CN117834584A - Flow table refreshing method for network address conversion and related equipment - Google Patents
Flow table refreshing method for network address conversion and related equipment Download PDFInfo
- Publication number
- CN117834584A CN117834584A CN202311712867.5A CN202311712867A CN117834584A CN 117834584 A CN117834584 A CN 117834584A CN 202311712867 A CN202311712867 A CN 202311712867A CN 117834584 A CN117834584 A CN 117834584A
- Authority
- CN
- China
- Prior art keywords
- address
- flow table
- message
- conversion
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000006243 chemical reaction Methods 0.000 title claims abstract description 180
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012217 deletion Methods 0.000 claims abstract description 73
- 230000037430 deletion Effects 0.000 claims abstract description 73
- 238000013519 translation Methods 0.000 claims description 24
- 230000008859 change Effects 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 13
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001172 regenerating effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a stream table refreshing method for network address conversion and related equipment, comprising the following steps: determining a target conversion IP address in a conversion IP address configuration table based on the obtained address updating configuration information, deleting the target conversion IP address from the conversion IP address configuration table, and generating a deletion linked list corresponding to the address updating configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information; and executing a timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in each deletion linked list, and finishing flow table refreshing, wherein the flow table contains flow table data generated after the message triggers the network address conversion. And generating a deletion linked list by using the configuration number of the deleted conversion IP address, deleting invalid flow table data in the flow table according to the deletion linked list, and refreshing the flow table without influencing the forwarding of the message, thereby ensuring the forwarding performance of the message.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method for refreshing a flow table for converting a network address and related devices.
Background
Network address conversion is a mature network technology, is widely applied to networking environments of various industries, and can save legal IP addresses, hide internal networks and improve network security.
The configuration of the network conversion technology is generally complex, a plurality of converted IP addresses need to be configured, and in the network address conversion service, the message after the IP address conversion can be quickly forwarded by a flow table. When some conversion IP addresses are changed, the flow table needs to be updated in time, the traditional flow table updating mode is to completely fail and delete the existing flow table, and the network connection is updated by triggering and re-creating the flow table through the message, so that the effective flow table is also deleted, the effective network connection needs to be re-established, and the message forwarding performance is reduced.
Disclosure of Invention
In view of this, an embodiment of the present invention provides a method for refreshing a flow table of network address translation and related devices, by applying the present invention, a deletion linked list is generated based on a configuration sequence number of a deleted translation IP address, and then flow table data in the flow table is deleted based on the deletion linked list, so that the flow table can be refreshed without affecting message forwarding, and the message forwarding performance is ensured.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
a flow table refreshing method for network address translation, comprising:
acquiring at least one address updating configuration information;
for each address updating configuration information, determining a target conversion IP address in a preset conversion IP address configuration table, deleting the target conversion IP address from the conversion IP address configuration table, and generating a deletion linked list corresponding to the address updating configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information;
and executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in the deletion linked lists, and finishing the flow table refreshing, wherein the flow table contains flow table data generated after the message triggering network address conversion.
In the above method, optionally, for each address updating configuration information, determining the target conversion IP address in a preset conversion IP address configuration table includes:
acquiring a configuration change address in the address updating configuration information;
and for each configuration change address, determining the conversion IP address corresponding to the conversion IP address configuration table as a target conversion IP address.
In the above method, optionally, deleting invalid flow table data in the flow table according to the configuration sequence number of the target conversion IP address in each deletion linked list includes:
for each deletion linked list, acquiring each configuration sequence number in the deletion linked list;
for each configuration sequence number, determining whether flow table data corresponding to the configuration sequence number exists in the flow table, determining the flow table data corresponding to the configuration sequence number as invalid flow table data when the flow table data corresponding to the configuration sequence number exists in the flow table, and deleting the invalid flow table data.
The method, optionally, the process of generating the flow table data after the network address conversion is triggered by the message, includes:
under the condition that the received message meets the preset flow table data generation condition, matching a conversion IP address for the message in the conversion IP address configuration table, and determining the conversion IP address matched for the message as a target address;
and carrying out network address conversion on the message by using the target address to generate stream table data containing the configuration serial number of the target address.
