual machines that share a single IP address
US11800587B2 (en) Method for establishing subflow of multipath connection, apparatus, and system
WO2016184283A1 (en) Data stream management method and system for virtual machine
CN115022279B (en) Intranet penetration method and device
CN116112426A (en) Intelligent network card assembly, physical machine, cloud service system and message sending method
CN113542244B (en) Micro-service calling method, device, server and system
CN115225634B (en) Data forwarding method, device and computer program product under virtual network
CN114598532B (en) Connection establishment method, device, electronic equipment and storage medium
CN113709242A (en) Message forwarding method and communication device
CN112019641B (en) Data transmission method and device
CN114826898A (en) Cross-host communication method, device, equipment, system and readable storage medium
CN108696437B (en) Flow forwarding method and device
CN114513485A (en) Method, device, equipment and system for obtaining mapping rule and readable storage medium
CN107360104B (en) Method and device for realizing tunnel endpoint network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211126

RJ01 Rejection of invention patent application after publication