WO2011157126A2 - Packet forwarding method and inter-network routing apparatus - Google Patents

Packet forwarding method and inter-network routing apparatus Download PDF

Info

Publication number
WO2011157126A2
WO2011157126A2 PCT/CN2011/074975 CN2011074975W WO2011157126A2 WO 2011157126 A2 WO2011157126 A2 WO 2011157126A2 CN 2011074975 W CN2011074975 W CN 2011074975W WO 2011157126 A2 WO2011157126 A2 WO 2011157126A2
Authority
WO
WIPO (PCT)
Prior art keywords
address
private network
mapping
network side
port number
Prior art date
Application number
PCT/CN2011/074975
Other languages
French (fr)
Chinese (zh)
Other versions
WO2011157126A3 (en
Inventor
杨新江
高鹏
滕新东
佟兴
向海洲
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN2011800007448A priority Critical patent/CN102204191A/en
Priority to PCT/CN2011/074975 priority patent/WO2011157126A2/en
Publication of WO2011157126A2 publication Critical patent/WO2011157126A2/en
Publication of WO2011157126A3 publication Critical patent/WO2011157126A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • H04L49/3009Header conversion, routing tables or routing tags
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/60Router architectures

Definitions

  • the present invention relates to the field of networks, and in particular, to a packet forwarding method and an inter-network routing device. Background technique
  • NAT Network twork Addres s Trans l a t i on, network address translation
  • NAT technology is a technology for realizing the conversion between private IP addresses and public IP addresses.
  • NAT technology can be used to convert private I Pv4 addresses and IPv6 addresses of a large number of private network users into a small number of public IP Pv4 addresses, so that private network users can use I Pv4 addresses.
  • the connection to the public network is connected.
  • the conversion of a private IP address and an IPv6 address to a public network IP address is usually performed by an inter-network routing device as shown in FIG.
  • the packet on the private network side is sent to the private network side interface card through the private network side subcard.
  • the private network side interface board forwards the packet to the service board.
  • the service board performs NAT address mapping to complete the conversion from the private IP address to the public IP address.
  • the packets of the NAT address mapping are forwarded to the public network side interface card and sent to the public network through the public network side subcard.
  • the performance of the processing chip of the service board is limited, so that the processing performance of the service board is degraded, which becomes a bottleneck in the entire packet forwarding process.
  • the processing speed of the text is significantly higher than the speed at which the service board performs NAT address mapping.
  • the processing speed of the entire network routing device is limited by the processing speed of the service board, which wastes the processing capability of the interface board, making the overall processing speed difficult to further improve, and greatly affecting the packet forwarding speed. , is not conducive to large-scale commercial applications.
  • the embodiment of the invention provides a packet forwarding method and an inter-network routing device, which improves the speed of packet forwarding.
  • the embodiment of the present invention adopts the following technical solution: A packet forwarding method is applied to an inter-network routing device, where the inter-network routing device includes at least two sub-cards for forwarding packets.
  • the methods include:
  • Each of the sub-cards receives the first packet sent by the transmitting end of the private network side; the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side; The private network IP address of the sender on the private network side and the transport protocol port number of the sender on the private network side. Query the correspondence between the private network address and port pre-configured in the subcard and the public network address and port for mapping. The mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
  • An inter-network routing device includes at least two sub-cards for packet forwarding, and each sub-card further includes:
  • the first packet receiving unit is configured to receive the first packet sent by the sending end of the private network side; the first text carries the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side;
  • the public network address obtaining unit is configured to query the private network address, port, and mapping pre-set in the sub-card according to the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side. Corresponding relationship table between the network address and the port, and obtaining the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
  • a public network address replacing unit configured to send the private network side sender end in the first packet
  • the private network IP address and the transport protocol port number of the private network side sender are replaced by the mapping public network IP address and the mapping transport protocol port number, and the public network IP address for mapping and the transport protocol port number for mapping are generated.
  • the second packet sending unit is configured to send the second packet to the public network side.
  • the embodiment of the present invention provides a packet forwarding method and an inter-network routing device, which perform network address translation processing on a packet passing through the sub-card directly on each sub-card of the inter-network routing device, without
  • the network address translation processing is performed on the service board, which not only reduces the processing load of the service board, but also avoids the limitation of the processing speed of the entire network routing device by the service board to the network address translation processing speed of the service board.
  • the speed of message forwarding is performed on the service board, which not only reduces the processing load of the service board, but also avoids the limitation of the processing speed of the entire network routing device by the service board to the network address translation processing speed of the service board.
  • FIG. 1 is a schematic diagram of an inter-network routing device responsible for packet forwarding provided by the prior art
  • FIG. 2 is a flowchart of a method for forwarding a packet according to Embodiment 1 of the present invention
  • FIG. 3 is a block diagram of a subcard of an inter-network routing device in Embodiment 1 of the present invention.
  • FIG. 4 is a schematic diagram of an inter-network routing apparatus according to Embodiment 2 of the present invention.
  • FIG. 5 is a flowchart of a method for forwarding a packet according to Embodiment 2 of the present invention.
  • FIG. 6 is a schematic diagram of another inter-network routing apparatus according to Embodiment 2 of the present invention.
  • FIG. 7 is a schematic diagram of an inter-network routing apparatus provided in Embodiment 3 of the present invention.
  • FIG. 8 is a flowchart of a method for forwarding a packet according to Embodiment 3 of the present invention.
  • FIG. 9 is a block diagram of a subcard of an inter-network routing device according to Embodiment 4 of the present invention.
  • Figure 10 is a block diagram of the daughter card of the inter-network routing device based on Figure 9.
  • the embodiment of the invention provides a packet forwarding method. As shown in FIG. 2, the method includes the following steps:
  • the subcard receives the first packet sent by the sending end of the private network side.
  • the daughter card is located on an inter-network routing device between the private network and the public network.
  • the inter-network routing device usually includes a plurality of sub-cards, a plurality of interface boards corresponding to the sub-cards, and at least one switching network board for connecting to the interface board.
  • Each subcard receives the first message sent by the sender on the private network side.
  • the first file carries the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end.
  • the first packet carries the public network IP address of the receiving end of the public network side, the transmission protocol port number of the receiving end of the public network side, and the transmission protocol used by the first packet.
  • the conversion of the address and the port is performed in the sub-card: by querying the corresponding relationship table, obtaining a private network IP address and a private network with the sending end of the private network side
  • the mapping of the transmission protocol port number of the side transmitting end uses the public network IP address and the mapping transmission protocol port number, and replaces the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side.
  • the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end recorded in the first text are replaced and changed to the second message.
  • the second packet still carries the data information in the first packet. 1 04. Send the second packet to the public network side.
  • the second packet carries the public network IP address for mapping and the transport protocol port number for mapping, the public network IP address of the receiving end of the public network side, and the transport protocol port number of the receiving end of the public network side, and the The transport protocol used by the first message.
  • the second packet is finally sent to the receiving end of the public network side.
  • a TCP Transmit s i on Cont ro l Pro toco l
  • the device sends a first packet based on the TCP to the device B, and the IP address of the private network of the device A and the public IP address of the device B are recorded in the IP packet header of the first packet.
  • the TCP packet header the TCP port number of the device A and the TCP port number of the device B of the receiver are recorded.
  • the sub-card of the inter-network routing device After receiving the first packet based on the TCP, the sub-card of the inter-network routing device obtains a mapping IP address corresponding to the private network IP address of the device A by searching the corresponding relationship table, and the The TCP port number corresponding to the TCP port number of the device A uses the TCP port number, and the mapping IP address and the mapping TCP port number are used to replace the private IP address of the original device A and the TCP port number of the device A, thereby generating a TCP-based Second message.
  • the second TCP-based packet is finally transmitted to the device B in the public network.
  • the embodiment of the present invention further provides an inter-network routing device, where the inter-network routing device includes at least two sub-cards for packet forwarding.
  • the structure of the subcard is as shown in FIG. 3, and includes: a first packet receiving unit 31, a public network address obtaining unit 32, a public network address replacing unit 33, and a second packet transmitting unit 34.
  • the first packet receiving unit 31 is configured to receive the first packet sent by the sending end of the private network side, where the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol of the transmitting end of the private network side.
  • the port number is configured to be used to transmit the first packet sent by the sending end of the private network side.
  • the public network address obtaining unit 32 is configured to query, according to the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, the port, and the mapping preset in the subcard.
  • the mapping table between the public network address and the port obtains the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end.
  • the public network address replacing unit 33 is configured to replace the private network IP address of the private network side transmitting end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address. And mapping with the transport protocol port number, generating a public network IP carrying the mapping The address and mapping are the second text of the transport protocol port number.
  • the second packet sending unit 34 is configured to send the second packet to the public network side.
  • the embodiment of the invention provides a packet forwarding method and an inter-network routing device.
  • the address and port number mapping function is deployed on the daughter card of the inter-network routing device, and the distributed processing of the network address translation is performed by the daughter card to mitigate
  • the processing load of the service board avoids the limitation of the processing speed of the entire network routing device by the service board to perform network address translation processing on the packet, which greatly improves the packet forwarding speed.
  • the network on the private network side is more complex than the network on the public network side.
  • the number of subcards on the private network side is larger than the number of subcards on the public network side.
  • the embodiment of the present invention provides a packet forwarding method. As shown in FIG. 5, the method includes the following steps:
  • the service acceleration subcard receives the first packet sent by the sending end of the private network side.
  • the first packet is first transmitted to the private network side sub-card and forwarded by the private network side sub-card to the private network side interface board. After the private network side interface board performs corresponding processing on the first packet, The first packet is forwarded to the public network side interface board, and is forwarded by the public network side interface board to the service power port speed daughter card.
  • a part of the packet that needs to be processed in the service board (for example, the parsing of the application layer information) is forwarded to the private network side interface board.
  • the service board After the service board completes the related processing on the service board, the service board forwards the information to the public network side interface board.
  • the first message sent by the sending end of the private network side includes the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side, the transmission protocol used by the first file, and the public A quintuple consisting of the public network IP address of the receiving end of the network side and the transport protocol port number of the receiving end of the public network side.
  • the device of the private network side transmitting end of the private network IP address establishes a message transmission path with the device of the public network side receiving end of the public network IP address, and the transmission protocol port of the transmitting end of the private network side is used.
  • the transmission protocol port of the receiving end of the public network side sends the corresponding message processing and address mapping through the inter-network routing device, and transmits the corresponding data to the destination of the receiving end of the public network side.
  • the service acceleration subcard determines whether there is a first one sent by the sending end of the private network side. Corresponding relationship table corresponding to the text.
  • step 203 When the correspondence table exists in the service acceleration daughter card, the process goes to step 203; otherwise, the process goes to step 205.
  • the service acceleration sub-card obtains the mapping public network IP address and the mapping transmission protocol port number in the correspondence table corresponding to the first packet according to the quintuple of the first packet.
  • the first packet is transmitted to the service acceleration subcard of the inter-network routing device, and the service acceleration subcard searches the correspondence table according to the quintuple of the first packet to obtain the first ⁇
  • the mapping of the quintuple's quintuple uses the public network IP address and the mapping protocol port number.
  • the quintuple in the second packet is a public network IP address for mapping and a transport protocol port number for mapping, a transport protocol used by the first packet, and a public network IP address of the receiving end of the public network side.
  • the transmission protocol port number of the receiving end of the public network side is a public network IP address for mapping and a transport protocol port number for mapping, a transport protocol used by the first packet, and a public network IP address of the receiving end of the public network side.
  • step 204 After step 204 is performed, the process proceeds to step 206.
  • the service acceleration subcard allocates the public network IP address of the mapping and the transmission protocol protocol for the public network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message.
  • the port number The port number.
  • the service acceleration subcard records the mapping with the public network IP address and the mapping transmission protocol port number to the correspondence table.
  • the correspondence table records the correspondence between the quintuple of the first packet and the public IP address of the mapping and the transport protocol port number of the mapping, and has the same five-tuple as the first packet.
  • the mapping public network IP address and the mapping transmission protocol port number can be obtained by directly searching the corresponding relationship table, without performing the steps again. 205.
  • the second packet is sent to the public network side by the service acceleration subcard and finally transmitted to the public network side receiving end. 207.
  • the service acceleration subcard receives the third packet returned by the public network side.
  • the receiving end of the public network side receives the second packet, and performs a related process on the public network side of the second packet to generate a third packet.
  • the third packet carries the public IP address for mapping and the transport protocol port number for mapping, the transport protocol used by the third packet (same as the transport protocol used by the first packet), and the public network.
  • a quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
  • the third packet performs corresponding packet processing and network address translation by using the inter-network routing device.
  • the service acceleration subcard queries the corresponding relationship table, and obtains a private network IP address of the private network side sender end and a private network side sender end corresponding to the mapping public network IP address and the mapping transmission protocol port number. Protocol port number.
  • the third packet returned from the public network side is transmitted to the service acceleration daughter card of the network routing device, and the service acceleration daughter card searches for the correspondence table according to the quintuple of the third packet. And obtaining a private network IP address of the private network side sender end and a transport protocol port number of the private network side sender end corresponding to the third packet.
  • the correspondence table may be one, that is, the first text and the third text respectively obtain an address through the same correspondence table; optionally, two correspondence tables may also be set. They are a forward correspondence table and a reverse correspondence table, respectively.
  • the service acceleration subcard allocates the public IP address of the mapping and the transmission protocol port number of the mapping by the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. And the service acceleration subcard records the mapping of the public network IP address and the mapping transmission protocol port number to the forward correspondence table, and in the forward correspondence table, the foregoing A four-tuple quintuple can uniquely determine the corresponding public network for mapping
  • the private network IP address of the corresponding private network side sender and the transport protocol port number of the private network side sender end can be uniquely determined.
  • the private network IP addresses of the different private network side senders are different, so that the mapping public IP address corresponding to the mapping may be uniquely determined by the quintuple of the first packet.
  • the address and the mapping protocol port number are used, and the private network IP address of the corresponding private network side transmitting end and the transmission protocol port number of the private network side transmitting end are uniquely determined by the quintuple of the third message.
  • the computers in different VPNs can use the same private IP address, and the different private network side senders
  • the quintuple of a message can be identical.
  • the corresponding public IP address and mapping of the mapping are determined by the quintuple of the first packet and the identifier of the VPN where the transmitting end of the private network side of the first packet is sent.
  • the quintuple of the third packet and the identifier of the VPN where the sender of the private network side of the first packet are sent are jointly determined to be sent by the corresponding private network side.
  • the service acceleration subcard replaces the mapping between the public network IP address and the mapping transmission protocol port number in the third file with the private network IP address of the private network side sending end and the private network side sending end. Transmitting a protocol port number to generate a private network carrying the sender on the private network side
  • the fourth address of the IP address and the transmission protocol port number of the sender on the private network side is the fourth address of the IP address and the transmission protocol port number of the sender on the private network side.
  • the fourth packet is forwarded to the public network side interface board by the service acceleration subcard, and is forwarded by the public network side interface board to the private network side interface board, and then sent to the private network through the private network side subcard.
  • the side sender transmits.
  • a part of the packet that needs to be processed in the service packet (for example, the parsing of the application layer information) in the fourth packet is forwarded to the service board after being sent to the service board in the service board. After the related processing is complete, the service board forwards the packet to the private network side interface board.
  • a sub-card routing table is usually stored on the service board, and the routing relationship between the private network side sub-card and the public network side sub-card is recorded on the sub-card routing table.
  • the service board may send the sub-card routing table to the private network side sub-card and the service acceleration sub-card respectively.
  • the private network side sub-card forwards the first packet received by the private network side interface board to the public network side interface board and finally to the sub-card routing.
  • the service acceleration subcard forwards the third packet received by the service acceleration card to the interface board of the public network side and the interface board of the private network side, and finally sends the packet to the subcard routing table record.
  • the private network side of the subcard corresponding to the private network side of the subcard.
  • the service acceleration daughter card of the inter-network routing device queries the corresponding relationship table to send the first report sent by the IPv4 private network.
  • the private network IP address of the private network side sender and the transport protocol port number of the private network side sender end are replaced with the IPv4 format mapping public.
  • the network IP address and the mapping protocol port number are used, and the second packet that completes the network address translation is sent to the IPv4 public network.
  • the service acceleration daughter card of the inter-network routing device queries the corresponding relationship table to return the third packet returned by the IPv4 public network.
  • the mapping in the IPv4 format is replaced with the public network IP address of the private network side sender and the transport protocol port number of the private network side sender end in the IPv4 format by using the public network IP address and the mapping transport protocol port number.
  • the method provided by the embodiment of the present invention may also be performed.
  • the IP address of the IPv6 address is prefixed with the NAT64 prefix, and the remaining part of the I Pv6 address with the NAT64 prefix removed is the corresponding IP address.
  • the service acceleration subcard After receiving the first packet sent by the IPv6 private network, the service acceleration subcard replaces the private network IP address in the IPv6 format and the transport protocol port number of the private network side sender with the public network IP address in the IPv4 format according to the mapping table. The address and the mapping protocol port number are used.
  • the NAT64 prefix in the public network IP address of the public network side of the IPv6 format is also deleted.
  • the public network IP address of the public network side receiving end in IPv4 format is obtained.
  • the mapping in the IPv4 format is replaced with the public network IP address and the mapping transmission protocol port number in the IPv6 format according to the correspondence table.
  • the public network IP address of the public network side of the IPv4 format is prefixed with NAT64, and the IPv6 format is restored. The text is sent to the corresponding destination in the IPv6 private network.
  • IPv6 addresses that use IVI technology for network address translation
  • the IPv6 address has an I VI prefix
  • the rest of the IPv6 address with the IVI prefix removed is the corresponding IPv4 address.
  • the address translation between the IPv6 address and the IPv4 address of the service-accelerated daughter card is similar to the address translation between the IP address and the IPv4 address of the NAT prefix, and is not described here.
  • the function of allocating the mapping public network IP address and the mapping transmission protocol port number and the function of creating the correspondence relationship table may be retained in the service board.
  • the service acceleration subcard forwards the first packet sent by the private network side to the service board, so that the service board is the first one sent by the private network side.
  • Packet allocation mapping uses public IP address and mapping transmission
  • the protocol port number is created, and the corresponding correspondence table is created, and the corresponding relationship table is configured on the service acceleration daughter card.
  • the service acceleration subcard sends the second packet generated after the network address translation on the service board to the public network side.
  • the device may directly search for the Correspond to the relationship table, and perform the corresponding network address translation. It is not necessary to forward the packet to the service board for processing.
  • all the functions of the service board can be integrated into the service acceleration sub-card, and the service board is cancelled in the inter-network routing device, as shown in FIG. 6.
  • the service acceleration daughter card divides the corresponding relationship table J of the saved access that has been saved by itself.
  • UDP User Data Protocol
  • the service acceleration subcard receives the F IN/RST packet, it directly initiates rapid aging and deletes the corresponding relationship table of the corresponding TCP packet.
  • each public network subcard can be configured as the service acceleration subcard to share part of the network address translation function and improve the network address translation efficiency of the entire device.
  • the embodiment of the present invention provides a packet method, where the address and port number mapping function is deployed on the sub-card, which reduces the processing load of the service board, and avoids the processing speed of the packet flow processing by the entire network routing device.
  • the board limits the speed of network address translation processing on packets, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
  • the method provided by the embodiment of the present invention can be applied to address mapping between I Pv4 and address mapping between I Pv6 and IPv4 at the same time.
  • the service acceleration sub-card of the inter-network routing device in the second embodiment of the present invention is located on the public network side, and is applicable to an application environment with stable networking conditions.
  • the networking status is in a state of constant change (for example, when the network complexity on the private network side is lower than the network complexity on the public network side, installing the service acceleration daughter card on the private network side can save the cost of the device).
  • the service acceleration daughter card in the second embodiment of the invention needs to be frequently disassembled and changed in the installation position, resulting in cumbersome operation and insufficient flexibility of the entire device.
  • the network address translation function can be integrated on the public network side subcard and the private network side subcard, respectively, to form a private network side service acceleration subcard and a public network side service acceleration subcard, as shown in FIG. 7.
  • the embodiment of the present invention provides a packet forwarding method. As shown in FIG. 8, the method includes the following steps:
  • the private network side service acceleration subcard receives the first packet sent by the sending end of the private network side.
  • the first message sent by the sending end of the private network side includes the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side, and the transmission protocol used by the first file and the public network.
  • a quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
  • a part of the packet that needs to be processed in the service board (for example, the parsing of the application layer information) is forwarded to the private network side interface board.
  • the service board After the service board completes the related processing on the service board, the service board forwards the information to the public network side interface board.
  • the private network side service acceleration subcard determines whether there is a correspondence table corresponding to the first message sent by the sending end of the private network side.
  • step 303 When the correspondence table exists in the private network side service acceleration daughter card, the process goes to step 303; otherwise, the process goes to step 305.
  • the private network side service acceleration subcard obtains the mapping public network IP address and the mapping transport protocol port number in the correspondence table corresponding to the first packet according to the quintuple of the first packet.
  • step 304 After performing step 304, the process proceeds to step 306.
  • the private network side service acceleration subcard forwards the first packet to the service board.
  • the service board allocates the public network IP address of the private network side of the first network and the transport protocol port number of the private network side of the first network to allocate the public IP address for mapping and the transport protocol port number for mapping. Second message. At the same time, the service board records the mapping of the public network IP address and the mapping transmission protocol port number to the corresponding relationship table, and sends the corresponding relationship table to the private network side service acceleration daughter card and the public network respectively. Side service acceleration daughter card.
  • the service board can generate two correspondence tables, which are positive correspondences.
  • the table and the reverse correspondence table are sent to the private network side service acceleration daughter card, and the reverse correspondence table is sent to the public network side service acceleration daughter card.
  • the forward correspondence table and the reverse correspondence table refer to the description in Embodiment 2, and details are not described herein again.
  • the private network side service acceleration subcard forwards the second packet to the public network side interface board through the private network side interface board, and forwards the second packet to the public network side service acceleration daughter card by the public network side interface board, and then The public network side service acceleration subcard is transmitted to the receiving end of the public network side.
  • the service network acceleration subcard of the public network side receives the third packet returned by the receiving end of the public network side.
  • the receiving end of the public network side receives the second packet, and performs a related process on the public network side of the second packet to generate a third packet.
  • the third packet carries the public IP address for mapping and the transport protocol port number for mapping, the transport protocol used by the third packet (same as the transport protocol used by the first packet), and the public network.
  • a quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
  • the public network side service acceleration subcard queries the corresponding relationship table, and obtains a private network IP address and a private network side of the private network side sending end corresponding to the mapping public network IP address and the mapping transmission protocol port number.
  • the transmission protocol port number of the sender is not limited to the public network side service acceleration subcard.
  • the public network side service acceleration subcard replaces the mapping in the third packet with the public network IP address and the mapping transmission protocol port number with the private network IP address and the private network of the private network side sending end.
  • the transmission protocol port number of the side transmitting end generates a fourth packet carrying the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side.
  • the public network side service acceleration subcard forwards the fourth packet to the private network side interface board through the public network side interface board, and forwards the private network side interface board to the private network side service acceleration subcard, and then privately The network side service acceleration subcard sends the fourth packet to the private network side.
  • the fourth packet is forwarded to the public network side interface board by the service acceleration subcard, and is forwarded by the public network side interface board to the private network side interface board, and then sent to the private network through the private network side subcard.
  • the side sender transmits.
  • a part of the packet that needs to be processed in the service packet (for example, the parsing of the application layer information) in the fourth packet is forwarded to the service board after being sent to the service board in the service board. After the related processing is complete, the service board forwards the packet to the private network side interface board.
  • a sub-card routing table is usually stored on the service board, and the routing relationship between the private network side sub-card and the public network side sub-card is recorded on the sub-card routing table.
  • the service board may send the sub-card routing table to the private network side service acceleration sub-card and the service acceleration sub-card respectively.
  • the private network-side service sub-card forwards the first packet received by the private network side interface board to the public network side interface board and the public network side interface board, and finally sends the packet to the sub-card.
  • the service acceleration subcard forwards the third packet received by the service acceleration card to the interface card of the public network side and the interface board of the private network side, and finally sends the packet to the subcard routing table. Record the corresponding private network side subcard.
  • the method in the embodiment of the present invention may be applied to network address translation between an IPv4 private network and an IPv4 public network, and network address translation between an I Pv6 private network and an IPv4 public network (including NAT64 technology and IV I technology), and the specific description may be Reference is made to the description in Embodiment 2 of the present invention, and details are not described herein again.
  • the private network IP addresses of the different private network side senders are different, so that the mapping public IP address corresponding to the mapping may be uniquely determined by the quintuple of the first packet.
  • the address and the mapping protocol port number are used, and the private network IP address of the corresponding private network side transmitting end and the transmission protocol port number of the private network side transmitting end are uniquely determined by the quintuple of the third message.
  • computers in different VPNs can be used.
  • the same private IP address, the quintuple of the first packet on the different private network side senders can be identical.
  • the corresponding public IP address and mapping of the mapping are determined by the quintuple of the first packet and the identifier of the VPN where the transmitting end of the private network side of the first packet is sent.
  • the quintuple of the third packet and the identifier of the VPN where the sender of the private network side of the first packet are sent are jointly determined to be sent by the corresponding private network side.
  • the function of allocating the mapping public network IP address and the mapping transmission protocol port number and the function of creating the correspondence relationship table may be integrated into the public network side service acceleration.
  • the sub-card and the private network side service acceleration sub-card; further, the other processing functions of the service board can be integrated into the public network side service acceleration sub-card and the private network side service acceleration sub-card, thereby being in the network
  • the service board is canceled in the routing device.
  • the embodiment of the present invention provides a packet forwarding method, in which the address and port number mapping function is deployed on the sub-card, which reduces the processing load of the service board, and avoids the processing speed of the packet processing by the entire network routing device.
  • the service board limits the speed of network address translation processing of packets, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
  • the method provided by the embodiment of the present invention can be applied to address mapping between IPv4 and address mapping between IPv6 and IPv4.
  • the service acceleration sub-card is deployed on both the public network side and the private network side, which is applicable to a scenario in which the networking situation is complex and variable, and the flexibility of the entire device is improved.
  • An embodiment of the present invention provides an inter-network routing device, where the inter-network routing device includes at least two sub-cards for packet forwarding.
  • the structure of the subcard is as shown in FIG. 9, and includes: a first packet receiving unit 41, a public network address obtaining unit 42, a public network address replacing unit 43, a second packet sending unit 44, and a third packet receiving unit. 45.
  • the first packet receiving unit 41 is configured to receive the first packet sent by the sending end of the private network side, where the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol of the transmitting end of the private network side.
  • the port number is configured to be used to transmit the first packet sent by the sending end of the private network side.
  • the public network address obtaining unit 42 is configured to query, according to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, the port, and the mapping preset in the subcard.
  • the mapping table between the public network address and the port obtains the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end. .
  • the public network address replacing unit 43 is configured to replace the private network IP address of the private network side transmitting end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address. And mapping the transport protocol port number to generate a second packet carrying the public IP address of the mapping and the transport protocol port number of the mapping.
  • the second packet sending unit 44 is configured to send the second packet to the public network side.
  • the third packet receiving unit 45 is configured to receive the third packet returned by the public network side.
  • the receiving end of the public network side receives the second packet, and performs related processing on the public network side of the second packet, and then generates a third packet and sends the packet to the inter-network routing device.
  • the third packet carries the public IP address for mapping and the transport protocol port number for mapping.
  • the private network address obtaining unit 46 is configured to query the correspondence relationship table according to the mapping public network IP address and the mapping transmission protocol port number, and obtain the mapping public network IP address and the mapping transmission protocol port number.
  • the private network address replacing unit 47 is configured to replace the mapping with the public network IP address and the mapping transmission protocol port number in the third packet with the private network IP address and the transmission protocol of the private network side transmitting end.
  • the port number is generated to generate a fourth packet carrying the private network IP address and the transmission protocol port number of the private network side sender.
  • the fourth packet sending unit 48 is configured to send the fourth packet to the private network side sending end.
  • the apparatus further includes: a public network address assigning unit 49, a correspondence relationship recording unit 410, a message forwarding unit 41 1 , a public network address receiving unit 412, a correspondence relationship table receiving unit 41 3, and Correspondence table deletion unit 414.
  • the public network address assigning unit 49 is configured to: when the corresponding relationship table does not exist in the subcard, the private network IP address of the private network side transmitting end and the private network side sending end of the first packet
  • the transport protocol port number assigns the mapping public network IP address and the mapping transport protocol port number.
  • the correspondence relationship recording unit 410 is configured to record the mapped public network IP address and the mapping transmission protocol port number after the mapping public network IP address and the mapping transmission protocol port number are allocated in the child card. Go to the correspondence table.
  • the message forwarding unit 411 is configured to: when the sub-card does not have the corresponding relationship table, the sub-card forwards the first packet sent by the private network side to the service board.
  • the service board allocates the public network IP address of the mapping and the transmission protocol port number of the mapping by the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. And mapping the allocated mapping to the correspondence relationship table by using a public network IP address and a mapping transmission protocol port number.
  • the public network address receiving unit 412 is configured to receive the mapping public IP address and the mapping transmission protocol port number allocated by the service board, to replace the private network IP address of the private network side sending end and the private network side sending The transport protocol port number of the end.
  • the correspondence relationship receiving unit 41 3 is configured to receive the record from the service board when receiving the mapping public network IP address and the mapping transmission protocol port number allocated by the service board.
  • the mapping uses the correspondence table of the public network IP address and the mapping transmission protocol port number.
  • the correspondence table deleting unit 414 is configured to delete the correspondence table that has been accessed in the child card.
  • Embodiment 2 and Embodiment 3 of the present invention For other application scenarios and related descriptions of the embodiments of the present invention, reference may be made to Embodiment 2 and Embodiment 3 of the present invention, and details are not described herein again.
  • the embodiment of the invention provides an inter-network routing device, which reduces the processing load of the service board by using the function of mapping the address and port number on the sub-card of the device, and avoids the flow of the entire network routing device.
  • the processing speed is limited by the speed at which the service board performs network address translation processing on the packet, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
  • the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. .
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk, etc. includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.

Abstract

A packet forwarding method and an inter-network routing apparatus are provided, wherein the inter-network routing apparatus includes at least two sub-cards used for packet forwarding. The packet forwarding method includes: receiving, by each sub-card of the inter-network routing apparatus, a first packet sent from a transmitting end at the private network side; inquiring, according to the private network IP address and the private network transmission protocol port number carried in the first packet, a corresponding relationship table, which is preset in the sub-card, between the private network address and port and the public network address and port for mapping, and obtaining the public network IP address and the transmission protocol port number for mapping corresponding to the private network IP address and the private network transmission protocol port number; substituting the private network IP address and the private network transmission protocol port number with the public network IP address for mapping and the transmission protocol port number for mapping, and generating a second packet; sending the second packet to the public network side. The present invention improves the packet forwarding speed by disposing the network address translation function into each sub-card.

Description

一种报文转发方法和网间路由装置 技术领域  Message forwarding method and network routing device
本发明涉及网络领域,尤其涉及一种报文转发方法和网间路由装置。 背景技术  The present invention relates to the field of networks, and in particular, to a packet forwarding method and an inter-network routing device. Background technique
NAT ( Ne twork Addres s Trans l a t i on, 网络地址转换) 技术是一种 实现私有 IP地址与公有 IP地址之间转换的技术。在目前合法的 IPv4地 址日益枯竭的背景下, 利用 NAT技术, 可以将大量私网用户的私有 I Pv4 地址、 IPv6 地址转换为少量的公网 I Pv4 地址, 以实现私网用户对使用 I Pv4地址的公网的连接访问。  NAT (Ne twork Addres s Trans l a t i on, network address translation) technology is a technology for realizing the conversion between private IP addresses and public IP addresses. In the context of the current depletion of legitimate IPv4 addresses, NAT technology can be used to convert private I Pv4 addresses and IPv6 addresses of a large number of private network users into a small number of public IP Pv4 addresses, so that private network users can use I Pv4 addresses. The connection to the public network is connected.
目前, 私有 I Pv4地址、 IPv6地址到公网 IP地址的转换通常由如图 1 所示的网间路由设备执行。 图 1 中, 私网侧的报文经过私网侧子卡发 送到私网侧接口板上, 所述私网侧接口板执行对报文的相关处理后, 将 所述报文转发到业务板并由业务板执行 NAT地址映射,以完成私有 IP地 址到公有 IP地址的转换。完成 NAT地址映射的报文传递到公网侧接口板 上, 并经公网侧子卡发送到公网。  Currently, the conversion of a private IP address and an IPv6 address to a public network IP address is usually performed by an inter-network routing device as shown in FIG. In Figure 1, the packet on the private network side is sent to the private network side interface card through the private network side subcard. After the packet is processed, the private network side interface board forwards the packet to the service board. The service board performs NAT address mapping to complete the conversion from the private IP address to the public IP address. The packets of the NAT address mapping are forwarded to the public network side interface card and sent to the public network through the public network side subcard.
而实际应用中, 当 NAT映射业务量较大时, 由于所述业务板的处理 芯片的性能有限, 使得所述业务板的处理性能下降, 成为整个报文转发 过程中的瓶颈, 接口板对报文的处理速度明显高于业务板执行 NAT地址 映射的速度。 在这种情况下, 整个网间路由设备对报文的处理速度受到 业务板处理速度的限制, 浪费了接口板的处理能力, 使得整体处理速度 难以进一步提高, 并且大大影响了报文转发的速度, 不利于大规模的商 业应用。  In the actual application, when the traffic of the NAT mapping is large, the performance of the processing chip of the service board is limited, so that the processing performance of the service board is degraded, which becomes a bottleneck in the entire packet forwarding process. The processing speed of the text is significantly higher than the speed at which the service board performs NAT address mapping. In this case, the processing speed of the entire network routing device is limited by the processing speed of the service board, which wastes the processing capability of the interface board, making the overall processing speed difficult to further improve, and greatly affecting the packet forwarding speed. , is not conducive to large-scale commercial applications.
发明内容 Summary of the invention
本发明的实施例提供一种报文转发方法和网间路由装置, 提高了报 文转发的速度。 为达到上述目的, 本发明的实施例采用如下技术方案: 一种报文转发方法, 应用于网间路由装置上, 所述网间路由装置包 括至少两块用于转发报文的子卡, 所述方法包括: The embodiment of the invention provides a packet forwarding method and an inter-network routing device, which improves the speed of packet forwarding. To achieve the above objective, the embodiment of the present invention adopts the following technical solution: A packet forwarding method is applied to an inter-network routing device, where the inter-network routing device includes at least two sub-cards for forwarding packets. The methods include:
每一块子卡接收私网侧发送端发出的第一报文; 所述第一报文中携 带所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口号; 根据所述私网侧发送端的私网 IP 地址和私网侧发送端的传输协议 端口号, 查询预设置在所述子卡中的私网地址及端口与映射用公网地址 及端口的对应关系表,获取与所述私网侧发送端的私网 IP地址和私网侧 发送端的传输协议端口号对应的所述映射用公网 IP 地址和映射用传输 协议端口号;  Each of the sub-cards receives the first packet sent by the transmitting end of the private network side; the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side; The private network IP address of the sender on the private network side and the transport protocol port number of the sender on the private network side. Query the correspondence between the private network address and port pre-configured in the subcard and the public network address and port for mapping. The mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
将所述第一 4艮文中的所述私网侧发送端的私网 I P 地址和私网侧发 送端的传输协议端口号,替换为所述映射用公网 IP地址和映射用传输协 议端口号,生成携带所述映射用公网 IP地址和映射用传输协议端口号的 第二报文;  And replacing the private network IP address of the private network side sender end and the transport protocol port number of the private network side sender end in the first 艮 艮 为 所述Carrying the second message of the mapping public network IP address and the mapping transmission protocol port number;
将所述第二报文发送给公网侧。  Send the second packet to the public network side.
一种网间路由装置, 包括至少两块用于报文转发的子卡, 每一块子 卡进一步包括:  An inter-network routing device includes at least two sub-cards for packet forwarding, and each sub-card further includes:
第一报文接收单元, 用于接收私网侧发送端发出的第一报文; 所述 第一 文中携带所述私网侧发送端的私网 IP 地址和私网侧发送端的传 输协议端口号;  The first packet receiving unit is configured to receive the first packet sent by the sending end of the private network side; the first text carries the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side;
公网地址获取单元,用于根据所述私网侧发送端的私网 IP地址和私 网侧发送端的传输协议端口号, 查询预设置在所述子卡中的私网地址及 端口与映射用公网地址及端口的对应关系表, 获取与所述私网侧发送端 的私网 IP 地址和私网侧发送端的传输协议端口号对应的所述映射用公 网 IP地址和映射用传输协议端口号;  The public network address obtaining unit is configured to query the private network address, port, and mapping pre-set in the sub-card according to the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side. Corresponding relationship table between the network address and the port, and obtaining the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
公网地址替换单元, 用于将所述第一报文中的所述私网侧发送端的 私网 IP地址和私网侧发送端的传输协议端口号,替换为所述映射用公网 IP地址和映射用传输协议端口号, 生成携带所述映射用公网 IP地址和 映射用传输协议端口号的第二报文; a public network address replacing unit, configured to send the private network side sender end in the first packet The private network IP address and the transport protocol port number of the private network side sender are replaced by the mapping public network IP address and the mapping transport protocol port number, and the public network IP address for mapping and the transport protocol port number for mapping are generated. Second message;
第二报文发送单元, 用于将所述第二报文发送给公网侧。  The second packet sending unit is configured to send the second packet to the public network side.
本发明实施例提供了一种报文转发方法和网间路由装置, 通过在网 间路由装置的各子卡上直接对经过所述子卡的报文进行网络地址转换处 理, 而不需要再上送给业务板进行网络地址转换处理, 不仅降低了业务 板的处理负担, 而且避免了整个网间路由设备对报文的处理速度受业务 板对报文进行网络地址转换处理速度的限制, 大大提升了报文转发的速 度。  The embodiment of the present invention provides a packet forwarding method and an inter-network routing device, which perform network address translation processing on a packet passing through the sub-card directly on each sub-card of the inter-network routing device, without The network address translation processing is performed on the service board, which not only reduces the processing load of the service board, but also avoids the limitation of the processing speed of the entire network routing device by the service board to the network address translation processing speed of the service board. The speed of message forwarding.
附图说明 DRAWINGS
图 1为现有技术提供的负责报文转发的网间路由设备的示意图; 图 2为本发明实施例 1 中报文转发的方法的流程图;  1 is a schematic diagram of an inter-network routing device responsible for packet forwarding provided by the prior art; FIG. 2 is a flowchart of a method for forwarding a packet according to Embodiment 1 of the present invention;
图 3为本发明实施例 1 中网间路由装置的子卡框图;  3 is a block diagram of a subcard of an inter-network routing device in Embodiment 1 of the present invention;
图 4为本发明实施例 2中提供的网间路由装置的示意图;  4 is a schematic diagram of an inter-network routing apparatus according to Embodiment 2 of the present invention;
图 5为本发明实施例 2中报文转发的方法的流程图;  5 is a flowchart of a method for forwarding a packet according to Embodiment 2 of the present invention;
图 6为本发明实施例 2中另一种网间路由装置的示意图;  6 is a schematic diagram of another inter-network routing apparatus according to Embodiment 2 of the present invention;
图 7为本发明实施例 3中提供的网间路由装置的示意图;  7 is a schematic diagram of an inter-network routing apparatus provided in Embodiment 3 of the present invention;
图 8为本发明实施例 3中报文转发的方法的流程图;  8 is a flowchart of a method for forwarding a packet according to Embodiment 3 of the present invention;
图 9为本发明实施例 4中网间路由装置的子卡框图;  9 is a block diagram of a subcard of an inter-network routing device according to Embodiment 4 of the present invention;
图 1 0为在图 9基础上的网间路由装置的子卡框图。  Figure 10 is a block diagram of the daughter card of the inter-network routing device based on Figure 9.
具体实施方式 detailed description
下面结合本发明实施例的附图对本发明实施例的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全 部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创造 性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。 实施例 1 : The technical solutions of the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings of the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention. Example 1:
本发明实施例提供了一种报文转发方法, 如图 2 所示, 所述方法 包括以下步骤:  The embodiment of the invention provides a packet forwarding method. As shown in FIG. 2, the method includes the following steps:
101、 子卡接收私网侧发送端发出的第一报文。  101. The subcard receives the first packet sent by the sending end of the private network side.
所述子卡位于私网与公网间的网间路由装置上。所述网间路由装置 通常包括多块子卡, 多块与子卡对应连接的接口板, 以及至少一块用于 与接口板连接的交换网板。每一块子卡接收私网侧发送端发出的第一报 文。 所述第一^艮文中携带所述私网侧发送端的私网 IP地址和私网侧发 送端的传输协议端口号。 同时, 所述第一报文中还携带公网侧接收端的 公网 IP地址和公网侧接收端的传输协议端口号、 以及所述第一报文使 用的传输协议。  The daughter card is located on an inter-network routing device between the private network and the public network. The inter-network routing device usually includes a plurality of sub-cards, a plurality of interface boards corresponding to the sub-cards, and at least one switching network board for connecting to the interface board. Each subcard receives the first message sent by the sender on the private network side. The first file carries the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end. The first packet carries the public network IP address of the receiving end of the public network side, the transmission protocol port number of the receiving end of the public network side, and the transmission protocol used by the first packet.
102、获取与所述私网侧发送端的私网 I P地址和私网侧发送端的传 输协议端口号对应的映射用公网 IP地址和映射用传输协议端口号。  102. Obtain a mapping public network IP address and a mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side.
根据所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议 端口号,查询预设置在所述子卡中的私网地址及端口与映射用公网地址 及端口的对应关系表, 获取与所述私网侧发送端的私网 IP地址和公网 侧接收端的传输协议端口号对应的映射用公网 IP地址和映射用传输协 议端口号。  Querying the correspondence between the private network address and the port pre-set in the sub-card and the public network address and port for mapping according to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side And obtaining a mapping public network IP address and a mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the receiving end of the public network side.
103、将所述第一报文中的所述私网侧发送端的私网 I P地址和私网 侧发送端的传输协议端口号, 替换为所述映射用公网 IP地址和映射用 传输协议端口号, 生成携带所述映射用公网 IP地址和映射用传输协议 端口号的第二报文。  103. Replace the private network IP address of the private network side sending end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address and the mapping transport protocol port number. And generating a second packet carrying the public IP address of the mapping and the transport protocol port number of the mapping.
私网中的设备在向公网中的设备发送报文时,首先要通过 NAT转换 设备进行地址及端口的转换。 具体来说, 在本发明实施例中, 所述地址 及端口的转换在所述子卡中进行: 通过查询所述对应关系表, 获取与所 述私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口号对应 的映射用公网 IP地址和映射用传输协议端口号, 并替换所述私网侧发 送端的私网 IP地址和私网侧发送端的传输协议端口号。 所述第一 ^艮文 中记录的私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口 号被替换后变更为所述第二报文。所述第二报文仍携带所述第一报文中 的数据信息。 1 04、 将所述第二报文发送给公网侧。 When a device on the private network sends a packet to a device on the public network, it first needs to translate the address and port through the NAT translation device. Specifically, in the embodiment of the present invention, the conversion of the address and the port is performed in the sub-card: by querying the corresponding relationship table, obtaining a private network IP address and a private network with the sending end of the private network side The mapping of the transmission protocol port number of the side transmitting end uses the public network IP address and the mapping transmission protocol port number, and replaces the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side. The private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end recorded in the first text are replaced and changed to the second message. The second packet still carries the data information in the first packet. 1 04. Send the second packet to the public network side.
所述第二报文中携带了所述映射用公网 I P地址和映射用传输协议 端口号, 所述公网侧接收端的公网 IP地址和公网侧接收端的传输协议 端口号, 以及所述第一报文使用的传输协议。 所述第二报文最终被发送 到公网侧接收端。  The second packet carries the public network IP address for mapping and the transport protocol port number for mapping, the public network IP address of the receiving end of the public network side, and the transport protocol port number of the receiving end of the public network side, and the The transport protocol used by the first message. The second packet is finally sent to the receiving end of the public network side.
举例来说,私网中的设备 A与公网中的设备 B之间建立了一条 TCP ( Transmi s s i on Cont ro l Pro toco l , 传输控制协议) 连接。 设备 Α向 设备 B发送一条基于 TCP的第一报文, 在所述基于 TCP的第一报文的 IP报文头中,记录有设备 A的私网 I P地址, 设备 B的公网 IP地址;此 外, 在 TCP报文头中, 记录有设备 A的 TCP端口号以及接收方的设备 B 的 TCP端口号。所述网间路由装置的子卡接收所述基于 TCP的第一报文 后, 通过查找所述对应关系表, 获取与所述设备 A的私网 IP地址对应 的映射用 IP地址以及与所述设备 A的 TCP端口号对应的映射用 TCP端 口号, 并将映射用 IP地址以及映射用 TCP端口号替换原有的设备 A的 私网 IP地址以及设备 A的 TCP端口号,从而生成基于 TCP的第二报文。 所述基于 TCP的第二报文最终传输到公网中的设备 B上。  For example, a TCP (Transmit s i on Cont ro l Pro toco l) connection is established between device A in the private network and device B in the public network. The device sends a first packet based on the TCP to the device B, and the IP address of the private network of the device A and the public IP address of the device B are recorded in the IP packet header of the first packet. In addition, in the TCP packet header, the TCP port number of the device A and the TCP port number of the device B of the receiver are recorded. After receiving the first packet based on the TCP, the sub-card of the inter-network routing device obtains a mapping IP address corresponding to the private network IP address of the device A by searching the corresponding relationship table, and the The TCP port number corresponding to the TCP port number of the device A uses the TCP port number, and the mapping IP address and the mapping TCP port number are used to replace the private IP address of the original device A and the TCP port number of the device A, thereby generating a TCP-based Second message. The second TCP-based packet is finally transmitted to the device B in the public network.
本发明实施例还提供了一种网间路由装置, 所述网间路由装置包 括至少两块用于报文转发的子卡。 所述子卡的结构如图 3所示, 包括: 第一报文接收单元 31、 公网地址获取单元 32、 公网地址替换单元 33 和第二报文发送单元 34。  The embodiment of the present invention further provides an inter-network routing device, where the inter-network routing device includes at least two sub-cards for packet forwarding. The structure of the subcard is as shown in FIG. 3, and includes: a first packet receiving unit 31, a public network address obtaining unit 32, a public network address replacing unit 33, and a second packet transmitting unit 34.
第一报文接收单元 31 , 用于接收私网侧发送端发出的第一报文; 所述第一 4艮文中携带所述私网侧发送端的私网 IP地址和私网侧发送端 的传输协议端口号。  The first packet receiving unit 31 is configured to receive the first packet sent by the sending end of the private network side, where the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol of the transmitting end of the private network side. The port number.
公网地址获取单元 32 , 用于根据所述私网侧发送端的私网 IP地址 和私网侧发送端的传输协议端口号,查询预设置在所述子卡中的私网地 址及端口与映射用公网地址及端口的对应关系表,获取与所述私网侧发 送端的私网 IP地址和私网侧发送端的传输协议端口号对应的映射用公 网 I P地址和映射用传输协议端口号。  The public network address obtaining unit 32 is configured to query, according to the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, the port, and the mapping preset in the subcard. The mapping table between the public network address and the port obtains the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end.
公网地址替换单元 33 , 用于将所述第一报文中的所述私网侧发送 端的私网 IP地址和私网侧发送端的传输协议端口号, 替换为所述映射 用公网 I P地址和映射用传输协议端口号, 生成携带所述映射用公网 I P 地址和映射用传输协议端口号的第二 ^艮文。 The public network address replacing unit 33 is configured to replace the private network IP address of the private network side transmitting end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address. And mapping with the transport protocol port number, generating a public network IP carrying the mapping The address and mapping are the second text of the transport protocol port number.
第二报文发送单元 34 , 用于将所述第二报文发送给公网侧。  The second packet sending unit 34 is configured to send the second packet to the public network side.
本发明实施例提供了一种报文转发方法和网间路由装置, 在网间 路由装置的子卡上部署了地址和端口号映射的功能,通过子卡执行网络 地址转换的分布式处理, 减轻了业务板的处理负担,避免了整个网间路 由装置对报文的处理速度受业务板对报文进行网络地址转换处理速度 的限制, 大大提升了报文转发的速度。  The embodiment of the invention provides a packet forwarding method and an inter-network routing device. The address and port number mapping function is deployed on the daughter card of the inter-network routing device, and the distributed processing of the network address translation is performed by the daughter card to mitigate The processing load of the service board avoids the limitation of the processing speed of the entire network routing device by the service board to perform network address translation processing on the packet, which greatly improves the packet forwarding speed.
实施例 2 :  Example 2:
在常见的网络部署中, 私网侧的网络要比公网侧的网络复杂, 相 应的,私网侧的子卡数量也多于公网侧的子卡数量,考虑到设备的成本, 可以将网络地址转换的功能从业务板迁移到公网侧子卡上,将公网侧子 卡设置为业务加速子卡, 如图 4所示。 在此场景下, 本发明实施例提供 了一种报文转发方法, 如图 5所示, 所述方法包括以下步骤:  In a common network deployment, the network on the private network side is more complex than the network on the public network side. Correspondingly, the number of subcards on the private network side is larger than the number of subcards on the public network side. Considering the cost of the equipment, you can The network address translation function is migrated from the service board to the public network side daughter card, and the public network side daughter card is set as the service acceleration daughter card, as shown in Figure 4. In this scenario, the embodiment of the present invention provides a packet forwarding method. As shown in FIG. 5, the method includes the following steps:
201、 业务加速子卡接收私网侧发送端发出的第一报文。  201. The service acceleration subcard receives the first packet sent by the sending end of the private network side.
所述第一报文首先传输至私网侧子卡并由私网侧子卡转发至私网 侧接口板, 在所述私网侧接口板执行对所述第一报文的相应处理后,将 所述第一报文转发至公网侧接口板,并由所述公网侧接口板转发至业务 力口速子卡。  The first packet is first transmitted to the private network side sub-card and forwarded by the private network side sub-card to the private network side interface board. After the private network side interface board performs corresponding processing on the first packet, The first packet is forwarded to the public network side interface board, and is forwarded by the public network side interface board to the service power port speed daughter card.
对于所述私网侧发送端发出的第一报文中需要在业务板中进行相 关处理(比如, 应用层信息的解析)的一部分报文, 要在经过所述私网 侧接口板后转发至业务板,在业务板中完成相关处理后再由业务板转发 至公网侧接口板。  For the first packet sent by the sending end of the private network, a part of the packet that needs to be processed in the service board (for example, the parsing of the application layer information) is forwarded to the private network side interface board. After the service board completes the related processing on the service board, the service board forwards the information to the public network side interface board.
私网侧发送端发出的第一 4艮文中包括由所述私网侧发送端的私网 IP 地址和私网侧发送端的传输协议端口号, 所述第一^艮文使用的传输 协议, 以及公网侧接收端的公网 IP地址和公网侧接收端的传输协议端 口号组成的五元组。 使用所述私网 IP地址的私网侧发送端的设备, 与 使用所述公网 IP地址的公网侧接收端的设备建立了报文传输通路, 并 通过所述私网侧发送端的传输协议端口向所述公网侧接收端的传输协 议端口发送 4艮文 艮文通过网间路由装置进行相应的 4艮文处理及地址映 射, 并传输至公网侧接收端的目的地。  The first message sent by the sending end of the private network side includes the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side, the transmission protocol used by the first file, and the public A quintuple consisting of the public network IP address of the receiving end of the network side and the transport protocol port number of the receiving end of the public network side. The device of the private network side transmitting end of the private network IP address establishes a message transmission path with the device of the public network side receiving end of the public network IP address, and the transmission protocol port of the transmitting end of the private network side is used. The transmission protocol port of the receiving end of the public network side sends the corresponding message processing and address mapping through the inter-network routing device, and transmits the corresponding data to the destination of the receiving end of the public network side.
202、 业务加速子卡判断是否存在与所述私网侧发送端发出的第一 才艮文对应的对应关系表。 202. The service acceleration subcard determines whether there is a first one sent by the sending end of the private network side. Corresponding relationship table corresponding to the text.
当业务加速子卡中存在所述对应关系表时, 转向步骤 203 ; 否则转 向步骤 205。  When the correspondence table exists in the service acceleration daughter card, the process goes to step 203; otherwise, the process goes to step 205.
203、 业务加速子卡根据所述第一报文的五元组在与所述第一报文 对应的对应关系表中获取映射用公网 IP 地址和映射用传输协议端口 号。  203. The service acceleration sub-card obtains the mapping public network IP address and the mapping transmission protocol port number in the correspondence table corresponding to the first packet according to the quintuple of the first packet.
所述第一报文传输至所述网间路由装置的业务加速子卡中, 所述 业务加速子卡根据所述第一报文的五元组查找对应关系表,以获取与所 述第一 ^艮文的五元组对应的映射用公网 IP地址和映射用传输协议端口 号。  The first packet is transmitted to the service acceleration subcard of the inter-network routing device, and the service acceleration subcard searches the correspondence table according to the quintuple of the first packet to obtain the first ^ The mapping of the quintuple's quintuple uses the public network IP address and the mapping protocol port number.
204、 将所述第一报文中的所述私网侧发送端的私网 IP 地址和私 网侧发送端的传输协议端口号, 替换为所述映射用公网 IP地址和映射 用传输协议端口号, 生成携带所述映射用公网 IP地址和映射用传输协 议端口号的第二 4艮文。  204. Replace the private network IP address of the private network side sending end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address and the mapping transmission protocol port number. And generating a second message carrying the mapping public network IP address and the mapping transmission protocol port number.
所述第二报文中的五元组为所述映射用公网 I P地址和映射用传输 协议端口号, 所述第一报文使用的传输协议, 以及公网侧接收端的公网 IP地址和公网侧接收端的传输协议端口号。  The quintuple in the second packet is a public network IP address for mapping and a transport protocol port number for mapping, a transport protocol used by the first packet, and a public network IP address of the receiving end of the public network side. The transmission protocol port number of the receiving end of the public network side.
执行完步骤 204后, 转向步骤 206。  After step 204 is performed, the process proceeds to step 206.
205、 业务加速子卡为所述第一 4艮文中的所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口号分配所述映射用公网 I P地址 和映射用传输协议端口号。  205. The service acceleration subcard allocates the public network IP address of the mapping and the transmission protocol protocol for the public network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. The port number.
业务加速子卡将分配的所述映射用公网 I P地址和映射用传输协议 端口号记录到所述对应关系表。所述对应关系表记录了所述第一报文的 五元组与所述映射用公网 IP 地址和映射用传输协议端口号的对应关 系,当与所述第一报文具有相同五元组的后续报文由私网侧发出并传输 到业务加速子卡时,可以直接通过查找所述对应关系表来获取所述映射 用公网 I P地址和映射用传输协议端口号, 而不必再次执行步骤 205。  The service acceleration subcard records the mapping with the public network IP address and the mapping transmission protocol port number to the correspondence table. The correspondence table records the correspondence between the quintuple of the first packet and the public IP address of the mapping and the transport protocol port number of the mapping, and has the same five-tuple as the first packet. When the subsequent packet is sent by the private network side and transmitted to the service acceleration daughter card, the mapping public network IP address and the mapping transmission protocol port number can be obtained by directly searching the corresponding relationship table, without performing the steps again. 205.
206、 将所述第二报文发送给公网侧。  206. Send the second packet to the public network side.
所述第二报文经所述业务加速子卡向公网侧发送并最终传输至公 网侧接收端。 207、 业务加速子卡接收公网侧返回的第三报文。 The second packet is sent to the public network side by the service acceleration subcard and finally transmitted to the public network side receiving end. 207. The service acceleration subcard receives the third packet returned by the public network side.
公网侧接收端接收所述第二报文, 并对所述第二报文执行公网侧 的相关处理后, 生成第三报文。 所述第三报文中携带所述映射用公网 IP 地址和映射用传输协议端口号, 第三报文使用的传输协议 (与所述 第一报文使用的传输协议相同) , 以及公网侧接收端的公网 IP地址和 公网侧接收端的传输协议端口号组成的五元组。所述第三报文通过所述 网间路由装置进行相应的报文处理及网络地址转换。  The receiving end of the public network side receives the second packet, and performs a related process on the public network side of the second packet to generate a third packet. The third packet carries the public IP address for mapping and the transport protocol port number for mapping, the transport protocol used by the third packet (same as the transport protocol used by the first packet), and the public network. A quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side. The third packet performs corresponding packet processing and network address translation by using the inter-network routing device.
208、 业务加速子卡查询所述对应关系表, 获取与所述映射用公网 IP地址和映射用传输协议端口号对应的所述私网侧发送端的私网 I P地 址和私网侧发送端的传输协议端口号。  208. The service acceleration subcard queries the corresponding relationship table, and obtains a private network IP address of the private network side sender end and a private network side sender end corresponding to the mapping public network IP address and the mapping transmission protocol port number. Protocol port number.
从公网侧返回的所述第三报文传输至所述网间路由装置的业务加 速子卡中,所述业务加速子卡根据所述第三报文的五元组查找所述对应 关系表, 以获取与所述第三报文对应的所述私网侧发送端的私网 IP地 址和私网侧发送端的传输协议端口号。  The third packet returned from the public network side is transmitted to the service acceleration daughter card of the network routing device, and the service acceleration daughter card searches for the correspondence table according to the quintuple of the third packet. And obtaining a private network IP address of the private network side sender end and a transport protocol port number of the private network side sender end corresponding to the third packet.
实际应用中, 所述对应关系表可以是一个, 即所述第一 文和所 述第三 4艮文都通过同一个对应关系表获取地址; 可选的, 也可以设置两 个对应关系表, 分别为正向对应关系表和反向对应关系表。 业务加速子 卡为所述第一 4艮文中的所述私网侧发送端的私网 IP地址和私网侧发送 端的传输协议端口号分配所述映射用公网 IP地址和映射用传输协议端 口号, 同时所述业务加速子卡将分配的所述映射用公网 IP地址和映射 用传输协议端口号记录到所述正向对应关系表,在所述正向对应关系表 中 ,通过所述第一 4艮文的五元组可以唯一的确定对应的所述映射用公网 In an actual application, the correspondence table may be one, that is, the first text and the third text respectively obtain an address through the same correspondence table; optionally, two correspondence tables may also be set. They are a forward correspondence table and a reverse correspondence table, respectively. The service acceleration subcard allocates the public IP address of the mapping and the transmission protocol port number of the mapping by the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. And the service acceleration subcard records the mapping of the public network IP address and the mapping transmission protocol port number to the forward correspondence table, and in the forward correspondence table, the foregoing A four-tuple quintuple can uniquely determine the corresponding public network for mapping
IP地址和映射用传输协议端口号; 在生成所述正向对应关系表的同时, 也生成反向对应关系表, 在所述反向对应关系表中, 通过第三^艮文的五 元组可以唯一确定对应的所述私网侧发送端的私网 IP地址和私网侧发 送端的传输协议端口号。 The IP address and the transport protocol port number for mapping; while generating the forward correspondence table, the reverse correspondence table is also generated, and in the reverse correspondence table, the quintuple of the third object is passed The private network IP address of the corresponding private network side sender and the transport protocol port number of the private network side sender end can be uniquely determined.
在本发明实施例的上述描述中, 不同的私网侧发送端的私网 I P地 址各不相同,从而可以通过所述第一报文的五元组唯一的确定对应的所 述映射用公网 IP地址和映射用传输协议端口号, 并通过第三报文的五 元组唯一确定对应的所述私网侧发送端的私网 IP地址和私网侧发送端 的传输协议端口号。 在其他的应用场景中, 比如, 在同时存在至少两个 VPN (V i r tua l Pr i va te Ne twork,虚拟专用网络)的私网侧的网络环境中, 由于不同的 VPN中的计算机可以使用相同的私网 IP地址, 不同的私网 侧发送端的第一报文的五元组可以完全相同。在此情况下, 需要通过所 述第一报文的五元组以及发送所述第一报文的私网侧发送端所在的 VPN的标识共同确定对应的所述映射用公网 IP地址和映射用传输协议 端口号; 相应的, 需要通过所述第三报文的五元组以及发送所述第一报 文的私网侧发送端所在的 VPN 的标识共同确定对应的所述私网侧发送 端的私网 IP地址和私网侧发送端的传输协议端口号。 In the above description of the embodiment of the present invention, the private network IP addresses of the different private network side senders are different, so that the mapping public IP address corresponding to the mapping may be uniquely determined by the quintuple of the first packet. The address and the mapping protocol port number are used, and the private network IP address of the corresponding private network side transmitting end and the transmission protocol port number of the private network side transmitting end are uniquely determined by the quintuple of the third message. In other application scenarios, for example, there are at least two In the private network side of the VPN (V ir tua l Pr i va te Ne twork, virtual private network), the computers in different VPNs can use the same private IP address, and the different private network side senders The quintuple of a message can be identical. In this case, the corresponding public IP address and mapping of the mapping are determined by the quintuple of the first packet and the identifier of the VPN where the transmitting end of the private network side of the first packet is sent. Using the transmission protocol port number; correspondingly, the quintuple of the third packet and the identifier of the VPN where the sender of the private network side of the first packet are sent are jointly determined to be sent by the corresponding private network side. The private IP address of the end and the transport protocol port number of the sender on the private network side.
209、 业务加速子卡将所述第三 ^艮文中的所述映射用公网 IP 地址 和映射用传输协议端口号, 替换为所述私网侧发送端的私网 IP地址和 私网侧发送端的传输协议端口号, 生成携带所述私网侧发送端的私网 209. The service acceleration subcard replaces the mapping between the public network IP address and the mapping transmission protocol port number in the third file with the private network IP address of the private network side sending end and the private network side sending end. Transmitting a protocol port number to generate a private network carrying the sender on the private network side
IP地址和私网侧发送端的传输协议端口号的第四 4艮文。 The fourth address of the IP address and the transmission protocol port number of the sender on the private network side.
210、 将所述第四报文发送给所述私网侧发送端。  210. Send the fourth packet to the private network side sending end.
所述第四报文经所述业务加速子卡转发至公网侧接口板, 并由所 述公网侧接口板转发至所述私网侧接口板,然后经私网侧子卡向私网侧 发送端传送。对于所述第四报文中需要在业务板中进行相关处理(比如, 应用层信息的解析)的一部分报文,要在经过所述公网侧接口板后转发 至业务板, 在业务板中完成相关处理后再由业务板转发至私网侧接口 板。  The fourth packet is forwarded to the public network side interface board by the service acceleration subcard, and is forwarded by the public network side interface board to the private network side interface board, and then sent to the private network through the private network side subcard. The side sender transmits. A part of the packet that needs to be processed in the service packet (for example, the parsing of the application layer information) in the fourth packet is forwarded to the service board after being sent to the service board in the service board. After the related processing is complete, the service board forwards the packet to the private network side interface board.
现有技术中, 通常在所述业务板上保存有子卡路由表, 所述子卡 路由表上记录了私网侧子卡与公网侧子卡之间的路由关系。本发明实施 例中,所述业务板可以将所述子卡路由表分别发送到私网侧子卡和业务 加速子卡上。根据所述子卡路由表上记录的路由关系,私网侧子卡将自 身收到的第一报文经私网侧接口板和公网侧接口板的转发,最终发送到 所述子卡路由表记录的对应业务加速子卡上; 相应的, 业务加速子卡将 自身收到的第三报文经公网侧接口板和私网侧接口板转发,最终发送到 所述子卡路由表记录的对应私网侧子卡上。  In the prior art, a sub-card routing table is usually stored on the service board, and the routing relationship between the private network side sub-card and the public network side sub-card is recorded on the sub-card routing table. In the embodiment of the present invention, the service board may send the sub-card routing table to the private network side sub-card and the service acceleration sub-card respectively. According to the routing relationship recorded on the sub-card routing table, the private network side sub-card forwards the first packet received by the private network side interface board to the public network side interface board and finally to the sub-card routing. Correspondingly, the service acceleration subcard forwards the third packet received by the service acceleration card to the interface board of the public network side and the interface board of the private network side, and finally sends the packet to the subcard routing table record. Corresponding to the private network side of the subcard.
具体的, 在由 IPv4私网向 IPv4公网发送报文时进行网络地址转 换的场景下, 网间路由装置的业务加速子卡通过查询所述对应关系表, 将 IPv4私网发出的第一报文中的 IPv4格式的所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口号替换为 IPv4格式的映射用公 网 IP地址和映射用传输协议端口号, 并将完成网络地址转换的第二才艮 文向 IPv4公网发送。 在由 IPv4公网向 I Pv4私网返回报文时进行网络 地址转换的场景下,网间路由装置的业务加速子卡通过查询所述对应关 系表, 将 IPv4公网返回的第三报文中的 IPv4格式的所述映射用公网 IP地址和映射用传输协议端口号替换为 IPv4格式的所述私网侧发送端 的私网 I P地址和私网侧发送端的传输协议端口号。 Specifically, in a scenario where the network address translation is performed when the packet is sent from the IPv4 private network to the IPv4 public network, the service acceleration daughter card of the inter-network routing device queries the corresponding relationship table to send the first report sent by the IPv4 private network. In the IPv4 format, the private network IP address of the private network side sender and the transport protocol port number of the private network side sender end are replaced with the IPv4 format mapping public. The network IP address and the mapping protocol port number are used, and the second packet that completes the network address translation is sent to the IPv4 public network. In the scenario of performing network address translation when the packet is returned from the IPv4 public network to the I Pv4 private network, the service acceleration daughter card of the inter-network routing device queries the corresponding relationship table to return the third packet returned by the IPv4 public network. The mapping in the IPv4 format is replaced with the public network IP address of the private network side sender and the transport protocol port number of the private network side sender end in the IPv4 format by using the public network IP address and the mapping transport protocol port number.
进一步的, 在由 IPv6私网向 IPv4公网发送报文时进行网络地址 转换的场景下, 也可以参照本发明实施例提供的方法执行。 比如, 对于 使用 NAT64技术进行地址构造的 IPv6地址, 其 I Pv6地址中带有 NAT64 前缀, 去掉 NAT64前缀的 I Pv6地址的剩余部分即为对应的 I Pv4地址。 业务加速子卡在收到 IPv6私网发送的第一报文后, 根据对应关系表将 IPv6 格式的私网 IP 地址以及私网侧发送端的传输协议端口号替换为 IPv4格式的映射用公网 I P地址及映射用传输协议端口号, 同时还需将 IPv6格式的公网侧接收端的公网 I P地址中的 NAT64前缀删除,从而得 到 IPv4格式的公网侧接收端的公网 IP地址。 当业务加速子卡接收到 IPv4公网返回的第三报文时,根据对应关系表将 IPv4格式的所述映射 用公网 IP地址及映射用传输协议端口号替换为 IPv6格式的所述私网侧 发送端的私网 IP 地址以及私网侧发送端的传输协议端口号, 同时为 IPv4格式的公网侧接收端的公网 I P地址加上 NAT64前缀,从而还原为 IPv6格式, 将完成网络地址转换的报文发送到 IPv6私网中对应的目的 地。  Further, in a scenario where the network address is translated when the packet is sent from the IPv6 private network to the IPv4 public network, the method provided by the embodiment of the present invention may also be performed. For example, for an IPv6 address that uses the NAT64 technology for address construction, the IP address of the IPv6 address is prefixed with the NAT64 prefix, and the remaining part of the I Pv6 address with the NAT64 prefix removed is the corresponding IP address. After receiving the first packet sent by the IPv6 private network, the service acceleration subcard replaces the private network IP address in the IPv6 format and the transport protocol port number of the private network side sender with the public network IP address in the IPv4 format according to the mapping table. The address and the mapping protocol port number are used. The NAT64 prefix in the public network IP address of the public network side of the IPv6 format is also deleted. The public network IP address of the public network side receiving end in IPv4 format is obtained. When the service acceleration subcard receives the third packet returned by the IPv4 public network, the mapping in the IPv4 format is replaced with the public network IP address and the mapping transmission protocol port number in the IPv6 format according to the correspondence table. The private network IP address of the side sender and the transport protocol port number of the sender on the private network side. At the same time, the public network IP address of the public network side of the IPv4 format is prefixed with NAT64, and the IPv6 format is restored. The text is sent to the corresponding destination in the IPv6 private network.
对于使用 IVI技术进行网络地址转换的 IPv6地址, 其 IPv6地址 中带有 I VI前缀,去掉 IVI前缀的 IPv6地址的剩余部分即为对应的 IPv4 地址。业务加速子卡对 IV I前缀的 IPv6地址与 IPv4地址之间的地址转 换与前述 NAT前缀的 I Pv6地址与 IPv4地址之间的地址转换类似,此处 不再赘述。  For IPv6 addresses that use IVI technology for network address translation, the IPv6 address has an I VI prefix, and the rest of the IPv6 address with the IVI prefix removed is the corresponding IPv4 address. The address translation between the IPv6 address and the IPv4 address of the service-accelerated daughter card is similar to the address translation between the IP address and the IPv4 address of the NAT prefix, and is not described here.
本发明实施例中, 作为一种可选的实现方式, 可以将分配所述映 射用公网 IP地址和映射用传输协议端口号的功能以及创建对应关系表 的功能保留在业务板中。 当业务加速子卡中不存在所述对应关系表时, 业务加速子卡将所述私网侧发出的第一报文转发至业务板,以使得业务 板为所述私网侧发出的第一报文分配映射用公网 IP地址和映射用传输 协议端口号,创建对应的对应关系表, 并将所述对应关系表配置到业务 加速子卡上。业务加速子卡将经过业务板进行网络地址转换后生成的第 二报文发送到公网侧。 当与经业务板分配映射用公网 IP地址和映射用 传输协议端口号的第一报文具有相同五元组的后续报文由私网侧传输 至业务加速子卡时, 可以直接查找所述对应关系表, 并执行相应的网络 地址转换, 不必再次将报文转发至业务板进行处理。 In an embodiment of the present invention, as an optional implementation manner, the function of allocating the mapping public network IP address and the mapping transmission protocol port number and the function of creating the correspondence relationship table may be retained in the service board. When the corresponding relationship table does not exist in the service acceleration subcard, the service acceleration subcard forwards the first packet sent by the private network side to the service board, so that the service board is the first one sent by the private network side. Packet allocation mapping uses public IP address and mapping transmission The protocol port number is created, and the corresponding correspondence table is created, and the corresponding relationship table is configured on the service acceleration daughter card. The service acceleration subcard sends the second packet generated after the network address translation on the service board to the public network side. When the subsequent packet having the same five-tuple group as the first packet with the public network IP address and the mapping transport protocol port number mapped by the service board is transmitted from the private network side to the service acceleration daughter card, the device may directly search for the Correspond to the relationship table, and perform the corresponding network address translation. It is not necessary to forward the packet to the service board for processing.
此外, 作为本发明实施例的另一种可选的实现方式, 可以将业务 板的全部功能集成到业务加速子卡上,在所述网间路由装置中取消业务 板, 如图 6所示。  In addition, as an alternative implementation manner of the embodiment of the present invention, all the functions of the service board can be integrated into the service acceleration sub-card, and the service board is cancelled in the inter-network routing device, as shown in FIG. 6.
另外, 业务加速子卡还将自身保存的已结束访问的所述对应关系 表 J除。 t匕: ¾口, 对与基于 UDP ( Us er Da tag ram Pro t oco l,用户数据包 协议) 的报文, 当所述对应关系表在预定的老化时间内没有被访问时, 删除所述对应关系表; 对于基于 TCP 的报文, 当业务加速子卡接收到 F IN/RST报文时,直接启动快速老化,删除相应 TCP报文的对应关系表。  In addition, the service acceleration daughter card divides the corresponding relationship table J of the saved access that has been saved by itself. t匕: 3⁄4 port, for a message based on UDP (Us er Da tag ram Pro t oco l, User Data Protocol), when the correspondence table is not accessed within a predetermined aging time, deleting the Correspondence table; For a TCP-based packet, when the service acceleration subcard receives the F IN/RST packet, it directly initiates rapid aging and deletes the corresponding relationship table of the corresponding TCP packet.
当网间路由装置上公网侧子卡的数量较多时, 每个公网子卡都可 以设置为所述业务加速子卡, 以分担一部分网络地址转换的功能,提升 整个设备的网络地址转换效率。  When the number of the subnet cards on the public network side is large, each public network subcard can be configured as the service acceleration subcard to share part of the network address translation function and improve the network address translation efficiency of the entire device. .
本发明实施例提供了一种报文方法, 在子卡上部署了地址和端口 号映射的功能, 降低了业务板的处理负担,避免了整个网间路由装置对 报文流的处理速度受业务板对报文进行网络地址转换处理速度的限制, 大大提升了报文转发的速度, 有利于大规模的商业应用。 此外, 本发明 实施例提供的方法能同时适用于 I Pv4之间的地址映射和 I Pv6与 IPv4 之间的地址映射。  The embodiment of the present invention provides a packet method, where the address and port number mapping function is deployed on the sub-card, which reduces the processing load of the service board, and avoids the processing speed of the packet flow processing by the entire network routing device. The board limits the speed of network address translation processing on packets, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications. In addition, the method provided by the embodiment of the present invention can be applied to address mapping between I Pv4 and address mapping between I Pv6 and IPv4 at the same time.
实施例 3 :  Example 3:
本发明实施例 2 中的网间路由装置的业务加速子卡处在公网侧, 适用于组网情况稳定的应用环境。 当组网情况处于经常变化的状态时 (比如当私网侧的网络复杂度低于公网侧的网络复杂度时,将业务加速 子卡安装在私网侧更能节省设备的成本), 本发明实施例 2中的业务加 速子卡需要经常拆卸、 变换安装位置, 导致操作繁瑣、 整个设备的灵活 度不足。 为此, 可以将网络地址转换的功能分别集成在公网侧子卡和私 网侧子卡上, 构成私网侧业务加速子卡和公网侧业务加速子卡, 如图 7 所示。 在此场景下, 本发明实施例提供了一种报文转发方法, 如图 8 所示, 所述方法包括以下步骤: The service acceleration sub-card of the inter-network routing device in the second embodiment of the present invention is located on the public network side, and is applicable to an application environment with stable networking conditions. When the networking status is in a state of constant change (for example, when the network complexity on the private network side is lower than the network complexity on the public network side, installing the service acceleration daughter card on the private network side can save the cost of the device). The service acceleration daughter card in the second embodiment of the invention needs to be frequently disassembled and changed in the installation position, resulting in cumbersome operation and insufficient flexibility of the entire device. To this end, the network address translation function can be integrated on the public network side subcard and the private network side subcard, respectively, to form a private network side service acceleration subcard and a public network side service acceleration subcard, as shown in FIG. 7. Shown. In this scenario, the embodiment of the present invention provides a packet forwarding method. As shown in FIG. 8, the method includes the following steps:
301、 私网侧业务加速子卡接收私网侧发送端发出的第一报文。 私网侧发送端发出的第一 4艮文中包括由所述私网侧发送端的私网 IP 地址和私网侧发送端的传输协议端口号, 所述第一^艮文使用的传输 协议以及公网侧接收端的公网 IP地址和公网侧接收端的传输协议端口 号组成的五元组。  301. The private network side service acceleration subcard receives the first packet sent by the sending end of the private network side. The first message sent by the sending end of the private network side includes the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side, and the transmission protocol used by the first file and the public network. A quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
对于所述私网侧发送端发出的第一报文中需要在业务板中进行相 关处理(比如, 应用层信息的解析)的一部分报文, 要在经过所述私网 侧接口板后转发至业务板,在业务板中完成相关处理后再由业务板转发 至公网侧接口板。  For the first packet sent by the sending end of the private network, a part of the packet that needs to be processed in the service board (for example, the parsing of the application layer information) is forwarded to the private network side interface board. After the service board completes the related processing on the service board, the service board forwards the information to the public network side interface board.
302、 私网侧业务加速子卡判断是否存在与所述私网侧发送端发出 的第一^艮文对应的对应关系表。  302. The private network side service acceleration subcard determines whether there is a correspondence table corresponding to the first message sent by the sending end of the private network side.
当私网侧业务加速子卡中存在所述对应关系表时, 转向步骤 303 ; 否则转向步骤 305。  When the correspondence table exists in the private network side service acceleration daughter card, the process goes to step 303; otherwise, the process goes to step 305.
303、 私网侧业务加速子卡根据所述第一报文的五元组在与所述第 一报文对应的对应关系表中获取映射用公网 IP地址和映射用传输协议 端口号。  303. The private network side service acceleration subcard obtains the mapping public network IP address and the mapping transport protocol port number in the correspondence table corresponding to the first packet according to the quintuple of the first packet.
304、 将所述第一报文中的所述私网侧发送端的私网 IP 地址和私 网侧发送端的传输协议端口号, 替换为所述映射用公网 IP地址和映射 用传输协议端口号, 生成携带所述映射用公网 IP地址和映射用传输协 议端口号的第二 4艮文。  304. Replace the private network IP address of the private network side sending end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address and the mapping transport protocol port number. And generating a second message carrying the mapping public network IP address and the mapping transmission protocol port number.
执行步骤 304后, 转向步骤 306。  After performing step 304, the process proceeds to step 306.
305、 私网侧业务加速子卡将所述第一报文转发至业务板。  305. The private network side service acceleration subcard forwards the first packet to the service board.
业务板为所述第一 4艮文中的所述私网侧发送端的私网 I P地址和私 网侧发送端的传输协议端口号分配所述映射用公网 IP地址和映射用传 输协议端口号, 生成第二报文。 同时, 业务板将分配的所述映射用公网 IP 地址和映射用传输协议端口号记录到所述对应关系表, 并将所述对 应关系表分别发送到私网侧业务加速子卡和公网侧业务加速子卡。  The service board allocates the public network IP address of the private network side of the first network and the transport protocol port number of the private network side of the first network to allocate the public IP address for mapping and the transport protocol port number for mapping. Second message. At the same time, the service board records the mapping of the public network IP address and the mapping transmission protocol port number to the corresponding relationship table, and sends the corresponding relationship table to the private network side service acceleration daughter card and the public network respectively. Side service acceleration daughter card.
可选的, 业务板可以生成两个对应关系表, 分别为正向对应关系 表和反向对应关系表, 将正向对应关系表发送至私网侧业务加速子卡, 将反向对应关系表发送至公网侧业务加速子卡。关于正向对应关系表和 反向对应关系表的描述可以参考实施例 2中的描述, 此处不再赘述。 Optionally, the service board can generate two correspondence tables, which are positive correspondences. The table and the reverse correspondence table are sent to the private network side service acceleration daughter card, and the reverse correspondence table is sent to the public network side service acceleration daughter card. For descriptions of the forward correspondence table and the reverse correspondence table, refer to the description in Embodiment 2, and details are not described herein again.
306、 将所述第二报文发送给公网侧。  306. Send the second packet to the public network side.
私网侧业务加速子卡将所述第二报文经私网侧接口板转发至公网 侧接口板并由所述公网侧接口板转发至所述公网侧业务加速子卡,然后 经公网侧业务加速子卡向公网侧接收端传送。  The private network side service acceleration subcard forwards the second packet to the public network side interface board through the private network side interface board, and forwards the second packet to the public network side service acceleration daughter card by the public network side interface board, and then The public network side service acceleration subcard is transmitted to the receiving end of the public network side.
307、 公网侧业务加速子卡接收公网侧接收端返回的第三报文。 公网侧接收端接收所述第二报文, 并对所述第二报文执行公网侧 的相关处理后, 生成第三报文。 所述第三报文中携带所述映射用公网 I P 地址和映射用传输协议端口号, 第三报文使用的传输协议 (与所述 第一报文使用的传输协议相同) , 以及公网侧接收端的公网 I P地址和 公网侧接收端的传输协议端口号组成的五元组。  307. The service network acceleration subcard of the public network side receives the third packet returned by the receiving end of the public network side. The receiving end of the public network side receives the second packet, and performs a related process on the public network side of the second packet to generate a third packet. The third packet carries the public IP address for mapping and the transport protocol port number for mapping, the transport protocol used by the third packet (same as the transport protocol used by the first packet), and the public network. A quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
308、 公网侧业务加速子卡查询所述对应关系表, 获取与所述映射 用公网 I P地址和映射用传输协议端口号对应的所述私网侧发送端的私 网 I P地址和私网侧发送端的传输协议端口号。  308. The public network side service acceleration subcard queries the corresponding relationship table, and obtains a private network IP address and a private network side of the private network side sending end corresponding to the mapping public network IP address and the mapping transmission protocol port number. The transmission protocol port number of the sender.
309、公网侧业务加速子卡将所述第三报文中的所述映射用公网 I P 地址和映射用传输协议端口号, 替换为所述私网侧发送端的私网 I P地 址和私网侧发送端的传输协议端口号,生成携带所述私网侧发送端的私 网 I P地址和私网侧发送端的传输协议端口号的第四 ^艮文。  309. The public network side service acceleration subcard replaces the mapping in the third packet with the public network IP address and the mapping transmission protocol port number with the private network IP address and the private network of the private network side sending end. The transmission protocol port number of the side transmitting end generates a fourth packet carrying the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side.
31 0、 将所述第四报文发送给所述私网侧发送端。  31 0. Send the fourth packet to the private network side sending end.
公网侧业务加速子卡将所述第四报文经公网侧接口板转发至私网 侧接口板, 并由所述私网侧接口板转发至私网侧业务加速子卡, 然后经 私网侧业务加速子卡向私网侧发送所述第四 ^艮文。  The public network side service acceleration subcard forwards the fourth packet to the private network side interface board through the public network side interface board, and forwards the private network side interface board to the private network side service acceleration subcard, and then privately The network side service acceleration subcard sends the fourth packet to the private network side.
所述第四报文经所述业务加速子卡转发至公网侧接口板, 并由所 述公网侧接口板转发至所述私网侧接口板,然后经私网侧子卡向私网侧 发送端传送。对于所述第四报文中需要在业务板中进行相关处理(比如, 应用层信息的解析)的一部分报文,要在经过所述公网侧接口板后转发 至业务板, 在业务板中完成相关处理后再由业务板转发至私网侧接口 板。 现有技术中, 通常在所述业务板上保存有子卡路由表, 所述子卡 路由表上记录了私网侧子卡与公网侧子卡之间的路由关系。本发明实施 例中,所述业务板可以将所述子卡路由表分别发送到私网侧业务加速子 卡和业务加速子卡上。根据所述子卡路由表上记录的路由关系,私网侧 业务子卡将自身收到的第一报文经私网侧接口板和公网侧接口板的转 发, 最终发送到所述子卡路由表记录的对应业务加速子卡上; 相应的, 业务加速子卡将自身收到的第三报文经公网侧接口板和私网侧接口板 转发, 最终发送到所述子卡路由表记录的对应私网侧子卡上。 The fourth packet is forwarded to the public network side interface board by the service acceleration subcard, and is forwarded by the public network side interface board to the private network side interface board, and then sent to the private network through the private network side subcard. The side sender transmits. A part of the packet that needs to be processed in the service packet (for example, the parsing of the application layer information) in the fourth packet is forwarded to the service board after being sent to the service board in the service board. After the related processing is complete, the service board forwards the packet to the private network side interface board. In the prior art, a sub-card routing table is usually stored on the service board, and the routing relationship between the private network side sub-card and the public network side sub-card is recorded on the sub-card routing table. In the embodiment of the present invention, the service board may send the sub-card routing table to the private network side service acceleration sub-card and the service acceleration sub-card respectively. According to the routing relationship recorded on the sub-card routing table, the private network-side service sub-card forwards the first packet received by the private network side interface board to the public network side interface board and the public network side interface board, and finally sends the packet to the sub-card. Correspondingly, the service acceleration subcard forwards the third packet received by the service acceleration card to the interface card of the public network side and the interface board of the private network side, and finally sends the packet to the subcard routing table. Record the corresponding private network side subcard.
具体的, 本发明实施例的方法可以应用于 IPv4私网与 IPv4公网 间的网络地址转换和 I Pv6私网与 IPv4公网 (包括 NAT64技术和 IV I 技术) 的网络地址转换, 具体描述可以参考本发明实施例 2中的描述, 此处不再赘述。  Specifically, the method in the embodiment of the present invention may be applied to network address translation between an IPv4 private network and an IPv4 public network, and network address translation between an I Pv6 private network and an IPv4 public network (including NAT64 technology and IV I technology), and the specific description may be Reference is made to the description in Embodiment 2 of the present invention, and details are not described herein again.
在本发明实施例的上述描述中, 不同的私网侧发送端的私网 I P地 址各不相同,从而可以通过所述第一报文的五元组唯一的确定对应的所 述映射用公网 IP地址和映射用传输协议端口号, 并通过第三报文的五 元组唯一确定对应的所述私网侧发送端的私网 IP地址和私网侧发送端 的传输协议端口号。 在其他的应用场景中, 比如, 在同时存在至少两个 VPN (V i r tua l Pr i va te Ne twork,虚拟专用网络)的私网侧的网络环境中, 由于不同的 VPN中的计算机可以使用相同的私网 IP地址, 不同的私网 侧发送端的第一报文的五元组可以完全相同。在此情况下, 需要通过所 述第一报文的五元组以及发送所述第一报文的私网侧发送端所在的 VPN的标识共同确定对应的所述映射用公网 IP地址和映射用传输协议 端口号; 相应的, 需要通过所述第三报文的五元组以及发送所述第一报 文的私网侧发送端所在的 VPN 的标识共同确定对应的所述私网侧发送 端的私网 IP地址和私网侧发送端的传输协议端口号。  In the above description of the embodiment of the present invention, the private network IP addresses of the different private network side senders are different, so that the mapping public IP address corresponding to the mapping may be uniquely determined by the quintuple of the first packet. The address and the mapping protocol port number are used, and the private network IP address of the corresponding private network side transmitting end and the transmission protocol port number of the private network side transmitting end are uniquely determined by the quintuple of the third message. In other application scenarios, for example, in a private network side network environment where at least two VPNs (V ir tua pr va te Ne twork, virtual private network) exist, computers in different VPNs can be used. The same private IP address, the quintuple of the first packet on the different private network side senders can be identical. In this case, the corresponding public IP address and mapping of the mapping are determined by the quintuple of the first packet and the identifier of the VPN where the transmitting end of the private network side of the first packet is sent. Using the transmission protocol port number; correspondingly, the quintuple of the third packet and the identifier of the VPN where the sender of the private network side of the first packet are sent are jointly determined to be sent by the corresponding private network side. The private IP address of the end and the transport protocol port number of the sender on the private network side.
本发明实施例中, 作为一种可选的实现方式, 可以将分配所述映 射用公网 IP地址和映射用传输协议端口号的功能以及创建对应关系表 的功能都集成在公网侧业务加速子卡和私网侧业务加速子卡中;更进一 步的,可以将业务板的其他处理功能也集成到公网侧业务加速子卡和私 网侧业务加速子卡中,从而在所述网间路由装置中取消业务板。具体描 述可以参考本发明实施例 2中的描述, 此处不再赘述。 本发明实施例提供了一种报文转发方法, 在子卡上部署了地址和 端口号映射的功能, 降低了业务板的处理负担,避免了整个网间路由装 置对报文流的处理速度受业务板对报文进行网络地址转换处理速度的 限制, 大大提升了报文转发的速度, 有利于大规模的商业应用。 此外, 本发明实施例提供的方法能同时适用于 IPv4 之间的地址映射和 IPv6 与 IPv4之间的地址映射。 同时, 本发明实施例在公网侧和私网侧都部 署了业务加速子卡, 适用于组网情况复杂多变的场景,提高了整个设备 的灵活度。 In an embodiment of the present invention, as an optional implementation manner, the function of allocating the mapping public network IP address and the mapping transmission protocol port number and the function of creating the correspondence relationship table may be integrated into the public network side service acceleration. The sub-card and the private network side service acceleration sub-card; further, the other processing functions of the service board can be integrated into the public network side service acceleration sub-card and the private network side service acceleration sub-card, thereby being in the network The service board is canceled in the routing device. For a detailed description, refer to the description in Embodiment 2 of the present invention, and details are not described herein again. The embodiment of the present invention provides a packet forwarding method, in which the address and port number mapping function is deployed on the sub-card, which reduces the processing load of the service board, and avoids the processing speed of the packet processing by the entire network routing device. The service board limits the speed of network address translation processing of packets, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications. In addition, the method provided by the embodiment of the present invention can be applied to address mapping between IPv4 and address mapping between IPv6 and IPv4. In the embodiment of the present invention, the service acceleration sub-card is deployed on both the public network side and the private network side, which is applicable to a scenario in which the networking situation is complex and variable, and the flexibility of the entire device is improved.
实施例 4 :  Example 4:
本发明实施例提供了一种网间路由装置, 所述网间路由装置包括 至少两块用于报文转发的子卡。 所述子卡的结构如图 9所示, 包括: 第 一报文接收单元 41、 公网地址获取单元 42、 公网地址替换单元 43、 第 二报文发送单元 44、 第三报文接收单元 45、 私网地址获取单元 46、 私 网地址替换单元 47和第四报文发送单元 48。  An embodiment of the present invention provides an inter-network routing device, where the inter-network routing device includes at least two sub-cards for packet forwarding. The structure of the subcard is as shown in FIG. 9, and includes: a first packet receiving unit 41, a public network address obtaining unit 42, a public network address replacing unit 43, a second packet sending unit 44, and a third packet receiving unit. 45. A private network address obtaining unit 46, a private network address replacing unit 47, and a fourth message sending unit 48.
第一报文接收单元 41 , 用于接收私网侧发送端发出的第一报文; 所述第一 4艮文中携带所述私网侧发送端的私网 IP地址和私网侧发送端 的传输协议端口号。  The first packet receiving unit 41 is configured to receive the first packet sent by the sending end of the private network side, where the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol of the transmitting end of the private network side. The port number.
公网地址获取单元 42 , 用于根据所述私网侧发送端的私网 IP地址 和私网侧发送端的传输协议端口号,查询预设置在所述子卡中的私网地 址及端口与映射用公网地址及端口的对应关系表,获取与所述私网侧发 送端的私网 IP地址和私网侧发送端的传输协议端口号对应的所述映射 用公网 I P地址和映射用传输协议端口号。  The public network address obtaining unit 42 is configured to query, according to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, the port, and the mapping preset in the subcard. The mapping table between the public network address and the port obtains the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end. .
公网地址替换单元 43 , 用于将所述第一报文中的所述私网侧发送 端的私网 IP地址和私网侧发送端的传输协议端口号, 替换为所述映射 用公网 I P地址和映射用传输协议端口号, 生成携带所述映射用公网 I P 地址和映射用传输协议端口号的第二 ^艮文。  The public network address replacing unit 43 is configured to replace the private network IP address of the private network side transmitting end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address. And mapping the transport protocol port number to generate a second packet carrying the public IP address of the mapping and the transport protocol port number of the mapping.
第二报文发送单元 44 , 用于将所述第二报文发送给公网侧。  The second packet sending unit 44 is configured to send the second packet to the public network side.
第三报文接收单元 45 , 用于接收公网侧返回的第三报文。  The third packet receiving unit 45 is configured to receive the third packet returned by the public network side.
公网侧接收端接收所述第二报文 ,并对所述第二报文执行公网侧的 相关处理后, 生成第三报文并向所述网间路由装置发送。 所述第三报文 中携带所述映射用公网 I P地址和映射用传输协议端口号。 私网地址获取单元 46 , 用于根据所述映射用公网 IP地址和映射用 传输协议端口号, 查询所述对应关系表, 获取与所述映射用公网 IP地 址和映射用传输协议端口号对应的所述私网侧发送端的私网 IP地址和 私网侧发送端的传输协议端口号。 The receiving end of the public network side receives the second packet, and performs related processing on the public network side of the second packet, and then generates a third packet and sends the packet to the inter-network routing device. The third packet carries the public IP address for mapping and the transport protocol port number for mapping. The private network address obtaining unit 46 is configured to query the correspondence relationship table according to the mapping public network IP address and the mapping transmission protocol port number, and obtain the mapping public network IP address and the mapping transmission protocol port number. The private network IP address of the sender on the private network side and the transport protocol port number of the sender on the private network side.
私网地址替换单元 47 , 用于将所述第三报文中的所述映射用公网 IP地址和映射用传输协议端口号, 替换为所述私网 IP地址和私网侧发 送端的传输协议端口号, 生成携带所述私网 IP地址和私网侧发送端的 传输协议端口号的第四报文。  The private network address replacing unit 47 is configured to replace the mapping with the public network IP address and the mapping transmission protocol port number in the third packet with the private network IP address and the transmission protocol of the private network side transmitting end. The port number is generated to generate a fourth packet carrying the private network IP address and the transmission protocol port number of the private network side sender.
第四报文发送单元 48 , 用于将所述第四报文发送给所述私网侧发 送端。  The fourth packet sending unit 48 is configured to send the fourth packet to the private network side sending end.
进一步的,如图 10所示, 所述装置还包括: 公网地址分配单元 49、 对应关系记录单元 410、 报文转发单元 41 1、 公网地址接收单元 412、 对应关系表接收单元 41 3和对应关系表删除单元 414。  Further, as shown in FIG. 10, the apparatus further includes: a public network address assigning unit 49, a correspondence relationship recording unit 410, a message forwarding unit 41 1 , a public network address receiving unit 412, a correspondence relationship table receiving unit 41 3, and Correspondence table deletion unit 414.
公网地址分配单元 49 , 用于当所述子卡中不存在所述对应关系表 时, 为所述第一报文中的所述私网侧发送端的私网 IP地址和私网侧发 送端的传输协议端口号分配所述映射用公网 IP地址和映射用传输协议 端口号。  The public network address assigning unit 49 is configured to: when the corresponding relationship table does not exist in the subcard, the private network IP address of the private network side transmitting end and the private network side sending end of the first packet The transport protocol port number assigns the mapping public network IP address and the mapping transport protocol port number.
对应关系记录单元 410 , 用于在所述子卡分配所述映射用公网 IP 地址和映射用传输协议端口号后, 将分配的所述映射用公网 IP地址和 映射用传输协议端口号记录到所述对应关系表。  The correspondence relationship recording unit 410 is configured to record the mapped public network IP address and the mapping transmission protocol port number after the mapping public network IP address and the mapping transmission protocol port number are allocated in the child card. Go to the correspondence table.
报文转发单元 411 , 用于当所述子卡中不存在所述对应关系表时, 所述子卡将私网侧发出的第一报文转发至业务板。  The message forwarding unit 411 is configured to: when the sub-card does not have the corresponding relationship table, the sub-card forwards the first packet sent by the private network side to the service board.
所述业务板为所述第一 4艮文中的所述私网侧发送端的私网 IP地址 和私网侧发送端的传输协议端口号分配所述映射用公网 IP地址和映射 用传输协议端口号, 并将分配的所述映射用公网 IP地址和映射用传输 协议端口号记录到所述对应关系表。  The service board allocates the public network IP address of the mapping and the transmission protocol port number of the mapping by the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. And mapping the allocated mapping to the correspondence relationship table by using a public network IP address and a mapping transmission protocol port number.
公网地址接收单元 412 ,用于接收所述业务板分配的所述映射用公 网 IP地址和映射用传输协议端口号, 以替换所述私网侧发送端的私网 I P地址和私网侧发送端的传输协议端口号。  The public network address receiving unit 412 is configured to receive the mapping public IP address and the mapping transmission protocol port number allocated by the service board, to replace the private network IP address of the private network side sending end and the private network side sending The transport protocol port number of the end.
对应关系表接收单元 41 3 ,用于在接收所述业务板分配的所述映射 用公网 IP地址和映射用传输协议端口号时, 从所述业务板接收记录了 所述映射用公网 I P地址和映射用传输协议端口号的所述对应关系表。 对应关系表删除单元 414 ,用于将保存在所述子卡中的已结束访问 的所述对应关系表删除。 The correspondence relationship receiving unit 41 3 is configured to receive the record from the service board when receiving the mapping public network IP address and the mapping transmission protocol port number allocated by the service board. The mapping uses the correspondence table of the public network IP address and the mapping transmission protocol port number. The correspondence table deleting unit 414 is configured to delete the correspondence table that has been accessed in the child card.
关于本发明实施例的其他应用场景和相关描述, 可参考本发明实 施例 2、 实施例 3 , 此处不再赘述。  For other application scenarios and related descriptions of the embodiments of the present invention, reference may be made to Embodiment 2 and Embodiment 3 of the present invention, and details are not described herein again.
本发明实施例提供了一种网间路由装置, 通过在该装置的子卡上 部署了地址和端口号映射的功能, 降低了业务板的处理负担,避免了整 个网间路由装置对报文流的处理速度受业务板对报文进行网络地址转 换处理速度的限制, 大大提升了报文转发的速度,有利于大规模的商业 应用。  The embodiment of the invention provides an inter-network routing device, which reduces the processing load of the service board by using the function of mapping the address and port number on the sub-card of the device, and avoids the flow of the entire network routing device. The processing speed is limited by the speed at which the service board performs network address translation processing on the packet, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本 发明可借助软件加必需的通用硬件的方式来实现, 当然也可以通过硬件, 但 很多情况下前者是更佳的实施方式。基于这样的理解, 本发明的技术方案本 质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该 计算机软件产品存储在可读取的存储介质中, 如计算机的软盘,硬盘或光盘 等, 包括若干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络设备等)执行本发明各个实施例所述的方法。  Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. . Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer. A hard disk or optical disk, etc., includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并 不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围 内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应所述以权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权利 要求 书 Claim
1、 一种 文转发方法, 应用于网间路由装置上, 所述网间路由装置 包括至少两块用于转发报文的子卡, 其特征在于, 所述方法包括: A text forwarding method is applied to an inter-network routing device, where the inter-network routing device includes at least two sub-cards for forwarding packets, and the method includes:
每一块子卡接收私网侧发送端发出的第一报文; 所述第一报文中携 带所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口号; 根据所述私网侧发送端的私网 I P地址和私网侧发送端的传输协议端 口号, 查询预设置在所述子卡中的私网地址及端口与映射用公网地址及 端口的对应关系表, 获取与所述私网侧发送端的私网 I P地址和私网侧发 送端的传输协议端口号对应的映射用公网 IP地址和映射用传输协议端口 号;  Each of the sub-cards receives the first packet sent by the transmitting end of the private network side; the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side; The private network IP address of the sender on the private network side and the transport protocol port number of the sender on the private network side. Query the correspondence between the private network address and port pre-configured in the daughter card and the public network address and port for mapping. The mapping between the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side is a public network IP address and a mapping transmission port number;
将所述第一 4艮文中的所述私网侧发送端的私网 IP地址和私网侧发送 端的传输协议端口号, 替换为所述映射用公网 IP地址和映射用传输协议 端口号, 生成携带所述映射用公网 I P地址和映射用传输协议端口号的第 二报文;  And replacing the private network IP address of the private network side sender end and the transport protocol port number of the private network side sender end in the first 艮 艮 为 所述 映射 映射 映射 映射 映射 映射 映射 映射Carrying the second message of the mapping public network IP address and the mapping transmission protocol port number;
将所述第二报文发送给公网侧。  Send the second packet to the public network side.
2、 根据权利要求 1所述的方法, 其特征在于, 还包括:  2. The method according to claim 1, further comprising:
所述子卡接收公网侧返回的第三报文; 所述第三报文中携带所述映 射用公网 IP地址和映射用传输协议端口号;  The subcard receives the third packet returned by the public network side; the third packet carries the public IP address of the mapping and the transport protocol port number for mapping;
根据所述映射用公网 I P地址和映射用传输协议端口号, 查询所述对 应关系表, 获取与所述映射用公网 I P地址和映射用传输协议端口号对应 的所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议端口号; 将所述第三报文中的所述映射用公网 IP地址和映射用传输协议端口 号, 替换为所述私网侧发送端的私网 IP地址和私网侧发送端的传输协议 端口号, 生成携带所述私网侧发送端的私网 I P地址和私网侧发送端的传 输协议端口号的第四 4艮文;  Querying the correspondence relationship table according to the mapping public network IP address and the mapping transmission protocol port number, and acquiring the private network side transmitting end corresponding to the mapping public network IP address and the mapping transmission protocol port number The private network IP address and the transmission protocol port number of the sender on the private network side; the mapping in the third packet is replaced by the public network IP address and the mapping transmission protocol port number as the private end of the private network side The network IP address and the transmission protocol port number of the transmitting end of the private network side, and the fourth packet containing the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side is generated;
将所述第四报文发送给所述私网侧发送端。  And sending the fourth packet to the private network side sending end.
3、 根据权利要求 1所述的方法, 其特征在于, 当所述子卡中不存在 所述对应关系表时, 还包括:  The method according to claim 1, wherein when the correspondence table does not exist in the subcard, the method further includes:
所述子卡为所述第一 4艮文中的所述私网侧发送端的私网 IP地址和私 网侧发送端的传输协议端口号分配所述私网侧发送端的映射用公网 I P地 址和映射用传输协议端口号。  The subcard is configured to allocate a public network IP address and a mapping for the mapping of the private network side transmitting end to the private network IP address of the private network side transmitting end and the private network side transmitting end of the first network. Use the transport protocol port number.
4、 根据权利要求 3所述的方法, 其特征在于, 在所述子卡分配所述 映射用公网 I P地址和映射用传输协议端口号后, 还包括: 4. The method according to claim 3, wherein said subcard is allocated said After mapping the public network IP address and mapping the transport protocol port number, it also includes:
所述子卡将分配的所述映射用公网 I P地址和映射用传输协议端口号 记录到所述对应关系表。  The subcard records the assigned mapping with the public network IP address and the mapping transmission protocol port number to the correspondence table.
5、 根据权利要求 1所述的方法, 其特征在于, 还包括:  5. The method according to claim 1, further comprising:
当所述子卡中不存在所述对应关系表时, 所述子卡将私网侧发出的 报文流转发至业务板; 以使得所述业务板为所述第一报文中的所述私网 侧发送端的私网 I P地址和私网侧发送端的传输协议端口号分配所述映射 用公网 I P地址和映射用传输协议端口号,并将分配的所述映射用公网 I P 地址和映射用传输协议端口号记录到所述对应关系表;  When the corresponding relationship table does not exist in the subcard, the subcard forwards the packet flow sent by the private network side to the service board, so that the service board is the one in the first packet. The private network IP address of the transmitting end of the private network side and the transport protocol port number of the transmitting end of the private network side are allocated with the public network IP address for mapping and the transport protocol port number for mapping, and the assigned mapping is made with the public network IP address and mapping. Recording to the corresponding relationship table by using a transport protocol port number;
所述子卡接收所述业务板分配的所述映射用公网 I P地址和映射用传 输协议端口号, 以替换所述私网侧发送端的私网 I P地址和私网侧发送端 的传输协议端口号。  The subcard receives the mapping public IP address and the mapping transmission protocol port number allocated by the service board, so as to replace the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end. .
6、 根据权利要求 5所述的方法, 其特征在于, 还包括:  6. The method according to claim 5, further comprising:
所述子卡在接收所述业务板分配的所述映射用公网 IP地址和映射用 传输协议端口号时, 还从所述业务板接收记录了所述映射用公网 IP地址 和映射用传输协议端口号的所述对应关系表。  When receiving the mapping public network IP address and the mapping transmission protocol port number allocated by the service board, the slave card further receives and records the mapping public network IP address and mapping transmission from the service board. The correspondence table of the protocol port numbers.
7、 根据权利要求 1至 6中任意一项所述的方法, 其特征在于, 还包 括:  The method according to any one of claims 1 to 6, further comprising:
8、 一种网间路由装置, 包括至少两块用于报文转发的子卡, 其特征 在于, 每一块子卡进一步包括: 8. An inter-network routing device, comprising at least two sub-cards for packet forwarding, wherein each sub-card further comprises:
第一报文接收单元, 用于接收私网侧发送端发出的第一报文; 所述 第一 4艮文中携带所述私网侧发送端的私网 IP地址和私网侧发送端的传输 协议端口号;  The first packet receiving unit is configured to receive the first packet sent by the sending end of the private network side; the first packet carries the private network IP address of the sending end of the private network side and the transmission protocol port of the sending end of the private network side number;
公网地址获取单元, 用于根据所述私网侧发送端的私网 IP地址和私 网侧发送端的传输协议端口号, 查询预设置在所述子卡中的私网地址及 端口与映射用公网地址及端口的对应关系表, 获取与所述私网侧发送端 的私网 I P地址和私网侧发送端的传输协议端口号对应的所述映射用公网 IP地址和映射用传输协议端口号;  The public network address obtaining unit is configured to query, according to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, port, and mapping publicly set in the subcard Corresponding relationship table between the network address and the port, and obtaining the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
公网地址替换单元, 用于将所述第一报文中的所述私网侧发送端的 私网 IP地址和私网侧发送端的传输协议端口号, 替换为所述映射用公网 IP地址和映射用传输协议端口号,生成携带所述映射用公网 IP地址和映 射用传输协议端口号的第二报文; a public network address replacing unit, configured to replace the private network IP address of the private network side sending end and the transport protocol port number of the private network side sending end in the first packet with the public IP address of the mapping and Mapping uses the transport protocol port number to generate a public network IP address and mapping that carries the mapping Transmitting a second message of the transmission protocol port number;
第二报文发送单元, 用于将所述第二报文发送给公网侧。  The second packet sending unit is configured to send the second packet to the public network side.
9、 根据权利要求 8所述的装置, 其特征在于, 还包括:  9. The device according to claim 8, further comprising:
第三报文接收单元, 用于接收公网侧返回的第三报文; 所述第三报 文中携带所述映射用公网 I P地址和映射用传输协议端口号;  a third packet receiving unit, configured to receive a third packet returned by the public network side; the third packet carries the public IP address of the mapping and a transport protocol port number for mapping;
私网地址获取单元, 用于根据所述映射用公网 IP地址和映射用传输 协议端口号, 查询所述对应关系表, 获取与所述映射用公网 IP地址和映 射用传输协议端口号对应的所述私网侧发送端的私网 I P地址和私网侧发 送端的传输协议端口号;  The private network address obtaining unit is configured to query the correspondence relationship table according to the mapping public network IP address and the mapping transmission protocol port number, and obtain the public network IP address and the mapping transmission protocol port number corresponding to the mapping The private network IP address of the sender on the private network side and the transport protocol port number of the sender on the private network side;
私网地址替换单元, 用于将所述第三报文中的所述映射用公网 I P地 址和映射用传输协议端口号, 替换为所述私网 IP地址和私网侧发送端的 传输协议端口号, 生成携带所述私网侧发送端的私网 I P地址和私网侧发 送端的传输协议端口号的第四报文;  The private network address replacing unit is configured to replace the mapping with the public network IP address and the mapping transmission protocol port number in the third packet with the private network IP address and the transmission protocol port of the private network side transmitting end. No., generating a fourth packet carrying the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
第四报文发送单元, 用于将所述第四报文发送给所述私网侧发送端。 And a fourth packet sending unit, configured to send the fourth packet to the private network side sending end.
1 0、 根据权利要求 8所述的装置, 其特征在于, 还包括: The device according to claim 8, further comprising:
公网地址分配单元, 用于当所述子卡中不存在所述对应关系表时, 为所述第一 4艮文中的所述私网侧发送端的私网 IP地址和私网侧发送端的 传输协议端口号分配所述映射用公网 IP地址和映射用传输协议端口号。  a public network address allocation unit, configured to: when the corresponding relationship table does not exist in the child card, the private network IP address of the private network side transmitting end and the private network side transmitting end of the first The protocol port number assigns the mapping with the public network IP address and the mapping transport protocol port number.
1 1、 根据权利要求 10所述的装置, 其特征在于, 还包括:  The device according to claim 10, further comprising:
对应关系记录单元, 用于在所述子卡分配所述映射用公网 I P地址和 映射用传输协议端口号后, 将分配的所述映射用公网 I P地址和映射用传 输协议端口号记录到所述对应关系表。  Corresponding relationship recording unit, configured to record the mapped public network IP address and the mapping transmission protocol port number to the subcard after the mapping public network IP address and the mapping transmission protocol port number are allocated to the subcard The correspondence table.
12、 根据权利要求 8所述的装置, 其特征在于, 还包括:  12. The device according to claim 8, further comprising:
报文转发单元, 用于当所述子卡中不存在所述对应关系表时, 所述 子卡将私网侧发出的第一报文转发至业务板; 以使得所述业务板为所述 第一 4艮文中的所述私网侧发送端的私网 I P地址和私网侧发送端的传输协 议端口号分配所述映射用公网 I P地址和映射用传输协议端口号, 并将分 配的所述映射用公网 I P地址和映射用传输协议端口号记录到所述对应关 系表;  a packet forwarding unit, configured to: when the sub-card does not have the corresponding relationship table, the sub-card forwards the first packet sent by the private network side to the service board; The private network IP address of the private network side sender and the transport protocol port number of the private network side sender end in the first message are assigned to the public network IP address for mapping and the transport protocol port number for mapping, and the assigned The mapping is recorded to the correspondence relationship table by using a public network IP address and a mapping transmission protocol port number;
公网地址接收单元, 用于接收所述业务板分配的所述映射用公网 IP 地址和映射用传输协议端口号, 以替换所述私网侧发送端的私网 IP地址 和私网侧发送端的传输协议端口号。 a public network address receiving unit, configured to receive the mapping public IP address and the mapping transmission protocol port number allocated by the service board, to replace the private network IP address of the private network side sending end and the private network side sending end Transport protocol port number.
1 3、 根据权利要求 12所述的装置, 其特征在于, 还包括: The device according to claim 12, further comprising:
对应关系表接收单元, 用于在接收所述业务板分配的所述映射用公 网 I P地址和映射用传输协议端口号时, 从所述业务板接收记录了所述映 射用公网 IP地址和映射用传输协议端口号的所述对应关系表。  a correspondence relationship receiving unit, configured to receive, when receiving the mapping public network IP address and the mapping transmission protocol port number allocated by the service board, the public IP address and the mapping public address from the service board Mapping the correspondence table of the transport protocol port number.
14、 根据权利要求 8至 1 3中任意一项所述的装置, 其特征在于, 还 包括: 述对应关系表删除。  The apparatus according to any one of claims 8 to 13, characterized by further comprising: deleting the correspondence table.
PCT/CN2011/074975 2011-05-31 2011-05-31 Packet forwarding method and inter-network routing apparatus WO2011157126A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2011800007448A CN102204191A (en) 2011-05-31 2011-05-31 A message transmission method and a network-network routing device
PCT/CN2011/074975 WO2011157126A2 (en) 2011-05-31 2011-05-31 Packet forwarding method and inter-network routing apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/074975 WO2011157126A2 (en) 2011-05-31 2011-05-31 Packet forwarding method and inter-network routing apparatus

Publications (2)

Publication Number Publication Date
WO2011157126A2 true WO2011157126A2 (en) 2011-12-22
WO2011157126A3 WO2011157126A3 (en) 2012-04-26

Family

ID=44662813

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/074975 WO2011157126A2 (en) 2011-05-31 2011-05-31 Packet forwarding method and inter-network routing apparatus

Country Status (2)

Country Link
CN (1) CN102204191A (en)
WO (1) WO2011157126A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102938795B (en) * 2012-11-16 2016-02-24 赛尔网络有限公司 The method of IPv6 address access IPv4 resource is realized by tunnel and address transition
WO2015018069A1 (en) * 2013-08-09 2015-02-12 华为技术有限公司 Method, device and system for acquiring service by network terminal
CN108566445B (en) * 2018-03-15 2020-12-08 华为技术有限公司 Message transmission method and device
CN110048913B (en) * 2019-04-30 2022-09-30 广东赛特斯信息科技有限公司 BFD-based method for realizing NAT traversal bidirectional detection processing
CN110753135A (en) * 2019-10-10 2020-02-04 深圳震有科技股份有限公司 IP address configuration method, configuration equipment and storage medium
CN111327718B (en) * 2020-02-07 2022-08-19 联想(北京)有限公司 Service calling method, device, equipment and computer readable storage medium
CN112333298B (en) * 2020-12-01 2022-09-02 武汉绿色网络信息服务有限责任公司 Message transmission method and device, computer equipment and storage medium
CN113709242A (en) * 2021-08-26 2021-11-26 华为技术有限公司 Message forwarding method and communication device
CN115334035B (en) * 2022-07-15 2023-10-10 天翼云科技有限公司 Message forwarding method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119382A (en) * 2007-09-06 2008-02-06 中兴通讯股份有限公司 Method of mutual communication of IPv4 network and IPv6 network and communication network element system
CN101227361A (en) * 2008-01-29 2008-07-23 中兴通讯股份有限公司 System and method for accessing client end to next network
US20090213867A1 (en) * 2008-02-26 2009-08-27 Dileep Kumar Devireddy Blade router with nat support

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119382A (en) * 2007-09-06 2008-02-06 中兴通讯股份有限公司 Method of mutual communication of IPv4 network and IPv6 network and communication network element system
CN101227361A (en) * 2008-01-29 2008-07-23 中兴通讯股份有限公司 System and method for accessing client end to next network
US20090213867A1 (en) * 2008-02-26 2009-08-27 Dileep Kumar Devireddy Blade router with nat support

Also Published As

Publication number Publication date
WO2011157126A3 (en) 2012-04-26
CN102204191A (en) 2011-09-28

Similar Documents

Publication Publication Date Title
WO2011157126A2 (en) Packet forwarding method and inter-network routing apparatus
CN105376299B (en) Network communication method, equipment and network attached storage equipment
WO2011124132A1 (en) Data communications system and method
KR101995145B1 (en) Method operating in a fixed access network and ues
WO2020248963A1 (en) Method and apparatus for establishing end-to-end network connection, and network system
WO2010139194A1 (en) Method and device of host with ipv4 application for performing communication
WO2011160367A1 (en) Forwarding method and device for network address translation
CN107094110B (en) DHCP message forwarding method and device
US11784963B2 (en) NAT traversal method, device, and system
KR101381701B1 (en) Data message processing method, system and access service node
WO2016134624A1 (en) Routing method, device and system, and gateway dispatching method and device
JP2010050547A (en) Address conversion device, method and program, name resolution system, method and program, and node
WO2011131088A1 (en) Data message processing method, ingress tunnel router and system
CN111711705B (en) Method and device for realizing network connection based on bidirectional NAT (network Address translation) by proxy node
WO2011107052A2 (en) Method and access node for preventing address conflict
JP6386166B2 (en) Translation method and apparatus between IPv4 and IPv6
US20150032898A1 (en) Method for establishing a virtual community network connection and a system for implementing said method
CN107547690B (en) Port allocation method and device in NAT, NAT equipment and storage medium
CN107046537B (en) DNS-SD-based method for discovering AllJoyn service by OCF client
EP2568666A1 (en) Ip address obtaining method and network access device
CN105306607A (en) Domain name inquiry method and system
WO2015139397A1 (en) Nat64 resource acquisition method and acquisition/distribution apparatus
WO2014169590A1 (en) Data service communication method, device, and system
WO2011124121A1 (en) Inter-network data communication system and method
JP2013126219A (en) Transfer server and transfer program

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180000744.8

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11795092

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11795092

Country of ref document: EP

Kind code of ref document: A2