The above method, optionally, determines that the message meets a preset flow table data generating condition, including:
receiving a message;
determining whether the message is a first message;
if the message is the first message, determining that the message meets a preset flow table data generation condition;
if the message is not the first message, determining whether flow table data corresponding to the message exists in the flow table;
if the flow table data corresponding to the message does not exist in the flow table, determining that the message meets the preset flow table data generation condition.
The method, optionally, further comprises:
if the flow table data corresponding to the message exists in the flow table, determining that the message does not meet the flow table data generation condition, and forwarding the message by applying the flow table data corresponding to the message.
A flow table refreshing apparatus for network address translation, comprising:
an obtaining unit, configured to obtain at least one address update configuration information;
a first generating unit, configured to determine, for each address update configuration information, a target conversion IP address in a preset conversion IP address configuration table, and delete the target conversion IP address from the conversion IP address configuration table, to generate a deletion linked list corresponding to the address update configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information;
and the deleting unit is used for executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in the deleting linked lists, and finishing the flow table refreshing, wherein the flow table comprises flow table data generated after the message triggers the network address conversion.
The above apparatus, optionally, the first generating unit includes:
a first obtaining subunit, configured to obtain a configuration change address in the address update configuration information;
and the first determining subunit is used for determining the conversion IP address corresponding to each configuration change address in the conversion IP address configuration table as a target conversion IP address.
The above device, optionally, the deleting unit includes:
the second acquisition subunit is used for acquiring each configuration sequence number in the deletion linked list for each deletion linked list;
and the second determining subunit is used for determining whether the flow table data corresponding to the configuration sequence number exists in the flow table or not according to each configuration sequence number, determining the flow table data corresponding to the configuration sequence number as invalid flow table data when the flow table data corresponding to the configuration sequence number exists in the flow table, and deleting the invalid flow table data.
The above device, optionally, further comprises:
the matching unit is used for matching the conversion IP address for the message in the conversion IP address configuration table and determining the conversion IP address matched for the message as a target address under the condition that the received message meets the preset flow table data generation condition;
and the second generating unit is used for carrying out network address conversion on the message by applying the target address and generating stream table data containing the configuration sequence number of the target address.
The above device, optionally, further comprises:
a receiving unit, configured to receive a packet;
a first determining unit, configured to determine whether the message is a first message;
the second determining unit is used for determining that the message meets the preset flow table data generating condition if the message is the first message;
a third determining unit, configured to determine whether flow table data corresponding to the message exists in the flow table if the message is not a first message;
and a fourth determining unit, configured to determine that the message meets the preset flow table data generating condition if no flow table data corresponding to the message exists in the flow table.
The above device, optionally, further comprises:
and a fifth determining unit, configured to determine that the message does not meet the flow table data generating condition if flow table data corresponding to the message exists in the flow table, and forward the message by applying the flow table data corresponding to the message.
A storage medium comprising stored instructions, wherein the instructions, when executed, control a device in which the storage medium resides to perform a flow table refresh method of network address translation as described above.
An electronic device comprising a memory, and one or more instructions, wherein the one or more instructions are stored in the memory and configured to perform a flow table refresh method of network address translation as described above by one or more processors.
Compared with the prior art, the invention has the following advantages:
the invention provides a stream table refreshing method for network address conversion and related equipment, comprising the following steps: acquiring at least one address updating configuration information, determining a target conversion IP address in a preset conversion IP address configuration table for each address updating configuration information, deleting the target conversion IP address from the conversion IP address configuration table, and generating a deletion linked list corresponding to the address updating configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information; and executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in each deletion chain table, and finishing flow table refreshing, wherein the flow table contains flow table data generated after the message triggers the network address conversion. When the flow table is updated, the configuration number of the deleted conversion IP address is used to generate the deletion linked list based on the configuration number of the conversion IP address, so that the deleted conversion IP address is recorded, then the corresponding invalid flow table data is searched in the flow table according to the deletion linked list, and then the invalid flow table data is deleted, and the valid flow table data is not deleted in the whole process, so that the forwarding of the message is not influenced and the forwarding performance of the message is not reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for refreshing a flow table of network address translation according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for determining a target conversion IP address in a preset conversion IP address configuration table for each address update configuration information according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for generating flow table data after a message triggers network address conversion according to flow table data in a flow table provided by an embodiment of the present invention;
FIG. 4 is a flowchart of a method for refreshing a flow table for network address translation according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a scenario of a refresh flow table according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a flow table refreshing device for network address translation according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In addition to the updating method described in the background art, another conventional updating method is to update the flow table data while changing the converted IP address, which causes competition to the resource flow table and reduces the message forwarding performance.
Therefore, the conventional method for updating the flow table has the problem of reducing the message forwarding performance, and in order to solve the problem, the invention provides a flow table refreshing method for converting the network address.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, multiprocessor devices, distributed computing environments that include any of the above devices or devices, and the like. The execution body of the present invention is a processor, and preferably, the execution body of the present invention may be a processor in a gateway.
Referring to fig. 1, a method flowchart of a flow table refreshing method for network address translation according to an embodiment of the present invention is specifically described below.
S101, acquiring at least one address updating configuration information.
The address updating configuration information is information input by a user, and comprises information of the IP address which needs to be deleted by the user.
It should be noted that, the user may input address update configuration information through the interaction module.
When a plurality of address update configuration information is acquired, the address update configuration information may be provided by a plurality of users or may be provided by one user.
S102, for each address updating configuration information, determining a target conversion IP address in a preset conversion IP address configuration table, deleting the target conversion IP address from the conversion IP address configuration table, and generating a deletion chain table corresponding to the address updating configuration information; the deletion chain table contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information.
Referring to fig. 2, a flowchart of a method for determining a target translation IP address in a preset translation IP address configuration table for updating configuration information for each address according to an embodiment of the present invention is described below.
S201, acquiring a configuration change address in address updating configuration information.
And analyzing the address updating configuration information for each piece of received address updating configuration information to acquire a configuration change address in the address updating configuration information.
The configuration change address in the address update configuration information is a converted IP address that needs to be deleted.
S202, for each configuration change address, determining a conversion IP address corresponding to the conversion IP address in the conversion IP address configuration table as a target conversion IP address.
It should be noted that, the conversion IP address configuration table is preset with a conversion IP address for address conversion when forwarding a plurality of messages. Further, each converted IP address in the converted IP address configuration table has a preset configuration sequence number, and the configuration sequence number of each converted IP address is unique.
For each configuration change address, traversing the configuration change address through each conversion IP address in the conversion IP address configuration table, and determining the conversion IP address consistent with the configuration change address as a target conversion IP address.
After the conversion IP address configuration table determines each target conversion IP address corresponding to the address configuration information, each target conversion IP address is deleted from the conversion IP address configuration table, so that a deletion linked list corresponding to the address configuration information can be obtained.
It should be noted that, each address update configuration information has a corresponding deletion linked list, and the deletion linked list includes the configuration serial numbers of each target conversion IP address corresponding to the address update configuration information.
After deleting the conversion IP address to be deleted in the conversion IP address configuration table, the invention generates the deletion linked list based on the configuration serial number of the deleted IP address, thereby recording the conversion IP address to be deleted so as to facilitate the subsequent refreshing of the flow table.
S103, executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in each deletion chain table, and finishing flow table refreshing, wherein the flow table contains flow table data generated after the message triggers the network address conversion.
It should be noted that, a timer may be used to trigger execution of a timing refresh task, and after the timing refresh task is executed, the flow table is refreshed according to each deletion linked list.
For example, the timer may be configured to perform a regular refresh task every one hour, obtain each deletion linked list after performing the regular refresh task, and then delete each invalid flow table data in the flow table according to the configuration sequence number of each destination translation IP address in each deletion linked list, thereby refreshing the flow table.
The flow table contains flow table data generated after the message triggers the network address conversion, the flow table contains a plurality of flow table data, and preferably, the flow table data contains configuration serial numbers of conversion IP addresses applied when the message triggers the network address conversion.
Further, according to the configuration serial numbers of the target conversion IP addresses in each deletion chain table, the process of deleting the invalid flow table data in the flow table is as follows: for each deletion chain table, acquiring each configuration sequence number in the deletion chain table; for each configuration sequence number, determining whether the flow table data corresponding to the configuration sequence number exists in the flow table, determining the flow table data corresponding to the configuration sequence number as invalid flow table data when the flow table data corresponding to the configuration sequence number exists in the flow table, and deleting the invalid flow table data.
Preferably, for each configuration sequence number in each deletion chain table, traversing each flow table data in the flow table, and determining the flow table data corresponding to the configuration sequence number in the flow table as invalid flow table data; further, the flow table data includes a configuration sequence number, and when the configuration sequence number identical to the configuration sequence number of the flow table data exists in the deletion chain table, the flow table data is invalid flow table data.
It should be noted that the deletion chain table may include a plurality of configuration sequence numbers, so that flow table data in the flow table may be deleted in batch, and further the flow table may be refreshed rapidly and timely. Preferably, after the flow table is refreshed by using the linked list, the deletion linked list can be deleted, so that memory resources can be saved.
In the method provided by the embodiment of the invention, at least one address updating configuration information is acquired, for each address updating configuration information, a target conversion IP address is determined in a preset conversion IP address configuration table, and the target conversion IP address is deleted from the conversion IP address configuration table, so that a deletion linked list corresponding to the address updating configuration information is generated; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information; and executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in each deletion chain table, and finishing flow table refreshing, wherein the flow table contains flow table data generated after the message triggers the network address conversion. When the flow table is updated, the configuration number of the deleted conversion IP address is used to generate the deletion linked list based on the configuration number of the conversion IP address, so that the deleted conversion IP address is recorded, then the corresponding invalid flow table data is searched in the flow table according to the deletion linked list, and then the invalid flow table data is deleted, and the valid flow table data is not deleted in the whole process, so that the forwarding of the message is not influenced and the forwarding performance of the message is not reduced.
Preferably, the flow table is used for forwarding the message after the network address conversion, referring to fig. 3, a flowchart of a method for generating flow table data after the network address conversion is triggered by the message is provided as flow table data in the flow table according to an embodiment of the present invention, which is specifically described below.
S301, receiving a message.
And receiving a message sent by the communication equipment, wherein the communication equipment can be any computer terminal or intelligent equipment which can establish communication connection with the processor.
Preferably, the communication device establishes a communication connection with the processor.
S302, determining whether the message is a first message; if the message is the first message, executing S303; if the message is not the first message, S306 is executed.
When judging whether the message is the first message, the message can be judged whether the message is the first message sent after the communication equipment establishes connection with the processor. Preferably, if the message is not the first message sent after the communication device establishes connection with the processor, the message can be determined to be the subsequent message of the communication device after the first message is sent.
S303, determining that the message meets the preset flow table data generation condition.
After determining that the message meets the preset flow table data generation condition, S304 is executed.
S304, the converted IP address is matched with the message in the converted IP address configuration table, and the converted IP address matched with the message is determined as a target address.
Preferably, when the converted IP address is matched with the message, the idle converted IP address may be randomly selected as the converted IP address matched with the message, or the converted IP address may be matched with the converted IP address in a converted IP address configuration table based on a destination address carried in the message, for example, a destination device to which the message needs to be sent is determined based on the destination address carried in the message, a converted IP address capable of establishing connection with the destination device is determined in the converted IP address configuration table, and the converted IP address is used as the converted IP address matched with the message, so that the destination address may be determined.
S305, converting the network address of the message by using the target address, and generating stream table data containing the configuration serial number of the target address.
After the target address is determined, the target address is applied to carry out network address conversion on the message, then stream table data containing the configuration sequence number of the target address is generated, and the stream table data is stored in a conversion IP address configuration table, so that the stream table data is used for forwarding the message when the communication equipment subsequently sends the message.
Preferably, after the network address conversion is performed on the message by using the target address, the message may be forwarded, preferably, the message is forwarded to a network or a device corresponding to the target address, and the device at this time may be determined as the target device.
Preferably, the flow table data may be associated with a source address of the message, where the source address is an address applied by the communication device that sends the message.
S306, determining whether flow table data corresponding to the message exists in the flow table; if the flow table data corresponding to the message does not exist in the flow table, S303 is executed; if there is flow table data corresponding to the message in the flow table, S307 is executed.
When it is determined that the message is not the first message, it is required to determine whether flow table data corresponding to the message exists in the flow table, and exemplary, a source address in the message is acquired, whether flow table data associated with the source address exists in the flow table is determined, if flow table data associated with the source address exists in the flow table, S307 is executed; if the flow table data associated with the source address does not exist in the flow table, it is indicated that the flow table has been deleted in the flow table associated with the source address at the time of refreshing, and therefore it is determined that the message satisfies the generating condition for generating the flow table data, that is, the execution returns to S303, thereby regenerating the flow table data for subsequent network address conversion.
S307, determining that the message does not meet the flow table data generation condition, and applying the flow table data corresponding to the message to forward the message.
When the message is determined not to meet the flow table data generation condition, the message is forwarded by using the flow table data corresponding to the message, specifically, a conversion IP address is determined based on the configuration sequence number in the flow table data corresponding to the message, and then the message is sent to the equipment corresponding to the conversion IP address.
In the method provided by the embodiment of the invention, after the message is received, whether the message meets the preset flow table data generation condition is determined, if so, the conversion IP address is matched for the message in the conversion IP address configuration table, and then the flow table data is generated based on the matched configuration serial number of the conversion IP address, so that the corresponding flow table data can be timely generated after the corresponding flow table data are deleted, and the message is forwarded by using the flow table data, thereby avoiding the influence on the forwarding of the message and ensuring the forwarding performance of the message. In the method provided by the invention, the processes of forwarding the message and refreshing the flow table can be performed simultaneously, when the message cannot detect the corresponding flow table data in the flow table, the flow table after refreshing can be laterally described to delete the conversion IP address required to be used by the message, further the network address conversion service can be triggered again, the conversion IP address is matched for the message again, then the message is forwarded, the whole process does not influence the forwarding of the message, and the forwarding performance of the message is ensured.
Referring to fig. 4, a flowchart of a method for refreshing a flow table for converting a network address according to an embodiment of the present invention is described below.
S401, adding a configuration sequence number for each conversion IP address.
The network address conversion function is added with a conversion IP address configuration function, a configuration sequence number is added for each conversion IP address, and the configuration sequence number is globally unique, namely has uniqueness.
The converted IP address is stored in a converted IP address configuration table.
S402, generating flow table data after the message is subjected to network address conversion, and recording the flow table data in a flow table, wherein the flow table data comprises configuration serial numbers of conversion IP addresses related to the flow table data.
The flow table data contains the configuration sequence number of the converted IP address used when the message is converted into the network address.
S403, triggering configuration change of the conversion IP address, and recording the configuration serial number of the deleted conversion IP address.
When receiving address updating configuration information sent by a user, triggering configuration change of the converted IP address, deleting the converted IP address in the converted IP address configuration table according to the address updating configuration information, and recording the configuration serial number of the deleted converted IP address.
S404, generating a deletion chain table, and caching the configuration sequence numbers of the deleted conversion IP addresses in the deletion chain table.
And generating a deletion linked list based on the recorded configuration serial numbers of the deleted conversion IP addresses.
S405, executing a timing refreshing task, determining whether the corresponding stream table data exists in the stream table by the configuration sequence number in the deletion chain table, and if so, deleting the stream table data corresponding to the configuration sequence number in the deletion chain table in the stream table.
And executing a timing refreshing task, then determining whether the corresponding stream table data exists in the stream table by the configuration sequence number in the deletion chain table, and if so, refreshing the stream table by the stream table data corresponding to the configuration sequence number in the deletion chain table.
Referring to fig. 5, an exemplary diagram of a scenario of a refresh flow table provided in an embodiment of the present invention is specifically described below.
1. The first message triggers the generation of flow table data via network address translation, as in (3) of fig. 5.
2. The user inputs batch 1 and batch 2 configuration changes, respectively, as in (1) of fig. 5.
The configuration change batch contains the converted IP address to be deleted, and the configuration change batch can be regarded as address change configuration information.
3. When the configuration is changed, the configuration sequence numbers of the deleted conversion IP addresses are recorded 1 st lot of the configuration sequence numbers 2 and 5, and 2 nd lot of the configuration sequence numbers 1, 4 and 6, as in (2) of fig. 5.
4. Generating deletion linked lists delete-link1 and delete-link2 respectively by two configuration changes, as shown in (4) of fig. 5; different configuration changes have different deletion lists.
5. The timer traverses the delete links delete-link1 and delete-link2 one by one, retrieves the invalid flow table from the flow table and deletes it.
6. If the subsequent message cannot find the matched flow table, the matching of the network address conversion service is required to be carried out again through the first message flow, and new flow table data is hit and generated.
The scheme can accurately find the related flow table data by marking the configuration sequence number of the converted IP address, and search and delete the invalid flow table data. By operating only the flow table related to the deleted conversion IP address configuration while traversing the flow table through the timing mechanism, the invalid operation of the flow table can be effectively reduced (i.e. the valid flow table is not affected), and the forwarding performance of the flow table is further reduced. Because the converted IP addresses can be batched in changing, namely, a plurality of converted IP address configurations are deleted at a time, if a user operates for many times, a plurality of deleted converted IP address configurations can be generated, when the data volume is large, the retrieval one by one can be slower, and the stream table can not be refreshed in time. The method adopted here is that the user constructs a deletion list (delete-link) from a plurality of conversion IP address configurations deleted each time. And constructing a plurality of deletion linked lists (delete-links) by multiple operations. The timer refreshes the flow table data each time in linked list units. Thus, the state of the flow table can be guaranteed to be refreshed quickly and timely.
The traditional method for refreshing the flow table is to refresh the flow table data by updating the converted IP address, so that competition can occur to access the flow table resources, the message can not be forwarded in time, and the message forwarding performance is seriously reduced; or the existing flow table is completely failed and deleted, and then the network connection is updated in a mode of creating the flow table by triggering the message, so that all network connections are disconnected actually, and a great amount of newly-built flow services are generated in the process of reconstructing the network connection, thereby increasing the resource consumption and reducing the message forwarding performance.
Both traditional ways of refreshing the flow table cannot be guaranteed, so that the message is rapidly forwarded through the flow table and only invalid flow table information is cleared. In the scheme provided by the invention, the deleted conversion IP address is recorded firstly, then the flow table data is traversed in a full quantity through a timing mechanism, and the invalid flow table data is found by comparing the recorded information and then deleted, so that the effects of affecting the message forwarding performance as little as possible and deleting the invalid flow table accurately are achieved.
The invention also provides a flow table refreshing device for converting network addresses, which is used for supporting the implementation of the method shown in FIG. 1, corresponding to the method shown in FIG. 1; the device may be located at a gateway or at a server.
Referring to fig. 6, a schematic structural diagram of a flow table refreshing device for network address translation according to an embodiment of the present invention is described below.
An obtaining unit 601, configured to obtain at least one address update configuration information;
a first generating unit 602, configured to determine, for each address update configuration information, a target conversion IP address in a preset conversion IP address configuration table, and delete the target conversion IP address from the conversion IP address configuration table, to generate a deletion linked list corresponding to the address update configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information;
and the deleting unit 603 is configured to execute a preset timing refresh task, delete invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in the deletion linked list, and complete flow table refresh, where the flow table includes flow table data generated after the message triggers the network address conversion.
In the device provided by the embodiment of the invention, at least one address updating configuration information is acquired, for each address updating configuration information, a target conversion IP address is determined in a preset conversion IP address configuration table, and the target conversion IP address is deleted from the conversion IP address configuration table, so that a deletion linked list corresponding to the address updating configuration information is generated; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information; and executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in each deletion chain table, and finishing flow table refreshing, wherein the flow table contains flow table data generated after the message triggers the network address conversion. When the flow table is updated, the configuration number of the deleted conversion IP address is used to generate the deletion linked list based on the configuration number of the conversion IP address, so that the deleted conversion IP address is recorded, then the corresponding invalid flow table data is searched in the flow table according to the deletion linked list, and then the invalid flow table data is deleted, and the valid flow table data is not deleted in the whole process, so that the forwarding of the message is not influenced and the forwarding performance of the message is not reduced.
In the apparatus provided in the embodiment of the present invention, a first generating unit 602 of the apparatus includes:
a first obtaining subunit, configured to obtain a configuration change address in the address update configuration information;
and the first determining subunit is used for determining the conversion IP address corresponding to each configuration change address in the conversion IP address configuration table as a target conversion IP address.
The deleting unit 603 of the device provided in the embodiment of the present invention includes:
the second acquisition subunit is used for acquiring each configuration sequence number in the deletion linked list for each deletion linked list;
and the second determining subunit is used for determining whether the flow table data corresponding to the configuration sequence number exists in the flow table or not according to each configuration sequence number, determining the flow table data corresponding to the configuration sequence number as invalid flow table data when the flow table data corresponding to the configuration sequence number exists in the flow table, and deleting the invalid flow table data.
The device provided by the embodiment of the invention further comprises:
the matching unit is used for matching the conversion IP address for the message in the conversion IP address configuration table and determining the conversion IP address matched for the message as a target address under the condition that the received message meets the preset flow table data generation condition;
and the second generating unit is used for carrying out network address conversion on the message by applying the target address and generating stream table data containing the configuration sequence number of the target address.
The device provided by the embodiment of the invention further comprises:
a receiving unit, configured to receive a packet;
a first determining unit, configured to determine whether the message is a first message;
the second determining unit is used for determining that the message meets the preset flow table data generating condition if the message is the first message;
a third determining unit, configured to determine whether flow table data corresponding to the message exists in the flow table if the message is not a first message;
and a fourth determining unit, configured to determine that the message meets the preset flow table data generating condition if no flow table data corresponding to the message exists in the flow table.
The device provided by the embodiment of the invention further comprises:
and a fifth determining unit, configured to determine that the message does not meet the flow table data generating condition if flow table data corresponding to the message exists in the flow table, and forward the message by applying the flow table data corresponding to the message.
The embodiment of the invention also provides a storage medium, which comprises stored instructions, wherein when the instructions run, the device where the storage medium is controlled to execute the method for refreshing the flow table of the network address conversion.
The embodiment of the present invention further provides an electronic device, whose structural schematic diagram is shown in fig. 7, specifically including a memory 701, and one or more instructions 702, where the one or more instructions 702 are stored in the memory 701, and configured to execute, by the one or more processors 703, a flow table refreshing method for performing the above-mentioned network address translation by using the one or more instructions 702.
It should be noted that, information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use, and processing of related data are required to comply with related laws and regulations and standards of related countries and regions.
The specific implementation process and derivative manner of the above embodiments are all within the protection scope of the present invention.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for refreshing a flow table for network address translation, comprising:
acquiring at least one address updating configuration information;
for each address updating configuration information, determining a target conversion IP address in a preset conversion IP address configuration table, deleting the target conversion IP address from the conversion IP address configuration table, and generating a deletion linked list corresponding to the address updating configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information;
and executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in the deletion linked lists, and finishing the flow table refreshing, wherein the flow table contains flow table data generated after the message triggering network address conversion.
2. The method according to claim 1, wherein said determining the target translation IP address in the preset translation IP address configuration table for each of the address update configuration information comprises:
acquiring a configuration change address in the address updating configuration information;
and for each configuration change address, determining the conversion IP address corresponding to the conversion IP address configuration table as a target conversion IP address.
3. The method of claim 1, wherein deleting invalid flow table data in the flow table according to the configuration sequence number of the destination translation IP address in each of the deletion linked lists comprises:
for each deletion linked list, acquiring each configuration sequence number in the deletion linked list;
for each configuration sequence number, determining whether flow table data corresponding to the configuration sequence number exists in the flow table, determining the flow table data corresponding to the configuration sequence number as invalid flow table data when the flow table data corresponding to the configuration sequence number exists in the flow table, and deleting the invalid flow table data.
4. The method of claim 1, wherein the message triggers a process of generating flow table data after network address translation, comprising:
under the condition that the received message meets the preset flow table data generation condition, matching a conversion IP address for the message in the conversion IP address configuration table, and determining the conversion IP address matched for the message as a target address;
and carrying out network address conversion on the message by using the target address to generate stream table data containing the configuration serial number of the target address.
5. The method of claim 4, wherein determining that the message satisfies the preset flow table data generation condition comprises:
receiving a message;
determining whether the message is a first message;
if the message is the first message, determining that the message meets a preset flow table data generation condition;
if the message is not the first message, determining whether flow table data corresponding to the message exists in the flow table;
if the flow table data corresponding to the message does not exist in the flow table, determining that the message meets the preset flow table data generation condition.
6. The method as recited in claim 5, further comprising:
if the flow table data corresponding to the message exists in the flow table, determining that the message does not meet the flow table data generation condition, and forwarding the message by applying the flow table data corresponding to the message.
7. A flow table refreshing apparatus for network address translation, comprising:
an obtaining unit, configured to obtain at least one address update configuration information;
a first generating unit, configured to determine, for each address update configuration information, a target conversion IP address in a preset conversion IP address configuration table, and delete the target conversion IP address from the conversion IP address configuration table, to generate a deletion linked list corresponding to the address update configuration information; the deletion linked list contains the configuration serial number of the target conversion IP address corresponding to the address updating configuration information;
and the deleting unit is used for executing a preset timing refreshing task, deleting invalid flow table data in the flow table according to the configuration sequence numbers of the target conversion IP addresses in the deleting linked lists, and finishing the flow table refreshing, wherein the flow table comprises flow table data generated after the message triggers the network address conversion.
8. The apparatus of claim 7, wherein the first generation unit comprises:
a first obtaining subunit, configured to obtain a configuration change address in the address update configuration information;
and the first determining subunit is used for determining the conversion IP address corresponding to each configuration change address in the conversion IP address configuration table as a target conversion IP address.
9. A storage medium comprising stored instructions, wherein the instructions, when executed, control a device in which the storage medium is located to perform a method of stream table refresh for network address translation according to any one of claims 1-6.
10. An electronic device comprising a memory, and one or more instructions, wherein the one or more instructions are stored in the memory and configured to perform the method of stream table refresh for network address translation of any of claims 1-6 by one or more processors.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311712867.5A CN117834584A (en) | 2023-12-13 | 2023-12-13 | Flow table refreshing method for network address conversion and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311712867.5A CN117834584A (en) | 2023-12-13 | 2023-12-13 | Flow table refreshing method for network address conversion and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117834584A true CN117834584A (en) | 2024-04-05 |
Family
ID=90523584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311712867.5A Pending CN117834584A (en) | 2023-12-13 | 2023-12-13 | Flow table refreshing method for network address conversion and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117834584A (en) |
-
2023
- 2023-12-13 CN CN202311712867.5A patent/CN117834584A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108595207B (en) | Gray scale publishing method, rule engine, system, terminal and storage medium | |
| RU2615057C2 (en) | Method and device for access to web-page and router | |
| US7519730B2 (en) | Copying chat data from a chat session already active | |
| US7734792B2 (en) | Secure tunnel domain name management | |
| CN101163336B (en) | Method of implementing mobile phone terminal access authority authentication | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| CN103581363A (en) | Method and device for controlling baleful domain name and illegal access | |
| CN104980478B (en) | Sharing method, equipment and system are cached in content distributing network | |
| CN109067936B (en) | Domain name resolution method and device | |
| CN107016027A (en) | The method and apparatus for realizing business information fast search | |
| CN110096517A (en) | Data cached monitoring method, device and system based on distributed system | |
| US10015253B2 (en) | System and method for preemptive request processing | |
| CN106911782A (en) | A kind of method for reading data and device | |
| CN112600868A (en) | Domain name resolution method, domain name resolution device and electronic equipment | |
| CN107506408B (en) | Method and system for distributed association matching of mass events | |
| US20110131208A1 (en) | Systems and methods for large-scale link analysis | |
| CN109040300A (en) | The method, apparatus and storage medium of PUSH message | |
| CN111586201A (en) | Domain name resolution system, method, device and storage medium | |
| CN107070988A (en) | Message processing method and device | |
| CN111049837A (en) | Malicious website identification and interception technology based on communication operator network transport layer | |
| CN109413224B (en) | Message forwarding method and device | |
| US8224933B2 (en) | Method and apparatus for case-based service composition | |
| CN113055503B (en) | IPv6 webpage link processing method, device, equipment and readable storage medium | |
| JP2004252642A (en) | Method, device, server, and client of virus detection | |
| CN117834584A (en) | Flow table refreshing method for network address conversion and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |