WO2009052668A1 - A nat-pt device and a load-sharing method for nat-pt device - Google Patents

A nat-pt device and a load-sharing method for nat-pt device Download PDF

Info

Publication number
WO2009052668A1
WO2009052668A1 PCT/CN2007/003648 CN2007003648W WO2009052668A1 WO 2009052668 A1 WO2009052668 A1 WO 2009052668A1 CN 2007003648 W CN2007003648 W CN 2007003648W WO 2009052668 A1 WO2009052668 A1 WO 2009052668A1
Authority
WO
WIPO (PCT)
Prior art keywords
nat
processing
ipv6
board
ipv4
Prior art date
Application number
PCT/CN2007/003648
Other languages
French (fr)
Chinese (zh)
Inventor
Jun Yao
Shubo Guo
Hongxiang Liu
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2009052668A1 publication Critical patent/WO2009052668A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/251Translation of Internet protocol [IP] addresses between different IP versions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Definitions

  • the present invention relates to network communication, and in particular to a NAT-PT (Network Address Translation - Protocol Translation) network for interworking between IPv6 (Internet Protocol Version 6) single protocol network and IPv4 (Internet Protocol Version 4) single protocol network. Address translation - protocol conversion) device and its load sharing method.
  • NAT-PT Network Address Translation - Protocol Translation
  • IPv4 protocol suffers from the limitation of the 32-bit address length, and the address allocation is about to be exhausted and difficult to expand.
  • IPv6 protocol with unlimited address resources and good scalability has been proposed and has been applied.
  • IPv4 packets need to be completed on the border routers of the IPv4 network and the IPv6 network.
  • the router with this function is also called the NAT-PT gateway, which is used to implement the communication between the IPv4 single protocol domain and the IPv6 single protocol domain terminal.
  • the board and the data processing board are composed.
  • the interface board is responsible for receiving packets, separating control signaling, and user data from the external port, and distributing them to the control plane processing board and the data processing board.
  • the receiving board is also processed by the control plane processing board or the data processing board.
  • the packet is sent out through the interface.
  • load balancing mainly refers to the following two aspects: 1) How to distribute packets that need to be NAT-PT to multiple NAT-PT processing boards for NAT-PT processing; 2) The address pool resource configured for the NAT-PT device and the address mapping table used for packet conversion are balanced on multiple NAT-PT processing boards.
  • the load sharing of the packet processing in the distributed NAT-PT device generally uses a load sharing scheme commonly used in the distributed network device: First, the header information of the packet is extracted by the packet header information extracting unit, such as the source IP.
  • FIG. 1 is a schematic diagram showing the principle of implementing distributed load balancing of a distributed NAT-PT device by using the technical solution.
  • the index key composed of multiple fields in the header of the message is used for packet distribution by hashing or modular operation.
  • the method has the following problems:
  • the index key is constructed by using multiple fields in the IP packet header. Especially for IPv6 packets, the index length is too long. The hash operation requires more computing resources, especially when the software is implemented. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a NAT-PT device and a load sharing method thereof, which can effectively reduce the load of each processing board and avoid waste of storage resources.
  • the source terminal initiates the domain name resolution process, and sends the domain name resolution request packet poll to different
  • the processing is sent to the destination terminal.
  • the destination terminal After the destination terminal returns the domain name resolution response packet, the destination terminal sends the packet to the NAT-PT processing board that processes the request packet.
  • the source terminal After sending to the source terminal; C.
  • the service flow processing process between the source terminal and the destination terminal is performed, and the IPv4 service packet is sent to the NAT-PT processing board to which the address pool containing the destination IPv4 address belongs, and the IPv6 service packet is sent to The NAT-PT processing board that matches the destination IPv6 address prefix is processed.
  • the source terminal is an IPv4 terminal, and the destination terminal is an IPv6 terminal; or the source terminal is an IPv6 terminal, and the destination terminal is an IPv4 terminal.
  • a NAT-PT IPv6 prefix and an IPv4 address pool are configured for each NAT-PT processing board, and the service packet is subjected to NAT-PT processing in the step C.
  • step A two NAT-PT IPv6 prefixes are configured for each NAT-PT processing board, and the IPv4 address pool is divided into two parts including a port number and a port number, respectively.
  • the two prefixes correspond.
  • the processing of the domain name resolution request packet and the response packet by the NAT-PT processing board includes the NAT-PT processing and the domain name resolution processing.
  • the NAT-PT processing board performs NAT-PT processing on the packet, otherwise the NAPT-PT (Network Address) is performed.
  • Port Translation - Protocol Translation Network address port translation - protocol conversion processing; For IPv6 packets, if the address pool corresponding to the matching prefix does not include the port number, NAT-PT processing is performed on it, otherwise NAPT-PT is performed. deal with.
  • a NAT-PT device includes an interconnected interface board and a NAT-PT processing board, the interface board includes an interconnected interface unit and a decision distribution unit, and the NAT-PT processing board includes Interconnected NAT-PT processing unit and resource management unit, where:
  • the interface unit is configured to receive and send IPv4 and IPv6 packets
  • the decision distribution unit is configured to send the domain name resolution message polling to the NAT-PT processing board; determine the NAT-PT processing board that matches the destination IPv6 address prefix or the destination IPv4 address of the service packet, and report the service The document is distributed to the matching NAT-PT processing board;
  • the NAT-PT processing unit is configured to process the packet
  • the resource management unit is configured to manage an IPv4 address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board.
  • the NAT-PT processing unit performs NAT-PT processing and domain name resolution processing on the domain name resolution packet, and performs NAT-PT processing or NAPT- on the service packet according to the IPv6 prefix of the packet or the IPv4 address pool to which the destination address belongs. PT processing.
  • the NAT-PT processing board further includes a storage unit, configured to store an IPv4 address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board.
  • the device further includes a control plane processing unit and a route forwarding engine unit, where the control plane processing unit is configured to process control plane commands and messages that enter the device;
  • the routing and forwarding engine unit is configured to complete routing and forwarding of packets.
  • the present invention configures a prefix and an address pool resource for each NAT-PT processing board to perform NAT-PT decision-making and packet load balancing at the same time.
  • decision-making and load sharing are performed. Only the upper 96 bits of the destination V6 address are used to directly match the prefixes configured by the NAT-PT processing board. This avoids the waste of computing resources.
  • IPv4 to IPv6 packets the destination IPv4 address and board configuration are used for decision-making and load balancing.
  • the same service flow is distributed to the same processing board.
  • the NAT-PT mapping table generated on each board is independent of each other. . DRAWINGS
  • FIG. 1 is a schematic diagram of a load sharing principle of a distributed NAT-PT device
  • FIG. 2 is a flowchart of a load sharing method of a NAT-PT device according to the present invention
  • FIG. 3 is a schematic diagram of a principle of a load sharing method according to Embodiment 1;
  • FIG. 5 is a flowchart of a method for processing a NAT-PT board according to Embodiment 1;
  • FIG. 6 is a structural diagram of a distributed NAT-PT device of the present invention. detailed description
  • the present invention provides a load sharing method for a NAT-PT device. As shown in FIG. 2, the method includes the following steps:
  • the source terminal initiates a DNS (Domain Name Resolution) process, and sends a DNS request packet to a different NAT-PT processing board for processing, and then sends the packet to the destination terminal.
  • DNS Domain Name Resolution
  • the destination terminal After the destination terminal returns the DNS response packet, the destination terminal sends the DNS response packet to the destination terminal.
  • the packet is sent to the NAT-PT processing board that processes the request packet for processing, and is sent to the source terminal after processing.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the NAT-PT device provides communication between the IPv4 single protocol domain and the terminal in the IPv6 single protocol domain.
  • the session may be initiated by the IPv4 domain terminal or by the IPv6 domain terminal. Therefore, the source terminal in the foregoing method is an IPv4 domain terminal or an IPv6 domain terminal.
  • the destination terminal is an IPv6 domain terminal or an IPv4 domain terminal.
  • FIG. 3 is a schematic diagram of the principle of the load sharing method in the embodiment, and can also be regarded as a schematic diagram of a logical implementation unit of the distributed NAT-PT device.
  • the unit 301 for the IPv6 packet, the upper 96 bits of the destination address of the IPv6 packet are used for the prefix matching.
  • the destination address of the IPv4 packet is extracted by the unit 302 for range matching.
  • the unit 302 is configured to match the extracted prefix information or the IPv4 address and the load sharing table to determine whether the packet is subjected to NAT-PT processing, and the load is shared to different NAT-PT processing boards.
  • Unit 303 Load Sharing Table, Maintaining NAT - PT IPv6 Prefix, Address Pool, and NAT -
  • NAT - PT processing board responsible for NAT-PT processing of packets, management of address pool and port; including NAT - PT processing unit (including DNS - ALG ( Domain Name Service Application Level Gateway: Domain Name Resolution Service (application level gateway) processing), address pool and port management unit.
  • DNS - ALG Domain Name Service Application Level Gateway: Domain Name Resolution Service (application level gateway) processing
  • Pre-conditions Configure different NAT-PT IPv6 prefix information and address pool resources for each NAT-PT processing card.
  • the DNS-ALG needs to be implemented.
  • the source When the source initiates a session, the source first initiates a DNS process. In particular, for the IPv4 source to initiate a session, the DNS process must be initiated first.
  • IPv4 terminal initiates the DNS process.
  • the IPv4 address of the packet is configured as ⁇ source: IPv4 domain DNS server address.
  • Purpose: IPv4 address is the IPv4 address of the IPv6 domain DNS server>. This address is in the address pool configured by the NAT-PT device. Within the scope, and for load sharing, this address is required to be statically configured on each processing board.
  • IPv4 DNS request packet is sent to different boards for NAT-PT and DNS-ALG processing, and then sent to the IPv6 domain DNS server. Assume that the packet is distributed to the board 1 and the packet IPv6 address is formed. For ⁇ source: prefix 1 + IPv4 domain DNS server address, destination: IPv6 domain DNS server IPv6 address>.
  • IPv6 domain DNS response packet the upper 96 bits of the IPv6 destination address are prefixed with 1 and are distributed to the board 1 for NAT-PT processing and DNS-ALG processing.
  • the IPv6 address is assigned to the IPv6 terminal. 1 address pool, recorded as IPv4 - 1) and port number, generate corresponding mapping table entries, and finally send to the IPv4 terminal.
  • A4 Enter the service flow processing process between the IPv4 terminal and the IPv6 terminal.
  • the destination IPv4 address is IPv4 - 1 and is distributed to the board 1 for NAT-PT processing and then to the IPv6 terminal.
  • the destination IPv6 address is high.
  • the 96-bit prefix 1 is distributed to the corresponding board 1 for NAT-PT processing.
  • B1 The IPv6 terminal first initiates the DNS process. At this time, the IPv6 address of the packet is composed of ⁇ source: IPv6 domain DNS server address; destination: common prefix + IPv4 domain DNS server address>.
  • B2 The IPv6 DNS request packet is sent to a different NAT-PT board for processing (assuming it is sent to the board 2), and an IPv4 address is assigned to the IPv6 DNS server (belonging to the board 2, denoted as IPv4 - 2) and The port number is sent to the IPv4 domain DNS server after the NAT-PT is processed.
  • IPv4 DNS response packet the destination address is IPv4- 2, so it is distributed to the corresponding NAT-PT processing board 2 and finally sent to the IPv6 terminal.
  • the processed packet IP address is composed of ⁇ source: prefix 2 + IPv4 domain DNS server address, destination: IPv6 domain destination DNS server address>.
  • B4 Enter the service flow processing process between the IPv4 terminal and the IPv6 terminal.
  • the upper 96 bits of the destination IPv6 address are prefix 2, so they are distributed to the corresponding NAT-PT board 2 for NAT-PT processing.
  • the V4 address and port number are assigned to the IPv6 terminal.
  • the mapping table information is generated and sent to the IPv4 terminal after the processing is complete.
  • the IPv4 address is sent to the NAT-PT board 2 for NAT. - PT processing, then sent to the IPv6 terminal.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • an independent prefix and a different address pool resource are configured for each NAT-PT board.
  • the 96-bit prefix matching and the IPv4 destination address matching of the IPv6 destination address are only used to determine whether the packet needs to be processed.
  • the decision message is required to be NAT-PT or NAPT-PT.
  • the extension can determine the type of processing (NAT-PT processing and NAPT-PT processing) at the same time in decision-making and load sharing, so that the performance of the device can be further provided.
  • the specific expansion scheme is as follows:
  • the prefix A corresponds to NAT-PT processing and the prefix B corresponds to NAPT-PT processing.
  • address pool resources configured on each NAT-PT processing board are divided into two parts: address pool A, which is used only for NAT-PT processing, and does not use ports; address pool B, port number, used for NAPT - PT processing.
  • the present invention also provides a NAT-PT device.
  • the interface includes multiple interface boards and multiple NAT-PT processing boards.
  • the interface board and the NAT-PT processing board communicate through the bus.
  • the interface board includes an interconnected interface unit and a decision distribution unit, and the NAT-PT processing board includes an interconnected NAT-PT processing unit and a resource management unit.
  • the interface unit is configured to receive and send IPv4 and IPv6 packets.
  • the decision distribution unit is configured to send the DNS packet to the NAT-PT processing board; determine the NAT-PT processing board that matches the destination IPv6 address prefix or the destination IPv4 address of the service packet, and distribute the service packet to the service packet.
  • the matching NAT-PT processing board is used to process the message.
  • the resource management unit is used to manage the address pool, port, and NAT-PT IPv6 prefix resources of the NAT-PT processing board.
  • the NAT-PT processing board of the distributed NAT-PT device may further include a storage unit for storing an address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board.
  • the device may also include a control plane processing unit (for handling control plane signaling and messages entering the device), a routing and forwarding engine unit (for routing and forwarding of messages), and the like.

Abstract

A NAT-PT device and a load-sharing method are disclosed. the said method includes the following steps: each of the NAT-PT processing single-boards is configured with different IPv6 prefix and IPv4 address pool resource; a source terminal initializes a flow of domain name resolution; a request message is sent to different single-boards to process with poll mode, and is sent to destination terminal; the responsive message is sent to the single-board, which processes said request message, to process and is sent to source terminal; in the processing flow of the service flow, the IPv4 service message is sent to the single-board, which has the address pool that includes the destination IPv4 address, to process; and the IPv6 service message is sent to the single-board, which matches the destination IPv6 address prefix, to process. By employing said method, the decision, whether to perform NAT-PT, and message load-sharing are completed at the same time. Therefore, the wasting of computing resource is avoided. In said device, the address pool resource in each of single-boards is different, the NAT-PT mapping list created in every single-board is independent of each other, and the same service flow is sent to the same processing single-board. Therefore, the wasting of storage resource is avoided.

Description

一种 NAT-PT设备及其负荷分担方法  NAT-PT device and load sharing method thereof
技术领域 Technical field
本发明涉及网络通讯, 具体涉及一种用于 IPv6 (互联网协议版本 6 )单 协议网络和 IPv4 (互联网协议版本 4 )单协议网络之间终端互通的 NAT-PT ( Network Address Translation - Protocol Translation, 网络地址转换-协议转 换)设备及其负荷分担方法。  The present invention relates to network communication, and in particular to a NAT-PT (Network Address Translation - Protocol Translation) network for interworking between IPv6 (Internet Protocol Version 6) single protocol network and IPv4 (Internet Protocol Version 4) single protocol network. Address translation - protocol conversion) device and its load sharing method.
背景技术 Background technique
TCP/IP协议簇的成功使用, 使得通信技术得到迅猛的发展和广泛应用, 作为网络技术的核心协议的 IPv4协议, 由于受到 32位地址长度的限制, 面 临地址分配即将耗尽、 难以扩展的问题。 为克服现有 IPv4协议簇的局限性, 具有无限地址资源和良好扩展性的 IPv6协议被提出, 并已经开始应用。 但 IPv4向 IPv6的过渡会经历一段相当的时间,过渡期间实现 IPv4单协议网络 域和 IPv6单协议网络域中各种设备之间的通信, 需要在 IPv4 网络和 IPv6 网络的边界路由器上完成 IPv4报文和 IPv6报文的相互转换, 具有此功能的 路由器也称为 NAT-PT网关, 用于实现 IPv4单协议域和 IPv6单协议域终端 之间的通 4言。 另一方面, 迅速增加的用户数量和业务对数据业务的带宽要求不断提 高, 为满足不断扩容的需求, 目前的通信设备多数采用分布式的系统架构, 一般都是由接口单板、控制面处理单板和数据处理单板构成。 其中接口单板 负责从外部端口接收报文、分离控制信令和用户数据, 并分别分发到控制面 处理单板和数据处理单板处理;同时接收来自控制面处理单板或数据处理单 板的报文, 通过接口向外发送。 由于分布式设备中存在多个处理单板, 如何 实现多个处理单板之间的负荷分担(或称负栽均衡)是系统设计的一个非常 重要的方面。对分布式 NAT-PT设备而言, 负荷分担主要指的是如下两个方 面: 1 ) 如何分发需要做 NAT-PT 的报文到多个 NAT-PT 处理单板进行 NAT-PT处理; 2 ) NAT-PT设备配置的地址池资源、 报文转换使用的地址映 射表如何在多个 NAT-PT处理单板上均衡分配。 现有技术中,分布式 NAT-PT设备中报文处理的负荷分担一般使用分布 式网络设备中通用的负荷分担方案: 首先由报文首部信息提取单元提取 IP 报文的头部信息如源 IP、 目的 IP、 协议类型、 4层端口号信息等, 然后分发 单元将这些信息按照某种规则构造为决策和分发索引关键字,接下来对索引 关鍵字进行散列操作或是模余操作, 从而将报文分发到不同的处理单板处 理。附图 1所示为使用此技术方案实现分布式 NAT-PT设备负荷分担的原理 示意图,这种使用报文首部中多个字段构成的索引关键字通过散列或是模余 操作进行报文分发的方法, 存在如下的问题: The successful use of the TCP/IP protocol cluster has led to the rapid development and widespread application of communication technologies. As the core protocol of the network technology, the IPv4 protocol suffers from the limitation of the 32-bit address length, and the address allocation is about to be exhausted and difficult to expand. . To overcome the limitations of the existing IPv4 protocol suite, an IPv6 protocol with unlimited address resources and good scalability has been proposed and has been applied. However, the transition from IPv4 to IPv6 will take a considerable period of time. During the transition period, communication between various devices in the IPv4 single-protocol network domain and the IPv6 single-protocol network domain is required. IPv4 packets need to be completed on the border routers of the IPv4 network and the IPv6 network. The conversion between the text and the IPv6 packet. The router with this function is also called the NAT-PT gateway, which is used to implement the communication between the IPv4 single protocol domain and the IPv6 single protocol domain terminal. On the other hand, the number of rapidly increasing users and the bandwidth requirements of services for data services are increasing. To meet the needs of continuous expansion, most of the current communication devices adopt a distributed system architecture, which is generally handled by interface boards and control planes. The board and the data processing board are composed. The interface board is responsible for receiving packets, separating control signaling, and user data from the external port, and distributing them to the control plane processing board and the data processing board. The receiving board is also processed by the control plane processing board or the data processing board. The packet is sent out through the interface. Because there are multiple processing boards in a distributed device, how to implement load sharing (or load balancing) between multiple processing boards is a very important aspect of system design. For distributed NAT-PT devices, load balancing mainly refers to the following two aspects: 1) How to distribute packets that need to be NAT-PT to multiple NAT-PT processing boards for NAT-PT processing; 2) The address pool resource configured for the NAT-PT device and the address mapping table used for packet conversion are balanced on multiple NAT-PT processing boards. In the prior art, the load sharing of the packet processing in the distributed NAT-PT device generally uses a load sharing scheme commonly used in the distributed network device: First, the header information of the packet is extracted by the packet header information extracting unit, such as the source IP. , destination IP, protocol type, 4-layer port number information, etc., and then the distribution unit constructs the information as a decision and distribution index key according to a certain rule, and then hashes or models the index key. Therefore, the packets are distributed to different processing boards. FIG. 1 is a schematic diagram showing the principle of implementing distributed load balancing of a distributed NAT-PT device by using the technical solution. The index key composed of multiple fields in the header of the message is used for packet distribution by hashing or modular operation. The method has the following problems:
1、 构造索引关键字的多个字段中只要有一个字段改变, 报文便会被分 发到不同的 NAT-PT处理单板,这样对于同一个用户或是同一个业务流中的 报文会被分发到不同的 NAT-PT处理单板,这要求所有的 NAT-PT单板都必 须驻留全部的地址池资源, 进而可能生成全部一致的映射表条目, 从而造成 各处理单板存储资源的浪费,某些情况下甚至是难以实现的;  1. If there is a field change in the multiple fields of the index key, the message will be distributed to different NAT-PT processing boards, so that the same user or the same service flow will be It is distributed to different NAT-PT processing boards. This requires that all NAT-PT boards must reside in all address pool resources, which may result in the generation of all the same mapping table entries, resulting in waste of storage resources of each processing board. In some cases it is even difficult to achieve;
2、 使用 IP报文首部的多个字段构造索引关键字, 尤其是对 IPv6报文 而言, 索引长度过长, 散列操作需要较多的计算资源, 尤其是软件实现时, 性能受到限制。 发明内容  2. The index key is constructed by using multiple fields in the IP packet header. Especially for IPv6 packets, the index length is too long. The hash operation requires more computing resources, especially when the software is implemented. Summary of the invention
本发明所要解决的技术问题是提供一种 NAT-PT设备及其负荷分担方 法, 有效降低各处理单板的负荷, 并避免存储资源的浪费。  The technical problem to be solved by the present invention is to provide a NAT-PT device and a load sharing method thereof, which can effectively reduce the load of each processing board and avoid waste of storage resources.
为解决上述技术问题, 本发明是通过以下技术方案实现的:  In order to solve the above technical problems, the present invention is achieved by the following technical solutions:
(-)一种 NAT-PT设备的负荷分担方法, 所述方法包括以下步骤:  (-) A load sharing method for a NAT-PT device, the method comprising the following steps:
A、 为 NAT-PT设备中各个 NAT-PT处理单板配置不同的 NAT-PT IPv6 前缀和 IPv4地址池资源;  A. Configure different NAT-PT IPv6 prefixes and IPv4 address pool resources for each NAT-PT processing board in the NAT-PT device.
B、 源终端发起域名解析流程, 将域名解析请求报文轮询发送到不同 B. The source terminal initiates the domain name resolution process, and sends the domain name resolution request packet poll to different
NAT-PT处理单板进行处理, 处理完后发送至目的终端, 目的终端返回域名 解析响应报文后,将该报文发送至处理其请求报文的 NAT-PT处理单板进行 处理, 处理完后发送至源终端; C,进入源终端与目的终端之间的业务流处理流程, 将 IPv4业务报文发 送至包含其目的 IPv4地址的地址池所属的 NAT-PT处理单板进行处理, 将 IPv6业务报文发送至与其目的 IPv6地址前缀匹配的 NAT-PT处理单板进行 处理。 After the processing is completed, the processing is sent to the destination terminal. After the destination terminal returns the domain name resolution response packet, the destination terminal sends the packet to the NAT-PT processing board that processes the request packet. After sending to the source terminal; C. The service flow processing process between the source terminal and the destination terminal is performed, and the IPv4 service packet is sent to the NAT-PT processing board to which the address pool containing the destination IPv4 address belongs, and the IPv6 service packet is sent to The NAT-PT processing board that matches the destination IPv6 address prefix is processed.
其中, 所述源终端为 IPv4终端, 所述目的终端为 IPv6终端; 或者, 所 述源终端为 IPv6终端, 所述目的终端为 IPv4终端。  The source terminal is an IPv4 terminal, and the destination terminal is an IPv6 terminal; or the source terminal is an IPv6 terminal, and the destination terminal is an IPv4 terminal.
其中, 所述步骤 A中为每个 NAT-PT处理单板配置一个 NAT-PT IPv6 前缀和一个 IPv4地址池, 同时步骤 C中对业务报文进行 NAT-PT处理。  In the step A, a NAT-PT IPv6 prefix and an IPv4 address pool are configured for each NAT-PT processing board, and the service packet is subjected to NAT-PT processing in the step C.
其中, 所述步骤 A中为每个 NAT-PT处理单板配置两个 NAT-PT IPv6 前缀, 并将其 IPv4地址池划分为包含端口号的和不包含端口号的两部分, 分别与所述两个前缀对应。  In the step A, two NAT-PT IPv6 prefixes are configured for each NAT-PT processing board, and the IPv4 address pool is divided into two parts including a port number and a port number, respectively. The two prefixes correspond.
其中, 所述步骤 B中, NAT-PT处理单板对所述域名解析请求报文及其 响应报文的处理包括 NAT-PT处理和域名解析处理。  The processing of the domain name resolution request packet and the response packet by the NAT-PT processing board includes the NAT-PT processing and the domain name resolution processing.
其中, 所述步骤 C中, 对于 IPv4报文, 若与其目的 IPv4地址匹配的地 址池不包括端口号, 则 NAT-PT处理单板对其进行 NAT-PT处理, 否则进行 NAPT-PT ( Network Address Port Translation - Protocol Translation: 网络地址 端口转换 -协议转换)处理; 对于 IPv6报文, 若与其匹配的前缀所对应的 地址池不包括端口号, 则对其进行 NAT-PT处理, 否则进行 NAPT-PT处理。  In the step C, if the address pool matching the destination IPv4 address does not include the port number, the NAT-PT processing board performs NAT-PT processing on the packet, otherwise the NAPT-PT (Network Address) is performed. Port Translation - Protocol Translation: Network address port translation - protocol conversion processing; For IPv6 packets, if the address pool corresponding to the matching prefix does not include the port number, NAT-PT processing is performed on it, otherwise NAPT-PT is performed. deal with.
(=)一种 NAT-PT设备, 包括互连的接口单板和 NAT-PT处理单板, 所述 接口单板包括互连的接口单元和决策分发单元,所述 NAT-PT处理单板包括 互连的 NAT-PT处理单元和资源管理单元, 其中:  (=) A NAT-PT device includes an interconnected interface board and a NAT-PT processing board, the interface board includes an interconnected interface unit and a decision distribution unit, and the NAT-PT processing board includes Interconnected NAT-PT processing unit and resource management unit, where:
所述接口单元用于接收和发送 IPv4和 IPv6报文;  The interface unit is configured to receive and send IPv4 and IPv6 packets;
所述决策分发单元用于将域名解析报文轮询发送至 NAT-PT处理单板; 判断与业务报文的目的 IPv6地址前缀或目的 IPv4地址相匹配的 NAT-PT处 理单板, 将业务报文分发至与其相匹配的 NAT-PT处理单板;  The decision distribution unit is configured to send the domain name resolution message polling to the NAT-PT processing board; determine the NAT-PT processing board that matches the destination IPv6 address prefix or the destination IPv4 address of the service packet, and report the service The document is distributed to the matching NAT-PT processing board;
所述 NAT-PT处理单元用于对报文进行处理;  The NAT-PT processing unit is configured to process the packet;
所述资源管理单元用于管理 NAT-PT处理单板的 IPv4地址池、 端口和 NAT-PT IPv6前缀资源。 其中,所述 NAT-PT处理单元对域名解析报文进行 NAT-PT处理和域名 解析处理, 根据报文的 IPv6前缀或其目的地址所属 IPv4地址池对业务报文 进行 NAT-PT处理或 NAPT-PT处理。 The resource management unit is configured to manage an IPv4 address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board. The NAT-PT processing unit performs NAT-PT processing and domain name resolution processing on the domain name resolution packet, and performs NAT-PT processing or NAPT- on the service packet according to the IPv6 prefix of the packet or the IPv4 address pool to which the destination address belongs. PT processing.
其中, 所述 NAT-PT处理单板还包括存储单元, 用于存储 NAT-PT处理 单板的 IPv4地址池、 端口和 NAT-PT IPv6前缀资源。  The NAT-PT processing board further includes a storage unit, configured to store an IPv4 address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board.
其中, 所述设备还包括控制面处理单元和路由转发引擎单元, 其中, 所述控制面处理单元用于处理进入设备的控制面命令和报文;  The device further includes a control plane processing unit and a route forwarding engine unit, where the control plane processing unit is configured to process control plane commands and messages that enter the device;
所述路由转发引擎单元用于完成报文的路由转发。  The routing and forwarding engine unit is configured to complete routing and forwarding of packets.
本发明具有以下有益效果:  The invention has the following beneficial effects:
本发明通过给每个 NAT - PT处理单板配置前缀和地址池资源, 对报 文是否做 NAT - PT的决策和报文的负荷分担同时完成, 对于 IPv6到 IPv4 的报文, 决策和负荷分担只使用目的 V6地址的高 96位直接匹配各 NAT - PT处理单板配置的前缀, 避免了计算资源的浪费; 对于 IPv4到 IPv6的报 文, 决策和负荷分担使用目的 IPv4地址和单板配置的地址池匹配来实现; 另一方面,同一业务流被分发同一个处理单板,由于各单板地址池资源不同, 各单板上生成的 NAT - PT映射表相互独立, 避免了存储资源的浪费。 附图说明  The present invention configures a prefix and an address pool resource for each NAT-PT processing board to perform NAT-PT decision-making and packet load balancing at the same time. For IPv6 to IPv4 packets, decision-making and load sharing are performed. Only the upper 96 bits of the destination V6 address are used to directly match the prefixes configured by the NAT-PT processing board. This avoids the waste of computing resources. For IPv4 to IPv6 packets, the destination IPv4 address and board configuration are used for decision-making and load balancing. On the other hand, the same service flow is distributed to the same processing board. The NAT-PT mapping table generated on each board is independent of each other. . DRAWINGS
图 1为现有分布式 NAT-PT设备负荷分担原理示意图;  FIG. 1 is a schematic diagram of a load sharing principle of a distributed NAT-PT device;
图 2为本发明 NAT-PT设备的负荷分担方法流程图;  2 is a flowchart of a load sharing method of a NAT-PT device according to the present invention;
图 3为实施例一的负荷分担方法原理示意图;  3 is a schematic diagram of a principle of a load sharing method according to Embodiment 1;
图 4为实施例一的决策和分发方法流程图;  4 is a flowchart of a method for determining and distributing the first embodiment;
图 5为实施例一的 NAT-PT单板处理方法流程图;  FIG. 5 is a flowchart of a method for processing a NAT-PT board according to Embodiment 1;
图 6为本发明的分布式 NAT-PT设备结构图。 具体实施方式  Figure 6 is a structural diagram of a distributed NAT-PT device of the present invention. detailed description
下面结合附图和具体实施例对本发明作进一步详细的描述: 本发明提供了一种 NAT-PT设备的负荷分担方法, 如图 2所示, 包括以 下步骤: The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments: The present invention provides a load sharing method for a NAT-PT device. As shown in FIG. 2, the method includes the following steps:
201、 为各个 NAT-PT处理单板配置不同的 NAT-PT IPv6前缀和地址池 资源;  201. Configure different NAT-PT IPv6 prefixes and address pool resources for each NAT-PT processing board.
202、 源终端发起 DNS (域名解析) 流程, 将 DNS请求报文轮询发送 到不同 NAT-PT处理单板进行处理, 处理完后发送至目的终端, 目的终端返 回 DNS响应报文后, 将该报文发送至处理其请求报文的 NAT-PT处理单板 进行处理, 处理完后发送至源终端;  202. The source terminal initiates a DNS (Domain Name Resolution) process, and sends a DNS request packet to a different NAT-PT processing board for processing, and then sends the packet to the destination terminal. After the destination terminal returns the DNS response packet, the destination terminal sends the DNS response packet to the destination terminal. The packet is sent to the NAT-PT processing board that processes the request packet for processing, and is sent to the source terminal after processing.
203、 进入源终端与目的终端之间的业务流处理流程, 将 IPv4业务报文 发送至包含其目的 IPv4地址的地址池所属的 NAT-PT处理单板进行处理, 将 IPv6业务报文发送至与其目的 IPv6地址前缀匹配的 NAT-PT处理单板进 行处理。  203. Enter a service flow processing process between the source terminal and the destination terminal, and send the IPv4 service packet to the NAT-PT processing board to which the address pool containing the destination IPv4 address belongs, and send the IPv6 service packet to the same. The NAT-PT processing board that matches the destination IPv6 address prefix is processed.
实施例一:  Embodiment 1:
通常, NAT - PT设备提供 IPv4单协议域和 IPv6单协议域中终端的通 信, 会话可由 IPv4域终端发起, 也可由 IPv6域终端发起, 因而上述方法中 源终端为 IPv4域终端或 IPv6域终端,同时目的终端为 IPv6域终端或者 IPv4 域终端, 图 3 为本实施例的负荷分担方法原理示意图, 也可以视为分布式 NAT - PT设备逻辑实现单元示意图。  Generally, the NAT-PT device provides communication between the IPv4 single protocol domain and the terminal in the IPv6 single protocol domain. The session may be initiated by the IPv4 domain terminal or by the IPv6 domain terminal. Therefore, the source terminal in the foregoing method is an IPv4 domain terminal or an IPv6 domain terminal. The destination terminal is an IPv6 domain terminal or an IPv4 domain terminal. FIG. 3 is a schematic diagram of the principle of the load sharing method in the embodiment, and can also be regarded as a schematic diagram of a logical implementation unit of the distributed NAT-PT device.
其中, 单元 301 : 对于 IPv6报文, 提取 IPv6报文目的地址的高 96位供 单元 302进行前缀匹配使用; 对于 IPv4报文, 提取 IPv4报文目的地址供单 元 302进行范围匹配使用。  The unit 301: for the IPv6 packet, the upper 96 bits of the destination address of the IPv6 packet are used for the prefix matching. For the IPv4 packet, the destination address of the IPv4 packet is extracted by the unit 302 for range matching.
单元 302: 负责提取出的前缀信息或是 IPv4地址和负荷分担表进行匹 配, 确定报文是否做 NAT - PT处理, 并负荷分担到不同的 NAT - PT处理 单板。  The unit 302 is configured to match the extracted prefix information or the IPv4 address and the load sharing table to determine whether the packet is subjected to NAT-PT processing, and the load is shared to different NAT-PT processing boards.
单元 303: 负荷分担表, 维护 NAT - PT IPv6前缀、 地址池和各 NAT - Unit 303: Load Sharing Table, Maintaining NAT - PT IPv6 Prefix, Address Pool, and NAT -
PT处理单板的对应关系, 即负荷分担策略。 The correspondence between the PT processing boards, that is, the load sharing strategy.
单元 304: NAT - PT处理单板, 负责报文的 NAT - PT处理, 地址池和 端口的管理; 包括 NAT - PT处理单元(包括 DNS - ALG ( Domain Name Service Application Level Gateway: 域名解析服务应用级网关)处理) 、 地 址池和端口管理单元。 Unit 304: NAT - PT processing board, responsible for NAT-PT processing of packets, management of address pool and port; including NAT - PT processing unit (including DNS - ALG ( Domain Name Service Application Level Gateway: Domain Name Resolution Service (application level gateway) processing), address pool and port management unit.
下面分别描述在会话由 IPv4域终端发起或者由 IPv6域终端发起的两种 情况下本实施例所采用的决策和负荷分担方法:  The following describes the decision-making and load-sharing methods used in this embodiment in the case where the session is initiated by an IPv4 domain terminal or initiated by an IPv6 domain terminal:
前置条件: 为各 NAT - PT处理单板配置不同的单个 NAT - PT IPv6前 缀信息和地址池资源。 对于 NAT - PT设备而言, 需要实现 DNS-ALG, 源 端在发起会话时, 一般会首先发起 DNS流程, 尤其是对于 IPv4源端发起会 话, 必须首先发起 DNS流程。  Pre-conditions: Configure different NAT-PT IPv6 prefix information and address pool resources for each NAT-PT processing card. For a NAT-PT device, the DNS-ALG needs to be implemented. When the source initiates a session, the source first initiates a DNS process. In particular, for the IPv4 source to initiate a session, the DNS process must be initiated first.
参考附图 4和附图 5, 当 IPv4终端发起会话的具体流程如下:  Referring to FIG. 4 and FIG. 5, the specific process of initiating a session by an IPv4 terminal is as follows:
A1 : IPv4终端发起 DNS流程, 此时报文 IPv4地址构成为<源: IPv4 域 DNS服务器地址, 目的: IPv4地址为对应 IPv6域 DNS服务器的 IPv4地 址>, 此地址在 NAT - PT设备配置的地址池范围之内, 而且为了负荷分担, 要求此地址在每个处理单板上静态配置。  A1: The IPv4 terminal initiates the DNS process. The IPv4 address of the packet is configured as <source: IPv4 domain DNS server address. Purpose: IPv4 address is the IPv4 address of the IPv6 domain DNS server>. This address is in the address pool configured by the NAT-PT device. Within the scope, and for load sharing, this address is required to be statically configured on each processing board.
A2 : IPv4 DNS 请求报文被轮询发送到不同的单板进行 NAT-PT、 DNS-ALG处理后, 发送到 IPv6域 DNS服务器, 假定报文被分发到单板 1 , 此时报文 IPv6地址构成为 <源:前缀 1 + IPv4域 DNS服务器地址,目的: IPv6 域 DNS服务器 IPv6地址 >。  A2: The IPv4 DNS request packet is sent to different boards for NAT-PT and DNS-ALG processing, and then sent to the IPv6 domain DNS server. Assume that the packet is distributed to the board 1 and the packet IPv6 address is formed. For <source: prefix 1 + IPv4 domain DNS server address, destination: IPv6 domain DNS server IPv6 address>.
A3: IPv6域 DNS响应报文, IPv6 目的地址的高 96位为前缀 1 , 故被 分发到单板 1进行 NAT-PT处理和 DNS-ALG处理, 此时为 IPv6终端分配 IPv4地址(属于单板 1地址池, 记为 IPv4 - 1 )和端口号, 同时生成相应的 映射表条目, 最后发送到 IPv4终端。  A3: IPv6 domain DNS response packet, the upper 96 bits of the IPv6 destination address are prefixed with 1 and are distributed to the board 1 for NAT-PT processing and DNS-ALG processing. In this case, the IPv6 address is assigned to the IPv6 terminal. 1 address pool, recorded as IPv4 - 1) and port number, generate corresponding mapping table entries, and finally send to the IPv4 terminal.
A4: 进入 IPv4终端与 IPv6终端之间的业务流处理流程。 对于 IPv4终 端发出的业务报文, 目的 IPv4地址为 IPv4 - 1 ,故被分发到单板 1进行 NAT - PT处理, 之后发送到 IPv6终端; 对于 IPv6终端发出的业务报文, 目的 IPv6地址的高 96位为前缀 1 ,故被分发到对应的单板 1进行 NAT - PT处理。  A4: Enter the service flow processing process between the IPv4 terminal and the IPv6 terminal. For the service packets sent by the IPv4 terminal, the destination IPv4 address is IPv4 - 1 and is distributed to the board 1 for NAT-PT processing and then to the IPv6 terminal. For the service packets sent by the IPv6 terminal, the destination IPv6 address is high. The 96-bit prefix 1 is distributed to the corresponding board 1 for NAT-PT processing.
参考附图 4和附图 5, 当 IPv6终端发起会话的具体流程如下:  Referring to FIG. 4 and FIG. 5, the specific process of initiating a session by an IPv6 terminal is as follows:
B1 : IPv6终端首先发起 DNS流程,此时报文 IPv6地址构成为 <源: IPv6 域 DNS服务器地址; 目的: 普通前缀 + IPv4域 DNS服务器地址〉。 B2: IPv6 DNS请求报文被轮询发送到不同的 NAT-PT单板处理(假定 被送到单板 2 ) , 为 IPv6 DNS服务器分配 IPv4地址(属于单板 2,记为 IPv4 - 2 )和端口号, NAT-PT处理完成后发送到 IPv4域 DNS服务器。 B1: The IPv6 terminal first initiates the DNS process. At this time, the IPv6 address of the packet is composed of <source: IPv6 domain DNS server address; destination: common prefix + IPv4 domain DNS server address>. B2: The IPv6 DNS request packet is sent to a different NAT-PT board for processing (assuming it is sent to the board 2), and an IPv4 address is assigned to the IPv6 DNS server (belonging to the board 2, denoted as IPv4 - 2) and The port number is sent to the IPv4 domain DNS server after the NAT-PT is processed.
B3: IPv4 DNS 响应报文, 目的地址为 IPv4- 2, 故被分发到相应的 NAT-PT处理单板 2处理, 最后发送到 IPv6终端, 处理之后的报文 IP地址 构成为 <源: 前缀 2 + IPv4域 DNS服务器地址, 目的: IPv6域目的 DNS服 务器地址>。  B3: IPv4 DNS response packet, the destination address is IPv4- 2, so it is distributed to the corresponding NAT-PT processing board 2 and finally sent to the IPv6 terminal. The processed packet IP address is composed of <source: prefix 2 + IPv4 domain DNS server address, destination: IPv6 domain destination DNS server address>.
B4: 进入 IPv4终端与 IPv6终端之间的业务流处理流程。 对于 IPv6终 端发出的业务报文, 目的 IPv6地址的高 96位为前缀 2, 故被分发到对应的 NAT - PT单板 2进行 NAT - PT处理, 此时为 IPv6终端分配 V4地址和端 口号, 同时生成映射表信息, 处理完成后发送到 IPv4终端; IPv4终端发出 的业务艮文, 目的 IPv4地址在 NAT-PT单板 2地址池范围之内, 故被分发 到 NAT-PT单板 2进行 NAT - PT处理, 之后发送到 IPv6终端。  B4: Enter the service flow processing process between the IPv4 terminal and the IPv6 terminal. For the service packets sent by the IPv6 terminal, the upper 96 bits of the destination IPv6 address are prefix 2, so they are distributed to the corresponding NAT-PT board 2 for NAT-PT processing. At this time, the V4 address and port number are assigned to the IPv6 terminal. The mapping table information is generated and sent to the IPv4 terminal after the processing is complete. The IPv4 address is sent to the NAT-PT board 2 for NAT. - PT processing, then sent to the IPv6 terminal.
实施例二:  Embodiment 2:
在上述实施例一中, 为每个 NAT- PT单板配置了独立的前缀和不同的 地址池资源, IPv6目的地址高 96位前缀匹配和 IPv4目的地址匹配仅仅用来 决策报文是否需要做处理和负荷分担, 当业务报文分发到 NAT-PT处理单 板后, 还需要决策报文是做 NAT- PT, 还是做 NAPT-PT处理, 本实施例 在上述实施例一的方案基础上进行了扩展, 可以在决策和负荷分担时, 同时 确定出 文需处理的类型 ( NAT-PT处理和 NAPT-PT处理) , 从而可以 进一步提供设备的性能, 具体扩展方案如下:  In the first embodiment, an independent prefix and a different address pool resource are configured for each NAT-PT board. The 96-bit prefix matching and the IPv4 destination address matching of the IPv6 destination address are only used to determine whether the packet needs to be processed. After the service packet is distributed to the NAT-PT processing board, the decision message is required to be NAT-PT or NAPT-PT. This embodiment is based on the solution of the first embodiment. The extension can determine the type of processing (NAT-PT processing and NAPT-PT processing) at the same time in decision-making and load sharing, so that the performance of the device can be further provided. The specific expansion scheme is as follows:
( 1 )为每个 NAT - PT处理单板配置两个 NAT - PT IPv6前缀, 前缀 A 对应 NAT-PT处理、 前缀 B对应 NAPT-PT处理。  (1) Configure two NAT-PT IPv6 prefixes for each NAT-PT processing board. The prefix A corresponds to NAT-PT processing and the prefix B corresponds to NAPT-PT processing.
(2)将每个 NAT- PT 处理单板配置的地址池资源划分为两个部分: 地址池 A, 仅用于 NAT-PT处理, 不使用端口; 地址池 B, 使用端口号, 用于 NAPT- PT处理。  (2) The address pool resources configured on each NAT-PT processing board are divided into two parts: address pool A, which is used only for NAT-PT processing, and does not use ports; address pool B, port number, used for NAPT - PT processing.
( 3 ) NAT - PT设备在分配地址和端口时, 如果选择地址池 A, 则在处 理过程中使用前缀 A, 如杲选择地址池 B, 则在处理过程中使用前缀 B。 决 策分发时根据不同的地址池匹配和前缀匹配, 来确定 NAT - PT决策、 类型 区分和负荷分担。 (3) When the NAT-PT device allocates the address and port, if the address pool A is selected, the prefix A is used in the process. If the address pool B is selected, the prefix B is used in the process. Decision Policy distribution is based on different address pool matching and prefix matching to determine NAT-PT decision, type differentiation, and load sharing.
本发明还提出了一种 NAT-PT设备, 如图 6所示, 包括多个接口单板和 多个 NAT-PT处理单板, 接口单板和 NAT-PT处理单板通过总线进行通信。 所述接口单板包括互连的接口单元和决策分发单元,所述 NAT-PT处理单板 包括互连的 NAT-PT处理单元和资源管理单元。  The present invention also provides a NAT-PT device. As shown in FIG. 6, the interface includes multiple interface boards and multiple NAT-PT processing boards. The interface board and the NAT-PT processing board communicate through the bus. The interface board includes an interconnected interface unit and a decision distribution unit, and the NAT-PT processing board includes an interconnected NAT-PT processing unit and a resource management unit.
其中, 接口单元用于接收和发送 IPv4和 IPv6报文。 决策分发单元用于 将 DNS报文轮询发送至 NAT-PT处理单板; 判断与业务报文的目的 IPv6地 址前缀或目的 IPv4地址相匹配的 NAT-PT处理单板, 将业务报文分发至与 其相匹配的 NAT-PT处理单板。 NAT-PT处理单元用于对报文进行处理。 资 源管理单元用于管理 NAT-PT处理单板的地址池、端口和 NAT-PT IPv6前缀 资源。  The interface unit is configured to receive and send IPv4 and IPv6 packets. The decision distribution unit is configured to send the DNS packet to the NAT-PT processing board; determine the NAT-PT processing board that matches the destination IPv6 address prefix or the destination IPv4 address of the service packet, and distribute the service packet to the service packet. The matching NAT-PT processing board. The NAT-PT processing unit is used to process the message. The resource management unit is used to manage the address pool, port, and NAT-PT IPv6 prefix resources of the NAT-PT processing board.
上述分布式 NAT - PT设备的 NAT-PT处理单板还可包括存储单元, 用 来存储 NAT-PT处理单板的地址池、端口和 NAT-PT IPv6前缀资源。该设备 还可包括控制面处理单元(用于处理进入设备的控制面信令和报文)、 路由 转发引擎单元(完成报文的路由转发) 等。  The NAT-PT processing board of the distributed NAT-PT device may further include a storage unit for storing an address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board. The device may also include a control plane processing unit (for handling control plane signaling and messages entering the device), a routing and forwarding engine unit (for routing and forwarding of messages), and the like.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡在本 发明的精神和原则之内所作的任何修改、等同替换和改进等, 均应包含在本 发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

权 利 要 求 书 Claim
1、 一种 NAT-PT设备的负荷分担方法, 其特征在于, 所述方法包括以 下步骤:  A load sharing method for a NAT-PT device, characterized in that the method comprises the following steps:
A、 为 NAT-PT设备中各个 NAT-PT处理单板配置不同的 NAT-PT IPv6 前缀和 IPv4地址池资源;  A. Configure different NAT-PT IPv6 prefixes and IPv4 address pool resources for each NAT-PT processing board in the NAT-PT device.
B、 源终端发起域名解析流程, 将域名解析请求报文轮询发送到不同 NAT-PT处理单板进行处理, 处理完后发送至目的终端, 目的终端返回域名 解析响应报文后,将该报文发送至处理其请求报文的 NAT-PT处理单板进行 处理, 处理完后发送至源终端;  B. The source terminal initiates the domain name resolution process, and sends the domain name resolution request packet to the different NAT-PT processing boards for processing. After the processing is completed, the destination terminal sends the domain name resolution response message to the destination terminal. The message is sent to the NAT-PT processing board that processes the request packet for processing, and is sent to the source terminal after processing;
C、进入源终端与目的终端之间的业务流处理流程, 将 IPv4业务报文发 送至包含其目的 IPv4地址的地址池所属的 NAT-PT处理单板进行处理, 将 IPv6业务报文发送至与其目的 IPv6地址前缀匹配的 NAT-PT处理单板进行 处理。  C. The service flow processing process between the source terminal and the destination terminal is performed, and the IPv4 service packet is sent to the NAT-PT processing board to which the address pool containing the destination IPv4 address belongs, and the IPv6 service packet is sent to The NAT-PT processing board that matches the destination IPv6 address prefix is processed.
2、如权利要求 1所述的负荷分担方法,其特征在于,所述源终端为 IPv4 终端, 所述目的终端为 IPv6终端; 或者, 所述源终端为 IPv6终端, 所述目 的终端为 IPv4终端。  The load sharing method according to claim 1, wherein the source terminal is an IPv4 terminal, and the destination terminal is an IPv6 terminal; or the source terminal is an IPv6 terminal, and the destination terminal is an IPv4 terminal. .
3、 如权利要求 2所述的负荷分担方法, 其特征在于, 所述步骤 A中为 - 每个 NAT-PT处理单板配置一个 NAT-PT IPv6前缀和一个 IPv4地址池, 同 时步骤 C中对业务报文进行 NAT-PT处理。  The load sharing method according to claim 2, wherein in the step A, each NAT-PT processing board is configured with a NAT-PT IPv6 prefix and an IPv4 address pool, and in step C, Service packets are processed by NAT-PT.
4、 如权利要求 2所述的负荷分担方法, 其特征在于, 所述步骤 A中为 每个 NAT-PT处理单板配置两个 NAT-PT IPv6前缀, 并将其 IPv4地址池划 分为包含端口号的和不包含端口号的两部分, 分别与所述两个前缀对应。  The method of load balancing according to claim 2, wherein in the step A, two NAT-PT IPv6 prefixes are configured for each NAT-PT processing board, and the IPv4 address pool is divided into ports. The two parts of the number and the port number are not included, respectively, corresponding to the two prefixes.
5、 如权利要求 3或 4所述的负荷分担方法, 其特征在于, 所述步骤 B 中, NAT-PT 处理单板对所述域名解析请求报文及其响应报文的处理包括 NAT-PT处理和域名解析处理。  The load balancing method according to claim 3 or 4, wherein in the step B, the processing of the domain name resolution request message and the response message by the NAT-PT processing board includes NAT-PT Processing and domain name resolution processing.
6、 如权利要求 4所述的负荷分担方法, 其特征在于, 所述步骤 C中, 对于 IPv4 报文, 若与其目的 IPv4 地址匹配的地址池不包括端口号, 则 NAT-PT处理单板对其进行 NAT-PT处理, 否则进行 NAPT-PT处理; 对于 IPv6报文, 若与其匹配的前缀所对应的地址池不包括端口号, 则对其进行 NAT-PT处理, 否则进行 NAPT-PT处理。 The load sharing method according to claim 4, wherein in the step C, For an IPv4 packet, if the address pool matching the destination IPv4 address does not include the port number, the NAT-PT processing board performs NAT-PT processing on it, otherwise it performs NAPT-PT processing. For IPv6 packets, if it matches If the address pool corresponding to the prefix does not include the port number, NAT-PT processing is performed on it, otherwise NAPT-PT processing is performed.
7、 一种 NAT-PT设备, 其特征在于, 包括互连的接口单板和 NAT-PT 处理单板,所述接口单板包括互连的接口单元和决策分发单元,所述 NAT-PT 处理单板包括互连的 NAT-PT处理单元和资源管理单元, 其中: 所述接口单元用于接收和发送 IPv4和 IPv6报文;  A NAT-PT device, comprising: an interconnected interface board and a NAT-PT processing board, wherein the interface board includes an interconnected interface unit and a decision distribution unit, and the NAT-PT processing The board includes an interconnected NAT-PT processing unit and a resource management unit, where: the interface unit is configured to receive and send IPv4 and IPv6 messages;
所述决策分发单元用于将域名解析报文轮询发送至 NAT-PT处理单板; 判断与业务 4艮文的目的 IPv6地址前缀或目的 IPv4地址相匹配的 NAT-PT处 理单板, 将业务报文分发至与其相匹配的 NAT-PT处理单板; 所述 NAT-PT处理单元用于对报文进行处理;  The decision distribution unit is configured to send the domain name resolution message polling to the NAT-PT processing board, and determine the NAT-PT processing board that matches the destination IPv6 address prefix or the destination IPv4 address of the service. The packet is distributed to the matching NAT-PT processing board; the NAT-PT processing unit is configured to process the packet;
所述资源管理单元用于管理 NAT-PT处理单板的 IPv4地址池、 端口和 NAT-PT IPv6前缀资源。  The resource management unit is configured to manage an IPv4 address pool, a port, and a NAT-PT IPv6 prefix resource of the NAT-PT processing board.
8、 如权利要求 7所述的 NAT-PT设备, 其特征在于, 所述 NAT-PT处 理单元对域名解析报文进行 NAT-PT处理和域名解析处理, 根据报文 IPv6 的前缀或其目的地址所属 IPv4 地址池对业务 4良文进行 NAT-PT 处理或 NAPT-PT处理。  The NAT-PT device according to claim 7, wherein the NAT-PT processing unit performs NAT-PT processing and domain name resolution processing on the domain name resolution packet, according to the prefix of the packet IPv6 or its destination address. The IPv4 address pool belongs to NAT-PT processing or NAPT-PT processing.
9、 如权利要求 8所述的 NAT-PT设备, 其特征在于, 所述 NAT-PT处 理单板还包括存储单元, 用于存储 NAT-PT处理单板的 IPv4地址池、 端口 和 NAT-PT IPv6前缀资源。  The NAT-PT processing device according to claim 8, wherein the NAT-PT processing board further includes a storage unit, configured to store an IPv4 address pool, a port, and a NAT-PT of the NAT-PT processing board. IPv6 prefix resource.
10、 如权利要求 7、 8或 9所述的 NAT-PT设备, 其特征在于, 所述设 备还包括控制面处理单元和路由转发引擎单元, 其中, The NAT-PT device according to claim 7, 8 or 9, wherein the device further includes a control plane processing unit and a route forwarding engine unit, where
所述控制面处理单元用于处理进入设备的控制面命令和报文; 所述路由转发引擎单元用于完成报文的路由转发。  The control plane processing unit is configured to process a control plane command and a message that enters the device. The route forwarding engine unit is configured to complete routing and forwarding of the packet.
PCT/CN2007/003648 2007-10-22 2007-12-18 A nat-pt device and a load-sharing method for nat-pt device WO2009052668A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710124049.8A CN101150502A (en) 2007-10-22 2007-10-22 A NAT-PT device and its load share method
CN200710124049.8 2007-10-22

Publications (1)

Publication Number Publication Date
WO2009052668A1 true WO2009052668A1 (en) 2009-04-30

Family

ID=39250854

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/003648 WO2009052668A1 (en) 2007-10-22 2007-12-18 A nat-pt device and a load-sharing method for nat-pt device

Country Status (2)

Country Link
CN (1) CN101150502A (en)
WO (1) WO2009052668A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013123420A1 (en) * 2012-02-15 2013-08-22 F5 Networks, Inc. Load balancing using dns in a ipv4/ipv6 environment
US9106699B2 (en) 2010-11-04 2015-08-11 F5 Networks, Inc. Methods for handling requests between different resource record types and systems thereof
US9282116B1 (en) 2012-09-27 2016-03-08 F5 Networks, Inc. System and method for preventing DOS attacks utilizing invalid transaction statistics
USRE47019E1 (en) 2010-07-14 2018-08-28 F5 Networks, Inc. Methods for DNSSEC proxying and deployment amelioration and systems thereof
US10182013B1 (en) 2014-12-01 2019-01-15 F5 Networks, Inc. Methods for managing progressive image delivery and devices thereof
CN110086727A (en) * 2019-04-30 2019-08-02 新华三技术有限公司 Load sharing method and device between a kind of CGN plate
US10797888B1 (en) 2016-01-20 2020-10-06 F5 Networks, Inc. Methods for secured SCEP enrollment for client devices and devices thereof
CN112738290A (en) * 2020-12-25 2021-04-30 杭州迪普科技股份有限公司 NAT (network Address translation) conversion method, device and equipment
US11838851B1 (en) 2014-07-15 2023-12-05 F5, Inc. Methods for managing L7 traffic classification and devices thereof
US11895138B1 (en) 2015-02-02 2024-02-06 F5, Inc. Methods for improving web scanner accuracy and devices thereof

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150502A (en) * 2007-10-22 2008-03-26 中兴通讯股份有限公司 A NAT-PT device and its load share method
CN101247421B (en) * 2008-03-28 2011-09-07 杭州华三通信技术有限公司 Self-adapting distribution method and system of NAT address pool under distributed structure
CN102075921B (en) * 2009-11-24 2013-09-18 中国移动通信集团公司 Inter-network communication method and device
CN102469171B (en) * 2010-11-10 2015-11-11 中国移动通信集团公司 Realize the method for two terminal node intercommunications in different IP territory, system and equipment
CN102572003B (en) * 2010-12-08 2015-01-14 中国电信股份有限公司 Method and system for acquiring and processing multiplexing address and port range
CN102739820B (en) * 2012-06-28 2015-06-03 杭州华三通信技术有限公司 Message network address conversion processing method and network equipment
CN104519029B (en) * 2013-09-30 2018-10-02 中国电信股份有限公司 A kind of synchronous method and distributed protocol translation system
CN103797774B (en) * 2013-11-05 2017-07-21 华为技术有限公司 A kind of network address translation apparatus and method
CN104954239B (en) * 2014-03-26 2019-04-05 中国电信股份有限公司 A kind of broad access network gate and its implementation of built-in CGN
CN105323873A (en) * 2014-07-03 2016-02-10 中兴通讯股份有限公司 Base station and base station load sharing device and method
CN111741039B (en) * 2019-03-25 2022-06-03 阿里巴巴集团控股有限公司 Session request processing method and device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040165602A1 (en) * 2003-02-21 2004-08-26 Samsung Electronics Co., Ltd. Method and apparatus for interconnecting IPv4 and IPv6 networks
US20050083969A1 (en) * 2003-10-15 2005-04-21 Joo-Chul Lee Communication method using mobile IPv6 in NAT-PT environment and storage medium thereof
CN101119382A (en) * 2007-09-06 2008-02-06 中兴通讯股份有限公司 Method of mutual communication of IPv4 network and IPv6 network and communication network element system
CN101150502A (en) * 2007-10-22 2008-03-26 中兴通讯股份有限公司 A NAT-PT device and its load share method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040165602A1 (en) * 2003-02-21 2004-08-26 Samsung Electronics Co., Ltd. Method and apparatus for interconnecting IPv4 and IPv6 networks
US20050083969A1 (en) * 2003-10-15 2005-04-21 Joo-Chul Lee Communication method using mobile IPv6 in NAT-PT environment and storage medium thereof
CN101119382A (en) * 2007-09-06 2008-02-06 中兴通讯股份有限公司 Method of mutual communication of IPv4 network and IPv6 network and communication network element system
CN101150502A (en) * 2007-10-22 2008-03-26 中兴通讯股份有限公司 A NAT-PT device and its load share method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LU YIN ET AL.: "A SECURE GATEWAY OF HIGH PERFORMANCE FOR IPv6/IPv4 BASED ON NAT-PT", COMPUTER APPLICATIONS AND SOFTWARE, vol. 24, no. 9, September 2007 (2007-09-01), pages 7 - 10,29 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE47019E1 (en) 2010-07-14 2018-08-28 F5 Networks, Inc. Methods for DNSSEC proxying and deployment amelioration and systems thereof
US9106699B2 (en) 2010-11-04 2015-08-11 F5 Networks, Inc. Methods for handling requests between different resource record types and systems thereof
WO2013123420A1 (en) * 2012-02-15 2013-08-22 F5 Networks, Inc. Load balancing using dns in a ipv4/ipv6 environment
US9843554B2 (en) 2012-02-15 2017-12-12 F5 Networks, Inc. Methods for dynamic DNS implementation and systems thereof
US9282116B1 (en) 2012-09-27 2016-03-08 F5 Networks, Inc. System and method for preventing DOS attacks utilizing invalid transaction statistics
US11838851B1 (en) 2014-07-15 2023-12-05 F5, Inc. Methods for managing L7 traffic classification and devices thereof
US10182013B1 (en) 2014-12-01 2019-01-15 F5 Networks, Inc. Methods for managing progressive image delivery and devices thereof
US11895138B1 (en) 2015-02-02 2024-02-06 F5, Inc. Methods for improving web scanner accuracy and devices thereof
US10797888B1 (en) 2016-01-20 2020-10-06 F5 Networks, Inc. Methods for secured SCEP enrollment for client devices and devices thereof
CN110086727A (en) * 2019-04-30 2019-08-02 新华三技术有限公司 Load sharing method and device between a kind of CGN plate
CN110086727B (en) * 2019-04-30 2022-07-01 新华三技术有限公司 Load sharing method and device between CGN boards
CN112738290A (en) * 2020-12-25 2021-04-30 杭州迪普科技股份有限公司 NAT (network Address translation) conversion method, device and equipment

Also Published As

Publication number Publication date
CN101150502A (en) 2008-03-26

Similar Documents

Publication Publication Date Title
WO2009052668A1 (en) A nat-pt device and a load-sharing method for nat-pt device
US10887119B2 (en) Multicasting within distributed control plane of a switch
CA2968964C (en) Source ip address transparency systems and methods
WO2017000878A1 (en) Message processing
WO2021073565A1 (en) Service providing method and system
WO2013040942A1 (en) Data centre system and apparatus, and method for providing service
JP2004364141A (en) Ip address conversion device and packet transfer device
WO2010057386A1 (en) Data package forwarding method, system and device
JP2011040928A (en) Network system, packet forwarding apparatus, packet forwarding method, and computer program
WO2015143802A1 (en) Service function chaining processing method and device
WO2006114037A1 (en) A communication system with session border controller and a method for the transmission of the signaling
TW200924462A (en) System and method for connection of hosts behind NATs
CN109547354B (en) Load balancing method, device, system, core layer switch and storage medium
WO2011113393A2 (en) Virtual local area network identity transformation method and apparatus
CN112671938B (en) Business service providing method and system and remote acceleration gateway
WO2006125383A1 (en) A method for traversing the network address conversion/firewall device
WO2011131097A1 (en) Data message processing method, system and access service node
US20190253393A1 (en) Multi-access interface for internet protocol security
WO2011103820A2 (en) Method and apparatus for network address translation
US10805202B1 (en) Control plane compression of next hop information
WO2021184862A1 (en) Message sending method, first network device, and network system
EP3395049A1 (en) ROUTER AND METHOD FOR CONNECTING AN IPv4 NETWORK AND AN IPv6 NETWORK
WO2009146615A1 (en) A processing method, a system and a processor for network address translation service
WO2010054561A1 (en) Agent method of media stream, voice exchanger and communication system
US20230254183A1 (en) Generating route target values for virtual private network routes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07855697

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07855697

Country of ref document: EP

Kind code of ref document: A1