CN116366545A

CN116366545A - Traffic forwarding method and device, electronic equipment and storage medium

Info

Publication number: CN116366545A
Application number: CN202111630577.7A
Authority: CN
Inventors: 林思贤; 潘奎鑫; 唐声宇; 雷剑
Original assignee: China Telecom International Co ltd
Current assignee: China Telecom International Co ltd
Priority date: 2021-12-28
Filing date: 2021-12-28
Publication date: 2023-06-30

Abstract

The disclosure provides a traffic forwarding method, a traffic forwarding device, electronic equipment and a storage medium, and relates to the technical field of communication. The method comprises the following steps: detecting whether the service flow carries a specified IP address, wherein the specified IP address is the IP address of a specified application server; and when the service flow carries the appointed IP address, forwarding the service flow to an appointed application server through an appointed Internet outlet. The method and the device can combine the domain name of the APP with the corresponding IP to forward the service flow, are simple in implementation mode, and break the limitation that the service flow can be forwarded only through the IP routing mode in the past.

Description

Traffic forwarding method and device, electronic equipment and storage medium

Technical Field

The disclosure relates to the technical field of communication, and in particular relates to a traffic forwarding method, a traffic forwarding device, electronic equipment and a storage medium.

Background

The current global Internet resource distribution is wide, the service advantages carried by each operator are different, and each large enterprise has a plurality of Internet outlets. How to select the optimal path of the internet service and distinguish the good service from the bad service becomes the problem that each large enterprise must preferably consider.

The traditional mode is mainly used for traffic guiding through a route scheduling mode, and because the route scheduling traffic mode has complex network configuration and difficult route control, and the corresponding service traffic of the route cannot be well distinguished, the optimal network path cannot be guided according to the difference of the user access application program, and the optimal service experience is difficult to obtain.

It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.

Disclosure of Invention

The disclosure provides a traffic forwarding method, a traffic forwarding device, an electronic device and a storage medium, which at least overcome the technical problem that a network path of a service traffic cannot be effectively led to an optimal path in the related art to a certain extent.

Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.

According to one aspect of the present disclosure, there is provided a traffic forwarding method, including:

detecting whether the service flow carries a specified IP address, wherein the specified IP address is the IP address of a specified application server;

and when the service flow carries the appointed IP address, forwarding the service flow to an appointed application server through an appointed Internet outlet.

In one embodiment of the present disclosure, detecting whether traffic carries a specified domain name or a specified IP address includes:

detecting whether the IP address carried by the service flow exists in a preset IP address library, and if so, determining that the IP address carried by the service flow is a designated IP address.

In one embodiment of the present disclosure, before detecting whether the IP address carried by the traffic flow exists in a preset IP address library, the method further includes:

establishing a domain name library, wherein the domain name library comprises a designated domain name of a designated application server;

resolving the specified domain name into a specified IP address through a specified domain name resolution server;

and adding the appointed IP into the IP address library.

In one embodiment of the present disclosure, the resolving, by a specified domain name resolution server, the specified domain name into a specified IP address includes:

intercepting a domain name resolution request of the specified domain name through a domain name proxy server, and forwarding the domain name resolution request of the specified domain name to the specified domain name resolution server;

and resolving the specified domain name through the specified domain name resolution server to obtain a specified IP address.

In one embodiment of the disclosure, the traffic flow is a flow from a user side, and the method further includes:

judging whether the source IP address carried by the service flow hits the NAT flow table or not;

if hit, NAT is carried out on the source IP address;

if the service flow does not hit, judging whether the appointed IP address carried in the service flow needs to carry out the IP address of the NAT, and carrying out the NAT on the source IP address of the service flow under the condition that the appointed IP address needs to carry out the NAT, so that the service flow is forwarded to downstream equipment through a server after the NAT; and under the condition that the designated IP address does not need NAT, the service flow is directly sent to downstream equipment.

In one embodiment of the disclosure, the traffic is traffic from a network side, and the method further includes:

judging whether a destination IP address carried by the service flow hits a NAT flow table or not;

if hit, reverse NAT is carried out on the destination IP address, so that the service flow is forwarded to the upstream equipment through the server after NAT;

if not, the traffic is sent directly to the upstream device.

According to another aspect of the present disclosure, there is provided a traffic forwarding device including:

the traffic detection module is used for detecting whether the traffic carries a specified IP address, wherein the specified IP address is the IP address of a specified application server;

and the traffic forwarding module is used for forwarding the traffic to a specified application server through a specified Internet outlet when the traffic carries the specified IP address. According to another aspect of the present disclosure, there is provided an electronic device including:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the above-described traffic forwarding method via execution of the executable instructions.

According to another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described traffic forwarding method.

The traffic forwarding method, the traffic forwarding device, the electronic equipment and the storage medium provided by the embodiment of the disclosure guide the traffic to the optimal network path by detecting whether the traffic carries the designated IP address, wherein the designated IP address is the IP address of the designated application server. Specifically, when the service traffic carries the designated IP address, the service traffic is forwarded to the designated application server through the designated internet outlet. The method and the device for forwarding the service traffic by combining the domain name of the APP with the corresponding IP have simple implementation mode, and break the limitation that the service traffic forwarding can only be performed in an IP routing mode in the past.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.

Fig. 1 is a schematic diagram of a system architecture of a traffic forwarding method according to an embodiment of the disclosure;

FIG. 2 illustrates a flow chart of a method of traffic forwarding in an embodiment of the present disclosure;

FIG. 3 illustrates a flow forwarding process diagram in an embodiment of the present disclosure;

FIG. 4 illustrates a schematic flow diagram of a DNS transparent proxy in an embodiment of the present disclosure;

FIG. 5 is a schematic diagram of an IP address library processing rule in an embodiment of the disclosure;

FIG. 6 illustrates a schematic diagram of a flow pulling method in an embodiment of the present disclosure;

fig. 7 shows a schematic diagram of a traffic forwarding device in an embodiment of the present disclosure;

fig. 8 illustrates a schematic diagram of a traffic forwarding system in an embodiment of the present disclosure; and

fig. 9 shows a block diagram of an electronic device in an embodiment of the disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

According to the scheme provided by the disclosure, whether the service flow carries the appointed IP address can be detected, wherein the appointed IP address is the IP address of the appointed application server; and when the service flow carries the appointed IP address, forwarding the service flow to the appointed application server through the appointed Internet outlet.

For ease of understanding, the following first explains the several terms involved in this disclosure as follows:

domain name resolution (DNS, domain Name Server) is a service that directs domain names to the web site space IP, allowing people to conveniently access the web site through registered domain names. The IP address is a numerical address on the network that identifies the site, and for ease of memorization, a domain name is used instead of the IP address to identify the site address. Domain name resolution is the process of converting a domain name to an IP address. One domain name corresponds to one IP address, and one IP address may correspond to a plurality of domain names; multiple domain names can be resolved to one IP address at the same time. The resolution of the domain name is done by a DNS server.

Network address translation (NAT, network Address Translation) is an Internet engineering task force (IETF, internet Engineering Task Force) standard that allows an entire organization to appear on the Internet with a public IP address. As its name suggests, it is a technique that translates an internal private network address (IP address) into a legitimate network IP address. NAT allows internal networks that use private addresses to connect to the Internet or other IP networks. When the NAT router transmits a packet of the internal network to the public network, the NAT router converts the private address into a legitimate IP address in the header of the IP packet.

Fig. 1 shows a schematic diagram of an exemplary system architecture of a traffic forwarding method or traffic forwarding device that may be applied to embodiments of the present disclosure.

As shown in fig. 1, a system architecture 100 may include

terminal devices

101, 102, 103, a network 104, and a server 105.

The network 104 is a medium for providing a communication link between the

terminal devices

101, 102, 103 and the server 105, and may be a wired network or a wireless network. Wherein a network core device (not shown in fig. 1) for hosting the network 104 is used to perform the traffic forwarding method of the present disclosure.

Alternatively, the wireless network or wired network described above uses standard communication techniques and/or protocols. The network is typically the Internet, but may be any network including, but not limited to, a local area network (Local Area Network, LAN), metropolitan area network (Metropolitan Area Network, MAN), wide area network (Wide Area Network, WAN), mobile, wired or wireless network, private network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including HyperText Mark-up Language (HTML), extensible markup Language (Extensible MarkupLanguage, XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as secure sockets layer (Secure Socket Layer, SSL), transport layer security (Transport Layer Security, TLS), virtual private network (Virtual Private Network, VPN), internet protocol security (Internet ProtocolSecurity, IPsec), etc. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of or in addition to the data communication techniques described above.

The

terminal devices

101, 102, 103 may be a variety of electronic devices including, but not limited to, smartphones, tablet computers, laptop portable computers, desktop computers, wearable devices, augmented reality devices, virtual reality devices, and the like.

Alternatively, the clients of the applications installed in the different

terminal devices

101, 102, 103 are the same or clients of the same type of application based on different operating systems. The specific form of the application client may also be different based on the different terminal platforms, for example, the application client may be a mobile phone client, a PC client, etc.

The server 105 may be a server providing various services, such as a background management server providing support for devices operated by users with the

terminal devices

101, 102, 103. The background management server can analyze and process the received data such as the request and the like, and feed back the processing result to the terminal equipment.

Optionally, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content delivery networks), basic cloud computing services such as big data and artificial intelligence platforms, and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, etc. The terminal and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein.

Those skilled in the art will appreciate that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative, and that any number of terminal devices, networks, and servers may be provided as desired. The embodiments of the present disclosure are not limited in this regard.

The present exemplary embodiment will be described in detail below with reference to the accompanying drawings and examples.

First, in the embodiments of the present disclosure, a traffic forwarding method is provided, and the method may be executed by any electronic device having computing processing capability.

Fig. 2 shows a flow chart of a flow forwarding method in an embodiment of the present disclosure, and as shown in fig. 2, the flow forwarding method provided in the embodiment of the present disclosure includes the following steps:

step S202, detecting whether the service flow carries a specified IP address, wherein the specified IP address is the IP address of a specified application server.

It should be noted that, as shown in fig. 3, the specified IP address in the embodiment of the present disclosure is an IP address existing in a preset IP address library. The above IP address library is formed by resolving a domain name of an application server to be optimized by a specified domain name resolving server, and a specific method for obtaining a domain name to be accessed by an application is common knowledge in the art, which is not limited by the embodiment of the present disclosure.

Optionally, the IP addresses obtained after the domain name in the domain name library is resolved are automatically added into the IP address library.

Specifically, the method for establishing the IP address library comprises the following steps: establishing a domain name library, wherein the domain name library comprises a designated domain name of a designated application server; resolving the specified domain name into a specified IP address through a specified domain name resolution server; the specified IP is added to the IP address library.

Optionally, resolving the specified domain name into the specified IP address by the specified domain name resolution server includes: intercepting a domain name resolution request of a specified domain name through a domain name proxy server, and forwarding the domain name resolution request of the specified domain name to the specified domain name resolution server; and resolving the specified domain name through the specified domain name resolution server to obtain a specified IP address.

Optionally, the IP address library in the embodiment of the present disclosure may include:

(1) If the specified IP address hits the part, the NAT needs to be carried out on the source IP address carried in the service flow, the part of the service flow is forwarded to the specified Internet outlet, and the application program server is accessed through the specified Internet outlet.

(2) If the specified IP address hits the part, the application server is directly accessed through the local default outlet of the user equipment.

Alternatively, the designated domain name resolution server in embodiments of the present disclosure is accessed by building a DNS transparent proxy.

Specifically, fig. 4 shows a construction manner of a DNS transparent proxy in the present disclosure, and when the transparent proxy receives a DNS request message, the processing manner is as follows:

(1) When the domain name carried in the DNS request message is the configured appointed domain name, modifying the destination address of the DNS request message into an appointed DNS server IP address, adding the related configuration information modified by the destination address into a DNS flow table, and forwarding to the appointed DNS server;

(2) When the domain name carried in the DNS request message is a non-configured designated domain name, the domain name is directly forwarded to a default outlet without any processing.

When the transparent proxy receives the DNS response message, the processing mode is as follows:

(1) When the domain name carried in the DNS response message is the configured appointed domain name, replacing a source IP address in the DNS response, and forwarding to upstream equipment;

(2) When the domain name carried in the DNS response message is a non-configured designated domain name, the domain name is directly forwarded to upstream equipment without any processing.

And step S204, when the service flow carries the appointed IP address, forwarding the service flow to an appointed application server through an appointed Internet outlet.

In one embodiment of the present disclosure, as shown in fig. 5, when the intelligent distribution device receives the service traffic from the user side (non-DNS traffic, the IP address of the accessed service traffic belongs to the IP address library), the process flow is as follows:

(1) If the service flow hits the flow table (the established flow table), the NAT is performed according to the information in the flow table, and the flow table is forwarded to the downstream equipment;

(2) If the traffic misses the flow table, the processing is as follows:

if the destination IP address in the message belongs to an address needing NAT conversion in an IP address library, performing NAT conversion on the source IP address and the source port by using the IP address of the configured address pool; forwarding the traffic to a downstream device;

if the destination IP address in the message belongs to the IP address library, but does not need to be an address for NAT conversion; directly flowing the traffic flow and forwarding the traffic flow to downstream equipment;

in one embodiment of the present disclosure, when the intelligent distribution device receives the service traffic from the network side (the non-DNS traffic, the IP address of the accessed service traffic belongs to the IP address library), the process flow is as follows:

(1) If the traffic does not hit the NAT flow table. Directly forwarding to upstream equipment without any processing;

(1) If the traffic hits the NAT flow table. The destination IP address and the port of the message are subjected to reverse NAT according to the information in the flow table, and then forwarded to upstream equipment;

in one embodiment of the present disclosure, as shown in fig. 6, the above-mentioned traffic forwarding method can also implement dynamic traffic traction on traffic.

Specifically, the default DNS IP address and the IP address of the service of the designated application are announced to the network core device by means of border gateway protocol (BGP, border Gateway Protocol), the network core device then sends the DNS traffic and the service traffic to the intelligent distribution device, and the intelligent distribution device forwards the service traffic to the designated internet outlet according to the traffic forwarding method, so as to achieve the purpose of forwarding the designated application to the optimal outlet.

Those skilled in the art will appreciate that BGP is used to pull the user traffic so that the user traffic passes through the intelligent distribution device, thereby forwarding the user traffic by using the traffic forwarding method provided by the present disclosure.

For ease of understanding, the above-described traffic forwarding method is exemplified by the following steps (1) to (3).

(1) And identifying the hot APP accessed by the existing user, identifying the domain name corresponding to the APP, and analyzing the optimal Internet outlet corresponding to the hot APP. For example, an overseas APP takes precedence over an internet outlet and an in-house APP takes precedence over a domestic internet outlet.

(2) When a user initiates a service request, caching a user DNS analysis record according to a preset domain name rule, and informing the analyzed IP to core equipment in a BGP mode to realize drainage.

(3) When a user accesses the hot off-state APP, the intelligent distribution device can forward the source IP address of the intelligent NAT user (ensuring that the source IP of the user is optimal in the Internet exit path) from the appointed Internet exit according to a preset rule (forwarding the DNS analysis of the user to the appointed Internet DNS server to obtain the most accurate analysis record, then informing the analysis record cache to the core device, and forwarding the service flow normally accessed by the user to the intelligent distribution device according to the IP flow table and then forwarding the service flow to the appointed Internet exit by the intelligent distribution device).

By executing the steps (1) - (3), the APP accessed by the user can be forwarded to the corresponding optimal outlet by taking the actual experience of the user as a guide, so that the optimal experience of the user is realized.

Optionally, when the accessed APP is an intra-APP, corresponding NAT translation and designated egress forwarding are completed according to the same processing logic as the method described above.

Based on the same inventive concept, a flow forwarding device is also provided in the embodiments of the present disclosure, as described in the following embodiments. Since the principle of solving the problem of the embodiment of the device is similar to that of the embodiment of the method, the implementation of the embodiment of the device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

Fig. 7 shows a schematic diagram of a traffic forwarding device according to an embodiment of the present disclosure, as shown in fig. 7, the device 700 includes:

a flow detection module 701, configured to detect whether a service flow carries a specified IP address, where the specified IP address is an IP address of a specified application server;

and the traffic forwarding module 702 is configured to forward the traffic to the specified application server through the specified internet outlet when the traffic carries the specified IP address.

It should be noted that, in the flow forwarding device provided in the foregoing embodiment, only the division of the functional modules is used for illustration, and in practical application, the functional allocation may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the flow forwarding device and the flow forwarding method provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the flow forwarding device and the flow forwarding method are detailed in the method embodiments and are not repeated herein.

Optionally, the flow detection module 701 is specifically configured to:

Optionally, before detecting whether the IP address carried by the service traffic exists in the preset IP address library, the traffic detection module 701 may be further configured to:

the specified IP is added to the IP address library.

Optionally, the flow detection module 701 is specifically configured to:

intercepting a domain name resolution request of a specified domain name through a domain name proxy server, and forwarding the domain name resolution request of the specified domain name to the specified domain name resolution server;

Alternatively, the IP address library may include an IP address requiring NAT and an IP address not requiring NAT.

Alternatively, the traffic flow may be traffic from a user side, and the second forwarding module 703 may be further configured to:

judging whether a source IP address carried by the service flow hits the NAT flow table or not;

if hit, NAT is carried out on the source IP address;

if the source IP address of the service flow does not hit, judging whether the appointed IP address carried in the service flow needs to carry out the IP address of the NAT, and carrying out the NAT on the source IP address of the service flow under the condition that the appointed IP address needs to carry out the NAT, so that the service flow is forwarded to downstream equipment through a server after the NAT; and under the condition that the designated IP address does not need NAT, the service traffic is directly sent to the downstream equipment.

Optionally, the traffic may be traffic from a network side, and the second forwarding module 703 may be further configured to:

judging whether a destination IP address carried by the service flow hits the NAT flow table or not;

if not, the traffic is sent directly to the upstream device.

Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.

Based on the same inventive concept, a traffic forwarding system is also provided in the embodiments of the present disclosure, as described in the following embodiments. Since the principle of solving the problem of the system embodiment is similar to that of the method embodiment, the implementation of the system embodiment can be referred to the implementation of the method embodiment, and the repetition is omitted.

Fig. 8 shows a schematic diagram of a traffic forwarding system in an embodiment of the present disclosure, where the system includes a user terminal 801, a network core device 802, an intelligent distribution device 803, and

internet outlets

804, 805, 806, as shown in fig. 8.

The user terminal 801 is configured to send a service traffic of a user to the network core device 802;

the network core device 802 collects a default DNS IP address in the service traffic and an IP address of the service of the designated application in a BGP manner, and then sends the DNS traffic and the service traffic to the intelligent distribution device;

it should be noted that the network device is a gateway of a data traffic bearer network element, such as a HUAWEI NE40-X8 or Cisco ASR9000.

The intelligent distribution device 803 is configured to perform the traffic forwarding method provided by the above method embodiment, so as to forward the traffic request traffic of the user to the

optimal internet outlets

804, 805, 806.

Specifically, the intelligent distribution device 803 is configured to detect whether a service flow carries a specified IP address, where the specified IP address is an IP address of a specified application server;

and when the service flow carries the appointed IP address, forwarding the service flow to the appointed application server through the appointed Internet outlet.

An electronic device 900 according to such an embodiment of the present disclosure is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.

As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one storage unit 920, and a bus 930 connecting the different system components (including the storage unit 920 and the processing unit 910).

Wherein the storage unit stores program code that is executable by the processing unit 910 such that the processing unit 910 performs steps according to various exemplary embodiments of the present disclosure described in the above-described "exemplary methods" section of the present specification. For example, the processing unit 910 may perform the following steps of the method embodiment described above: detecting whether the service flow carries a specified IP address, wherein the specified IP address is the IP address of a specified application server; and when the service flow carries the appointed IP address, forwarding the service flow to the appointed application server through the appointed Internet outlet.

Optionally, the processing unit 910 may further perform:

the specified IP is added to the IP address library.

Optionally, the processing unit 910 may further perform:

Optionally, the traffic may be traffic from a user side, and the second forwarding module 703 may further perform:

if hit, NAT is carried out on the source IP address;

Optionally, the traffic may be traffic from a network side, and the processing unit 910 may further perform:

if not, the traffic is sent directly to the upstream device.

The storage unit 920 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 9201 and/or cache memory 9202, and may further include Read Only Memory (ROM) 9203.

The storage unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 include, but are not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

The bus 930 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 900 may also communicate with one or more external devices 940 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 900, and/or any devices (e.g., routers, modems, etc.) that enable the electronic device 900 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 950. Also, electronic device 900 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 960. As shown, the network adapter 960 communicates with other modules of the electronic device 900 over the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 900, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, a computer-readable storage medium, which may be a readable signal medium or a readable storage medium, is also provided. On which a program product is stored which enables the implementation of the method described above of the present disclosure. In some possible implementations, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.

More specific examples of the computer readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

In this disclosure, a computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Alternatively, the program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

In particular implementations, the program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

From the description of the above embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A method for forwarding traffic, comprising:

2. The traffic forwarding method according to claim 1, wherein detecting whether traffic carries a specified IP address comprises:

3. The traffic forwarding method according to claim 2, wherein before detecting whether the IP address carried by the traffic exists in a preset IP address library, the method further comprises:

and adding the appointed IP into the IP address library.

4. The traffic forwarding method of claim 3 wherein said resolving said specified domain name to a specified IP address by a specified domain name resolution server comprises:

5. The traffic forwarding method according to claim 2, wherein the IP address library includes an IP address requiring NAT and an IP address not requiring NAT.

6. The traffic forwarding method according to claim 5, wherein the traffic is traffic from a user side, the method further comprising:

if hit, NAT is carried out on the source IP address;

7. The traffic forwarding method according to claim 5, wherein the traffic is traffic from a network side, the method further comprising:

if not, the traffic is sent directly to the upstream device.

8. A traffic forwarding device, comprising:

and the traffic forwarding module is used for forwarding the traffic to a specified application server through a specified Internet outlet when the traffic carries the specified IP address.

9. An electronic device, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the traffic forwarding method of any of claims 1-7 via execution of the executable instructions.

10. A computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the traffic forwarding method according to any of claims 1 to 7.