CN117041205A - Address translation method, address translation device, host and computer readable storage medium - Google Patents

Address translation method, address translation device, host and computer readable storage medium Download PDF

Info

Publication number
CN117041205A
CN117041205A CN202311146010.1A CN202311146010A CN117041205A CN 117041205 A CN117041205 A CN 117041205A CN 202311146010 A CN202311146010 A CN 202311146010A CN 117041205 A CN117041205 A CN 117041205A
Authority
CN
China
Prior art keywords
address
virtual
physical
target
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311146010.1A
Other languages
Chinese (zh)
Inventor
朱祁龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN202311146010.1A priority Critical patent/CN117041205A/en
Publication of CN117041205A publication Critical patent/CN117041205A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2557Translation policies or rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an address conversion method, a device, a host and a computer readable storage medium, wherein a first address mapping table and a second address mapping table are pre-configured in a virtual router of a virtual intranet, so that when the virtual router receives a request message sent by a virtual node for a physical external network, the virtual router can carry out address mapping processing based on the two tables and then forwards the request message to a target physical node, and when receiving a response message returned by the target physical node, the virtual router also carries out address mapping processing based on the two tables and then forwards the response message to the virtual node. The first address mapping table is used for realizing the mapping of the IP address from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping of the IP address from the physical external network to the virtual internal network, so that the physical network can be mapped to the virtual network by utilizing the two address mapping tables, and the virtual node of the virtual network can actively access the physical node. And the mapping between the IP addresses is adopted in the two mapping tables, so that the mappable physical network is ensured not to be limited to a two-layer network.

Description

Address translation method, address translation device, host and computer readable storage medium
Technical Field
The present invention relates to the field of communications, and in particular, to an address translation method, an address translation device, a host, and a computer readable storage medium.
Background
When building a network target range using virtualization technology or applying the virtualization technology in the field of cloud computing, there is often a need for communication between virtual network devices and physical network devices. In the prior art, in order to meet the communication requirement between the virtual network device and the physical network device, the physical network needs to be mapped into the virtual network, and the related network architecture is as follows:
virtual network devices (e.g., virtual machines) in a virtual network form a communication link between the virtual network device and the physical network device through the virtual switch to which they are connected and the physical switch to which the physical network device is connected. The ARP (Address Resolution Protocol ) table in the virtual switch binds the virtual IP address of the virtual network device with the MAC (Media Access Control Address, media access control address, also called physical address or hardware address) address of the physical network device, and the port table of the physical switch to which the physical network device is connected stores the MAC address of the physical network device and the port to which the physical network device is connected. Thus, the communication request of the virtual network device to the physical network device can be realized.
However, because the virtual switch adopts a binding scheme of the virtual IP address and the physical device MAC address, only the physical network of the two-layer network topology structure where the physical switch is located can be mapped into the virtual network topology, and the mappable physical network topology structure has a great limitation.
Disclosure of Invention
The present invention is directed to a method, apparatus, host, and computer-readable storage medium for address translation to improve the problems of the prior art.
Embodiments of the invention may be implemented as follows:
in a first aspect, the present invention provides an address translation method, applied to a virtual router of a virtual intranet, where the virtual router is communicatively connected to a plurality of virtual nodes of the virtual intranet and at least one physical node of a physical external network; the virtual router is preconfigured with a first address mapping table and a second address mapping table; the first address mapping table is used for realizing the mapping from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping from the physical external network to the IP address of the virtual internal network; the method comprises the following steps:
when a first request message sent by any virtual node for the physical external network is received, performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table to obtain a first target request message;
Forwarding the first target request message to a target physical node;
receiving a first response message sent by the target physical node; the first response message is generated when the target physical node receives the first target request message;
performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message;
and forwarding the first target response message to the virtual node.
In an optional implementation manner, the first address mapping table includes a mapping relationship between actual identification information of the virtual node and mapping identification information revealed by the virtual node on the physical external network, where the actual identification information includes an actual virtual IP address and an actual port number, and the mapping identification information includes a host IP address and a host port number; the second address mapping table comprises a mapping relation between an actual physical IP address of the physical node and a mapping virtual IP address displayed by the virtual intranet;
the step of performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table to obtain a first target request message includes:
Analyzing the first request message to obtain a source address field, a destination address field and a source port field of the first request message; the source address field is an actual virtual IP address of the virtual node, the destination address field is a mapped virtual IP address of the destination physical node in the virtual intranet, and the source port field is an actual port number of the virtual node;
finding out a host IP address and a host port number matched with an actual virtual IP address and an actual port number of the virtual node from the first address mapping table;
searching an actual physical IP address of a target physical node matched with a mapped virtual IP address of the target physical node in the virtual intranet from the second address mapping table;
and repackaging the first request message according to the host IP address and the host port number corresponding to the virtual node and the actual physical IP address of the target physical node to obtain the first target request message.
In an optional implementation manner, the first address mapping table includes a mapping relationship between actual identification information of the virtual node and mapping identification information revealed by the virtual node on the physical external network, where the actual identification information includes an actual virtual IP address and an actual port number, and the mapping identification information includes a host IP address and a host port number; the second address mapping table comprises a mapping relation between an actual physical IP address of the physical node and a mapping virtual IP address displayed by the virtual intranet;
The step of performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message includes:
analyzing the first response message to obtain a source address field, a destination address field and a destination port field of the first response message; the source address field is an actual physical IP address of the destination physical node, the destination address field is a host IP address corresponding to the virtual node, and the destination port field is a host port number corresponding to the virtual node;
searching an actual virtual IP address and an actual port number of a virtual node matched with the host IP address and the host port number from the first address mapping table;
searching a mapping virtual IP address of a target physical node in the virtual intranet, which is matched with the actual physical IP address of the target physical node, from the second address mapping table;
and repackaging the first response message according to the mapped virtual IP address of the target physical node in the virtual intranet and the actual virtual IP address and the actual port number of the virtual node to obtain the first target response message.
In an optional implementation manner, the virtual router is further preconfigured with a third address mapping table, and the third address mapping table includes a mapping relationship between an actual virtual IP address of the virtual node and a mapped physical IP address revealed by the virtual node in the physical external network; the method further comprises the steps of:
when a second request message sent by any physical node aiming at the virtual intranet is received, converting a destination address field of the second request message based on the third address mapping table to obtain a second target request message;
forwarding the second target request message to a target virtual node;
receiving a second response message sent by the target virtual node; the second response message is generated when the target virtual node receives the second target request message;
converting the source address field of the second response message based on the third address mapping table to obtain a second target response message;
and forwarding the second target response message to the physical node.
In an optional embodiment, the step of converting, based on the third address mapping table, the destination address field of the second request packet to obtain a second target request packet includes:
Analyzing the second request message to obtain a destination address field of the second request message; the destination address field is a mapped physical IP address of the destination virtual node in the physical external network;
searching an actual virtual IP address matched with the mapped physical IP address of the target virtual node in the physical external network from the third address mapping table;
and repackaging the second request message based on the actual virtual IP address of the target virtual node to obtain the second target request message.
In an optional implementation manner, the step of converting the source address field of the second response message based on the third address mapping table to obtain a second target response message includes:
analyzing the second response message to obtain a source address field of the second response message; the source address field is the actual virtual IP address of the target virtual node;
searching a mapping physical IP address of the target virtual node in the physical external network, which is matched with the actual virtual IP address of the target virtual node, from the third address mapping table;
and repackaging the second response message based on the mapped physical IP address of the target virtual node in the physical external network to obtain the second target response message.
In a second aspect, the present invention provides an address translation device, which is applied to a virtual router of a virtual intranet, where the virtual router is communicatively connected to a plurality of virtual nodes of the virtual intranet and at least one physical node of a physical external network; the virtual router is preconfigured with a first address mapping table and a second address mapping table; the first address mapping table is used for realizing the mapping from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping from the physical external network to the IP address of the virtual internal network; the device comprises:
a first processing module for:
when a first request message sent by any virtual node for the physical external network is received, performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table to obtain a first target request message;
forwarding the first target request message to a target physical node;
a second processing module for:
receiving a first response message sent by the target physical node; the first response message is generated when the target physical node receives the first target request message;
Performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message;
and forwarding the first target response message to the virtual node.
In an optional implementation manner, the virtual router is further preconfigured with a third address mapping table, and the third address mapping table includes a mapping relationship between an actual virtual IP address of the virtual node and a mapped physical IP address revealed by the virtual node in the physical external network; the apparatus further comprises:
a third processing module for:
when a second request message sent by any physical node aiming at the virtual intranet is received, converting a destination address field of the second request message based on the third address mapping table to obtain a second target request message;
forwarding the second target request message to a target virtual node;
a fourth processing module for:
receiving a second response message sent by the target virtual node; the second response message is generated when the target virtual node receives the second target request message;
converting the source address field of the second response message based on the third address mapping table to obtain a second target response message;
And forwarding the second target response message to the physical node.
In a third aspect, the present invention provides a host, where a virtual intranet constructed by the host includes a virtual router and a plurality of virtual nodes communicatively connected to the virtual router, where the virtual router is configured to implement the address translation method according to the first aspect.
In a fourth aspect, the present invention provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the address translation method of the first aspect.
Compared with the prior art, the embodiment of the invention provides an address conversion method, an address conversion device, a host and a computer readable storage medium, wherein a first address mapping table and a second address mapping table are pre-configured in a virtual router of a virtual intranet, so that when the virtual router receives a first request message sent by a virtual node for a physical external network, the virtual router can carry out address mapping processing on the message based on the two tables and then forwards the message to a target physical node, and when a first response message returned by the target physical node is received, the virtual router also carries out address mapping processing on the message based on the two tables and then forwards the message to the virtual node. The first address mapping table is used for realizing the mapping of the IP address from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping of the IP address from the physical external network to the virtual internal network, so that the physical network can be mapped to the virtual network by utilizing the two address mapping tables, and the virtual node of the virtual network can actively access the physical node. And the mapping between the IP addresses is adopted in the two mapping tables, so that the mappable physical network is ensured not to be limited to a two-layer network.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a scenario for implementing virtual network request physical network service based on the SNAT technology in the prior art.
Fig. 2 is a schematic diagram of a scenario in the prior art of exposing virtual network services to a physical network based on DNAT technology.
Fig. 3 is a schematic diagram of a scenario in the prior art in which a physical network is mapped into a virtual network.
Fig. 4 is a schematic diagram of an application scenario provided in an embodiment of the present invention.
Fig. 5 is a flowchart of an address translation method according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an address translation device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
Furthermore, the terms "first," "second," and the like, if any, are used merely for distinguishing between descriptions and not for indicating or implying a relative importance.
It should be noted that the features of the embodiments of the present invention may be combined with each other without conflict.
Here, first, the keywords or key terms related to the present invention will be described:
1. SDN: (Software Defined Network, software defined networking), SDN, is a new network architecture with a logically centralized control plane, an abstract data plane. The data plane is separated from the control plane, a unified open interface OpenFlow is arranged between the control plane and the data plane, and the direct programming control of the network is realized through the unified and open southbound interface.
2. Open vSwitch: is a multi-layer virtual switch developed in C language, which may be abbreviated as OVS, using an Apcahe 2 (a Web server software) open source license, and now has become basically the de facto standard of the open source SDN infrastructure layer.
3. NAT technology: network Address Translator, i.e. network address translation technology, the NAT technology is used to translate private addresses into public network addresses, so that hosts in the private network can access the internet with a small number of public network addresses.
Techniques for using private addresses in a local network, which in turn use global IP addresses when connecting to the internet. NAT is actually a technology developed to solve the shortage of IPv4 addresses.
4. DNAT: DNAT Destination Network Address Translation, destination network address translation, functions to translate the destination address of an IP packet to another address.
5. SNAT: SNAT Source Network Address Translation, source network address translation, serves to translate the source address of an IP packet to another address.
6. PAT: port address Translation, port address translation. The address will be reloaded through the port number. Since the port number may be 0-65536, a public IP address may be reloaded 65536 times. When the internal local address is translated, the PAT will add the unique source port number to the internal global address. The port number is used to distinguish the traffic and when the destination host returns a response, the port number determines to which device the router forwards the packet.
In the prior art, based on the SNAT technology, a virtual network device in a virtual intranet can request to access a service provided by a physical network device in a physical extranet. For example, referring to fig. 1, in fig. 1, assuming that a virtual network device (192.168.1.2) in a virtual network needs to request a service provided by a physical network device (172.168.1.2) in a physical network, when a request message sent by the virtual network device arrives at a fixed router (i.e., an OVS router in fig. 1), a source address in the request message is converted from 192.168.1.2 to 192.168.1.10, and then forwarded to the physical network device.
Meanwhile, in the prior art, the DNAT technology can realize that the physical network equipment in the physical external network requests to access the service provided by the virtual network equipment in the virtual internal network. For example, referring to fig. 2 and 3, assuming that the physical network device (172.168.1.2) in the physical network needs to request the service provided by the virtual network device (192.168.1.2) in the virtual network, the physical network device (172.168.1.2) only needs to send a request message with 192.168.1.20 as a destination address, where the request message arrives at the fixed router (i.e. OVS router in fig. 2) in the virtual intranet, and the fixed router converts the destination address in the request message from 192.168.1.20 to 192.168.1.2, and then forwards the request message to the virtual network device.
However, when a complex network environment such as a network target range or cloud computing is constructed, there is a need to map a physical network topology and an existing virtual network topology with each other, so as to ensure that the physical network device and the virtual network device can communicate with each other.
However, the above-mentioned prior art can only implement the virtual network to request the physical network service or expose the virtual network service to the physical network, and cannot achieve the purpose of mapping the physical network into the virtual network topology. Therefore, network engineers or developers must modify the existing virtual network environment or physical network environment to achieve the purpose of virtual-real network convergence, which is time-consuming and laborious. For example, referring to fig. 3, the technical solution for mapping a physical network to a virtual network in the prior art is as follows:
virtual network devices (e.g., virtual machines) in a virtual network form a communication link between the virtual network device and the physical network device through the virtual switch to which they are connected and the physical switch to which the physical network device is connected. In fig. 3, a binding relationship between a virtual IP address of a virtual network device and a MAC address of a physical network device exists in an ARP table in a virtual switch (i.e., OVS) of the virtual network, and a port table of a physical switch (i.e., SDN switch) to which the physical network device is connected records the MAC address of the physical network device and a port to which the physical network device is connected. The mapping conversion among the virtual IP address, the MAC address of the physical network equipment and the port number of the SDN switch can be carried out by means of the OVS and the SDN switch, so that the purpose of converting the MAC address of the physical network equipment into the virtual IP address in the virtual network topology is achieved. But it suffers from the following disadvantages:
Firstly, because the virtual IP address and the MAC address of the physical network equipment are adopted in the OVS, the physical network of the two-layer network topology structure where the DNS switch is positioned can only be mapped into the virtual network topology, and the mappable physical network topology structure has great limitation;
secondly, as the SDN switch is used for accessing the physical network equipment to the virtual network, the number of the accessible physical network equipment is limited by the number of ports of the SDN switch, and if the number of the access ports is increased, the equipment cost of the SDN switch is greatly increased;
thirdly, because the MAC address of the physical network device is bound with the port number of the SDN switch in the SDN switch, all the physical network devices must be connected with the designated SDN switch port in the later operation and maintenance process, and the operation and maintenance flexibility and the fault tolerance are greatly reduced.
Based on the findings of the above technical problems, the inventors have made creative efforts to propose the following technical solutions to solve or improve the above problems. It should be noted that the above prior art solutions have all the drawbacks that the inventors have obtained after practice and careful study, and thus the discovery process of the above problems and the solutions to the problems that the embodiments of the present application hereinafter propose should not be construed as what the inventors have made in the inventive process of the present application, but should not be construed as what is known to those skilled in the art.
In view of this, an embodiment of the present invention provides an address translation method, in the prior art, based on implementing a virtual network request physical network service by using an SNAT technology and exposing the virtual network service to a physical network by using a DNAT technology, the two technologies are combined and supplemented so as to pre-reach a first address mapping table and a second address mapping table in a router in the virtual network, thereby not only maintaining an original communication function and a security protection function of the NAT, but also mapping the physical network (external network) to a part of a virtual network (internal network) topology in a custom manner, and mapping the virtual network (internal network) topology to a part of an existing physical network (external network) topology. The operation cost when the virtual network is compatible with the physical network is greatly reduced. The following detailed description is made by way of example with reference to the accompanying drawings.
The application scenario of the present invention will be described first.
Referring to fig. 4, fig. 4 is an application scenario structure diagram provided in an embodiment of the present invention. The virtual intranet comprises a virtual router, a plurality of virtual nodes (virtual nodes 1-n) connected with the virtual router and an OVS, wherein the OVS bridges a physical network card of the host; the physical external network includes a plurality of physical nodes (physical nodes 1 to n) to which the physical switch is connected.
The OVS is an Open vSwitch gateway switch, one end of which is bridged to a physical network card of the host, and the other end of which is connected to the virtual router. The virtual router is an Open vSwitch fixed router, and can configure specific routing rules, such as SNAT, DNAT, and the like, for the virtual router through the SDN controller, while the physical external network can access the virtualized network through a host physical network card corresponding to the virtual internal network.
Thus, communication may be performed between a virtual node and a physical node sequentially through the virtual router, the OVS, and the physical network card of the host to which it bridges, and the physical switch.
The virtual intranet can be constructed by a host machine by adopting a virtualization technology, and the host machine can be, but is not limited to, a physical server, a personal computer, a notebook computer and other physical devices. One virtual node may be a virtual machine in a host, a deployed container, a deployed service, etc.
The physical switch may be any switch in the existing networking architecture, for example, any switch in the three-layer network architecture, and is not limited to only the two-layer switch. A physical node may be, but is not limited to, a physical server, a smart phone, a personal computer, a notebook computer, etc.
The address conversion method provided by the embodiment of the invention can be applied to the virtual router in the virtual intranet. The following examples illustrate sss.
Referring to fig. 5, fig. 5 is a flow chart of an address translation method according to an embodiment of the present invention, and an execution subject of the method may be a virtual router in a virtual intranet, where the virtual router is communicatively connected to a plurality of virtual nodes of the virtual intranet and at least one physical node of a physical extranet. The virtual router is preconfigured with a first address mapping table and a second address mapping table, wherein the first address mapping table is used for realizing IP address mapping from a virtual intranet to a physical extranet, and the second address mapping table is used for realizing IP address mapping from the physical extranet to the virtual intranet. The address conversion method includes the following steps S101 to S105:
s101, when a first request message sent by any virtual node for a physical external network is received, address mapping processing is carried out on the first request message based on a first address mapping table and a second address mapping table, and a first target request message is obtained.
S102, forwarding the first target request message to a target physical node.
In this embodiment, in the address mapping process, the source address field of the first request packet may be converted by using the first address mapping table, the destination address field of the first request packet may be converted by using the second address mapping table, and after the first target request packet is obtained, the routing table may be searched to forward the first target request packet through the virtual switch bridging the host physical network card.
S103, receiving a first response message sent by the target physical node.
In this embodiment, if the destination physical node receives the first target request packet, a first response packet may be generated based on information in the first target request packet, and then the first response packet is returned to the virtual router.
S104, address mapping processing is carried out on the first response message based on the first address mapping table and the second address mapping table, and a first target response message is obtained.
S105, forwarding the first target response message to the virtual node.
In this embodiment, in the address mapping process, the destination address field of the first response packet may be converted by using the first address mapping table, the source address field of the first response packet may be converted by using the second address mapping table, and after the first target response packet is obtained, the routing table may be searched to return the first response request to the virtual node that initiates the request.
According to the address conversion method provided by the embodiment of the invention, because the mapping between the IP addresses is adopted in the first address conversion table and the second address conversion table which are configured in advance, the virtual nodes in the virtual intranet can be allowed to access the physical nodes of the physical extranet and simultaneously the topology of the physical extranet can be mapped to the virtual intranet.
In an alternative implementation manner, the first address mapping table may include a mapping relationship between an actual virtual IP address of each virtual node and a mapped physical IP address, where the mapped physical IP address is an address revealed by the virtual node to the physical external network, and mapped physical IP addresses of different virtual nodes are different. The second address mapping table may include a mapping relationship between an actual physical IP address of each physical node and a mapped virtual IP address, where the mapped virtual IP address is an address that is revealed by the physical node to the virtual intranet, and mapped virtual IP addresses of different physical nodes are different.
In another alternative implementation, the virtual IP addresses of all virtual nodes may be mapped to a unified host IP address, and then different virtual nodes are distinguished using port numbers.
Therefore, the first address mapping table may include a mapping relationship between actual identification information of the virtual node and mapping identification information revealed by the virtual node in the physical external network, where the actual identification information includes an actual virtual IP address and an actual port number, and the mapping identification information includes a host IP address and a host port number. The second address mapping table may include a mapping relationship between an actual physical IP address of the physical node and a mapped virtual IP address exhibited by the virtual intranet.
Therefore, the process of performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table in the above step S101 to obtain the first target request message may include the following substeps S1011 to S1014:
s1011, analyzing the first request message to obtain a source address field, a destination address field and a source port field of the first request message.
In this embodiment, in the first request packet, the source address field is an actual virtual IP address of the virtual node that initiates the request, the destination address field is a mapped virtual IP address of the destination physical node that is the request receiver in the virtual intranet, and the source port field is an actual port number that is used to characterize the traffic belonging to the virtual node.
S1012, the host IP address and the host port number matched with the actual virtual IP address and the actual port number of the virtual node are found out from the first address mapping table.
S1013, searching out the actual physical IP address of the target physical node matched with the mapped virtual IP address of the target physical node in the virtual intranet from the second address mapping table.
S1014, repackaging the first request message according to the host IP address and the host port number corresponding to the virtual node and the actual physical IP address of the target physical node to obtain a first target request message.
In this embodiment, after repackaging, the first target request packet is: the source address field may be a host IP address, the destination address field may be an actual physical IP address of the target physical node, and the source port field may be a host port number.
Therefore, the process of performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table in the step S104 to obtain the first target response message may include the following substeps S1041 to S1044:
s1041, analyzing the first response message to obtain a source address field, a destination address field and a destination port field of the first response message.
In this embodiment, in the first response packet, the source address field is the actual physical IP address of the destination physical node serving as the request receiver, the destination address field is the host IP address corresponding to the virtual node that initiates the request, and the destination port field is the host port number corresponding to the virtual node.
S1042, the actual virtual IP address and the actual port number of the virtual node matched with the host IP address and the host port number are found out from the first address mapping table.
S1043, searching out the mapping virtual IP address of the target physical node in the virtual intranet, which is matched with the actual physical IP address of the target physical node, from the second address mapping table.
S1044, repackaging the first response message according to the mapped virtual IP address of the target physical node in the virtual intranet and the actual virtual IP address and the actual port number of the virtual node to obtain a first target response message.
In this embodiment, after repackaging, the first target response packet is: the source address field is the mapping virtual IP address of the destination physical node as the request receiver in the virtual intranet, the destination address field is the actual virtual IP address of the virtual node initiating the request, and the destination port number field is the actual port number of the virtual node.
In the invention, the network topology of the physical external network and the network topology of the virtual internal network are mapped mutually, and the actual virtual IP address of each virtual node in the virtual internal network is ensured not to be exposed in the network external network, so that the network attack to the virtual internal network is avoided.
The following gives an example of a possibility that a virtual node of the virtual intranet initiates an access request to a physical node of the physical external network.
If 7 virtual nodes (virtual nodes 1 to 7) are connected to the virtual router of the virtual intranet, and 7 physical nodes (physical nodes 1 to 7) are also connected to the physical switch, it is assumed that the first address mapping table and the second address mapping table are the following tables 1 and 2, respectively:
Table 1 first address mapping table
Virtual node sequence number Actual virtual IP Address: actual Port number Host IP address, host port number
1 192.168.1.2:21 172.168.1.10:22221
2 192.168.1.3:22 172.168.1.10:22222
3 192.168.1.4:23 172.168.1.10:22223
4 192.168.1.5:225 172.168.1.10:22224
5 192.168.1.6:443 172.168.1.10:22225
6 192.168.1.7:445 172.168.1.10:22226
7 192.168.1.8:80 172.168.1.10:22227
Table 2 second address mapping table
Physical node sequence number Actual physical IP address Mapping virtual IP addresses
1 172.168.1.101 192.168.2.101
2 172.168.1.102 192.168.2.102
3 172.168.1.103 192.168.2.103
4 172.168.1.104 192.168.2.104
5 172.168.1.105 192.168.2.105
6 172.168.1.106 192.168.2.106
7 172.168.1.107 192.168.2.107
In combination with tables 1 and 2, if virtual node 3 (192.168.1.4) is to access the services of physical node 1 (172.168.1.101), then the following flow exists:
1. then the virtual node 3 generates a first request message (source address 192.168.1.4, source port 23, destination address 192.168.2.101) and sends the first request message to the virtual router;
2. the virtual router determines that "172.168.1.10:22223" corresponds to "192.168.1.4:23" based on the above table 1, and "172.168.1.101" corresponds to 192.168.2.101 based on the above table 2, then the virtual router may repackage the first request message into a first target request message (source address 172.168.1.10, source port 22223, destination address 172.168.1.101);
3. the virtual router forwards the first target request message to the physical node 1 through the host physical network card bridged by the OVS and the physical switch (172.168.1.101);
4. after receiving the first target request message, the physical node 1 (172.168.1.101) can generate a first response message (the source address is 172.168.1.101, the destination address 172.168.1.10 and the destination port 22223), and then forwards the first response message to the virtual router through the physical switch and the host physical network card;
5. The virtual router determines "192.168.2.101" corresponding to "172.168.1.101" based on the above table 2, and "192.168.1.1.4:23" corresponding to "172.168.1.10:22223" based on the above table 1, then the virtual router may repackage the first response message into a first target response message (source address is 192.168.2.101, destination address is 192.168.1.4, destination port is 23);
6. the virtual router sends a first target response message to the virtual node 3 (192.168.1.4).
The above examples are merely examples, and the number of nodes, the IP addresses of the nodes, and the like in each of the virtual internal network and the physical external network are not limited in this regard, depending on the actual application.
In an optional implementation manner, the physical node of the physical external network may further initiate an access request to the virtual node of the virtual internal network, and corresponding to the requirement, the virtual router may be preconfigured with a third address mapping table, where the third address mapping table may include a mapping relationship between an actual virtual IP address of the virtual node and a mapped physical IP address revealed by the virtual node in the physical external network, and mapped physical IP addresses of different virtual nodes are different.
Correspondingly, the address conversion method may further include the following steps S106 to S109:
S106, when receiving a second request message sent by any physical node for the virtual intranet, converting a destination address field of the second request message based on a third address mapping table to obtain a second target request message.
In this embodiment, the destination address field of the second request packet may be converted by using the third address mapping table when address conversion is performed.
Optionally, the substeps of step S106 may include S1061 to S1063:
s1061, analyzing the second request message to obtain a destination address field of the second request message;
s1062, searching out an actual virtual IP address matched with the mapped physical IP address of the target virtual node in the physical external network from the third address mapping table;
s1063, repackaging the second request message based on the actual virtual IP address of the target virtual node to obtain a second target request message.
In this embodiment, in the second request packet, the destination address field is a mapped physical IP address of the destination virtual node serving as the request receiver in the physical external network. After address conversion, in the second target request message, the destination address field is the actual virtual IP address of the destination virtual node serving as the request receiver. S107, forwarding the second target request message to the target virtual node.
S1068, receiving the second response message sent by the destination virtual node.
It may be appreciated that, as the destination virtual node of the request receiver, when receiving the second target request packet, a second response packet may be generated based on the second target request packet, and then the second response packet is returned to the virtual router in an original path.
S109, converting the source address field of the second response message based on the third address mapping table to obtain a second target response message, and forwarding the second target response message to the physical node.
In this embodiment, the third address mapping table may be used to translate the source address field of the second response packet when address translation is performed.
Optionally, the substeps of step S109 may include S1091 to S1093:
s1091, analyzing the second response message to obtain a source address field of the second response message;
s1092, searching a mapping physical IP address of the destination virtual node in the physical external network, which is matched with the actual virtual IP address of the destination virtual node, from a third address mapping table;
s1093, repackaging the second response message based on the mapping physical IP address of the target virtual node in the physical external network to obtain a second target response message.
In this embodiment, in the second response packet, the source address field is the actual virtual IP address of the destination virtual node that is the request receiver. In the second target response message after address conversion, the source address field is the mapping physical IP address displayed by the target virtual node serving as the request receiver in the physical external network.
It should be noted that, in the above method embodiment, the execution sequence of each step is not limited by the drawing, and the execution sequence of each step is based on the actual application situation.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
in the first and second embodiments of the present invention, the first address translation table and the second address translation table are preconfigured in the virtual router, so that the SNAT and DNAT can be used in combination in a process of accessing a service provided by a physical node of a physical external network by a virtual node implementing a virtual internal network, and simultaneously, the physical external network is mapped to a virtual internal network in a custom manner. Meanwhile, the technical scheme can be also applied to other application scenes with different IP network topologies compatible with each other, and is not limited to virtual-real combination application scenes.
Secondly, because the NAT network address conversion method is adopted, when the virtual external network and the physical internal network are compatible, the network topology types of the two parties are not limited, and even the physical nodes in different places can be mapped into the topology of the virtual internal network through the modes of the Internet, VPN and the like.
Third, in the present invention, network connection (both direct connection, two-layer switch, three-layer switch, router, etc.) can be performed between the host of the virtual network and each physical node in any manner, so, compared with the prior art, the present invention can reduce the dependency on the hardware physical switching device, and save the cost of the hardware device.
In the fourth, the invention, the physical node can be in the three-layer network, so in the middle deployment and later maintenance process, only the network intercommunication between the host machine of the virtual intranet and the physical node is ensured, no special requirement is required in the network connection process, the flexibility and fault tolerance of deployment and maintenance are greatly increased, the efficiency is improved, and the labor cost is saved.
In order to perform the corresponding steps in the above-described method embodiments and in each possible implementation, an implementation of an address translation device is given below.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an address translation device according to an embodiment of the present invention. The address conversion device 200 is applied to a virtual router of a virtual intranet, and the virtual router is in communication connection with a plurality of virtual nodes of the virtual intranet and at least one physical node of a physical external network; the virtual router is preconfigured with a first address mapping table and a second address mapping table; the first address mapping table is used for realizing IP address mapping from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the IP address mapping from the physical external network to the virtual internal network.
The address conversion apparatus 200 includes: a first processing module 210 and a second processing module 220.
A first processing module 210, configured to: when a first request message sent by any virtual node aiming at a physical external network is received, performing address mapping processing on the first request message based on a first address mapping table and a second address mapping table to obtain a first target request message; forwarding the first target request message to a target physical node;
a second processing module 220 for: receiving a first response message sent by a target physical node; the first response message is generated when the target physical node receives the first target request message; performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message; and forwarding the first target response message to the virtual node.
Optionally, the virtual router may be further preconfigured with a third address mapping table, where the third address mapping table includes a mapping relationship between an actual virtual IP address of the virtual node and a mapped physical IP address that is displayed by the virtual node in the physical external network. The address translation apparatus 200 may further include:
a third processing module 230, configured to: when receiving a second request message sent by any physical node aiming at the virtual intranet, converting a destination address field of the second request message based on a third address mapping table to obtain a second target request message; forwarding the second target request message to the target virtual node;
A fourth processing module 240 for: receiving a second response message sent by the target virtual node; the second response message is generated when the target virtual node receives the second target request message; converting the source address field of the second response message based on the third address mapping table to obtain a second target response message; and forwarding the second target response message to the physical node.
It will be clear to a person skilled in the art that the first processing module 210 may be used to implement the steps S101, S102 and their respective sub-steps described above; the second processing module 220 may be adapted to implement steps S103-S105 and their respective sub-steps described above; the third processing module 230 may be configured to implement the steps S106, S107 and their respective sub-steps described above; the fourth processing module 240 may be configured to implement the steps S108, S109 and their respective sub-steps described above. For convenience and brevity, the specific working process of the address translation device 200 described above may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
The embodiment of the invention also provides a host, and the virtual intranet constructed by the host comprises a virtual router and a plurality of virtual nodes in communication connection with the virtual router, wherein the virtual router is used for realizing the address conversion method. The host may further include more or fewer components, or are not described herein.
The Memory 320 may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), flash Memory (Flash), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The embodiment of the invention also provides a computer readable storage medium, and a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the address conversion method disclosed in the embodiment is realized. The computer readable storage medium may be, but is not limited to: a usb disk, a removable hard disk, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a Flash Memory (Flash), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), a magnetic disk or an optical disk, or the like, which can store program codes.
In summary, the embodiments of the present invention provide an address conversion method, an address conversion device, a host, and a computer readable storage medium, where a virtual router of a virtual intranet is preconfigured with a first address mapping table and a second address mapping table, so that when the virtual router receives a first request message sent by a virtual node for a physical external network, the virtual router may perform address mapping processing on the message based on the two tables and then forward the message to a destination physical node, and when a first response message returned by the destination physical node is received, the virtual router also performs address mapping processing on the message based on the two tables and then forwards the message to the virtual node. The first address mapping table is used for realizing the mapping of the IP address from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping of the IP address from the physical external network to the virtual internal network, so that the physical network can be mapped to the virtual network by utilizing the two address mapping tables, and the virtual node of the virtual network can actively access the physical node. And the mapping between the IP addresses is adopted in the two mapping tables, so that the mappable physical network is ensured not to be limited to a two-layer network.
The present invention is not limited to the above embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (10)

1. The address conversion method is characterized by being applied to a virtual router of a virtual intranet, wherein the virtual router is in communication connection with a plurality of virtual nodes of the virtual intranet and at least one physical node of a physical external network; the virtual router is preconfigured with a first address mapping table and a second address mapping table; the first address mapping table is used for realizing the mapping from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping from the physical external network to the IP address of the virtual internal network; the method comprises the following steps:
when a first request message sent by any virtual node for the physical external network is received, performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table to obtain a first target request message;
forwarding the first target request message to a target physical node;
receiving a first response message sent by the target physical node; the first response message is generated when the target physical node receives the first target request message;
performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message;
And forwarding the first target response message to the virtual node.
2. The method according to claim 1, wherein the first address mapping table includes a mapping relationship between actual identification information of the virtual node and mapping identification information exhibited by the virtual node on the physical external network, the actual identification information including an actual virtual IP address and an actual port number, the mapping identification information including a host IP address and a host port number; the second address mapping table comprises a mapping relation between an actual physical IP address of the physical node and a mapping virtual IP address displayed by the virtual intranet;
the step of performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table to obtain a first target request message includes:
analyzing the first request message to obtain a source address field, a destination address field and a source port field of the first request message; the source address field is an actual virtual IP address of the virtual node, the destination address field is a mapped virtual IP address of the destination physical node in the virtual intranet, and the source port field is an actual port number of the virtual node;
Finding out a host IP address and a host port number matched with an actual virtual IP address and an actual port number of the virtual node from the first address mapping table;
searching an actual physical IP address of a target physical node matched with a mapped virtual IP address of the target physical node in the virtual intranet from the second address mapping table;
and repackaging the first request message according to the host IP address and the host port number corresponding to the virtual node and the actual physical IP address of the target physical node to obtain the first target request message.
3. The method according to claim 1, wherein the first address mapping table includes a mapping relationship between actual identification information of the virtual node and mapping identification information exhibited by the virtual node on the physical external network, the actual identification information including an actual virtual IP address and an actual port number, the mapping identification information including a host IP address and a host port number; the second address mapping table comprises a mapping relation between an actual physical IP address of the physical node and a mapping virtual IP address displayed by the virtual intranet;
The step of performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message includes:
analyzing the first response message to obtain a source address field, a destination address field and a destination port field of the first response message; the source address field is an actual physical IP address of the destination physical node, the destination address field is a host IP address corresponding to the virtual node, and the destination port field is a host port number corresponding to the virtual node;
searching an actual virtual IP address and an actual port number of a virtual node matched with the host IP address and the host port number from the first address mapping table;
searching a mapping virtual IP address of a target physical node in the virtual intranet, which is matched with the actual physical IP address of the target physical node, from the second address mapping table;
and repackaging the first response message according to the mapped virtual IP address of the target physical node in the virtual intranet and the actual virtual IP address and the actual port number of the virtual node to obtain the first target response message.
4. The method according to claim 1, wherein the virtual router is further preconfigured with a third address mapping table, the third address mapping table comprising a mapping relationship between an actual virtual IP address of the virtual node and a mapped physical IP address exhibited by the virtual node on the physical external network; the method further comprises the steps of:
when a second request message sent by any physical node aiming at the virtual intranet is received, converting a destination address field of the second request message based on the third address mapping table to obtain a second target request message;
forwarding the second target request message to a target virtual node;
receiving a second response message sent by the target virtual node; the second response message is generated when the target virtual node receives the second target request message;
converting the source address field of the second response message based on the third address mapping table to obtain a second target response message;
and forwarding the second target response message to the physical node.
5. The method of claim 4, wherein the step of converting the destination address field of the second request message based on the third address mapping table to obtain a second target request message includes:
Analyzing the second request message to obtain a destination address field of the second request message; the destination address field is a mapped physical IP address of the destination virtual node in the physical external network;
searching an actual virtual IP address matched with the mapped physical IP address of the target virtual node in the physical external network from the third address mapping table;
and repackaging the second request message based on the actual virtual IP address of the target virtual node to obtain the second target request message.
6. The method of claim 4, wherein the step of converting the source address field of the second response message based on the third address mapping table to obtain a second target response message includes:
analyzing the second response message to obtain a source address field of the second response message; the source address field is the actual virtual IP address of the target virtual node;
searching a mapping physical IP address of the target virtual node in the physical external network, which is matched with the actual virtual IP address of the target virtual node, from the third address mapping table;
And repackaging the second response message based on the mapped physical IP address of the target virtual node in the physical external network to obtain the second target response message.
7. An address conversion device is characterized by being applied to a virtual router of a virtual intranet, wherein the virtual router is in communication connection with a plurality of virtual nodes of the virtual intranet and at least one physical node of a physical external network; the virtual router is preconfigured with a first address mapping table and a second address mapping table; the first address mapping table is used for realizing the mapping from the virtual intranet to the physical extranet; the second address mapping table is used for realizing the mapping from the physical external network to the IP address of the virtual internal network; the device comprises:
a first processing module for:
when a first request message sent by any virtual node for the physical external network is received, performing address mapping processing on the first request message based on the first address mapping table and the second address mapping table to obtain a first target request message;
forwarding the first target request message to a target physical node;
a second processing module for:
Receiving a first response message sent by the target physical node; the first response message is generated when the target physical node receives the first target request message;
performing address mapping processing on the first response message based on the first address mapping table and the second address mapping table to obtain a first target response message;
and forwarding the first target response message to the virtual node.
8. The apparatus of claim 7, wherein the virtual router is further preconfigured with a third address mapping table, the third address mapping table comprising a mapping relationship between an actual virtual IP address of the virtual node and a mapped physical IP address exhibited by the virtual node on the physical external network; the apparatus further comprises:
a third processing module for:
when a second request message sent by any physical node aiming at the virtual intranet is received, converting a destination address field of the second request message based on the third address mapping table to obtain a second target request message;
forwarding the second target request message to a target virtual node;
a fourth processing module for:
Receiving a second response message sent by the target virtual node; the second response message is generated when the target virtual node receives the second target request message;
converting the source address field of the second response message based on the third address mapping table to obtain a second target response message;
and forwarding the second target response message to the physical node.
9. A host, wherein a virtual intranet constructed by the host includes a virtual router and a plurality of virtual nodes communicatively connected to the virtual router, and the virtual router is configured to implement the address translation method as claimed in any one of claims 1 to 6.
10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the address translation method of any of claims 1-6.
CN202311146010.1A 2023-09-06 2023-09-06 Address translation method, address translation device, host and computer readable storage medium Pending CN117041205A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311146010.1A CN117041205A (en) 2023-09-06 2023-09-06 Address translation method, address translation device, host and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311146010.1A CN117041205A (en) 2023-09-06 2023-09-06 Address translation method, address translation device, host and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN117041205A true CN117041205A (en) 2023-11-10

Family

ID=88633803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311146010.1A Pending CN117041205A (en) 2023-09-06 2023-09-06 Address translation method, address translation device, host and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN117041205A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117675694A (en) * 2024-01-08 2024-03-08 北京瑞和云图科技有限公司 Network traffic processing method, device, equipment and computer readable storage medium
CN117675693A (en) * 2024-01-08 2024-03-08 北京瑞和云图科技有限公司 Network traffic processing method, device, equipment and computer readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117675694A (en) * 2024-01-08 2024-03-08 北京瑞和云图科技有限公司 Network traffic processing method, device, equipment and computer readable storage medium
CN117675693A (en) * 2024-01-08 2024-03-08 北京瑞和云图科技有限公司 Network traffic processing method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
US10645056B2 (en) Source-dependent address resolution
CN111885075B (en) Container communication method, device, network equipment and storage medium
US11283707B2 (en) Segment routing with fast reroute for container networking
US20210067376A1 (en) Data center networks
US9979605B2 (en) Virtualization mapping
JP4816572B2 (en) Virtual network connection system and apparatus
JP5817299B2 (en) Address translation apparatus, communication system, and address translation method
CN117041205A (en) Address translation method, address translation device, host and computer readable storage medium
US11252126B1 (en) Domain name resolution in environment with interconnected virtual private clouds
US9258272B1 (en) Stateless deterministic network address translation
CN109728962B (en) Method and equipment for sending message
CN105264855A (en) Method, device and system for realizing private network traversal
CN107094110B (en) DHCP message forwarding method and device
CN111556110B (en) Automatic adaptation method for different physical service networks of private cloud system
CN107809386B (en) IP address translation method, routing device and communication system
CN114024886B (en) Cross-resource-pool network intercommunication method, electronic equipment and readable storage medium
CN114363410B (en) Application access method, cloud agent, node agent component, device and medium
CN113973022A (en) Communication method, CP equipment and NAT equipment
CN108023971B (en) DHCP message forwarding method and device
CN114866467A (en) Cluster communication method, device, system, equipment and readable storage medium
CN114650290B (en) Network communication method, processing device, terminal and storage medium
CN116248595B (en) Method, device, equipment and medium for communication between cloud intranet and physical network
CN115426313A (en) NAT optimization device and method based on OVN virtual machine network
JP5911620B2 (en) Virtual network management server and edge router
CN114039949A (en) Cloud service floating IP binding method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination