CN117978684A - NAT gateway availability detection method and device - Google Patents
NAT gateway availability detection method and device Download PDFInfo
- Publication number
- CN117978684A CN117978684A CN202410256944.9A CN202410256944A CN117978684A CN 117978684 A CN117978684 A CN 117978684A CN 202410256944 A CN202410256944 A CN 202410256944A CN 117978684 A CN117978684 A CN 117978684A
- Authority
- CN
- China
- Prior art keywords
- address
- public network
- module
- network
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 90
- 238000000034 method Methods 0.000 claims abstract description 43
- 239000000523 sample Substances 0.000 claims description 39
- 238000004590 computer program Methods 0.000 claims description 16
- 238000013461 design Methods 0.000 abstract description 5
- 238000011161 development Methods 0.000 abstract description 3
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 description 18
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 description 18
- 238000004891 communication Methods 0.000 description 13
- 238000012360 testing method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000013519 translation Methods 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Abstract
The embodiment of the invention discloses a NAT gateway availability detection method and device. The specific implementation mode of the method comprises the following steps: setting an IP address of a reserved network segment in each VRF module, and setting a public network IP address in a public network module; adding a route with a source address being an IP address of a reserved network segment and a destination address being a public network IP address in a subnet gateway; adding a route with a source address being a public network IP address and a destination address being an IP address of a reserved network segment in the NAT gateway; sending detection messages with destination addresses being public network IP addresses to a subnet gateway from each VRF module; sending a detection message with a destination address being an IP address of a reserved network segment from a public network module to an NAT gateway; and counting the availability index of the NAT gateway according to the quantity and/or time information of the detection messages received and the detection messages sent by each VRF module and the public network module. This embodiment ensures that the probing results are consistent with the user availability results by link coverage for the user traffic. The design logic is simple, and the development and implementation cost is low.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a NAT gateway availability detection method and device.
Background
In a cloud computing network environment, multiple tenants may each purchase their own one or more NAT (Network Address Translation ) gateway instances, handling different traffic flows. First, tenant NAT gateway instances are virtualized, with multiple instances sharing the same physical device. The availability of a single physical device is not exactly equivalent to the availability of NAT gateway instances. Second, the user traffic may go through multiple physical devices carrying the virtualization function in the process of reaching the target network where the service is located from the virtual machine where the client is located. The availability of each device affects the availability of the NAT gateway instance.
The prior art can calculate the availability of the affected virtual NAT gateway instance through the detection result of the physical equipment. But the availability problem caused by the software problem of a single NAT gateway instance itself cannot be detected.
The prior art may also detect the availability of virtual networks. Since the topology of a virtual network is larger in scale than the physical environment, the topology is also changed much more frequently than the physical devices. It is common practice to build a complex system comprising a central controller, a centralized analyzer, and corresponding adaptations of individual physical devices. The transformation comprises the following steps: and receiving the dispatching of the central controller and reporting the result to the centralized analyzer. And finally, calculating by a centralized analyzer to obtain an availability result. The complexity of the system design of the method, the modification of each physical device and the overall realization of the system. The workload and the cost are large.
Disclosure of Invention
The embodiment of the disclosure provides a NAT gateway availability detection method and device.
In a first aspect, an embodiment of the present disclosure provides a NAT gateway availability detection method applied to a detection device, where the detection device includes at least one VRF module and a public network module, the method including: setting an IP address of a reserved network segment in each VRF module, and setting a public network IP address in a public network module; adding a route with a source address being the IP address of the reserved network segment and a destination address being the public network IP address in a subnet gateway; adding a route with a source address being the public network IP address and a destination address being the IP address of the reserved network segment in the NAT gateway; sending a detection message with a destination address being the public network IP address from each VRF module to the subnet gateway; sending a detection message with a destination address being an IP address of a reserved network segment from the public network module to the NAT gateway; and counting the availability index of the NAT gateway according to the quantity and/or time information of the detection messages received and the detection messages sent by each VRF module and the public network module.
In some embodiments, the probe device is disposed bypass-wise alongside the cloud network physical device.
In some embodiments, the public network IP address comprises a plurality of public network IP addresses belonging to different operators.
In some embodiments, the probe message is a VXLAN message of at least one of the following types: ICMP, TCP, UDP, HTTP.
In some embodiments, the availability indicator comprises at least one of: connectivity, uplink delay, downlink delay, uplink packet loss rate, downlink packet loss rate, and disorder.
In some embodiments, private IP addresses are assigned one by one in the reserved network segment for multiple NAT instances in the same user virtual network.
In some embodiments, the same IP address and different VRF identities are assigned for multiple virtual machines in the same user virtual network.
In a second aspect, an embodiment of the present disclosure provides a NAT gateway availability detection apparatus for use in a detection device, the detection device including at least one VRF module and a public network module, the apparatus comprising: a configuration unit configured to set an IP address of a reserved network segment in each VRF module and set a public network IP address in a public network module; a first routing unit configured to add a route whose source address is the IP address of the reserved network segment and whose destination address is the public network IP address in a subnet gateway; a second routing unit configured to add a route in which a source address is the public network IP address and a destination address is the IP address of the reserved network segment in the NAT gateway; a first sending unit configured to send, from each VRF module to the subnet gateway, a probe packet with a destination address being the public network IP address; a second sending unit configured to send a probe packet with a destination address being an IP address of a reserved network segment from the public network module to the NAT gateway; and the statistics unit is configured to count the availability index of the NAT gateway according to the quantity and/or time information of the detection messages received by each VRF module and the public network module and the sent detection messages.
In some embodiments, the probe device is disposed bypass-wise alongside the cloud network physical device.
In some embodiments, the public network IP address comprises a plurality of public network IP addresses belonging to different operators.
In some embodiments, the probe message is a VXLAN message of at least one of the following types: ICMP, TCP, UDP, HTTP.
In some embodiments, the availability indicator comprises at least one of: connectivity, uplink delay, downlink delay, uplink packet loss rate, downlink packet loss rate, and disorder.
In some embodiments, private IP addresses are assigned one by one in the reserved network segment for multiple NAT instances in the same user virtual network.
In some embodiments, the same IP address and different VRF identities are assigned for multiple virtual machines in the same user virtual network.
In a third aspect, embodiments of the present disclosure provide an electronic device, comprising: one or more processors; storage means having stored thereon one or more computer programs which, when executed by the one or more processors, cause the one or more processors to implement the method of any of the first aspects.
In a fourth aspect, embodiments of the present disclosure provide a computer-readable medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method according to any of the first aspects.
The NAT gateway availability detection method provided by the embodiment of the disclosure ensures that the detection result is consistent with the user availability result through link coverage of user traffic. The method is centralized single-equipment deployment, has simple design logic and low development and implementation cost. The method has low requirements on the transformation of physical equipment of the link. The method enables the detection message to cover the real network link and the code service logic of the user, but does not feel to the user.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
Other features, objects and advantages of the present disclosure will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings:
FIG. 1 is an exemplary system architecture diagram in which an embodiment of the present disclosure may be applied;
fig. 2 is a flow chart of one embodiment of a NAT gateway availability detection method according to the present disclosure;
Fig. 3 is a schematic diagram of an application scenario of a NAT gateway availability detection method according to the present disclosure;
Fig. 4 is a schematic structural diagram of one embodiment of a NAT gateway availability detection device according to the present disclosure;
fig. 5 is a schematic diagram of a computer system suitable for use in implementing embodiments of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary system architecture to which embodiments of NAT gateway availability detection methods or NAT gateway availability detection apparatuses of the present disclosure may be applied.
As shown in fig. 1, the system architecture may include a probe device and a cloud network physical device, where the cloud network physical device includes a subnet gateway, a NAT gateway, and an internet gateway. The probe device comprises at least one VRF (Virtual Routing Forwarding, virtual route forwarding) module and a public network module (PUB for short).
The network is to provide a medium of communication links between the probe devices and the cloud network physical devices. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
User traffic may pass through multiple physical devices, e.g., a subnet gateway, a NAT gateway, an internet gateway, that carry virtualization functions in the process of reaching the target network where the service is located from the virtual machine VM where the client is located.
The application tests the NAT gateway availability through the detecting equipment. Availability refers to the effectiveness, efficiency, and subjective satisfaction that a product has for a particular user for a particular purpose under a particular use scenario.
The initiation and ending of the probing, and the calculation of the availability result are all completed in the probing equipment.
With continued reference to fig. 2, a flow 200 of one embodiment of a NAT gateway availability detection method according to the present disclosure is shown. The NAT gateway availability detection method comprises the following steps:
step 201, setting an IP address of a reserved network segment in each VRF module, and setting a public network IP address in a public network module.
In this embodiment, the execution body of the NAT gateway availability detection method (for example, the detection device shown in fig. 1) may set an IP address of a reserved network segment in each VRF module, and set a public network IP address in the public network module. Within the VRF module, a reserved address field (e.g., 169.254.169.0/24) dedicated to the industry is used as the communication IP address for the availability probe message. When SNAT detection is carried out, the probe message is used as an initiator of the detection message. When DNAT detection is carried out, the DNAT detection is used as a receiving party of the detection message.
In the public network module, namely the default address space of the equipment, a plurality of real public network IP addresses which are reserved and distributed are used for global detection sharing of all tenants. They may be subordinate to different network service operators for probing different user link scenarios. When SNAT detection is carried out, the public network IP is used as a receiver of the detection message. When DNAT detection is carried out, the DNAT detection is used as an initiator of a detection message.
SNAT is an abbreviation of "Source Network Address Translation" and refers to a technique for converting a source IP address to another IP address. In network communication, when a host of an internal network sends a data packet to an external network, the source IP address of the data packet is modified to a public IP address, so that the external network cannot directly access the real IP address of the internal network. SNAT is to hide the real IP address of the internal network, thereby enhancing the security of the network.
DNAT is an abbreviation of "Destination Network Address Translation" and refers to a technique of converting a target IP address to another IP address. In network communication, when a host of an external network sends a data packet to an internal network, a destination IP address of the data packet is modified to an IP address of a host of the internal network, thereby realizing routing of the data packet. The DNAT has the main function of routing requests of the external network to a certain host of the internal network, thereby enabling access of network services.
Overall SNAT and DNAT are network address translation technologies, but they function differently. SNAT is mainly used for hiding the real IP address of the internal network, so that the security of the network is enhanced; the DNAT is mainly used for routing a request of an external network to a host of an internal network, so as to realize access of a network service.
In step 202, a route is added in the subnet gateway, wherein the source address is the IP address of the reserved network segment and the destination address is the public network IP address.
In this embodiment, as shown in fig. 1, the message is detected for SNAT. The subnet gateway needs to add a hidden routing configuration. A route to the detected NAT instance is built into the reserved network segment 169.254.169.0/24 and the destination address mask is the reserved public network address mentioned in step 201.
In step 203, a route is added to the NAT gateway, where the source address is a public network IP address and the destination address is an IP address of the reserved network segment.
In this embodiment, as shown in fig. 1, the message is detected for DNAT. The NAT gateway needs to do special handling of DNAT mapping. The message for the reserved public network address of step 201 is mapped to a particular IP of reserved network segment 169.254.169.0/24 for the source IP.
And step 204, sending a detection message with the destination address being the public network IP address from each VRF module to the subnet gateway.
In this embodiment, the complete Linux kernel protocol stack is utilized to encapsulate the probe packet into the VXLAN packet. And sending a detection message with a destination address of a public network IP address from each VRF module to the subnet gateway, wherein the detection message is SNAT detection messages for simulating VM to send to the Internet.
And step 205, sending a probe message with the destination address being the IP address of the reserved network segment from the public network module to the NAT gateway.
In this embodiment, the complete Linux kernel protocol stack is utilized to encapsulate the probe packet into the VXLAN packet. The detection message which is sent from the public network module to the NAT gateway and has the destination address of the IP address of the reserved network segment is a DNAT detection message used for simulating the Internet to send to the VM.
Step 206, statistics is performed on the availability index of the NAT gateway according to the number and/or time information of the probe packets received and the probe packets sent by each VRF module and the public network module.
In this embodiment, according to the number of probe packets sent by each VRF module and the number of probe packets received by the public network module, the packet loss rate of the uplink may be tested. If the number of the probe messages received by the public network module is 0, the uplink is not passed. According to the time of the detection message sent by each VRF module and the time of the detection message received by the public network module, the uplink time delay can be tested. And SNAT, adding a sequence number into the detection message, comparing the sequence number of the SNAT detection message sent by each VRF module with the sequence number of the SNAT detection message received by the public network module, and judging whether the sequence is disordered.
According to the number of the detection messages sent by the public network module and the number of the detection messages received by each VRF module, the packet loss rate of the downlink can be tested. If the number of probe messages received by all VRF modules is 0, the downlink is not passed, and the physical link is not passed. If the number of probe messages received by a certain VRF module is 0, the NAT instance corresponding to the VRF module is not feasible, which may be a problem of software. According to the time of the detection message sent by the public network module and the time of the detection message received by each VRF module, the downlink delay can be tested. And adding a sequence number into the DNAT detection message, comparing the sequence number of the DNAT detection message sent by the public network module with the sequence number of the DNAT detection message received by each VRF, and judging whether the DNAT detection message is disordered.
The test case can be designed according to the requirements of users to count the availability index of the NAT gateway.
The method provided by the embodiment of the disclosure, the initiation and the termination of the detection, and the calculation of the availability result are all completed in a single centralized device. Through the selection of reserved network segments and the use of VRF, the hidden route addition of the subBNET GATEWAY and NAT GATEWAY DNAT hidden rule addition realize the tenant isolation scheme. A lightweight and targeted method for detecting the availability of an instance-level NAT gateway in a virtual network scene is designed. The method ensures that the detection result is consistent with the user availability result through link coverage of the user traffic. The method is centralized single-equipment deployment, has simple design logic and low development and implementation cost. The method has low requirements on the transformation of physical equipment of the link. The method enables the detection message to cover the real network link and the code service logic of the user, but does not feel to the user.
In some optional implementations of the present embodiment, the probe device is disposed by-pass beside the cloud network physical device. The probe device is disposed beside the cloud network physical device in a bypass manner. And detecting the availability of the whole link by a link packet injection mode.
In some optional implementations of this embodiment, the public network IP address includes a plurality of public network IP addresses belonging to different operators. The public network IP addresses representing different operators can be used to send and receive SNAT detection messages and DNAT detection messages, so as to test whether the network connection of the operators is unstable, packet loss, too long time delay, disorder and the like caused by congestion or network disconnection. For example, if the public network IP test of the telecommunications is used to find that the public network module cannot receive SNAT the probe message, if the public network IP test is changed to the public network IP test of the telecommunications, the public network module can receive SNAT the probe message, which indicates that the network of the telecommunications has a fault.
In some optional implementations of this embodiment, the probe packet is a VXLAN packet of at least one of the following types: ICMP, TCP, UDP, HTTP. Any type of message supported by the linux kernel protocol can be packaged into a VXLAN message serving as a detection message through the VXLAN protocol.
In some optional implementations of this embodiment, the availability indicator includes at least one of: connectivity, uplink delay, downlink delay, uplink packet loss rate, downlink packet loss rate, and disorder. And designing a test case according to the usability index required by the user to test. According to the test result, the problem of the NAT gateway can be analyzed, so that adjustment is carried out, the test is carried out through the steps after adjustment, and whether the test result is improved is compared.
In some alternative implementations of the present embodiment, private IP addresses are assigned one by one in the reserved network segment for multiple NAT instances in the same customer virtual network (VPC). This may enable multi-tenant address space isolation.
In some alternative implementations of the present embodiment, the same IP address and different VRF identities are assigned for multiple virtual machines in the same user virtual network. The IP addresses may be multiplexed to support more NAT instances.
With continued reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the NAT gateway availability detection method according to the present embodiment. In the application scenario of fig. 3, the IP addresses configuring two VRF modules in the probe device for the user virtual networks VPC1 and VPC2 are both addresses 169.254.169.100/24 in the reserved address field. Public network address 116.116.116.116 is assigned to the PUB module.
The VPC2 has two virtual machines VM with IP addresses 192.168.1.10/24, 10.0.1.10/24, respectively. Three routing GWs 1 are configured in a subnet gateway corresponding to the VPC 2: 192.168.1.1/24, GW2:10.0.1.1/24, GW3:169.254.169.1/24, where GW1 and GW2 are routes for 2 VMs of VPC2, GW3 is a route established for VRF VPC 2. The NAT gateway is configured with the mapping of packets from 116.116.116.116 to 192.168.1.10/24 or 10.0.1.10/24.
Two routing GWs 1 are configured in the subnet gateway corresponding to the VPC 1:192.168.1.1/24, GW2:169.254.169.1/24, where GW1 is the route for the VM of VPC1, GW2 is the route established for VRF VPC 1. The NAT gateway is configured with the mapping of packets from 116.116.116.116 to 192.168.1.10/24.
After the routing configuration is completed, SNAT probe messages can be sent to the PUB from the VRF VPC1 and the VRF VPC2 respectively, and the number and time point of the sent SNAT probe messages are recorded. SNAT the detection message arrives at the PUB after passing through the subnet gateway and the NAT gateway, the quantity and the time point of the detection message received SNAT by the PUB are recorded, and then the uplink packet loss rate and the uplink delay are calculated.
DNAT probe messages are sent from PUB to VRF VPC1 and VRF VPC2, respectively. And recording the number and the time point of the sent DNAT detection messages. The DNAT detection message reaches VRF VPC1 and VRF VPC2 after passing through the NAT gateway and the subnet gateway, the quantity and the time point of the DNAT detection message received by the VRF VPC1 and the VRF VPC2 are recorded, and then the downlink packet loss rate and the downlink delay are calculated.
With further reference to fig. 4, as an implementation of the method shown in the foregoing figures, the present disclosure provides an embodiment of a NAT gateway availability detection apparatus, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 4, the NAT gateway availability detecting device 400 of the present embodiment includes: configuration unit 401, first routing unit 402, second routing unit 403, first transmitting unit 404, second transmitting unit 405, and statistics unit 406. Wherein, the configuration unit 401 is configured to set an IP address of the reserved network segment in each VRF module and set a public network IP address in the public network module; a first routing unit 402 configured to add a route whose source address is the IP address of the reserved network segment and whose destination address is the public network IP address in a subnet gateway; a second routing unit 403 configured to add a route in the NAT gateway with a source address being the public network IP address and a destination address being the IP address of the reserved network segment; a first sending unit 404, configured to send, from each VRF module to the subnet gateway, a probe packet with a destination address being the public network IP address; a second sending unit 405 configured to send, from the public network module to the NAT gateway, a probe packet with a destination address being an IP address of a reserved network segment; a statistics unit 406, configured to count availability indexes of the NAT gateway according to the number and/or time information of the probe packets received and the probe packets sent by each VRF module and the public network module.
In this embodiment, the specific processes of the configuration unit 401, the first routing unit 402, the second routing unit 403, the first sending unit 404, the second sending unit 405, and the statistics unit 406 of the NAT gateway availability detecting apparatus 400 may refer to step 201, step 202, step 203, step 204, step 205, and step 206 in the corresponding embodiment of fig. 2.
In some optional implementations of the present embodiment, the probe device is disposed by-pass beside the cloud network physical device.
In some optional implementations of this embodiment, the public network IP address includes a plurality of public network IP addresses belonging to different operators.
In some optional implementations of this embodiment, the probe packet is a VXLAN packet of at least one of the following types: ICMP, TCP, UDP, HTTP.
In some optional implementations of this embodiment, the availability indicator includes at least one of: connectivity, uplink delay, downlink delay, uplink packet loss rate, downlink packet loss rate, and disorder.
In some alternative implementations of the present embodiment, specific IP addresses are allocated one by one in the reserved network segment for multiple NAT instances in the same user virtual network.
In some alternative implementations of the present embodiment, the same IP address and different VRF identities are assigned for multiple virtual machines in the same user virtual network.
It should be noted that, in the technical solution of the present disclosure, the related aspects of collecting, updating, analyzing, processing, using, transmitting, storing, etc. of the personal information of the user all conform to the rules of the related laws and regulations, and are used for legal purposes without violating the public order colloquial. Necessary measures are taken for the personal information of the user, illegal access to the personal information data of the user is prevented, and the personal information security, network security and national security of the user are maintained.
According to an embodiment of the disclosure, the disclosure further provides an electronic device, a readable storage medium.
An electronic device, comprising: one or more processors; and a storage device having one or more computer programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement the method of flow 200.
A computer readable medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the method of flow 200.
Fig. 5 illustrates a schematic block diagram of an example electronic device 500 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 5, the apparatus 500 includes a computing unit 501 that can perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM) 502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the device 500 can also be stored. The computing unit 501, ROM 502, and RAM 503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Various components in the device 500 are connected to the I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, etc.; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508 such as a magnetic disk, an optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the device 500 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 501 performs the various methods and processes described above, such as a route planning method. For example, in some embodiments, the route planning method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 500 via the ROM 502 and/or the communication unit 509. When the computer program is loaded into RAM 503 and executed by the computing unit 501, one or more steps of the above-described route planning method may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured to perform the way planning method by any other suitable means (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a server of a distributed system or a server that incorporates a blockchain. The server can also be a cloud server, or an intelligent cloud computing server or an intelligent cloud host with artificial intelligence technology. The server may be a server of a distributed system or a server that incorporates a blockchain. The server can also be a cloud server, or an intelligent cloud computing server or an intelligent cloud host with artificial intelligence technology.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel or sequentially or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A NAT gateway availability detection method for use with a detection device, the detection device including at least one VRF module and a public network module, the method comprising:
Setting an IP address of a reserved network segment in each VRF module, and setting a public network IP address in a public network module;
Adding a route with a source address being the IP address of the reserved network segment and a destination address being the public network IP address in a subnet gateway;
Adding a route with a source address being the public network IP address and a destination address being the IP address of the reserved network segment in the NAT gateway;
Sending a detection message with a destination address being the public network IP address from each VRF module to the subnet gateway;
sending a detection message with a destination address being an IP address of a reserved network segment from the public network module to the NAT gateway;
And counting the availability index of the NAT gateway according to the quantity and/or time information of the detection messages received and the detection messages sent by each VRF module and the public network module.
2. The method of claim 1, wherein the probe device is bypass-deployed alongside a cloud network physical device.
3. The method of claim 1, wherein the public network IP address comprises a plurality of public network IP addresses belonging to different operators.
4. The method of claim 1, wherein the detection message is a VXLAN message of at least one of the following types: ICMP, TCP, UDP, HTTP.
5. The method of claim 1, wherein the availability indicator comprises at least one of: connectivity, uplink delay, downlink delay, uplink packet loss rate, downlink packet loss rate, and disorder.
6. The method of claim 1, wherein private IP addresses are assigned one by one in a reserved network segment for multiple NAT instances in the same user virtual network.
7. The method of claim 1, wherein the same IP address and different VRF identities are assigned for multiple virtual machines in the same user virtual network.
8. A NAT gateway availability detection apparatus for use with a detection device, the detection device including at least one VRF module and a public network module, the apparatus comprising:
A configuration unit configured to set an IP address of a reserved network segment in each VRF module and set a public network IP address in a public network module;
a first routing unit configured to add a route whose source address is the IP address of the reserved network segment and whose destination address is the public network IP address in a subnet gateway;
A second routing unit configured to add a route in which a source address is the public network IP address and a destination address is the IP address of the reserved network segment in the NAT gateway;
A first sending unit configured to send, from each VRF module to the subnet gateway, a probe packet with a destination address being the public network IP address;
a second sending unit configured to send a probe packet with a destination address being an IP address of a reserved network segment from the public network module to the NAT gateway;
And the statistics unit is configured to count the availability index of the NAT gateway according to the quantity and/or time information of the detection messages received by each VRF module and the public network module and the sent detection messages.
9. An electronic device, comprising:
one or more processors;
A storage device having one or more computer programs stored thereon,
When executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-7.
10. A computer readable medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410256944.9A CN117978684A (en) | 2024-03-06 | 2024-03-06 | NAT gateway availability detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410256944.9A CN117978684A (en) | 2024-03-06 | 2024-03-06 | NAT gateway availability detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117978684A true CN117978684A (en) | 2024-05-03 |
Family
ID=90856403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410256944.9A Pending CN117978684A (en) | 2024-03-06 | 2024-03-06 | NAT gateway availability detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117978684A (en) |
-
2024
- 2024-03-06 CN CN202410256944.9A patent/CN117978684A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10356007B2 (en) | Dynamic service orchestration within PAAS platforms | |
| US11968110B2 (en) | Cloud network reachability analysis for virtual private clouds | |
| US10411966B2 (en) | Host network analyzer | |
| CN106533890B (en) | Message processing method, device and system | |
| US9584479B2 (en) | Virtual firewall load balancer | |
| CN112039796B (en) | Data packet transmission method and device, storage medium and electronic equipment | |
| CN109802855B (en) | Fault positioning method and device | |
| CN112787913B (en) | Intelligent network card assembly, physical machine, cloud service system and message sending method | |
| US20210312472A1 (en) | Method and system for prediction of smart contract violation using dynamic state space creation | |
| US20200092174A1 (en) | Systems and methods for non-intrusive network performance monitoring | |
| US10361945B2 (en) | System and method to reconcile cabling test results with cabling test configurations | |
| CN112152879A (en) | Network quality determination method and device, electronic equipment and readable storage medium | |
| CN117978684A (en) | NAT gateway availability detection method and device | |
| US20200120108A1 (en) | Enhanced network throughput using network intrusion detection and prevention service (nidps) detection | |
| CN115589383A (en) | eBPF-based virtual machine data transmission method, device, equipment and storage medium | |
| CN114979128A (en) | Cross-region communication method and device and electronic equipment | |
| US9385935B2 (en) | Transparent message modification for diagnostics or testing | |
| CN116306407B (en) | Verification method, device, equipment and storage medium of Network On Chip (NOC) | |
| US11528201B1 (en) | Active network monitoring with telemetry-enriched packets | |
| CN109271310A (en) | The exploitation test method and device of mobile applications network function | |
| CN115277506B (en) | Load balancing equipment testing method and system | |
| CN115733768A (en) | Network node performance test method, device, equipment and medium | |
| Buzhin et al. | Comprehensive Assessment of the Quality of Telecommunication Services of Software-Defined Networks | |
| CN114640555A (en) | Information processing method, virtual machine cluster and system | |
| CN117354047A (en) | Data packet control method, device, apparatus, storage medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |