CN114095471A - Address translation method and device and address tracing method and device - Google Patents
Address translation method and device and address tracing method and device Download PDFInfo
- Publication number
- CN114095471A CN114095471A CN202010744257.3A CN202010744257A CN114095471A CN 114095471 A CN114095471 A CN 114095471A CN 202010744257 A CN202010744257 A CN 202010744257A CN 114095471 A CN114095471 A CN 114095471A
- Authority
- CN
- China
- Prior art keywords
- address
- network
- network protocol
- protocol
- ipv4
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 95
- 238000013519 translation Methods 0.000 title claims abstract description 64
- 238000013507 mapping Methods 0.000 claims abstract description 71
- 238000006243 chemical reaction Methods 0.000 claims abstract description 25
- 230000015572 biosynthetic process Effects 0.000 claims abstract description 3
- 230000008569 process Effects 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000006854 communication Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/251—Translation of Internet protocol [IP] addresses between different IP versions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2571—NAT traversal for identification, e.g. for authentication or billing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides an address translation method, an address translation apparatus, an address tracing method, an address tracing apparatus, an address translation tracing method, and an address translation tracing system in a network where different protocols coexist. A method for address translation in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the method comprising: a step of forming a fixed mapping relation, namely forming a fixed mapping relation among a first network protocol address, a first network protocol port number, a second network protocol address and a second network protocol port number; an address conversion step of converting the requested first network protocol address into the second network protocol address using the fixed mapping relationship formed in the fixed mapping relationship formation step.
Description
Technical Field
The present disclosure relates to an address translation method, an address translation apparatus, an address tracing method, an address tracing apparatus, an address translation tracing method, and an address translation tracing system in a network where different protocols coexist, and more particularly, to an address translation method, an address translation apparatus, an address tracing method, an address tracing apparatus, an address translation tracing method, and an address translation tracing system in a network where different protocols coexist in the field of network technology and security.
Background
At present, the internet industry is rapidly developed, and great changes are brought to the lives of people. The protocol IPv4, which is today the cornerstone of internet technology, is well known. IPv4 is the fourth version of the Internet Protocol (IP), which is the core of the Internet and is the most widely used version of the Internet Protocol. A significant problem with IPv4 is that IPv4 addresses are exhausted at a faster rate than expected at design time. And because the network address resource of the IPv4 is insufficient, the application and the development of the Internet are severely restricted. Therefore, IPv6(Internet Protocol Version 6: Internet Protocol Version 6) is proposed as a successor to IPv 4. The use of IPv6 not only solves the problem of the amount of network address resources, but also solves the obstacles for multiple access devices to access the internet.
With the full deployment and advancement of the IPv6, the IPv6 gradually becomes the mainstream bearer technology of the future internet, but part of devices in the network cannot be upgraded to support the IPv6 protocol, and since the IPv6 and the IPv4 are incompatible protocols, the interworking between the IPv6 terminal and the IPv4 service needs to be realized through a translation technology.
To enable the inter-visit of IPv6 and IPv4, the IETF (internet engineering task force) designs a solution NAT 64. The NAT64 is a stateful network address and protocol translation technology, and generally only supports access to network resources on the IPv4 side through a user initiated connection on the IPv6 network side. However, the NAT64 also supports that the IPv4 network actively initiates connection access to the IPv6 network by manually configuring the static mapping relationship.
The address space of IPv6 has 128 bits, and the address space of IPv4 has only 32 bits, so the shortage of IPv4 address resources is obvious. The basic principle of implementing the many-to-one mapping of IPv6 addresses and IPv4 addresses in this scenario is based on the five-tuple concept of internet communication, i.e., "protocol, source address, source port, destination address, destination port", whereby the progress of a communication can be uniquely determined. The addressing range of the port is 0-65536, therefore, if each IPv6 computer has only one communication process, theoretically, more than 6 million IPv6 hosts can be simultaneously supported by one IPv4 address for communication.
Disclosure of Invention
The problem of insufficient shared address resources of the IPv4 can be solved through the many-to-one mapping of the ports. However, dynamic mapping is mostly adopted in the existing scheme, and the same IPv4 address can be allocated to different IPv6 users at different times for use, which causes great difficulty for operators to perform identity authentication and source tracing. In the prior art, a user identity authentication and tracing method in an address conversion device is provided, which is as follows: all records of Address mapping are stored in the Address Translation device, and NAT (Network Address Translation) events are reported to the tracing system at regular time, and the tracing system confirms the identity of the user by searching the Address mapping records. However, the method needs to report regularly, so that frequent interaction among systems is caused, the amount of stored logs is large, and the searching efficiency is low. In addition, there is a method for converting a plurality of private IPv4 addresses into public IPv4 addresses to solve the problem of IPv4 having a shortage of public addresses, but is not applicable to an address conversion scenario in a network in which IPv6 and IPv4 coexist.
The present disclosure is made to solve the above-mentioned problems, and an object of the present disclosure is to provide an address translation method, an address translation apparatus, an address tracing method, an address tracing apparatus, an address translation tracing method, and an address translation tracing system in a heterogeneous network protocol coexisting network capable of performing tracing quickly.
According to an aspect of the present disclosure, there is provided an address translation method in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the method including: a step of forming a fixed mapping relation, namely forming a fixed mapping relation among a first network protocol address, a first network protocol port number, a second network protocol address and a second network protocol port number; an address conversion step of converting the requested first network protocol address into the second network protocol address using the fixed mapping relationship formed in the fixed mapping relationship formation step.
According to another aspect of the present disclosure, there is provided an address tracing method in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the method including: a tracing request receiving step of receiving a tracing request for confirming the first network protocol address corresponding to the second network protocol address aiming at the second network protocol address; an address demapping step of demapping, according to the tracing request received in the tracing request receiving step, an address of the first network protocol corresponding to the second network protocol address based on a fixed mapping relationship among the formed first network protocol address, the first network protocol port number, the second network protocol address, and the second network protocol port number.
According to another aspect of the present disclosure, there is provided an address translation tracing method in a network in which different network protocols coexist, the method including: a conversion step, when different network protocol addresses are to access each other, the address conversion method is executed; and a source tracing step, namely executing the address source tracing method aiming at the source tracing request.
According to another aspect of the present disclosure, there is provided an address translation apparatus in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the apparatus comprising: a fixed mapping relation forming unit for forming a fixed mapping relation between the first network protocol address, the first network protocol port number and the second network protocol address, the second network protocol port number; and the address conversion unit is used for converting the requested first network protocol address into the second network protocol address by using the fixed mapping relation formed by the fixed mapping relation forming unit.
According to another aspect of the present disclosure, there is provided an address tracing apparatus in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the apparatus comprising: a source tracing request receiving unit, configured to receive a source tracing request for confirming the first network protocol address corresponding to the second network protocol address with respect to the second network protocol address; and the address demapping unit is used for demapping the address of the first network protocol corresponding to the second network protocol address based on the formed fixed mapping relation among the first network protocol address, the first network protocol port number, the second network protocol address and the second network protocol port number according to the tracing request received by the tracing request receiving unit.
According to another aspect of the present disclosure, there is provided an address translation tracing system in a network in which different network protocols coexist, the system including: the address translation device executes address mapping processing aiming at different network protocol addresses; the address tracing device executes the demapping processing opposite to the address mapping processing on different network protocol addresses according to the tracing request.
According to the address tracing method in the different network protocol coexisting network, the address mapping relation interaction process between the network address conversion device and the authentication system is eliminated, the tracing efficiency is improved, and the operation and maintenance cost is reduced.
The method and the device can be applied to the IPv6 network evolution process, the network adopts the NAT64 technology to convert the IPv6 address and the IPv4 address, and the user address can be quickly traced when the service authentication is realized under the scene.
The following presents a simplified summary of the disclosure in order to provide a basic understanding of some aspects of the disclosure. However, it should be understood that this summary is not an exhaustive overview of the disclosure. It is not intended to identify key or critical elements of the disclosure or to delineate the scope of the disclosure. Its sole purpose is to present some concepts of the disclosure in a simplified form as a prelude to the more detailed description that is presented later.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description with reference to the accompanying drawings, in which:
fig. 1 is a schematic diagram of address tracing in a heterogeneous network protocol coexistence network according to the present disclosure.
Fig. 2 is a flowchart showing an address conversion flow performed by the address conversion apparatus when accessing an IPv4 network from an IPv6 network according to the present disclosure.
Fig. 3 is a flow chart illustrating the flow of address tracing of the present disclosure.
Fig. 4 is a schematic diagram of address mapping.
Fig. 5 is a flowchart showing a flow of an address mapping method used in address translation.
Fig. 6 is a flowchart illustrating a flow of an address demapping method used in address tracing.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The present disclosure provides an address translation method, an address translation apparatus, an address tracing method, an address tracing apparatus, an address translation tracing method, and an address translation tracing system in a network where different protocols coexist. Fig. 1 is a schematic diagram of address tracing in a heterogeneous network protocol coexistence network according to the present disclosure. For convenience of explanation, different network protocols are IPv4 and IPv6, respectively, but other network protocols may be used. Fig. 2 is a flowchart of an address translation process performed by the address translation apparatus when accessing an IPv4 network from an IPv6 network according to the present disclosure. As shown in fig. 1 and 2, in step S21, the IPv6 terminal accesses the IPv4 network using the IPv6 address. Next, in step S22, in the address translation apparatus, an address mapping method is executed to form a mapping relationship between (IPv6 address, port number) and (IPv4 address, port number), and to translate the IPv6 address into an IPv4 address. In step S23, the IPv6 terminal can access the server located in the IPv4 network.
Fig. 3 is a flow chart illustrating the flow of address tracing of the present disclosure. The following describes the process of address tracing with reference to fig. 1 and 3. First, it is assumed that the converted IPv4 access record is recorded in the service system. When address tracing is performed, in step S31, the business system initiates a tracing request to the tracing apparatus. Then, in step S32, the address demapping method corresponding to the address mapping method used in fig. 2 is executed in the tracing device, and the IPv6 address corresponding to the IPv4 source address is calculated, thereby confirming the terminal identity. Next, in step S33, the tracing result is returned to the business system. The address demapping method in step S32 is a method capable of reverse resolution according to the mapping relationship between (IPv6 address, port number) and (IPv4 address, port number) used by the previous address translation apparatus.
In a network with coexisting IPv4 and IPv6, after an address translation device and a tracing device configure parameters such as an IPv6 address pool, an IPv4 address pool, an address multiplexing rate and the like, a corresponding IPv4 common address and a port block are calculated for IPv6 and are translated. This will be described in detail below.
Wherein, when the IPv6 address is converted into the IPv4 address, the address mapping method is operated. The following describes a flow of such an address mapping method for realizing address translation. Here, the description is given by taking the contents shown in fig. 4 and 5 as an example, but it is needless to say that other mapping methods are possible as long as the mapping relationship between the addresses and the ports of the networks under different protocols can be made a fixed mapping relationship. Fig. 4 is a schematic diagram of address mapping, and fig. 5 is a flowchart showing a flow of an address mapping method used in address translation.
Summarizing the above flow, for any address a in the IPv6 address pool, it is mapped to address a in the IPv4 common address pool by the address mapping method, and the address a is assigned with an available port as P. This mapping process described above is denoted as a- > (A, P).
The IPv6 address pool may be composed of multiple non-contiguous address segments. In the address mapping method, first, in step S51, the IPv6 address segments are sorted from small to large according to the size of the address: (a1, b1), (a2, b2) … …. Wherein a and b represent the start address and the end address of each address field. It is needless to say that the order may be from large to small, and if the order is from large to small, the judgment criterion may be reversed when the comparison is performed next to the case of sorting from small to large.
Next, a common IPv4 address pool is configured. The IPv4 address pool is also composed of a plurality of non-contiguous address segments. In step S52, the IPv4 address segments are sorted from small to large by the size of the address (a1, B1), (a2, B2) … …. Here, A, B indicates the start address and the end address of each address field. Fig. 4 shows only two IPv4 address fields and two IPv6 address fields, but may be three or more address fields, respectively, and is not particularly limited.
