WO2011157126A2 - Procédé de réacheminement de paquets et appareil de routage inter-réseaux - Google Patents

Procédé de réacheminement de paquets et appareil de routage inter-réseaux Download PDF

Info

Publication number
WO2011157126A2
WO2011157126A2 PCT/CN2011/074975 CN2011074975W WO2011157126A2 WO 2011157126 A2 WO2011157126 A2 WO 2011157126A2 CN 2011074975 W CN2011074975 W CN 2011074975W WO 2011157126 A2 WO2011157126 A2 WO 2011157126A2
Authority
WO
WIPO (PCT)
Prior art keywords
address
private network
mapping
network side
port number
Prior art date
Application number
PCT/CN2011/074975
Other languages
English (en)
Chinese (zh)
Other versions
WO2011157126A3 (fr
Inventor
杨新江
高鹏
滕新东
佟兴
向海洲
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2011/074975 priority Critical patent/WO2011157126A2/fr
Priority to CN2011800007448A priority patent/CN102204191A/zh
Publication of WO2011157126A2 publication Critical patent/WO2011157126A2/fr
Publication of WO2011157126A3 publication Critical patent/WO2011157126A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • H04L49/3009Header conversion, routing tables or routing tags
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/60Router architectures

Definitions

  • the present invention relates to the field of networks, and in particular, to a packet forwarding method and an inter-network routing device. Background technique
  • NAT Network twork Addres s Trans l a t i on, network address translation
  • NAT technology is a technology for realizing the conversion between private IP addresses and public IP addresses.
  • NAT technology can be used to convert private I Pv4 addresses and IPv6 addresses of a large number of private network users into a small number of public IP Pv4 addresses, so that private network users can use I Pv4 addresses.
  • the connection to the public network is connected.
  • the conversion of a private IP address and an IPv6 address to a public network IP address is usually performed by an inter-network routing device as shown in FIG.
  • the packet on the private network side is sent to the private network side interface card through the private network side subcard.
  • the private network side interface board forwards the packet to the service board.
  • the service board performs NAT address mapping to complete the conversion from the private IP address to the public IP address.
  • the packets of the NAT address mapping are forwarded to the public network side interface card and sent to the public network through the public network side subcard.
  • the performance of the processing chip of the service board is limited, so that the processing performance of the service board is degraded, which becomes a bottleneck in the entire packet forwarding process.
  • the processing speed of the text is significantly higher than the speed at which the service board performs NAT address mapping.
  • the processing speed of the entire network routing device is limited by the processing speed of the service board, which wastes the processing capability of the interface board, making the overall processing speed difficult to further improve, and greatly affecting the packet forwarding speed. , is not conducive to large-scale commercial applications.
  • the embodiment of the invention provides a packet forwarding method and an inter-network routing device, which improves the speed of packet forwarding.
  • the embodiment of the present invention adopts the following technical solution: A packet forwarding method is applied to an inter-network routing device, where the inter-network routing device includes at least two sub-cards for forwarding packets.
  • the methods include:
  • Each of the sub-cards receives the first packet sent by the transmitting end of the private network side; the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side; The private network IP address of the sender on the private network side and the transport protocol port number of the sender on the private network side. Query the correspondence between the private network address and port pre-configured in the subcard and the public network address and port for mapping. The mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
  • An inter-network routing device includes at least two sub-cards for packet forwarding, and each sub-card further includes:
  • the first packet receiving unit is configured to receive the first packet sent by the sending end of the private network side; the first text carries the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side;
  • the public network address obtaining unit is configured to query the private network address, port, and mapping pre-set in the sub-card according to the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side. Corresponding relationship table between the network address and the port, and obtaining the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side;
  • a public network address replacing unit configured to send the private network side sender end in the first packet
  • the private network IP address and the transport protocol port number of the private network side sender are replaced by the mapping public network IP address and the mapping transport protocol port number, and the public network IP address for mapping and the transport protocol port number for mapping are generated.
  • the second packet sending unit is configured to send the second packet to the public network side.
  • the embodiment of the present invention provides a packet forwarding method and an inter-network routing device, which perform network address translation processing on a packet passing through the sub-card directly on each sub-card of the inter-network routing device, without
  • the network address translation processing is performed on the service board, which not only reduces the processing load of the service board, but also avoids the limitation of the processing speed of the entire network routing device by the service board to the network address translation processing speed of the service board.
  • the speed of message forwarding is performed on the service board, which not only reduces the processing load of the service board, but also avoids the limitation of the processing speed of the entire network routing device by the service board to the network address translation processing speed of the service board.
  • FIG. 1 is a schematic diagram of an inter-network routing device responsible for packet forwarding provided by the prior art
  • FIG. 2 is a flowchart of a method for forwarding a packet according to Embodiment 1 of the present invention
  • FIG. 3 is a block diagram of a subcard of an inter-network routing device in Embodiment 1 of the present invention.
  • FIG. 4 is a schematic diagram of an inter-network routing apparatus according to Embodiment 2 of the present invention.
  • FIG. 5 is a flowchart of a method for forwarding a packet according to Embodiment 2 of the present invention.
  • FIG. 6 is a schematic diagram of another inter-network routing apparatus according to Embodiment 2 of the present invention.
  • FIG. 7 is a schematic diagram of an inter-network routing apparatus provided in Embodiment 3 of the present invention.
  • FIG. 8 is a flowchart of a method for forwarding a packet according to Embodiment 3 of the present invention.
  • FIG. 9 is a block diagram of a subcard of an inter-network routing device according to Embodiment 4 of the present invention.
  • Figure 10 is a block diagram of the daughter card of the inter-network routing device based on Figure 9.
  • the embodiment of the invention provides a packet forwarding method. As shown in FIG. 2, the method includes the following steps:
  • the subcard receives the first packet sent by the sending end of the private network side.
  • the daughter card is located on an inter-network routing device between the private network and the public network.
  • the inter-network routing device usually includes a plurality of sub-cards, a plurality of interface boards corresponding to the sub-cards, and at least one switching network board for connecting to the interface board.
  • Each subcard receives the first message sent by the sender on the private network side.
  • the first file carries the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end.
  • the first packet carries the public network IP address of the receiving end of the public network side, the transmission protocol port number of the receiving end of the public network side, and the transmission protocol used by the first packet.
  • the conversion of the address and the port is performed in the sub-card: by querying the corresponding relationship table, obtaining a private network IP address and a private network with the sending end of the private network side
  • the mapping of the transmission protocol port number of the side transmitting end uses the public network IP address and the mapping transmission protocol port number, and replaces the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side.
  • the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end recorded in the first text are replaced and changed to the second message.
  • the second packet still carries the data information in the first packet. 1 04. Send the second packet to the public network side.
  • the second packet carries the public network IP address for mapping and the transport protocol port number for mapping, the public network IP address of the receiving end of the public network side, and the transport protocol port number of the receiving end of the public network side, and the The transport protocol used by the first message.
  • the second packet is finally sent to the receiving end of the public network side.
  • a TCP Transmit s i on Cont ro l Pro toco l
  • the device sends a first packet based on the TCP to the device B, and the IP address of the private network of the device A and the public IP address of the device B are recorded in the IP packet header of the first packet.
  • the TCP packet header the TCP port number of the device A and the TCP port number of the device B of the receiver are recorded.
  • the sub-card of the inter-network routing device After receiving the first packet based on the TCP, the sub-card of the inter-network routing device obtains a mapping IP address corresponding to the private network IP address of the device A by searching the corresponding relationship table, and the The TCP port number corresponding to the TCP port number of the device A uses the TCP port number, and the mapping IP address and the mapping TCP port number are used to replace the private IP address of the original device A and the TCP port number of the device A, thereby generating a TCP-based Second message.
  • the second TCP-based packet is finally transmitted to the device B in the public network.
  • the embodiment of the present invention further provides an inter-network routing device, where the inter-network routing device includes at least two sub-cards for packet forwarding.
  • the structure of the subcard is as shown in FIG. 3, and includes: a first packet receiving unit 31, a public network address obtaining unit 32, a public network address replacing unit 33, and a second packet transmitting unit 34.
  • the first packet receiving unit 31 is configured to receive the first packet sent by the sending end of the private network side, where the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol of the transmitting end of the private network side.
  • the port number is configured to be used to transmit the first packet sent by the sending end of the private network side.
  • the public network address obtaining unit 32 is configured to query, according to the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, the port, and the mapping preset in the subcard.
  • the mapping table between the public network address and the port obtains the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end.
  • the public network address replacing unit 33 is configured to replace the private network IP address of the private network side transmitting end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address. And mapping with the transport protocol port number, generating a public network IP carrying the mapping The address and mapping are the second text of the transport protocol port number.
  • the second packet sending unit 34 is configured to send the second packet to the public network side.
  • the embodiment of the invention provides a packet forwarding method and an inter-network routing device.
  • the address and port number mapping function is deployed on the daughter card of the inter-network routing device, and the distributed processing of the network address translation is performed by the daughter card to mitigate
  • the processing load of the service board avoids the limitation of the processing speed of the entire network routing device by the service board to perform network address translation processing on the packet, which greatly improves the packet forwarding speed.
  • the network on the private network side is more complex than the network on the public network side.
  • the number of subcards on the private network side is larger than the number of subcards on the public network side.
  • the embodiment of the present invention provides a packet forwarding method. As shown in FIG. 5, the method includes the following steps:
  • the service acceleration subcard receives the first packet sent by the sending end of the private network side.
  • the first packet is first transmitted to the private network side sub-card and forwarded by the private network side sub-card to the private network side interface board. After the private network side interface board performs corresponding processing on the first packet, The first packet is forwarded to the public network side interface board, and is forwarded by the public network side interface board to the service power port speed daughter card.
  • a part of the packet that needs to be processed in the service board (for example, the parsing of the application layer information) is forwarded to the private network side interface board.
  • the service board After the service board completes the related processing on the service board, the service board forwards the information to the public network side interface board.
  • the first message sent by the sending end of the private network side includes the private network IP address of the sending end of the private network side and the transmission protocol port number of the sending end of the private network side, the transmission protocol used by the first file, and the public A quintuple consisting of the public network IP address of the receiving end of the network side and the transport protocol port number of the receiving end of the public network side.
  • the device of the private network side transmitting end of the private network IP address establishes a message transmission path with the device of the public network side receiving end of the public network IP address, and the transmission protocol port of the transmitting end of the private network side is used.
  • the transmission protocol port of the receiving end of the public network side sends the corresponding message processing and address mapping through the inter-network routing device, and transmits the corresponding data to the destination of the receiving end of the public network side.
  • the service acceleration subcard determines whether there is a first one sent by the sending end of the private network side. Corresponding relationship table corresponding to the text.
  • step 203 When the correspondence table exists in the service acceleration daughter card, the process goes to step 203; otherwise, the process goes to step 205.
  • the service acceleration sub-card obtains the mapping public network IP address and the mapping transmission protocol port number in the correspondence table corresponding to the first packet according to the quintuple of the first packet.
  • the first packet is transmitted to the service acceleration subcard of the inter-network routing device, and the service acceleration subcard searches the correspondence table according to the quintuple of the first packet to obtain the first ⁇
  • the mapping of the quintuple's quintuple uses the public network IP address and the mapping protocol port number.
  • the quintuple in the second packet is a public network IP address for mapping and a transport protocol port number for mapping, a transport protocol used by the first packet, and a public network IP address of the receiving end of the public network side.
  • the transmission protocol port number of the receiving end of the public network side is a public network IP address for mapping and a transport protocol port number for mapping, a transport protocol used by the first packet, and a public network IP address of the receiving end of the public network side.
  • step 204 After step 204 is performed, the process proceeds to step 206.
  • the service acceleration subcard allocates the public network IP address of the mapping and the transmission protocol protocol for the public network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message.
  • the port number The port number.
  • the service acceleration subcard records the mapping with the public network IP address and the mapping transmission protocol port number to the correspondence table.
  • the correspondence table records the correspondence between the quintuple of the first packet and the public IP address of the mapping and the transport protocol port number of the mapping, and has the same five-tuple as the first packet.
  • the mapping public network IP address and the mapping transmission protocol port number can be obtained by directly searching the corresponding relationship table, without performing the steps again. 205.
  • the second packet is sent to the public network side by the service acceleration subcard and finally transmitted to the public network side receiving end. 207.
  • the service acceleration subcard receives the third packet returned by the public network side.
  • the receiving end of the public network side receives the second packet, and performs a related process on the public network side of the second packet to generate a third packet.
  • the third packet carries the public IP address for mapping and the transport protocol port number for mapping, the transport protocol used by the third packet (same as the transport protocol used by the first packet), and the public network.
  • a quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
  • the third packet performs corresponding packet processing and network address translation by using the inter-network routing device.
  • the service acceleration subcard queries the corresponding relationship table, and obtains a private network IP address of the private network side sender end and a private network side sender end corresponding to the mapping public network IP address and the mapping transmission protocol port number. Protocol port number.
  • the third packet returned from the public network side is transmitted to the service acceleration daughter card of the network routing device, and the service acceleration daughter card searches for the correspondence table according to the quintuple of the third packet. And obtaining a private network IP address of the private network side sender end and a transport protocol port number of the private network side sender end corresponding to the third packet.
  • the correspondence table may be one, that is, the first text and the third text respectively obtain an address through the same correspondence table; optionally, two correspondence tables may also be set. They are a forward correspondence table and a reverse correspondence table, respectively.
  • the service acceleration subcard allocates the public IP address of the mapping and the transmission protocol port number of the mapping by the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. And the service acceleration subcard records the mapping of the public network IP address and the mapping transmission protocol port number to the forward correspondence table, and in the forward correspondence table, the foregoing A four-tuple quintuple can uniquely determine the corresponding public network for mapping
  • the private network IP address of the corresponding private network side sender and the transport protocol port number of the private network side sender end can be uniquely determined.
  • the private network IP addresses of the different private network side senders are different, so that the mapping public IP address corresponding to the mapping may be uniquely determined by the quintuple of the first packet.
  • the address and the mapping protocol port number are used, and the private network IP address of the corresponding private network side transmitting end and the transmission protocol port number of the private network side transmitting end are uniquely determined by the quintuple of the third message.
  • the computers in different VPNs can use the same private IP address, and the different private network side senders
  • the quintuple of a message can be identical.
  • the corresponding public IP address and mapping of the mapping are determined by the quintuple of the first packet and the identifier of the VPN where the transmitting end of the private network side of the first packet is sent.
  • the quintuple of the third packet and the identifier of the VPN where the sender of the private network side of the first packet are sent are jointly determined to be sent by the corresponding private network side.
  • the service acceleration subcard replaces the mapping between the public network IP address and the mapping transmission protocol port number in the third file with the private network IP address of the private network side sending end and the private network side sending end. Transmitting a protocol port number to generate a private network carrying the sender on the private network side
  • the fourth address of the IP address and the transmission protocol port number of the sender on the private network side is the fourth address of the IP address and the transmission protocol port number of the sender on the private network side.
  • the fourth packet is forwarded to the public network side interface board by the service acceleration subcard, and is forwarded by the public network side interface board to the private network side interface board, and then sent to the private network through the private network side subcard.
  • the side sender transmits.
  • a part of the packet that needs to be processed in the service packet (for example, the parsing of the application layer information) in the fourth packet is forwarded to the service board after being sent to the service board in the service board. After the related processing is complete, the service board forwards the packet to the private network side interface board.
  • a sub-card routing table is usually stored on the service board, and the routing relationship between the private network side sub-card and the public network side sub-card is recorded on the sub-card routing table.
  • the service board may send the sub-card routing table to the private network side sub-card and the service acceleration sub-card respectively.
  • the private network side sub-card forwards the first packet received by the private network side interface board to the public network side interface board and finally to the sub-card routing.
  • the service acceleration subcard forwards the third packet received by the service acceleration card to the interface board of the public network side and the interface board of the private network side, and finally sends the packet to the subcard routing table record.
  • the private network side of the subcard corresponding to the private network side of the subcard.
  • the service acceleration daughter card of the inter-network routing device queries the corresponding relationship table to send the first report sent by the IPv4 private network.
  • the private network IP address of the private network side sender and the transport protocol port number of the private network side sender end are replaced with the IPv4 format mapping public.
  • the network IP address and the mapping protocol port number are used, and the second packet that completes the network address translation is sent to the IPv4 public network.
  • the service acceleration daughter card of the inter-network routing device queries the corresponding relationship table to return the third packet returned by the IPv4 public network.
  • the mapping in the IPv4 format is replaced with the public network IP address of the private network side sender and the transport protocol port number of the private network side sender end in the IPv4 format by using the public network IP address and the mapping transport protocol port number.
  • the method provided by the embodiment of the present invention may also be performed.
  • the IP address of the IPv6 address is prefixed with the NAT64 prefix, and the remaining part of the I Pv6 address with the NAT64 prefix removed is the corresponding IP address.
  • the service acceleration subcard After receiving the first packet sent by the IPv6 private network, the service acceleration subcard replaces the private network IP address in the IPv6 format and the transport protocol port number of the private network side sender with the public network IP address in the IPv4 format according to the mapping table. The address and the mapping protocol port number are used.
  • the NAT64 prefix in the public network IP address of the public network side of the IPv6 format is also deleted.
  • the public network IP address of the public network side receiving end in IPv4 format is obtained.
  • the mapping in the IPv4 format is replaced with the public network IP address and the mapping transmission protocol port number in the IPv6 format according to the correspondence table.
  • the public network IP address of the public network side of the IPv4 format is prefixed with NAT64, and the IPv6 format is restored. The text is sent to the corresponding destination in the IPv6 private network.
  • IPv6 addresses that use IVI technology for network address translation
  • the IPv6 address has an I VI prefix
  • the rest of the IPv6 address with the IVI prefix removed is the corresponding IPv4 address.
  • the address translation between the IPv6 address and the IPv4 address of the service-accelerated daughter card is similar to the address translation between the IP address and the IPv4 address of the NAT prefix, and is not described here.
  • the function of allocating the mapping public network IP address and the mapping transmission protocol port number and the function of creating the correspondence relationship table may be retained in the service board.
  • the service acceleration subcard forwards the first packet sent by the private network side to the service board, so that the service board is the first one sent by the private network side.
  • Packet allocation mapping uses public IP address and mapping transmission
  • the protocol port number is created, and the corresponding correspondence table is created, and the corresponding relationship table is configured on the service acceleration daughter card.
  • the service acceleration subcard sends the second packet generated after the network address translation on the service board to the public network side.
  • the device may directly search for the Correspond to the relationship table, and perform the corresponding network address translation. It is not necessary to forward the packet to the service board for processing.
  • all the functions of the service board can be integrated into the service acceleration sub-card, and the service board is cancelled in the inter-network routing device, as shown in FIG. 6.
  • the service acceleration daughter card divides the corresponding relationship table J of the saved access that has been saved by itself.
  • UDP User Data Protocol
  • the service acceleration subcard receives the F IN/RST packet, it directly initiates rapid aging and deletes the corresponding relationship table of the corresponding TCP packet.
  • each public network subcard can be configured as the service acceleration subcard to share part of the network address translation function and improve the network address translation efficiency of the entire device.
  • the embodiment of the present invention provides a packet method, where the address and port number mapping function is deployed on the sub-card, which reduces the processing load of the service board, and avoids the processing speed of the packet flow processing by the entire network routing device.
  • the board limits the speed of network address translation processing on packets, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
  • the method provided by the embodiment of the present invention can be applied to address mapping between I Pv4 and address mapping between I Pv6 and IPv4 at the same time.
  • the service acceleration sub-card of the inter-network routing device in the second embodiment of the present invention is located on the public network side, and is applicable to an application environment with stable networking conditions.
  • the networking status is in a state of constant change (for example, when the network complexity on the private network side is lower than the network complexity on the public network side, installing the service acceleration daughter card on the private network side can save the cost of the device).
  • the service acceleration daughter card in the second embodiment of the invention needs to be frequently disassembled and changed in the installation position, resulting in cumbersome operation and insufficient flexibility of the entire device.
  • the network address translation function can be integrated on the public network side subcard and the private network side subcard, respectively, to form a private network side service acceleration subcard and a public network side service acceleration subcard, as shown in FIG. 7.
  • the embodiment of the present invention provides a packet forwarding method. As shown in FIG. 8, the method includes the following steps:
  • the private network side service acceleration subcard receives the first packet sent by the sending end of the private network side.
  • the first message sent by the sending end of the private network side includes the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side, and the transmission protocol used by the first file and the public network.
  • a quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
  • a part of the packet that needs to be processed in the service board (for example, the parsing of the application layer information) is forwarded to the private network side interface board.
  • the service board After the service board completes the related processing on the service board, the service board forwards the information to the public network side interface board.
  • the private network side service acceleration subcard determines whether there is a correspondence table corresponding to the first message sent by the sending end of the private network side.
  • step 303 When the correspondence table exists in the private network side service acceleration daughter card, the process goes to step 303; otherwise, the process goes to step 305.
  • the private network side service acceleration subcard obtains the mapping public network IP address and the mapping transport protocol port number in the correspondence table corresponding to the first packet according to the quintuple of the first packet.
  • step 304 After performing step 304, the process proceeds to step 306.
  • the private network side service acceleration subcard forwards the first packet to the service board.
  • the service board allocates the public network IP address of the private network side of the first network and the transport protocol port number of the private network side of the first network to allocate the public IP address for mapping and the transport protocol port number for mapping. Second message. At the same time, the service board records the mapping of the public network IP address and the mapping transmission protocol port number to the corresponding relationship table, and sends the corresponding relationship table to the private network side service acceleration daughter card and the public network respectively. Side service acceleration daughter card.
  • the service board can generate two correspondence tables, which are positive correspondences.
  • the table and the reverse correspondence table are sent to the private network side service acceleration daughter card, and the reverse correspondence table is sent to the public network side service acceleration daughter card.
  • the forward correspondence table and the reverse correspondence table refer to the description in Embodiment 2, and details are not described herein again.
  • the private network side service acceleration subcard forwards the second packet to the public network side interface board through the private network side interface board, and forwards the second packet to the public network side service acceleration daughter card by the public network side interface board, and then The public network side service acceleration subcard is transmitted to the receiving end of the public network side.
  • the service network acceleration subcard of the public network side receives the third packet returned by the receiving end of the public network side.
  • the receiving end of the public network side receives the second packet, and performs a related process on the public network side of the second packet to generate a third packet.
  • the third packet carries the public IP address for mapping and the transport protocol port number for mapping, the transport protocol used by the third packet (same as the transport protocol used by the first packet), and the public network.
  • a quintuple consisting of the public network IP address of the side receiving end and the transport protocol port number of the receiving end of the public network side.
  • the public network side service acceleration subcard queries the corresponding relationship table, and obtains a private network IP address and a private network side of the private network side sending end corresponding to the mapping public network IP address and the mapping transmission protocol port number.
  • the transmission protocol port number of the sender is not limited to the public network side service acceleration subcard.
  • the public network side service acceleration subcard replaces the mapping in the third packet with the public network IP address and the mapping transmission protocol port number with the private network IP address and the private network of the private network side sending end.
  • the transmission protocol port number of the side transmitting end generates a fourth packet carrying the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the transmitting end of the private network side.
  • the public network side service acceleration subcard forwards the fourth packet to the private network side interface board through the public network side interface board, and forwards the private network side interface board to the private network side service acceleration subcard, and then privately The network side service acceleration subcard sends the fourth packet to the private network side.
  • the fourth packet is forwarded to the public network side interface board by the service acceleration subcard, and is forwarded by the public network side interface board to the private network side interface board, and then sent to the private network through the private network side subcard.
  • the side sender transmits.
  • a part of the packet that needs to be processed in the service packet (for example, the parsing of the application layer information) in the fourth packet is forwarded to the service board after being sent to the service board in the service board. After the related processing is complete, the service board forwards the packet to the private network side interface board.
  • a sub-card routing table is usually stored on the service board, and the routing relationship between the private network side sub-card and the public network side sub-card is recorded on the sub-card routing table.
  • the service board may send the sub-card routing table to the private network side service acceleration sub-card and the service acceleration sub-card respectively.
  • the private network-side service sub-card forwards the first packet received by the private network side interface board to the public network side interface board and the public network side interface board, and finally sends the packet to the sub-card.
  • the service acceleration subcard forwards the third packet received by the service acceleration card to the interface card of the public network side and the interface board of the private network side, and finally sends the packet to the subcard routing table. Record the corresponding private network side subcard.
  • the method in the embodiment of the present invention may be applied to network address translation between an IPv4 private network and an IPv4 public network, and network address translation between an I Pv6 private network and an IPv4 public network (including NAT64 technology and IV I technology), and the specific description may be Reference is made to the description in Embodiment 2 of the present invention, and details are not described herein again.
  • the private network IP addresses of the different private network side senders are different, so that the mapping public IP address corresponding to the mapping may be uniquely determined by the quintuple of the first packet.
  • the address and the mapping protocol port number are used, and the private network IP address of the corresponding private network side transmitting end and the transmission protocol port number of the private network side transmitting end are uniquely determined by the quintuple of the third message.
  • computers in different VPNs can be used.
  • the same private IP address, the quintuple of the first packet on the different private network side senders can be identical.
  • the corresponding public IP address and mapping of the mapping are determined by the quintuple of the first packet and the identifier of the VPN where the transmitting end of the private network side of the first packet is sent.
  • the quintuple of the third packet and the identifier of the VPN where the sender of the private network side of the first packet are sent are jointly determined to be sent by the corresponding private network side.
  • the function of allocating the mapping public network IP address and the mapping transmission protocol port number and the function of creating the correspondence relationship table may be integrated into the public network side service acceleration.
  • the sub-card and the private network side service acceleration sub-card; further, the other processing functions of the service board can be integrated into the public network side service acceleration sub-card and the private network side service acceleration sub-card, thereby being in the network
  • the service board is canceled in the routing device.
  • the embodiment of the present invention provides a packet forwarding method, in which the address and port number mapping function is deployed on the sub-card, which reduces the processing load of the service board, and avoids the processing speed of the packet processing by the entire network routing device.
  • the service board limits the speed of network address translation processing of packets, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
  • the method provided by the embodiment of the present invention can be applied to address mapping between IPv4 and address mapping between IPv6 and IPv4.
  • the service acceleration sub-card is deployed on both the public network side and the private network side, which is applicable to a scenario in which the networking situation is complex and variable, and the flexibility of the entire device is improved.
  • An embodiment of the present invention provides an inter-network routing device, where the inter-network routing device includes at least two sub-cards for packet forwarding.
  • the structure of the subcard is as shown in FIG. 9, and includes: a first packet receiving unit 41, a public network address obtaining unit 42, a public network address replacing unit 43, a second packet sending unit 44, and a third packet receiving unit. 45.
  • the first packet receiving unit 41 is configured to receive the first packet sent by the sending end of the private network side, where the first packet carries the private network IP address of the transmitting end of the private network side and the transmission protocol of the transmitting end of the private network side.
  • the port number is configured to be used to transmit the first packet sent by the sending end of the private network side.
  • the public network address obtaining unit 42 is configured to query, according to the private network IP address of the transmitting end of the private network side and the transmission protocol port number of the sending end of the private network side, the private network address, the port, and the mapping preset in the subcard.
  • the mapping table between the public network address and the port obtains the mapping public network IP address and the mapping transmission protocol port number corresponding to the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end. .
  • the public network address replacing unit 43 is configured to replace the private network IP address of the private network side transmitting end and the transport protocol port number of the private network side sending end in the first packet with the mapping public network IP address. And mapping the transport protocol port number to generate a second packet carrying the public IP address of the mapping and the transport protocol port number of the mapping.
  • the second packet sending unit 44 is configured to send the second packet to the public network side.
  • the third packet receiving unit 45 is configured to receive the third packet returned by the public network side.
  • the receiving end of the public network side receives the second packet, and performs related processing on the public network side of the second packet, and then generates a third packet and sends the packet to the inter-network routing device.
  • the third packet carries the public IP address for mapping and the transport protocol port number for mapping.
  • the private network address obtaining unit 46 is configured to query the correspondence relationship table according to the mapping public network IP address and the mapping transmission protocol port number, and obtain the mapping public network IP address and the mapping transmission protocol port number.
  • the private network address replacing unit 47 is configured to replace the mapping with the public network IP address and the mapping transmission protocol port number in the third packet with the private network IP address and the transmission protocol of the private network side transmitting end.
  • the port number is generated to generate a fourth packet carrying the private network IP address and the transmission protocol port number of the private network side sender.
  • the fourth packet sending unit 48 is configured to send the fourth packet to the private network side sending end.
  • the apparatus further includes: a public network address assigning unit 49, a correspondence relationship recording unit 410, a message forwarding unit 41 1 , a public network address receiving unit 412, a correspondence relationship table receiving unit 41 3, and Correspondence table deletion unit 414.
  • the public network address assigning unit 49 is configured to: when the corresponding relationship table does not exist in the subcard, the private network IP address of the private network side transmitting end and the private network side sending end of the first packet
  • the transport protocol port number assigns the mapping public network IP address and the mapping transport protocol port number.
  • the correspondence relationship recording unit 410 is configured to record the mapped public network IP address and the mapping transmission protocol port number after the mapping public network IP address and the mapping transmission protocol port number are allocated in the child card. Go to the correspondence table.
  • the message forwarding unit 411 is configured to: when the sub-card does not have the corresponding relationship table, the sub-card forwards the first packet sent by the private network side to the service board.
  • the service board allocates the public network IP address of the mapping and the transmission protocol port number of the mapping by the private network IP address of the private network side transmitting end and the transmission protocol port number of the private network side transmitting end in the first message. And mapping the allocated mapping to the correspondence relationship table by using a public network IP address and a mapping transmission protocol port number.
  • the public network address receiving unit 412 is configured to receive the mapping public IP address and the mapping transmission protocol port number allocated by the service board, to replace the private network IP address of the private network side sending end and the private network side sending The transport protocol port number of the end.
  • the correspondence relationship receiving unit 41 3 is configured to receive the record from the service board when receiving the mapping public network IP address and the mapping transmission protocol port number allocated by the service board.
  • the mapping uses the correspondence table of the public network IP address and the mapping transmission protocol port number.
  • the correspondence table deleting unit 414 is configured to delete the correspondence table that has been accessed in the child card.
  • Embodiment 2 and Embodiment 3 of the present invention For other application scenarios and related descriptions of the embodiments of the present invention, reference may be made to Embodiment 2 and Embodiment 3 of the present invention, and details are not described herein again.
  • the embodiment of the invention provides an inter-network routing device, which reduces the processing load of the service board by using the function of mapping the address and port number on the sub-card of the device, and avoids the flow of the entire network routing device.
  • the processing speed is limited by the speed at which the service board performs network address translation processing on the packet, which greatly improves the speed of packet forwarding and is beneficial to large-scale commercial applications.
  • the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. .
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk, etc. includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention se rapporte à un procédé de réacheminement de paquets et à un appareil de routage inter-réseaux. L'appareil de routage inter-réseaux comprend au moins deux sous-cartes utilisées pour le réacheminement des paquets. Le procédé de réacheminement de paquets consiste à : recevoir, au moyen de chaque sous-carte de l'appareil de routage inter-réseaux, un premier paquet envoyé depuis une extrémité de transmission côté privé ; demander, selon l'adresse IP du réseau privé et le numéro de port de protocole de transmission du réseau privé transmis dans le premier paquet, une table de relation de correspondance qui est préétablie dans la sous-carte, entre l'adresse et le port du réseau privé et l'adresse et le port du réseau public permettant un mappage, et obtenir l'adresse IP du réseau public et le numéro de port de protocole de transmission permettant un mappage correspondant à l'adresse IP du réseau privé et au numéro de port de protocole de transmission du réseau privé ; remplacer l'adresse IP du réseau privé et le numéro de port de protocole de transmission du réseau privé par l'adresse IP du réseau public permettant un mappage et par le numéro de port de protocole de transmission permettant un mappage, et générer un second paquet ; envoyer le second paquet au côté réseau public. La présente invention améliore la vitesse de réacheminement des paquets en arrangeant la fonction de traduction d'adresse de réseau dans chaque sous-carte.
PCT/CN2011/074975 2011-05-31 2011-05-31 Procédé de réacheminement de paquets et appareil de routage inter-réseaux WO2011157126A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2011/074975 WO2011157126A2 (fr) 2011-05-31 2011-05-31 Procédé de réacheminement de paquets et appareil de routage inter-réseaux
CN2011800007448A CN102204191A (zh) 2011-05-31 2011-05-31 一种报文转发方法和网间路由装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/074975 WO2011157126A2 (fr) 2011-05-31 2011-05-31 Procédé de réacheminement de paquets et appareil de routage inter-réseaux

Publications (2)

Publication Number Publication Date
WO2011157126A2 true WO2011157126A2 (fr) 2011-12-22
WO2011157126A3 WO2011157126A3 (fr) 2012-04-26

Family

ID=44662813

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/074975 WO2011157126A2 (fr) 2011-05-31 2011-05-31 Procédé de réacheminement de paquets et appareil de routage inter-réseaux

Country Status (2)

Country Link
CN (1) CN102204191A (fr)
WO (1) WO2011157126A2 (fr)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102938795B (zh) * 2012-11-16 2016-02-24 赛尔网络有限公司 通过隧道和地址转换实现IPv6地址访问IPv4资源的方法
CN104521189B (zh) * 2013-08-09 2017-10-17 华为技术有限公司 网络终端获取业务的方法、设备、系统
CN108566445B (zh) * 2018-03-15 2020-12-08 华为技术有限公司 一种报文传输方法及装置
CN110048913B (zh) * 2019-04-30 2022-09-30 广东赛特斯信息科技有限公司 基于bfd实现nat穿越双向检测处理的方法
CN110753135A (zh) * 2019-10-10 2020-02-04 深圳震有科技股份有限公司 一种ip地址配置方法、配置设备及存储介质
CN111327718B (zh) * 2020-02-07 2022-08-19 联想(北京)有限公司 一种服务调用方法、装置、设备及计算机可读存储介质
CN112333298B (zh) * 2020-12-01 2022-09-02 武汉绿色网络信息服务有限责任公司 报文传输方法、装置、计算机设备及存储介质
CN113709242A (zh) * 2021-08-26 2021-11-26 华为技术有限公司 报文转发方法和通信装置
CN115334035B (zh) * 2022-07-15 2023-10-10 天翼云科技有限公司 一种报文转发方法、装置、电子设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119382A (zh) * 2007-09-06 2008-02-06 中兴通讯股份有限公司 IPv4网络与IPv6网络互相通信的方法及通信网元系统
CN101227361A (zh) * 2008-01-29 2008-07-23 中兴通讯股份有限公司 将客户端接入下一代网络的方法及系统
US20090213867A1 (en) * 2008-02-26 2009-08-27 Dileep Kumar Devireddy Blade router with nat support

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119382A (zh) * 2007-09-06 2008-02-06 中兴通讯股份有限公司 IPv4网络与IPv6网络互相通信的方法及通信网元系统
CN101227361A (zh) * 2008-01-29 2008-07-23 中兴通讯股份有限公司 将客户端接入下一代网络的方法及系统
US20090213867A1 (en) * 2008-02-26 2009-08-27 Dileep Kumar Devireddy Blade router with nat support

Also Published As

Publication number Publication date
CN102204191A (zh) 2011-09-28
WO2011157126A3 (fr) 2012-04-26

Similar Documents

Publication Publication Date Title
WO2011157126A2 (fr) Procédé de réacheminement de paquets et appareil de routage inter-réseaux
EP2536092A1 (fr) Procédé et dispositif pour le mappage d'accès, et système de communications
CN105376299B (zh) 一种网络通信方法、设备及网络附属存储设备
WO2011124132A1 (fr) Système et procédé de communications de données
KR101995145B1 (ko) Ue들 및 고정 액세스 네트워크에서 작동하는 방법
WO2010139194A1 (fr) Procede et dispositif d'hôte avec application ipv4 permettant de realiser une communication
WO2011160367A1 (fr) Procédé et dispositif d'acheminement pour traduction d'adresse réseau
CN107094110B (zh) 一种dhcp报文转发方法及装置
US11784963B2 (en) NAT traversal method, device, and system
KR101381701B1 (ko) 데이터 메시지 처리 방법, 시스템 및 접속 서비스 노드
WO2016134624A1 (fr) Procédé, dispositif et système de routage, et procédé et dispositif de répartition de passerelle
JP2010050547A (ja) アドレス変換装置、方法及びプログラム、名前解決システム、方法及びプログラム、並びにノード
WO2011131088A1 (fr) Procédé de traitement de message de données, routeur de tunnel d'entrée et système
CN111711705B (zh) 基于代理节点作双向nat实现网络连接的方法和装置
WO2011107052A2 (fr) Procédé permettant d'éviter les conflits d'adresse et noeud de réception associé
JP6386166B2 (ja) IPv4とIPv6との間の翻訳方法及び装置
US20150032898A1 (en) Method for establishing a virtual community network connection and a system for implementing said method
CN107547690B (zh) Nat中的端口分配方法、装置、nat设备及存储介质
CN107046537B (zh) 一种基于DNS-SD的OCF客户端对AllJoyn服务的发现方法
CN105306607A (zh) 一种域名查询方法及系统
WO2015139397A1 (fr) Procédé d'acquisition de ressources nat64 et appareil d'acquisition/distribution
WO2014169590A1 (fr) Procédé, dispositif et système de communication de service de données
WO2011124121A1 (fr) Système et procédé de communication de données inter-réseau
JP2013126219A (ja) 転送サーバおよび転送プログラム
KR101124635B1 (ko) IPv4/IPv6 연동 게이트웨이

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180000744.8

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11795092

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11795092

Country of ref document: EP

Kind code of ref document: A2