CN115134334A - Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment - Google Patents
Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment Download PDFInfo
- Publication number
- CN115134334A CN115134334A CN202210711568.9A CN202210711568A CN115134334A CN 115134334 A CN115134334 A CN 115134334A CN 202210711568 A CN202210711568 A CN 202210711568A CN 115134334 A CN115134334 A CN 115134334A
- Authority
- CN
- China
- Prior art keywords
- nat
- address
- address pool
- port
- destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 11
- 238000013519 translation Methods 0.000 title description 4
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for expanding and distributing ports of an NAT address pool of load balancing equipment, which comprises the following steps: the load balancing program reads an IP destination address of the IP data message and a destination port of TCP or UDP, and searches the HASH table by taking the destination address and the port group as parameters to obtain an NAT address pool resource table; if the NAT address pool resource table is not obtained in the step 1, adding a destination address and a port group of the IP message into the HASH table, and generating an NAT address pool resource table to the destination address and the port group according to configuration; and after obtaining the NAT address pool resource table, allocating the NAT address and returning one port. Compared with the prior art, the invention has the advantages that: the problem of insufficient NAT address pool resources under the condition of large concurrent data flow is solved.
Description
Technical Field
The invention relates to the technical field of networks, in particular to a method for expanding and allocating ports of an NAT address pool of load balancing equipment.
Background
Load balancing is applied in a highly available network infrastructure for loading the workload that a server needs to process to the servers distributed in the network, thereby improving the response time, throughput performance and service reliability of a website, application, database or other service.
The NAT is one of basic functions of load balancing application, and if the load balancing equipment is configured with the NAT function, the load balancing equipment modifies a source address and a source port of an IP TCP/UDP message from a client into an NAT address and a port and then forwards the message to a server which actually processes a service.
Although the original invention of the NAT deals with the shortage of IPv4 addresses, the NAT technology can isolate the local area network from the Internet, the safety of the local area network is increased, the NAT technology is ubiquitous for data communication equipment due to the use of years, and the NAT technology is continuously optimized and improved in the use process.
The existing NAT technology is widely applied, generally, the NAT is configured into a resource pool, that is, a group of addresses and 65535 ports corresponding to each address, if the NAT is configured, when a device forwards an IP TCP/UDP packet, the device obtains the addresses and the ports from the NAT resource pool and then replaces the source address and the source port of the packet. The NAT resource pool is allocated with addresses and ports, which cannot be allocated to other data streams, and generally, one NAT address can support 65534 and 1024 to 64510 ports at most, that is, can support address translation for 64510 data streams.
In the prior art, all data flows share a resource pool with a global NAT address, if more data flows are to be supported, more NAT addresses must be configured, and currently, a middle-low end load balancing device can support 1.2 billion concurrent data flows, at least 1860 NAT addresses are needed. If the NAT address requirement is an Internet address, then so many Internet addresses are a huge IP address overhead.
The technical problems reflected above are therefore problems to be solved urgently by those skilled in the art.
Disclosure of Invention
Aiming at the existing NAT technology, a large number of NAT addresses are required to be configured for the address translation of a large number of supported concurrent data streams. Based on the defect that a large number of concurrent data streams cannot be supported due to insufficient NAT addresses, the invention aims to support large concurrent data sessions to carry out NAT conversion under the condition of limited NAT addresses.
In order to realize the purpose, the following technical scheme is adopted: a method for expanding and allocating ports of a load balancing device NAT address pool comprises the following steps:
s1 the load balancing program reads the IP destination address of the IP data message and the destination port of TCP or UDP, looks up the HASH table with the destination address and port group as parameters, acquires the NAT address pool resource table;
s2, if the NAT address pool resource table is not obtained in step 1, adding the destination address and the port group of the IP message into the HASH table, and generating an NAT address pool resource table to the destination address and the port group according to the configuration;
and S3, after acquiring the NAT address pool resource table, allocating the NAT address and a port for returning.
Compared with the prior art, the invention has the advantages that: the invention determines how to distinguish two different data streams based on the source and destination IP address of the IP message and the four-tuple of the TCP/UDP source and destination port, as long as the four-tuple is not completely consistent. Therefore, if the destination address and the port group of the IP packet of the outgoing device are two data streams that are different, the same NAT address and port can be completely allocated to the two data streams, such that one NAT address pool resource can provide service for data streams that are different in a plurality of destination IP addresses and TCP/UDP port groups, and if the data streams of the same destination address and port group generate a new NAT address pool resource according to the configuration. Therefore, the problem that the NAT address pool resources are insufficient under the condition of large concurrent data flow is solved.
Drawings
Fig. 1 is a schematic flowchart of a method for expanding and allocating ports of a NAT address pool of a load balancing device according to the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "inner", "outer", "vertical", "circumferential", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are only for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention.
With reference to fig. 1, a method for expanding and allocating ports to an NAT address pool of a load balancing device includes the following steps:
s1 load balancing program reads IP destination address of IP data message and destination port of TCP or UDP, uses the destination address and port group as parameter to search HASH table to obtain NAT address pool resource table;
s2, if the NAT address pool resource table is not obtained in step 1, adding the destination address and the port group of the IP message into the HASH table, and generating an NAT address pool resource table to the destination address and the port group according to the configuration;
and S3, after acquiring the NAT address pool resource table, allocating the NAT address and a port for returning.
1. Description of NAT resource data
NAT pool configuration is separated from NAT resources, the NAT pool configuration is used for generating an NAT resource pool, and the generation of the NAT resource pool is dynamic. The data stream is distinguished based on the source and destination addresses of IP and the port quadruple of TCP/UDP source and destination, and two different data streams can be distinguished as long as the quadruple is not completely consistent. Therefore, if two data flows with different destination addresses and different destination port groups of the device message are output, the same NAT address and port can be completely allocated to the two data flows. Thus, the multiplexing of NAT resources is realized.
With reference to fig. 1, the NAT address pool configuration table is a static configuration. The destination address of the data stream and the destination address of the port HASH table aim to quickly find the corresponding NAT address pool resource table through the data stream. The NAT address pool resource table is dynamically generated.
2. NAT resource port generation
Generating a destination address and a port group by the data stream, after the destination address and the port group are HASH into the HASH table, selecting a resource table with rich relative port resources according to the use condition of NAT address pool resources, if not, generating an NAT address pool resource table, and pointing the destination address and the port group to the newly generated NAT address pool resource table.
The present invention and its embodiments have been described above, and the description is not intended to be limiting, and the drawings are only one embodiment of the present invention, and the actual structure is not limited thereto. In summary, those skilled in the art should be able to conceive of the present invention without creative design of the similar structural modes and embodiments without departing from the spirit of the present invention, and all such modifications should fall within the protection scope of the present invention.
Claims (1)
1. A method for expanding and allocating ports of a load balancing device NAT address pool comprises the following steps:
s1 load balancing program reads IP destination address of IP data message and destination port of TCP or UDP, uses the destination address and port group as parameter to search HASH table to obtain NAT address pool resource table;
s2, if step 1 does not obtain the NAT address pool resource table, adding the destination address and port group of the IP message into the HASH table,
then generating an NAT address pool resource table to the destination address and the port group according to the configuration;
and S3, after acquiring the NAT address pool resource table, allocating the NAT address and a port for returning.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210711568.9A CN115134334A (en) | 2022-06-22 | 2022-06-22 | Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210711568.9A CN115134334A (en) | 2022-06-22 | 2022-06-22 | Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115134334A true CN115134334A (en) | 2022-09-30 |
Family
ID=83380605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210711568.9A Pending CN115134334A (en) | 2022-06-22 | 2022-06-22 | Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115134334A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567907A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | A method for utilizing network address resource |
| CN101030919A (en) * | 2006-03-02 | 2007-09-05 | 中兴通讯股份有限公司 | Method for converting duplexing interface board address realtime network address |
| CN101150505A (en) * | 2007-07-31 | 2008-03-26 | 杭州华三通信技术有限公司 | Method and device for forwarding data stream via network address translation |
| US10826725B1 (en) * | 2015-09-29 | 2020-11-03 | Aviatrix Systems, Inc. | System for scaling network address translation (NAT) and firewall functions |
| CN112104761A (en) * | 2020-08-20 | 2020-12-18 | 广东网堤信息安全技术有限公司 | NAT address translation method |
| CN113783973A (en) * | 2021-08-31 | 2021-12-10 | 上海弘积信息科技有限公司 | Method for realizing lock-free of data flow under multi-core condition by NAT port allocation |
-
2022
- 2022-06-22 CN CN202210711568.9A patent/CN115134334A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567907A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | A method for utilizing network address resource |
| CN101030919A (en) * | 2006-03-02 | 2007-09-05 | 中兴通讯股份有限公司 | Method for converting duplexing interface board address realtime network address |
| CN101150505A (en) * | 2007-07-31 | 2008-03-26 | 杭州华三通信技术有限公司 | Method and device for forwarding data stream via network address translation |
| US10826725B1 (en) * | 2015-09-29 | 2020-11-03 | Aviatrix Systems, Inc. | System for scaling network address translation (NAT) and firewall functions |
| CN112104761A (en) * | 2020-08-20 | 2020-12-18 | 广东网堤信息安全技术有限公司 | NAT address translation method |
| CN113783973A (en) * | 2021-08-31 | 2021-12-10 | 上海弘积信息科技有限公司 | Method for realizing lock-free of data flow under multi-core condition by NAT port allocation |
Non-Patent Citations (1)
| Title |
|---|
| 祝芝梅,李之棠: "NAT与IPSec协议兼容性问题及解决方案", 计算机应用, no. 03 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10320738B2 (en) | Address allocation method, CGN device, and CGN dual-active system | |
| US10129088B2 (en) | Configuration of rules in a network visibility system | |
| CN111314499B (en) | Domain name proxy method, device, equipment and readable storage medium | |
| US8458303B2 (en) | Utilizing a gateway for the assignment of internet protocol addresses to client devices in a shared subset | |
| US9419940B2 (en) | IPv4 data center support for IPv4 and IPv6 visitors | |
| US20150312155A1 (en) | System and method for efectuating packet distribution among servers in a network | |
| US10855651B2 (en) | Method and device for efficiently using IPv4 public address | |
| CN110012118B (en) | Method and controller for providing Network Address Translation (NAT) service | |
| CN113542452B (en) | Real-time IPv4-IPv6 tracing method and system based on algorithm mapping | |
| CN105681249A (en) | Network access method and network conversion equipment | |
| US11595304B2 (en) | Communication device, communication control system, communication control method, and communication control program | |
| CN109951493B (en) | Network intercommunication method, device, equipment and storage medium | |
| CN104065688B (en) | A kind of method and device for calling underlying services | |
| US10021066B2 (en) | Clustered server sharing | |
| CN104079682A (en) | Address translation method and device based on domain name system (DNS) | |
| CN114024934A (en) | Apparatus and method for converting between internet protocols | |
| US9705794B2 (en) | Discovery of network address allocations and translations in wireless communication systems | |
| CN115134334A (en) | Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment | |
| CN115225606B (en) | Domain name access method and system of cross-network protocol of container cloud platform | |
| CN105939398B (en) | IPv6 transition method and device | |
| CN111787010A (en) | Message processing method, device, equipment and readable storage medium | |
| KR101124635B1 (en) | Connecting gateway with ipv4/ipv6 | |
| JP2014120828A (en) | Address conversion method and address conversion device | |
| CN116232992B (en) | Data forwarding method, device, equipment and storage medium | |
| CN114268604B (en) | Method and system for providing access service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220930 |
|
| RJ01 | Rejection of invention patent application after publication |