Next, in step S53, the address conversion multiplexing rate R is set. R represents that an IPv4 address can be allocated to R IPv6 devices for use. The usable port addressing range of each computer is 0-65536, and m 65536/R represents the number of concurrent ports that can be used simultaneously by each IPv6 address. For example, when the address translation multiplexing rate R is 128, it is equivalent to indicate that one IPv4 address can be allocated to 128 IPv6 devices for use, and each IPv6 address can simultaneously use 512(65536/128) concurrent ports. Of course, the number of R is not limited to 128, and is preferably 256 or less.
Next, in step S54, the total number p of IPv6 addresses is calculated. The address number p1 in the address field 1 is b1-a1+ 1; the address number p2 in the address field 2 is b2-b2+ 1; the total number p of the IPv6 addresses is p1+ p2+ … … ph. h is the maximum number of address segments and is a natural number.
In step S55, the total number q of IPv4 common addresses is calculated. The address number q1 in the address segment 1 is B1-a1+ 1; the address number q2 in the address segment 2 is B2-a2+ 1; the total number q of the IPv4 shared addresses is q1+ q2+ … … qg. g is the maximum number of address segments and is a natural number.
The process then proceeds to step S56, where the order of IPv4 addresses corresponding to the xth IPv6 address is calculated.
For IPv6 address a, its order x in all address fields is first determined. To determine the order x of the address a, the IPv6 address field where a is located needs to be determined. Comparing the sizes of a and b1, if a < ═ b1, then a belongs to the 1 st address segment; otherwise, comparing the sizes of a and b2, if a < ═ b2, then a belongs to the 2 nd address segment; otherwise, the address is continuously compared with the maximum address of the subsequent address segment until the result is compared. Here, let a < ═ bi, then a belongs to the i-th address segment.
And determining the sequence j of a in the IPv6 address segment, wherein a is the jth address in the ith address segment, and j is a-ai + 1. The order x of the address a in the IPv6 address pool, which is x ═ p1+ … + pi + j, can be determined from the above two determination operations. The IPv4 address order corresponding to the x-th IPv6 address is y ═ x/R + 1.
Next, the process proceeds to step S57, where the port range usable by the xth IPv6 address is calculated. First, the address A corresponding to the address with the sequence y in the IPv4 address pool is determined. Judging the sizes of y and B1, if y < ═ q1, the address with sequence number y belongs to the 1 st IPv4 address segment; otherwise, comparing the sizes of y and q1+ q2, and if < ═ q1+ q2, the addresses with the sequence of y belong to the 2 nd address segment; otherwise continue comparing … …; if y > q1+ … + q (i-1) and y < q1+ … + qi, then the IPv4 addresses in the order of y belong to the ith address segment. Then, the kth address a in the corresponding ith IPv4 address segment may be determined, where k is y- [ q1+ … + q (i-1) ].
The available port range P ═ n × R + (x% R) for address a, where,% represents modulo arithmetic, and the range of n is (0, m). Here, m is 65536/R, R is address translation multiplexing rate, and m represents the number of concurrent ports that can be simultaneously used per IPv6 address.
This completes the mapping a- > (a, P) of the IPv6 address to the IPv4 address and port number. That is, in step S58, a mapping relationship between (IPv6 address, port number) and (IPv4 address, port number) is formed.
When performing address tracing, an address demapping method corresponding to the address mapping method used in address translation is used. The address demapping method is to use the fixed mapping relationship between the address and the port formed in the address conversion before to resolve the terminal identity in the reverse direction. Fig. 6 is a flowchart illustrating a flow of an address demapping method used in address tracing. An address demapping method used in address tracing is described below with reference to fig. 6.
In fig. 6, steps S51 '-S55' are the same as steps S51-S55 in fig. 5, so detailed description is omitted here. In step S56', the sequence number y of the IPv4 address is confirmed for (IPv4 address, port number).
In order to determine the sequence y of the address in the IPv4 address pool, the IPv4 address field where a is located needs to be determined. Comparing the sizes of A and B1, if A < ═ B1, then A belongs to the 1 st address field; otherwise, comparing the sizes of A and B2, if A < ═ B2, then A belongs to the 2 nd address segment; otherwise, continue comparing … … with the maximum address of the subsequent address segment; if A < ═ Bi, then A belongs to the ith address segment.
Then, the sequence j of A in the IPv4 common address segment is determined, wherein A is the jth address in the ith address segment, and j is A-Ai + 1.
The sequence y of the address A in the IPv4 address pool can be determined according to the two determination operations, wherein the sequence y is q1+ … + qi + j.
Then, the process proceeds to step S57', where the address sequence x of IPv6 is calculated based on the address sequence number and port number of IPv 4. Specifically, the sequence of the IPv6 address corresponding to the y-th IPv4 address is obtained as x ═ y × R + P% R according to the sequence number y and the port number in the IPv4 address pool.
At step S58', the terminal identity is confirmed according to the calculated IPv6 address order y.
Since the address mapping algorithm for address translation shown in fig. 5 is used to map and translate addresses in the network with different protocols, the address tracing can be performed quickly by the corresponding address demapping method for address tracing shown in fig. 6. That is, for a network scenario where different protocols with such problems coexist, the mapping method and the demapping method of the present disclosure can be applied, so that rapid address tracing can be achieved.
Particularly, the method and the device are applicable to network scenes in which IPv6 and IPv4 coexist, the problem of tracing the source in the network after the conversion between the IPv6 address and the IPv4 address is solved, a plurality of IPv6 addresses can be mapped to the same IPv4 address, the multiplexing of IPv4 public network addresses is realized, and precious IPv4 public network address resources are saved. In addition, the mapping relation between the IPv6 address and the IPv4 address is maintained directly through a mapping calculation method rather than an event report table item maintenance mode, logs of the mapping data maintained by equipment are greatly reduced, the problems of user identity authentication and traceability when the IPv6 addresses share the same IPv4 address are effectively solved, and the pressure of network operation and maintenance is reduced. So that the authentication system can quickly trace the source of the address even after the operator introduces the NAT64 address translation device, for example.
Other embodiments
The mapping method and the demapping method described in the above-described embodiments are merely examples. In addition to the above-described examples, the conversion device may be configured to generate a fixed mapping relationship between different network protocol addresses, for example, an IPv6 address and an IPv4 address, and a port number according to an algorithm. The tracing device generates a mapping relation according to the inverse process algorithm corresponding to the algorithm, and the fast address tracing can be realized. Therefore, the interaction process between the conversion equipment and the tracing device can be eliminated, and the synchronization and the consistency of the mapping relation table between the address conversion device and the tracing device are ensured.
The method and the device provide the idea of fixed mapping of the authentication system and provide a quick algorithm, reduce the burden of storage charge of the authentication system, eliminate the interaction process between the conversion equipment and the authentication system and have good operability.
It should be appreciated that reference throughout this specification to "an embodiment" or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, appearances of the phrases "in embodiments of the present disclosure" and similar language throughout this specification do not necessarily all refer to the same embodiment.
One skilled in the art will appreciate that the present disclosure can be implemented as a system, apparatus, method, or computer-readable medium (e.g., non-transitory storage medium) as a computer program product. Accordingly, the present disclosure may be embodied in various forms, such as an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-program code, etc.) or an embodiment combining software and hardware aspects that may all be referred to hereinafter as a "circuit," module "or" system. Furthermore, the present disclosure may also be embodied in any tangible media as a computer program product having computer usable program code stored thereon.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of systems, apparatuses, methods and computer program products according to specific embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and any combination of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be executed by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the functions or acts specified in the flowchart and/or block diagram block or blocks.
Flowcharts and block diagrams of the architecture, functionality, and operation in which systems, apparatuses, methods and computer program products according to various embodiments of the present disclosure may be implemented are shown in the accompanying drawings. Accordingly, each block in the flowchart or block diagrams may represent a module, segment, or portion of program code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in the drawings may be executed substantially concurrently, or in some cases, in the reverse order from the drawing depending on the functions involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the market technology, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (20)
1. A method for address translation in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the method comprising:
a step of forming a fixed mapping relation, namely forming a fixed mapping relation among a first network protocol address, a first network protocol port number, a second network protocol address and a second network protocol port number;
an address conversion step of converting the requested first network protocol address into the second network protocol address using the fixed mapping relationship formed in the fixed mapping relationship formation step.
2. The method of address translation in a network where different network protocols coexist according to claim 1, wherein:
the fixed mapping relation forming step further includes:
a sequence calculating step of calculating a correspondence between a sequence of first network protocol addresses and a sequence of second protocol addresses according to a total number of the first network protocol addresses, a total number of the second network protocol addresses, and an address conversion multiplexing rate, the address conversion multiplexing rate indicating the number of first protocol devices that can be allocated for one second protocol address;
a port calculation step of calculating a port range which can be used by each first protocol address;
and a forming step of forming a fixed mapping relationship among the first network protocol address, the first network protocol port, the second network protocol address and the second network protocol port by using the correspondence calculated in the sequence calculating step and the port range calculated in the port calculating step.
3. The method for address translation in a network where different network protocols coexist according to claim 1 or 2, wherein:
the first network protocol is an IPv6 protocol and the second network protocol is an IPv4 protocol.
4. The method of claim 3, wherein the address translation method in the network in which different network protocols coexist is characterized in that:
in the sequence calculating step, the IPv6 address segments and the IPv4 address segments are sorted in sequence, the total number of IPv6 addresses and the total number of IPv4 addresses are calculated respectively, and the correspondence between the IPv6 address sequence and the IPv4 address sequence, that is, the IPv4 address sequence is determined as (IPv6 address sequence/address translation multiplexing rate) + 1.
5. The method of claim 3, wherein the address translation method in the network in which different network protocols coexist is characterized in that:
in the port calculation step, the port range corresponding to the IPv6 address is calculated as a port range P ═ n × R + (x% R), where,% represents modulo operation, and the range of n values is (0, m), where m represents the number of concurrent ports that can be simultaneously used by each IPv6 address, and R is address translation multiplexing rate.
6. A method for tracing an address in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the method comprising:
a tracing request receiving step of receiving a tracing request for confirming the first network protocol address corresponding to the second network protocol address aiming at the second network protocol address;
an address demapping step of demapping, according to the tracing request received in the tracing request receiving step, an address of the first network protocol corresponding to the second network protocol address based on a fixed mapping relationship among the formed first network protocol address, the first network protocol port number, the second network protocol address, and the second network protocol port number.
7. The method according to claim 6, wherein the method comprises:
the address demapping step further includes:
calculating the sequence of the second network protocol address in a second network protocol address pool according to the fixed mapping relation;
and calculating the sequence of the corresponding first network protocol address according to the sequence and the port number in the second network protocol address pool.
8. The method for tracing an address in a network in which different network protocols coexist according to claim 6 or 7, wherein:
the first network protocol is an IPv6 protocol and the second network protocol is an IPv4 protocol.
9. The method according to claim 8, wherein the method comprises:
in the address demapping step, an order of the IPv4 addresses is calculated according to an address field in which the IPv4 is located and a position in the address field, and an address order x of the IPv6, that is, x ═ y × R + P% R, is calculated according to the order of the IPv4 addresses and the port number, where y is the order in which the IPv4 addresses are located,% represents a modulo operation, P represents a port number, and R represents an address translation multiplexing rate, which represents the number of IPv6 devices that can be allocated to one IPv 4.
10. A method for tracing address translation in a network with coexisting different network protocols is characterized in that,
comprising:
a conversion step of executing the address conversion method of any one of claims 1 to 5 when different network protocol addresses are to access each other;
a tracing step, for the tracing request, executing the address tracing method according to any one of claims 6 to 9.
11. An address translation apparatus in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the apparatus comprising:
a fixed mapping relation forming unit for forming a fixed mapping relation between the first network protocol address, the first network protocol port number and the second network protocol address, the second network protocol port number;
and the address conversion unit is used for converting the requested first network protocol address into the second network protocol address by using the fixed mapping relation formed by the fixed mapping relation forming unit.
12. The apparatus for address translation in a network where different network protocols coexist according to claim 11, wherein:
the fixed mapping relationship forming unit further includes:
the sequence calculation unit is used for calculating the corresponding relation between the sequence of the first network protocol addresses and the sequence of the second protocol addresses according to the total number of the first network protocol addresses, the total number of the second network protocol addresses and the address conversion multiplexing rate, wherein the address conversion multiplexing rate represents the number of first protocol equipment which can be distributed aiming at one second protocol address;
a port calculation unit which calculates a port range which can be used by each of the first protocol addresses;
and the forming unit is used for forming a fixed mapping relation among the first network protocol address, the first network protocol port number, the second network protocol address and the second network protocol port number by using the corresponding relation calculated by the sequence calculating unit and the port range calculated by the port calculating unit.
13. The address translation apparatus in a network in which different network protocols coexist according to claim 11 or 12, wherein:
the first network protocol is an IPv6 protocol and the second network protocol is an IPv4 protocol.
14. The apparatus for address translation in a network where different network protocols coexist according to claim 13, wherein:
the sequence calculating unit sequences the IPv6 address segment and the IPv4 address segment in sequence, respectively calculates the total number of IPv6 addresses and the total number of IPv4 addresses, and determines the corresponding relation between the IPv6 address sequence and the IPv4 address sequence, namely the IPv4 address sequence as (IPv6 address sequence/address translation multiplexing rate) + 1.
15. The apparatus for address translation in a network where different network protocols coexist according to claim 13, wherein:
the port calculation unit calculates a port range corresponding to the IPv6 address as a port range P ═ n × R + (x% R), where [% represents modulo arithmetic, and a numeric range of n is (0, m), where m represents the number of concurrent ports that can be simultaneously used by each IPv6 address, and R is an address translation multiplexing rate.
16. An address tracing apparatus in a network in which different network protocols coexist, the network protocols including at least a first network protocol and a second network protocol, the apparatus comprising:
a source tracing request receiving unit, configured to receive a source tracing request for confirming the first network protocol address corresponding to the second network protocol address with respect to the second network protocol address;
and the address demapping unit is used for demapping the address of the first network protocol corresponding to the second network protocol address based on the formed fixed mapping relation among the first network protocol address, the first network protocol port number, the second network protocol address and the second network protocol port number according to the tracing request received by the tracing request receiving unit.
17. The device for address tracing in a network where different network protocols coexist according to claim 16, wherein:
the address demapping unit further includes:
calculating the sequence unit of the second network protocol address in a second network protocol address pool according to the fixed mapping relation;
and calculating the sequence of the corresponding first network protocol address according to the sequence and the port number in the second network protocol address pool.
18. The address tracing apparatus in a network where different network protocols coexist according to claim 16 or 17, wherein:
the first network protocol is an IPv6 protocol and the second network protocol is an IPv4 protocol.
19. The device for address tracing in a network where different network protocols coexist according to claim 18, wherein:
the address demapping unit calculates the order of the IPv4 addresses according to the address field where the IPv4 is located and the location of the IPv4 addresses in the address field, and calculates the address order x of the IPv6, that is, x ═ y × R + P% R, according to the order of the IPv4 addresses and the port number, where y is the order of the IPv4 addresses,% represents modulo arithmetic, P represents the port number, and R represents the address translation multiplexing rate, which represents the number of IPv6 devices that can be allocated to one IPv 4.
20. An address translation tracing system in a network in which different network protocols coexist, comprising:
the address translation apparatus of any one of claims 11-15, performing address mapping processing for different network protocol addresses;
the address tracing apparatus according to any one of claims 16 to 19, wherein a demapping process which is the reverse of said address mapping process is performed for a different network protocol address with respect to a tracing request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010744257.3A CN114095471B (en) | 2020-07-29 | 2020-07-29 | Address conversion method and device and address tracing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010744257.3A CN114095471B (en) | 2020-07-29 | 2020-07-29 | Address conversion method and device and address tracing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114095471A true CN114095471A (en) | 2022-02-25 |
| CN114095471B CN114095471B (en) | 2024-09-27 |
Family
ID=80294931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010744257.3A Active CN114095471B (en) | 2020-07-29 | 2020-07-29 | Address conversion method and device and address tracing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114095471B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710466A (en) * | 2022-04-15 | 2022-07-05 | 北京天融信网络安全技术有限公司 | IPV6 address translation method, device, equipment and medium based on address pool offset |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040076180A1 (en) * | 2002-10-22 | 2004-04-22 | Cisco Technology, Inc. | Shared port address translation on a router behaving as NAT & NAT-PT gateway |
| WO2010037893A1 (en) * | 2008-09-30 | 2010-04-08 | Nokia Corporation | Communication of mapping information |
| CN102932490A (en) * | 2011-08-12 | 2013-02-13 | 中国电信股份有限公司 | Internet protocol (IP) address translation method and device, network address translation equipment and authentication system |
| CN104427013A (en) * | 2013-09-10 | 2015-03-18 | 中国电信股份有限公司 | Carrier-grade address translation device and customer address mapping relation processing method thereof |
| US20160149748A1 (en) * | 2014-11-24 | 2016-05-26 | Fortinet, Inc. | Network address translation |
| CN110677512A (en) * | 2019-09-30 | 2020-01-10 | 新华三信息安全技术有限公司 | Address resolution method and device |
-
2020
- 2020-07-29 CN CN202010744257.3A patent/CN114095471B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040076180A1 (en) * | 2002-10-22 | 2004-04-22 | Cisco Technology, Inc. | Shared port address translation on a router behaving as NAT & NAT-PT gateway |
| WO2010037893A1 (en) * | 2008-09-30 | 2010-04-08 | Nokia Corporation | Communication of mapping information |
| CN102932490A (en) * | 2011-08-12 | 2013-02-13 | 中国电信股份有限公司 | Internet protocol (IP) address translation method and device, network address translation equipment and authentication system |
| CN104427013A (en) * | 2013-09-10 | 2015-03-18 | 中国电信股份有限公司 | Carrier-grade address translation device and customer address mapping relation processing method thereof |
| US20160149748A1 (en) * | 2014-11-24 | 2016-05-26 | Fortinet, Inc. | Network address translation |
| CN110677512A (en) * | 2019-09-30 | 2020-01-10 | 新华三信息安全技术有限公司 | Address resolution method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710466A (en) * | 2022-04-15 | 2022-07-05 | 北京天融信网络安全技术有限公司 | IPV6 address translation method, device, equipment and medium based on address pool offset |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114095471B (en) | 2024-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11570244B2 (en) | Mirroring network traffic of virtual networks at a service provider network | |
| RU2427894C2 (en) | Detection of network nodes and routed addresses | |
| CN111314499B (en) | Domain name proxy method, device, equipment and readable storage medium | |
| CN109728962B (en) | Method and equipment for sending message | |
| CN111193773B (en) | Load balancing method, device, equipment and storage medium | |
| WO2016134624A1 (en) | Routing method, device and system, and gateway dispatching method and device | |
| US10574570B2 (en) | Communication processing method and apparatus | |
| CN110769080B (en) | Domain name resolution method, related product and computer readable storage medium | |
| CN114157633B (en) | Message forwarding method and device | |
| US10855651B2 (en) | Method and device for efficiently using IPv4 public address | |
| CN112291365A (en) | Access balance processing method and device, computer equipment and storage medium | |
| CN115225634A (en) | Data forwarding method and device under virtual network and computer program product | |
| CN109951493B (en) | Network intercommunication method, device, equipment and storage medium | |
| CN114095471A (en) | Address translation method and device and address tracing method and device | |
| CN109413224B (en) | Message forwarding method and device | |
| CN104079682A (en) | Address translation method and device based on domain name system (DNS) | |
| CN104065688B (en) | A kind of method and device for calling underlying services | |
| CN115314419B (en) | Cloud network-oriented self-adaptive connectivity analysis method, system, equipment and storage medium | |
| CN115225606A (en) | Domain name access method and system of cross-network protocol of container cloud platform | |
| CN105939398B (en) | IPv6 transition method and device | |
| CN111787010A (en) | Message processing method, device, equipment and readable storage medium | |
| CN114268604B (en) | Method and system for providing access service | |
| KR100613965B1 (en) | Method for dynamic assignment of public IP address and private IP address on intra-domain network | |
| CN114422301B (en) | Gateway for traversing NAT based on P2P-VPN technology | |
| CN116800718A (en) | Domain name query method and device, nonvolatile storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |