WO2016078235A1 - Network translation realization method and apparatus for transiting to ipv6 on the basis of pant - Google Patents

Network translation realization method and apparatus for transiting to ipv6 on the basis of pant Download PDF

Info

Publication number
WO2016078235A1
WO2016078235A1 PCT/CN2015/072456 CN2015072456W WO2016078235A1 WO 2016078235 A1 WO2016078235 A1 WO 2016078235A1 CN 2015072456 W CN2015072456 W CN 2015072456W WO 2016078235 A1 WO2016078235 A1 WO 2016078235A1
Authority
WO
WIPO (PCT)
Prior art keywords
ipv6
pnat
packet
network
ipv4
Prior art date
Application number
PCT/CN2015/072456
Other languages
French (fr)
Chinese (zh)
Inventor
路瑞强
耿大伟
许丽丽
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016078235A1 publication Critical patent/WO2016078235A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to the field of communications, and in particular to a network conversion implementation method and apparatus based on PNAT (Prefix Network Address Translation) to IPv6 (Internet Protocol Version 6, Internet Protocol Version 6).
  • PNAT Prefix Network Address Translation
  • IPv6 Internet Protocol Version 6, Internet Protocol Version 6
  • IPv4 Internet Protocol Version 4, Internet Protocol Version 4
  • IPv6 Internet Protocol Version 4, Internet Protocol Version 4
  • IPv6 mainly solves the problem of the network layer
  • it is currently adopted to modify the application to support IPv6. It is difficult and enthusiasm is not high. People hope that the problem on the network side is still solved by the network side solution, rather than relying on the application layer to solve the problem of the network layer.
  • IPv6 backward compatible IPv6 transition technology solutions a host-based IPv6 transition technology PNAT is proposed to ensure the normal communication of the traditional IPv4 application while deploying IPv6, so as to achieve transparency to the application.
  • the Chinese Patent Application No. CN201010590735.6 discloses a network address translation method, device and system, the method comprising: receiving an IPv4 address allocation request sent by a host device using IPv6, the IPv4 The address allocation request is used to indicate that the requested IPv4 address is used for the prefix network address translation PNAT; according to the IPv4 address allocation request, an unallocated IPv4 address is obtained from the IPv4 address pool and allocated to the host device; the allocated IPv4 The address is returned to the host device, so that the host device accesses the peer device using IPv4 according to the allocated IPv4 address.
  • the patent scheme focuses on the transformation of the IPv6 host device, and uses the prefix information to complete the mutual conversion between the IPv4 header and the IPv6 header on the IPv6 host.
  • the modification of the host device has the problem of not being feasible, and at the same time, There is a need to modify a large number of host devices, resulting in low efficiency and high cost.
  • the purpose of the embodiment of the present invention is to provide a network conversion implementation method and apparatus based on PNAT to IPv6 transition.
  • a network conversion implementation method based on PNAT to IPv6 transition which is applied to a network access device CPE (Customer Premise Equipment) located between a LAN (Local Area Network) and a WAN (Wide Area Network) On, including the following steps:
  • the prefix network address translation PNAT includes:
  • the uplink IPV4 packet is converted into an uplink IPv6 packet.
  • the uplink IPV4 message is generated by the LAN side or generated locally.
  • the prefix network address translation PNAT includes:
  • the downlink IPv4 packet is placed in the IPv4 protocol stack to wait for route forwarding.
  • the prefix network address translation PNAT rule is added to the PREROUTINGHOOK attachment point of the ip6tables framework to convert the downlink IPV6 packet into a downlink IPv4 packet.
  • a first transmission module configured to acquire a message
  • a PNAT module configured to perform prefix network address translation on the packet
  • the second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
  • the PNAT module is configured to convert the uplink IPV4 packet into an uplink IPv6 packet.
  • the uplink IPV4 message is generated by the LAN side or generated locally.
  • the PNAT module is configured to convert the downlink IPV6 packet into a downlink IPv4 packet, and further configured to put the downlink IPv4 packet Enter the IPv4 protocol stack to wait for route forwarding.
  • the PNAT module is further configured to add a prefix network address translation PNAT rule on the PREROUTINGHOOK attachment point of the ip6tables framework, so as to convert the downlink IPV6 packet into a downlink IPv4 packet.
  • a network access device which includes a network switching implementation device based on PNAT to IPv6 transition as described above, and the device is deployed on a network access device CPE located between the LAN side and the WAN side, and includes:
  • a first transmission module configured to acquire a message
  • a PNAT module configured to perform prefix network address translation on the packet
  • the second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
  • a system comprising:
  • the network access device CPE located between the LAN side and the WAN side as described above and specifically, the network access device CPE includes a PNAT-to-IPv6-based network switching implementation device as described above, the device deployment On top of the network access device CPE located between the LAN side and the WAN side, including:
  • a first transmission module configured to acquire a message
  • a PNAT module configured to perform prefix network address translation on the packet
  • the second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
  • the embodiment of the present invention is superior, and the dual-stack technology itself also consumes the IPv4 address, which leads to the exhaustion of the IPv4 address in the process of implementing the dual-stack migration scheme.
  • the tunneling technology must have the symmetric use of the tunnel peer device to complete the transmission of the IPv4 payload in the IPv6 network. The application scenario is limited and the mutual access between the IPv4 host and the peer IPv6 network cannot be completed. .
  • the embodiment of the present invention implements a PNAT function on the network access device CPE to implement IPv6 access, as compared with the technical solution for directly modifying the host device and implementing the prefix network address translation (PNAT) on the host device.
  • PNAT prefix network address translation
  • FIG. 1 is a schematic flowchart of a method for implementing network transition based on PNAT to IPv6 according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a packet forwarding process of a CPE according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a device for implementing network transition based on PNAT to IPv6 according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of a system network topology according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart of processing a DNS packet when a PC accesses an IPv4 network according to an embodiment of the present disclosure
  • FIG. 6 is a schematic diagram of a process of processing a DNS packet when a PC accesses an IPv6 network according to an embodiment of the present invention.
  • an embodiment of the present invention provides a network switching implementation method based on PNAT to IPv6, which is applied to a network access device CPE located between a LAN side and a WAN side, and includes the following steps:
  • S20 Perform prefix network address translation (PNAT) on the packet, and perform a corresponding uplink or downlink transmission on the conversion result.
  • PNAT prefix network address translation
  • the method implements the PNAT technology on the network access device CPE, and re-encapsulates the IPv4 packet provided by the IPv4 host on the LAN side into an IPv6 packet, so that the IPv4 host can communicate through the IPv6 network.
  • the IPv6 packet obtained from the WAN side is converted into an IPv4 packet and provided to the LAN side IPv4 host.
  • the DNS proxy function of the network access device CPE is modified: the DNS packet including the class A request sent by the host device on the LAN side can be extended to the AAAA class request, and sent with different ID numbers; A side AAAA response packet is used to map or translate the IPv6 address into an IPv4 address, and the response packet is translated into a Class A packet and forwarded to the LAN side.
  • the host device can be modified without interchanging the host device, and the interconnection between the IPv4 network and the IPv6 network can be realized.
  • the prefix network address translation PNAT includes:
  • the uplink IPV4 packet is converted into an uplink IPv6 packet.
  • the uplink IPV4 packet is generated by the LAN side or locally.
  • the network access device CPE processes the uplink IPV4 packet: the PNAT0 virtual device is used to receive all the IPv4 packets forwarded by the LAN and the local application, and translate the packets into IPv6 packets according to the requirements of the relevant RFC. Forward.
  • the prefix network address translation PNAT includes:
  • the step of the network access device CPE performing prefix network address translation (PNAT) on the DNS packet includes (as shown by the broken line in FIG. 2):
  • the DNS proxy process parses the DNS request packet, and if the DNS request packet is parsed as an A record request packet, it is converted into an AAAA record packet, and then routed to the PNAT0 virtual device;
  • the PNAT0 virtual device is used to translate and convert IPv4 packets to IPv6 packets.
  • the PNAT0 virtual device uses the Local Internet Register (LIR) prefix and the Well-Known Prefix (WKP) prefix to specify the source IP address and destination of the IPv4 packet.
  • LIR Local Internet Register
  • WKP Well-Known Prefix
  • the IP is converted to an IPv6 address, and the IPv4 header is converted into an IPv6 header, which is then processed by the IPv6 protocol stack;
  • the IPv6 protocol stack After receiving the IPv6 packet converted by the PNAT0 virtual device, the IPv6 protocol stack is forwarded to the outbound interface nbif virtual device, and forwards the IPv6 packet to the WAN side according to the sending function of the outbound interface nbif virtual device;
  • the IPv4 packet is routed to the DNS proxy process in the IPv4 protocol stack.
  • the DNS proxy process parses the IPv4 packet, converts the AAAA record into an A record, and restores the IPv6 address to the corresponding IPv4 address.
  • the LAN-side HOST host performs a prefix network address translation PNAT process on a data packet such as a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) (as shown in FIG. 2). Shown in the solid line) includes:
  • the forwarding process of data packets such as TCP/UDP is similar to the DNS packet in 1). The difference is that the CPE is no longer acting as a proxy. Therefore, the TCP/UDP packets do not need to be processed by the CPE local process.
  • the LAN side message arrives at the bridge (br0) device, it is forwarded directly to the PNAT0 device through the route.
  • the IPv6 protocol stack is converted, the downlink packet arrives at the IPv4 protocol stack and is directly routed to the br0 device.
  • the ethx device forwards to the LAN side.
  • the PNAT0 device and the PREROUTINGHOOK connection point of the CPE of the network access device perform mutual conversion processing on the IPv4/IPv6 packet, and the processing flow of the data packet and the DNS packet in the TCP/UDP are in the two processes. It is consistent and will not be repeated here.
  • an embodiment of the present invention further provides a device for implementing network transition based on PNAT to IPv6, which is deployed on a network access device CPE located between a LAN side and a WAN side, and includes:
  • the first transmission module 100 is configured to obtain a packet
  • the PNAT module 200 is configured to perform prefix network address translation on the packet.
  • the second transmission module 300 is configured to perform a corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module 200.
  • the PNAT module 200 is configured to convert the uplink IPV4 packet into an uplink IPv6 packet.
  • the uplink IPV4 packet is generated by the LAN side or locally.
  • the PNAT module 200 is configured to convert the downlink IPV6 packet into a downlink IPv4 packet, and further configured to put the downlink IPv4 packet into IPv4 protocol stack to wait for route forwarding.
  • the PNAT module 200 is further configured to add a prefix network address translation PNAT rule to the PREROUTINGHOOK attachment point of the ip6tables framework, so as to convert the downlink IPV6 packet into a downlink IPv4 packet.
  • the step of the network access device CPE performing prefix network address translation PNAT on the DNS packet includes (as shown by the dotted line in FIG. 2):
  • the DNS proxy process parses the DNS request packet, and if the DNS request packet is parsed as an A record request packet, it is converted into an AAAA record packet, and then routed to the PNAT0 virtual device;
  • the PNAT0 virtual device is used to translate and convert IPv4 packets to IPv6 packets.
  • the PNAT0 virtual device converts the source IP address and the destination IP address of the IPv4 packet into an IPv6 address by using the LIR prefix and the WKP prefix, and converts the IPv4 header into an IPv6 header, and then continues to the IPv6 protocol stack. deal with;
  • the IPv6 protocol stack After receiving the IPv6 packet converted by the PNAT0 virtual device, the IPv6 protocol stack is forwarded to the outbound interface nbif virtual device, and forwards the IPv6 packet to the WAN side according to the sending function of the outbound interface nbif virtual device;
  • the IPv4 packet is routed to the DNS proxy process in the IPv4 protocol stack.
  • the DNS proxy process parses the IPv4 packet, converts the AAAA record into an A record, and restores the IPv6 address to the corresponding IPv4 address.
  • the process of performing a prefix network address translation PNAT on a data packet such as TCP/UDP by the host device on the LAN side includes:
  • the forwarding process of data packets such as TCP/UDP is similar to the DNS packet in 1). The difference is that the CPE is no longer acting as a proxy. Therefore, the TCP/UDP packets do not need to be processed by the CPE local process.
  • the packet After the LAN-side packet reaches the br0 device, the packet is directly forwarded to the PNAT0 device.
  • the downlink packet is forwarded to the IPv4 protocol stack after being translated to the IPv4 protocol stack, and then directly routed to the br0 device and then forwarded to the LAN through the ethx device. side.
  • the PNAT0 device of the network access device CPE and the PREROUTINGHOOK connection point perform mutual conversion processing on the IPv4/IPv6 packet, and the processing flow of the TCP/UDP data packet and the DNS packet are consistent in the two processes. , no longer repeat them here.
  • the embodiment of the present invention further provides a network access device CPE, which includes a network conversion implementation device based on PNAT to IPv6 transition as described above.
  • a network access device CPE which includes a network conversion implementation device based on PNAT to IPv6 transition as described above. Referring to FIG. 3, the device is deployed on the LAN side and the WAN side.
  • the network access device CPE including:
  • the first transmission module 100 is configured to obtain a packet
  • the PNAT module 200 is configured to perform prefix network address translation on the packet.
  • the second transmission module 300 is configured to perform a corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module 200.
  • an embodiment of the present invention further provides a system, including:
  • the network access device CPE located between the LAN side and the WAN side as described above and specifically, the network access device CPE includes a PNAT-to-IPv6-based network switching implementation device as described above, the device deployment On the network access device CPE located between the LAN side and the WAN side, referring to FIG. 3, the device for implementing network transition based on PNAT to IPv6 transition includes:
  • the first transmission module 100 is configured to obtain a packet
  • the PNAT module 200 is configured to perform prefix network address translation on the packet.
  • the second transmission module 300 is configured to perform a corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module 200.
  • the PC can support an IPv4 protocol stack.
  • the network access device CPE since only the network access device CPE needs to be modified, no special functional requirements are imposed on the PC.
  • the IPv4 packet provided by the LAN side the IPv6 packet converted by the NAT64 device, the IPv6 server (Server) on the WAN side, and the IPv6 packet of the IPv6 host on the WAN side.
  • the conversion or mapping is performed to enable seamless interaction between the WAN side or the OLT (optical line terminal) device side IPv6 message and the LAN side message.
  • the NAT 64 performs NAT translation on the IPv6 and IPv4 packets according to the configured prefix information, so that the two networks can communicate with each other.
  • the DNS64 is deployed in conjunction with the NAT64 to provide a DNS ALG function.
  • the A record corresponding to the domain name in the IPv4 network is converted into an AAAA record and forwarded to the IPv6 requesting end.
  • FIG. 5 it is a schematic diagram of a process of processing a DNS packet when a PC accesses an IPv4 network in the embodiment.
  • the process is applied to a scenario where an IPV4 host device accesses IPV4 via an IPV6 network, and is now accessed by www.baidu.
  • the com IPv4 domain name is used as an example:
  • Step 2a01 The IPv4 host initiates an A-record DNS request message whose domain name is www.baidu.com.
  • Step 2a02 The CPE parses the DNS request packet, and when it finds that it is an A record request, it converts it into an AAAA record request message, and forwards it to the DNS64 device through forwarding by the OLT, BRAS, and the like;
  • Step 2a03 The DNS64 device first forwards the received AAAA record request message to the DNS server to check whether an IPv6 address corresponding to the domain name exists.
  • Step 2a04 The IP address corresponding to the www.baidu.com domain name is an IPv4 address, and the DNS server does not include an IP address in the reply to the AAAA type request packet.
  • Step 2a05 After receiving the null response message of the AAAA record, the DNS64 device sends the request message of the A record again.
  • Step 2a06 The DNS server responds to the A record request message, and responds with a response message including the IPv4 address 220.181.112.143 of the www.baidu.com domain name;
  • Step 2a07 After receiving the response message of the A record, the DNS64 device converts the A record into an AAAA record according to the NAT64 prefix and forwards it to the CPE device through the BRAS, OLT, and the like;
  • Step 2a08 After receiving the response message of the AAAA record, the CPE device removes the NAT64 prefix and restores the AAAA record to the A record and forwards it to the LAN side PC.
  • the flow chart of the processing of the DNS packet when the PC accesses the IPv6 network in the embodiment is shown in the embodiment.
  • the process is applied to the scenario where the IPV4 host device accesses the IPV6 through the IPV6 network, and now accesses ipv6.google.
  • the com IPv6 domain name is used as an example:
  • Step 2b01 The Pv4 host initiates an A-record DNS request message whose domain name is ipv6.google.com;
  • Step 2b02 The CPE parses the DNS request packet, and when it is found to be the A record request, it is converted into an AAAA record request message, and is forwarded to the DNS Server device by the OLT, BRAS, and the like;
  • Step 2b03 The IPv6 address corresponding to the ipv6.google.com domain name is 2a00:1450:4004:803::1011, and the DNS server replies with the response packet containing the IPv6 address, and forwards it to the CPE through the BRAS, OLT, and the like;
  • Step 2b04 The IPv6 address corresponding to the domain name does not contain the NAT64 prefix.
  • the CPE maps the IPv6 address to an IPv4 address of the form similar to 1.0.0.1, and converts the AAAA record packet to the A record and forwards it to the LAN. Side PC.
  • FIG. 2 shows the forwarding process of the packet in the CPE of the network access device in this embodiment, where the dotted line part is the forwarding process of the DNS packet, and the solid line part is the data packet such as TCP/UDP.
  • the forwarding process of the text the following focuses on the description of the two forwarding processes:
  • the LAN side HOST host obtains the IPv4 domain name process (shown in the dotted line):
  • the HOST host on the LAN side sends an A-record DNS request packet to the DNS proxy process via a virtual device such as ethx or br0 in the CPE device.
  • the DNS proxy process parses the request packet, and if it is the A record request packet, it is converted into an AAAA record packet, and then routed to the PNAT0 virtual device;
  • PNAT0 is a network virtual device deployed in a CPE device, and mainly performs translation and conversion of IPv4 to IPv6 packets. After receiving the DNS request packet from the AAAA, the PNAT0 uses the LIR prefix and the WKP prefix to translate the source IP address and the destination IP address of the IPv4 packet into an IPv6 address, and converts the IPv4 header into an IPv6 header for processing by the IPv6 protocol stack.
  • the IPv6 protocol stack After receiving the IPv6 packet converted by the PNAT0 device, the IPv6 protocol stack is routed to the outbound interface nbif virtual device, and finally forwarded to the WAN side through the sending function of the device;
  • the CPE finally obtains the AAAA type response message replied by the DNS server.
  • a corresponding rule is added to the PREROUTINGHOOK connection point of the ip6tables framework, and the IPv6 packet with the WKP prefix as the source IP or the LIR prefix as the destination IP is converted, and the packets are restored to the corresponding IPv4 report.
  • the AAAA type IPv6 response packet is reverted to an IPv4 packet and forwarded to the IPv4 protocol stack when it passes the PREROUTINGHOOK attachment point of the IPv6 protocol stack.
  • the DNS packet is routed to the DNS proxy process in the IPv4 protocol stack.
  • the DNS proxy process parses the packet and converts the AAAA record into an A record.
  • the IPv6 address corresponding to the domain name is deleted and restored to the IPv4 address.
  • the DNS response message including the A record is forwarded to the LAN-side HOST host via the virtual device such as br0 or ethx in the IPv4 protocol stack.
  • the forwarding process of data packets such as TCP/UDP is similar to the DNS packet in 1). The difference is that the CPE is no longer acting as a proxy. Therefore, the TCP/UDP packets do not need to be processed by the CPE local process.
  • the packet After the LAN-side packet reaches the br0 device, the packet is directly forwarded to the PNAT0 device.
  • the downlink packet is forwarded to the IPv4 protocol stack after being translated to the IPv4 protocol stack, and then directly routed to the br0 device and then forwarded to the LAN through the ethx device. side.
  • the main focus of the embodiment of the present invention is that the PNAT0 device and the PREROUTINGHOOK connection point of the network access device CPE perform mutual conversion processing on IPv4/IPv6 packets, and the processing of TCP/UDP data packets and DNS packets in these two places. The process is consistent, so I won't go into details.
  • the PNAT function is implemented on the network access device CPE to implement the transition to the IPv6, and the technical problem existing in the prior art is avoided: the dual stack technology itself also consumes the IPv4 address, which As a result, in the process of implementing the dual-stack migration scheme, the IPv4 address depletion will not be fundamentally solved, and the tunnel technology must have symmetric use of the tunnel peer device to complete the transmission of the IPv4 payload in the IPv6 network, and its application scenario Limited, the mutual access between the IPv4 host and the peer IPv6 network cannot be completed.
  • the problem that the modification of the host device in the prior art needs to be modified for a large number of hosts and the feasibility is not high is solved.

Abstract

Disclosed in the present invention are a network translation realization method and apparatus for transiting to IPv6 on the basis of PNAT. The method is applied to the network access apparatus CPE which is between a LAN side and a WAN side, and comprises the steps of: obtaining a message; performing a Prefix Network Address Translation (PNAT) on the message, and performing the corresponding uplink or downlink transmission on the translation result. With the present invention, the PNAT function is realized on the network access equipment CPE to achieve the transition to IPv6, and thus avoids the technical problems in prior art and solves the problems of the need to modify a great number of hosts and low feasibility which exist in the host apparatus modification solution in the prior art.

Description

基于PNAT向IPv6过渡的网络转换实现方法、装置Network conversion implementation method and device based on PNAT to IPv6 transition 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种基于PNAT(Prefix Network Address Translation,前缀网络地址转换)向IPv6(Internet Protocol Version 6,互联网协议第6版)过渡的网络转换实现方法、装置。The present invention relates to the field of communications, and in particular to a network conversion implementation method and apparatus based on PNAT (Prefix Network Address Translation) to IPv6 (Internet Protocol Version 6, Internet Protocol Version 6).
背景技术Background technique
随着互联网技术的高速发展,使得目前IPv4(Internet Protocol Version 4,互联网协议第4版)地址资源日益枯竭,当前形势下,IPv4向IPv6进行迁移已成必然。然而,由于目前IPv4网络的广泛应用,IPv6短期内不可能彻底取代IPv4,因此,两种网络技术将在一较长时间内处于共存的状态,直到IPv4完全过渡到IPv6阶段。With the rapid development of Internet technology, the current IPv4 (Internet Protocol Version 4, Internet Protocol Version 4) address resources are increasingly exhausted. Under the current situation, the migration of IPv4 to IPv6 has become inevitable. However, due to the widespread use of IPv4 networks, IPv6 is unlikely to completely replace IPv4 in the short term. Therefore, the two network technologies will coexist for a long time until IPv4 transitions completely to IPv6.
其中,如何实现IPv4网络与IPv6网络的互联互通和平滑过渡,是过渡期内需要解决的一个重要问题。Among them, how to realize the interconnection and smooth transition between IPv4 network and IPv6 network is an important issue that needs to be resolved during the transition period.
向IPv6过渡的方法最早始于1994年IETF(Internet Engineering Task Force,互联网工程任务组)NGTRAN工作组的研究,1996年建立起了6Bone进行实验,1998年发布第一组IPv6标准RFC(Request For Comments,征求修正意见书),2003年NGTRAN工作组关闭,当时的过渡技术主要包括:双栈、隧道和翻译技术。一直到2007年,随着DS-Lite、CGN、A+P、NAT64、IVI等一系列新型过渡技术的提出,IETF在2008年秋天重新达成一致将制定新的翻译和隧道技术。The method of transition to IPv6 began in 1994 with the IETF (Internet Engineering Task Force) NGTRAN working group. In 1996, 6Bone was established for experiments. In 1998, the first group of IPv6 standard RFCs was released. (Request For Comments , request for amendments), the NGTRAN working group was closed in 2003, and the transition technologies at that time mainly included: double stack, tunnel and translation technology. Until 2007, with the introduction of a series of new transition technologies such as DS-Lite, CGN, A+P, NAT64, and IVI, the IETF re-agreed in the fall of 2008 to develop new translation and tunneling technologies.
当前,业内对修改应用程序还是修改主机,以为了能在过渡期内支持IPv6一直存在着争议,由于IPv6主要解决的是网络层的问题,因此目前而言采用修改应用程序的办法以支持IPv6步履较为艰难,积极性不高,人们希望网络侧的问题还是由网络侧的方案来解决,而非靠应用层来解决网络层的问题。同时,由于最近以来,运营商自己定制手机和开发手机操作系统的趋势日益普遍,如何在保证IPv4应用程序正常通信的同时,进一步促进IPv6网络的部署,即实现IPv4向后兼容的IPv6过渡技术方案,现有技术中提出了基于主机的IPv6过渡技术PNAT,以达到在部署IPv6的同时,保证传统IPv4应用程序的正常通信,做到对应用程序的透明无感知。Currently, the industry has been modifying the application or modifying the host in order to support IPv6 during the transition period. Since IPv6 mainly solves the problem of the network layer, it is currently adopted to modify the application to support IPv6. It is difficult and enthusiasm is not high. People hope that the problem on the network side is still solved by the network side solution, rather than relying on the application layer to solve the problem of the network layer. At the same time, due to the recent trend of operators customizing their own mobile phones and developing mobile operating systems, how to promote the IPv4 network deployment while ensuring the normal communication of IPv4 applications, that is, IPv6 backward compatible IPv6 transition technology solutions In the prior art, a host-based IPv6 transition technology PNAT is proposed to ensure the normal communication of the traditional IPv4 application while deploying IPv6, so as to achieve transparency to the application.
第CN201010590735.6号中国专利申请公开了一种网络地址转换方法、设备和系统,所述方法包括:接收使用IPv6的主机设备发送的IPv4地址分配请求,所述IPv4 地址分配请求用于指示所请求的IPv4地址用于前缀网络地址转换PNAT;根据所述IPv4地址分配请求,从IPv4地址池中获取一个未分配的IPv4地址分配给所述主机设备;将分配的IPv4地址返回给所述主机设备,以使所述主机设备根据所述分配的IPv4地址访问使用IPv4的对端设备。The Chinese Patent Application No. CN201010590735.6 discloses a network address translation method, device and system, the method comprising: receiving an IPv4 address allocation request sent by a host device using IPv6, the IPv4 The address allocation request is used to indicate that the requested IPv4 address is used for the prefix network address translation PNAT; according to the IPv4 address allocation request, an unallocated IPv4 address is obtained from the IPv4 address pool and allocated to the host device; the allocated IPv4 The address is returned to the host device, so that the host device accesses the peer device using IPv4 according to the allocated IPv4 address.
可见,该专利方案侧重对IPv6主机设备的改造,在IPv6主机上利用前缀信息完成IPv4报头与IPv6报头的相互转换,然而,针对主机设备进行修改,其存在可行性不高的问题,同时,还面临着需要对大量的主机设备进行修改,以致出现改造效率较低且成本较高的问题。It can be seen that the patent scheme focuses on the transformation of the IPv6 host device, and uses the prefix information to complete the mutual conversion between the IPv4 header and the IPv6 header on the IPv6 host. However, the modification of the host device has the problem of not being feasible, and at the same time, There is a need to modify a large number of host devices, resulting in low efficiency and high cost.
发明内容Summary of the invention
为了解决对主机设备进行修改存在的可行性不高以及需要大量修改主机设备的问题,本发明实施例的目的在于提供一种基于PNAT向IPv6过渡的网络转换实现方法、装置。In order to solve the problem that the modification of the host device is not feasible and the problem of the host device is required to be modified in a large amount, the purpose of the embodiment of the present invention is to provide a network conversion implementation method and apparatus based on PNAT to IPv6 transition.
为了达到本发明的目的,本发明实施例采用以下技术方案实现:In order to achieve the object of the present invention, the embodiments of the present invention are implemented by the following technical solutions:
一种基于PNAT向IPv6过渡的网络转换实现方法,其应用在位于LAN(Local Area Network,局域网)侧与WAN(Wide Area Network,广域网)侧之间的网络接入设备CPE(Customer Premise Equipment)之上,包括以下步骤:A network conversion implementation method based on PNAT to IPv6 transition, which is applied to a network access device CPE (Customer Premise Equipment) located between a LAN (Local Area Network) and a WAN (Wide Area Network) On, including the following steps:
获取报文;Obtain a message;
对所述报文进行前缀网络地址转换PNAT,并将转换结果执行相应的上行或下行发送。Performing a prefix network address translation PNAT on the packet, and performing a corresponding uplink or downlink transmission on the conversion result.
优选地,对于上行IPV4报文,所述前缀网络地址转换PNAT包括:Preferably, for the uplink IPV4 message, the prefix network address translation PNAT includes:
将所述上行IPV4报文转换为上行IPv6报文。The uplink IPV4 packet is converted into an uplink IPv6 packet.
优选地,所述上行IPV4报文由LAN侧产生或由本地产生。Preferably, the uplink IPV4 message is generated by the LAN side or generated locally.
优选地,对于下行IPV6报文,所述前缀网络地址转换PNAT包括:Preferably, for the downlink IPV6 message, the prefix network address translation PNAT includes:
将所述下行IPV6报文转换为下行IPv4报文;Converting the downlink IPV6 packet into a downlink IPv4 packet;
将所述下行IPv4报文放入IPv4协议栈,以等待路由转发。 The downlink IPv4 packet is placed in the IPv4 protocol stack to wait for route forwarding.
优选地,在ip6tables框架的PREROUTINGHOOK挂接点上添加前缀网络地址转换PNAT规则,以实现将所述下行IPV6报文转换为下行IPv4报文。Preferably, the prefix network address translation PNAT rule is added to the PREROUTINGHOOK attachment point of the ip6tables framework to convert the downlink IPV6 packet into a downlink IPv4 packet.
一种基于PNAT向IPv6过渡的网络转换实现装置,其部署在位于LAN侧与WAN侧之间的网络接入设备CPE之上,包括:A device for implementing a network switching device based on the transition from PNAT to IPv6, which is deployed on the network access device CPE between the LAN side and the WAN side, and includes:
第一传输模块,设置为获取报文;a first transmission module, configured to acquire a message;
PNAT模块,设置为对所述报文进行前缀网络地址转换;a PNAT module, configured to perform prefix network address translation on the packet;
第二传输模块,设置为将PNAT模块提供的转换结果执行相应的上行或下行发送。The second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
优选地,当所述第一传输模块获取到上行IPV4报文时,所述PNAT模块设置为将所述上行IPV4报文转换为上行IPv6报文。Preferably, when the first transmission module acquires an uplink IPV4 packet, the PNAT module is configured to convert the uplink IPV4 packet into an uplink IPv6 packet.
优选地,所述上行IPV4报文由LAN侧产生或由本地产生。Preferably, the uplink IPV4 message is generated by the LAN side or generated locally.
优选地,当所述第一传输模块获取到下行IPV6报文时,所述PNAT模块设置为将所述下行IPV6报文转换为下行IPv4报文,以及进一步设置为将所述下行IPv4报文放入IPv4协议栈,以等待路由转发。Preferably, when the first transmission module obtains the downlink IPV6 packet, the PNAT module is configured to convert the downlink IPV6 packet into a downlink IPv4 packet, and further configured to put the downlink IPv4 packet Enter the IPv4 protocol stack to wait for route forwarding.
优选地,所述PNAT模块还进一步设置为在ip6tables框架的PREROUTINGHOOK挂接点上添加前缀网络地址转换PNAT规则,以实现将所述下行IPV6报文转换为下行IPv4报文。Preferably, the PNAT module is further configured to add a prefix network address translation PNAT rule on the PREROUTINGHOOK attachment point of the ip6tables framework, so as to convert the downlink IPV6 packet into a downlink IPv4 packet.
一种网络接入设备CPE,其包括如上所述的基于PNAT向IPv6过渡的网络转换实现装置,所述装置部署在位于LAN侧与WAN侧之间的网络接入设备CPE之上,包括:A network access device (CPE), which includes a network switching implementation device based on PNAT to IPv6 transition as described above, and the device is deployed on a network access device CPE located between the LAN side and the WAN side, and includes:
第一传输模块,设置为获取报文;a first transmission module, configured to acquire a message;
PNAT模块,设置为对所述报文进行前缀网络地址转换;a PNAT module, configured to perform prefix network address translation on the packet;
第二传输模块,设置为将PNAT模块提供的转换结果执行相应的上行或下行发送。The second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
一种系统,其包括:A system comprising:
LAN侧;LAN side;
WAN侧; WAN side;
以及如上所述的位于LAN侧与WAN侧之间的网络接入设备CPE,具体地,所述网络接入设备CPE包括如上所述的基于PNAT向IPv6过渡的网络转换实现装置,所述装置部署在位于LAN侧与WAN侧之间的网络接入设备CPE之上,包括:And the network access device CPE located between the LAN side and the WAN side as described above, and specifically, the network access device CPE includes a PNAT-to-IPv6-based network switching implementation device as described above, the device deployment On top of the network access device CPE located between the LAN side and the WAN side, including:
第一传输模块,设置为获取报文;a first transmission module, configured to acquire a message;
PNAT模块,设置为对所述报文进行前缀网络地址转换;a PNAT module, configured to perform prefix network address translation on the packet;
第二传输模块,设置为将PNAT模块提供的转换结果执行相应的上行或下行发送。The second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
与传统的双栈技术和隧道技术的过渡解决方案相比,采用本发明实施例具有优越性,双栈技术本身也要消耗IPv4地址,这导致在实施双栈迁移方案的过程中,IPv4地址枯竭不会得到根本性的解决,而隧道技术必须有隧道对端设备的对称使用,才能完成IPv4负载在IPv6网络中的传输,且其应用场景有限,无法完成IPv4主机与对端IPv6网络的相互访问。另外,与现有技术中提供的直接修改主机设备、以在主机设备上实现前缀网络地址转换PNAT的技术方案相比,本发明实施例采用在网络接入设备CPE上实现PNAT功能以实现向IPv6过渡,则避免了上述现有技术中存在的技术问题,解决了现有技术中主机设备修改方案中存在的需要对大量主机进行修改以及可行性不高的问题。Compared with the traditional dual-stack technology and the tunnel technology transition solution, the embodiment of the present invention is superior, and the dual-stack technology itself also consumes the IPv4 address, which leads to the exhaustion of the IPv4 address in the process of implementing the dual-stack migration scheme. The tunneling technology must have the symmetric use of the tunnel peer device to complete the transmission of the IPv4 payload in the IPv6 network. The application scenario is limited and the mutual access between the IPv4 host and the peer IPv6 network cannot be completed. . In addition, the embodiment of the present invention implements a PNAT function on the network access device CPE to implement IPv6 access, as compared with the technical solution for directly modifying the host device and implementing the prefix network address translation (PNAT) on the host device. In the transition, the technical problems existing in the prior art are avoided, and the problem that the modification of the host device in the prior art needs to be modified for a large number of hosts and the feasibility is not high is solved.
附图说明DRAWINGS
图1为本发明实施例提供的基于PNAT向IPv6过渡的网络转换实现方法流程示意图;FIG. 1 is a schematic flowchart of a method for implementing network transition based on PNAT to IPv6 according to an embodiment of the present invention;
图2为本发明实施例中CPE内部报文转发流程示意图;2 is a schematic flowchart of a packet forwarding process of a CPE according to an embodiment of the present invention;
图3为本发明实施例提供的基于PNAT向IPv6过渡的网络转换实现装置结构示意图;FIG. 3 is a schematic structural diagram of a device for implementing network transition based on PNAT to IPv6 according to an embodiment of the present disclosure;
图4为本发明实施例提供的系统网络拓扑示意图;4 is a schematic diagram of a system network topology according to an embodiment of the present invention;
图5为本发明实施例提供的PC访问IPv4网络时DNS报文处理流程示意图;FIG. 5 is a schematic flowchart of processing a DNS packet when a PC accesses an IPv4 network according to an embodiment of the present disclosure;
图6为本发明实施例提供的PC访问IPv6网络时DNS报文处理流程示意图。FIG. 6 is a schematic diagram of a process of processing a DNS packet when a PC accesses an IPv6 network according to an embodiment of the present invention.
本发明目的的实现、功能特点及优异效果,下面将结合具体实施例以及附图做进一步的说明。 The implementation, functional features and excellent effects of the object of the present invention will be further described below in conjunction with the specific embodiments and the accompanying drawings.
具体实施方式detailed description
下面结合附图和具体实施例对本发明所述技术方案作进一步的详细描述,以使本领域的技术人员可以更好的理解本发明并能予以实施,但所举实施例不作为对本发明的限定。The technical solutions of the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments to enable those skilled in the art to understand the invention. .
参考图1,本发明实施例提供了一种基于PNAT向IPv6过渡的网络转换实现方法,其应用在位于LAN侧与WAN侧之间的网络接入设备CPE之上,包括以下步骤:Referring to FIG. 1, an embodiment of the present invention provides a network switching implementation method based on PNAT to IPv6, which is applied to a network access device CPE located between a LAN side and a WAN side, and includes the following steps:
S10、获取报文;S10. Obtain a message;
S20、对所述报文进行前缀网络地址转换PNAT,并将转换结果执行相应的上行或下行发送。S20: Perform prefix network address translation (PNAT) on the packet, and perform a corresponding uplink or downlink transmission on the conversion result.
在本实施例中,所述方法通过在网络接入设备CPE上实现PNAT技术,将LAN侧IPv4主机提供的IPv4报文进行重新封装转换为IPv6报文,使IPv4主机可经过IPv6网络进行通信;或将从WAN侧获取的IPv6报文转换为IPv4报文,并提供给LAN侧IPv4主机。In this embodiment, the method implements the PNAT technology on the network access device CPE, and re-encapsulates the IPv4 packet provided by the IPv4 host on the LAN side into an IPv6 packet, so that the IPv4 host can communicate through the IPv6 network. Or the IPv6 packet obtained from the WAN side is converted into an IPv4 packet and provided to the LAN side IPv4 host.
具体实施时,对于网络接入设备CPE的DNS Proxy功能修改:可将LAN侧主机设备发出的包含A类请求DNS报文,扩展为AAAA类请求,以不同的ID号进行发送;若收到WAN侧AAAA类应答报文,将其中的IPv6地址进行映射或转换为IPv4地址,并把应答报文转化为A类报文转发给LAN侧。In the specific implementation, the DNS proxy function of the network access device CPE is modified: the DNS packet including the class A request sent by the host device on the LAN side can be extended to the AAAA class request, and sent with different ID numbers; A side AAAA response packet is used to map or translate the IPv6 address into an IPv4 address, and the response packet is translated into a Class A packet and forwarded to the LAN side.
采用本发明,不需修改主机设备,并对大量主机进行修改,即可实现IPv4网络与IPv6网络的互联互通。By adopting the invention, the host device can be modified without interchanging the host device, and the interconnection between the IPv4 network and the IPv6 network can be realized.
本实施例中,对于上行IPV4报文,所述前缀网络地址转换PNAT包括:In this embodiment, for the uplink IPV4 packet, the prefix network address translation PNAT includes:
(1)将所述上行IPV4报文转换为上行IPv6报文,本实施例中,所述上行IPV4报文由LAN侧产生或由本地产生。(1) The uplink IPV4 packet is converted into an uplink IPv6 packet. In this embodiment, the uplink IPV4 packet is generated by the LAN side or locally.
网络接入设备CPE对上行IPV4报文的处理:添加PNAT0虚拟设备用于接收所有LAN侧转发的及本地应用产生的IPv4报文,并将这些报文根据相关RFC的规定翻译转换为IPv6报文进行转发。The network access device CPE processes the uplink IPV4 packet: the PNAT0 virtual device is used to receive all the IPv4 packets forwarded by the LAN and the local application, and translate the packets into IPv6 packets according to the requirements of the relevant RFC. Forward.
本实施例中,对于下行IPV6报文,所述前缀网络地址转换PNAT包括: In this embodiment, for the downlink IPV6 packet, the prefix network address translation PNAT includes:
(1)在ip6tables框架的PREROUTINGHOOK挂接点上添加前缀网络地址转换PNAT规则,将所述下行IPV6报文转换为下行IPv4报文;其中,ip6tables框架是linux系统自带的一个配置框架,PREROUTINGHOOK挂接点是在该ip6tables框架下的一个挂接点。(1) Add a prefix network address translation PNAT rule on the PREROUTINGHOOK connection point of the ip6tables framework, and convert the downlink IPV6 packet into a downlink IPv4 packet; wherein the ip6tables framework is a configuration framework provided by the Linux system, and the PREROUTINGHOOK connection point Is a mount point under the ip6tables framework.
(2)将所述下行IPv4报文放入IPv4协议栈,以等待路由转发。(2) Put the downlink IPv4 packet into the IPv4 protocol stack to wait for route forwarding.
本实施例中,参考图2,所述网络接入设备CPE对DNS报文进行前缀网络地址转换PNAT的步骤包括(如图2中虚线部分所示):In this embodiment, referring to FIG. 2, the step of the network access device CPE performing prefix network address translation (PNAT) on the DNS packet includes (as shown by the broken line in FIG. 2):
(1)获取LAN侧主机发出的DNS请求报文,并将其送入DNS代理进程;(1) Obtain a DNS request packet sent by the host on the LAN side and send it to the DNS proxy process;
(2)DNS代理进程对DNS请求报文进行解析,若解析出所述DNS请求报文为A记录请求报文,则将其转换为AAAA记录报文,然后路由至PNAT0虚拟设备;其中,所述PNAT0虚拟设备用于完成IPv4报文到IPv6报文的翻译转换工作;(2) The DNS proxy process parses the DNS request packet, and if the DNS request packet is parsed as an A record request packet, it is converted into an AAAA record packet, and then routed to the PNAT0 virtual device; The PNAT0 virtual device is used to translate and convert IPv4 packets to IPv6 packets.
(3)PNAT0虚拟设备收到AAAA记录报文后,分别利用本地网络注册(Local Internet Register,简称LIR)前缀和公共知名前缀(Well-Known Prefix,简称WKP)前缀将IPv4报文源IP和目的IP转换为IPv6地址,并将IPv4报头转换为IPv6报头,交由IPv6协议栈继续处理;(3) After receiving the AAAA record message, the PNAT0 virtual device uses the Local Internet Register (LIR) prefix and the Well-Known Prefix (WKP) prefix to specify the source IP address and destination of the IPv4 packet. The IP is converted to an IPv6 address, and the IPv4 header is converted into an IPv6 header, which is then processed by the IPv6 protocol stack;
(4)IPv6协议栈收到PNAT0虚拟设备转换的IPv6报文后,路由至出接口nbif虚拟设备,并依据该出接口nbif虚拟设备的发送函数将所述IPv6报文转发到WAN侧;(4) After receiving the IPv6 packet converted by the PNAT0 virtual device, the IPv6 protocol stack is forwarded to the outbound interface nbif virtual device, and forwards the IPv6 packet to the WAN side according to the sending function of the outbound interface nbif virtual device;
(5)获得WAN侧回复的AAAA应答报文;(5) Obtaining an AAAA response message replied by the WAN side;
(6)将所述AAAA应答报文还原为对应的IPv4报文,并转发至IPv4协议栈;(6) Restoring the AAAA response packet to a corresponding IPv4 packet, and forwarding the packet to the IPv4 protocol stack;
(7)IPv4报文在IPv4协议栈中被路由至DNS代理进程,DNS代理进程将IPv4报文进行解析,将AAAA记录转换为A记录,并将IPv6地址还原为对应的IPv4地址;(7) The IPv4 packet is routed to the DNS proxy process in the IPv4 protocol stack. The DNS proxy process parses the IPv4 packet, converts the AAAA record into an A record, and restores the IPv6 address to the corresponding IPv4 address.
(8)将包含A记录的DNS应答报文转发至LAN侧主机。(8) Forward the DNS response message containing the A record to the LAN side host.
本实施例中,LAN侧HOST主机对传输控制协议/用户数据报协议(Transfer Control Protocol/User Datagram Protocol,简称为TCP/UDP)等数据报文进行前缀网络地址转换PNAT的流程(如图2中实线部分所示)包括:In this embodiment, the LAN-side HOST host performs a prefix network address translation PNAT process on a data packet such as a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) (as shown in FIG. 2). Shown in the solid line) includes:
TCP/UDP等数据报文的转发流程与1)中的DNS报文类似,不同的地方是:CPE不再作为代理,所以TCP/UDP报文无需再经过CPE本地进程的处理,对于上行报文 来说,当LAN侧报文到达网桥(br0)设备后,经路由直接转发至PNAT0设备,对于下行报文在IPv6协议栈经转换后到达IPv4协议栈,直接路由至br0设备,再经以太网(ethx)设备转发至LAN侧。The forwarding process of data packets such as TCP/UDP is similar to the DNS packet in 1). The difference is that the CPE is no longer acting as a proxy. Therefore, the TCP/UDP packets do not need to be processed by the CPE local process. In this case, after the LAN side message arrives at the bridge (br0) device, it is forwarded directly to the PNAT0 device through the route. After the IPv6 protocol stack is converted, the downlink packet arrives at the IPv4 protocol stack and is directly routed to the br0 device. The ethx device forwards to the LAN side.
由于本发明实施例中,所述网络接入设备CPE的PNAT0设备和PREROUTINGHOOK挂接点对IPv4/IPv6报文执行相互转换处理,TCP/UDP等数据报文与DNS报文在这两处的处理流程是一致的,这里不再赘述。In the embodiment of the present invention, the PNAT0 device and the PREROUTINGHOOK connection point of the CPE of the network access device perform mutual conversion processing on the IPv4/IPv6 packet, and the processing flow of the data packet and the DNS packet in the TCP/UDP are in the two processes. It is consistent and will not be repeated here.
相应地,参考图3,本发明实施例还提供了一种基于PNAT向IPv6过渡的网络转换实现装置,其部署在位于LAN侧与WAN侧之间的网络接入设备CPE之上,包括:Correspondingly, with reference to FIG. 3, an embodiment of the present invention further provides a device for implementing network transition based on PNAT to IPv6, which is deployed on a network access device CPE located between a LAN side and a WAN side, and includes:
第一传输模块100,设置为获取报文;The first transmission module 100 is configured to obtain a packet;
PNAT模块200,设置为对所述报文进行前缀网络地址转换;The PNAT module 200 is configured to perform prefix network address translation on the packet.
第二传输模块300,设置为将PNAT模块200提供的转换结果执行相应的上行或下行发送。The second transmission module 300 is configured to perform a corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module 200.
当所述第一传输模块100获取到上行IPV4报文时,所述PNAT模块200设置为将所述上行IPV4报文转换为上行IPv6报文。When the first transmission module 100 obtains an uplink IPV4 packet, the PNAT module 200 is configured to convert the uplink IPV4 packet into an uplink IPv6 packet.
其中,所述上行IPV4报文由LAN侧产生或由本地产生。The uplink IPV4 packet is generated by the LAN side or locally.
当所述第一传输模块100获取到下行IPV6报文时,所述PNAT模块200设置为将所述下行IPV6报文转换为下行IPv4报文,以及进一步设置为将所述下行IPv4报文放入IPv4协议栈,以等待路由转发。When the first transmission module 100 acquires the downlink IPV6 packet, the PNAT module 200 is configured to convert the downlink IPV6 packet into a downlink IPv4 packet, and further configured to put the downlink IPv4 packet into IPv4 protocol stack to wait for route forwarding.
所述PNAT模块200还进一步设置为在ip6tables框架的PREROUTINGHOOK挂接点上添加前缀网络地址转换PNAT规则,以实现将所述下行IPV6报文转换为下行IPv4报文。The PNAT module 200 is further configured to add a prefix network address translation PNAT rule to the PREROUTINGHOOK attachment point of the ip6tables framework, so as to convert the downlink IPV6 packet into a downlink IPv4 packet.
本实施例中,继续参考图2,所述网络接入设备CPE对DNS报文进行前缀网络地址转换PNAT的步骤包括(如图2中虚线部分所示):In this embodiment, referring to FIG. 2, the step of the network access device CPE performing prefix network address translation PNAT on the DNS packet includes (as shown by the dotted line in FIG. 2):
(1)获取LAN侧主机发出的DNS请求报文,并将其送入DNS代理进程;(1) Obtain a DNS request packet sent by the host on the LAN side and send it to the DNS proxy process;
(2)DNS代理进程对DNS请求报文进行解析,若解析出所述DNS请求报文为A记录请求报文,则将其转换为AAAA记录报文,然后路由至PNAT0虚拟设备;其中,所述PNAT0虚拟设备用于完成IPv4报文到IPv6报文的翻译转换工作; (2) The DNS proxy process parses the DNS request packet, and if the DNS request packet is parsed as an A record request packet, it is converted into an AAAA record packet, and then routed to the PNAT0 virtual device; The PNAT0 virtual device is used to translate and convert IPv4 packets to IPv6 packets.
(3)PNAT0虚拟设备收到AAAA记录报文后,分别利用LIR前缀和WKP前缀将IPv4报文源IP和目的IP转换为IPv6地址,并将IPv4报头转换为IPv6报头,交由IPv6协议栈继续处理;(3) After receiving the AAAA record message, the PNAT0 virtual device converts the source IP address and the destination IP address of the IPv4 packet into an IPv6 address by using the LIR prefix and the WKP prefix, and converts the IPv4 header into an IPv6 header, and then continues to the IPv6 protocol stack. deal with;
(4)IPv6协议栈收到PNAT0虚拟设备转换的IPv6报文后,路由至出接口nbif虚拟设备,并依据该出接口nbif虚拟设备的发送函数将所述IPv6报文转发到WAN侧;(4) After receiving the IPv6 packet converted by the PNAT0 virtual device, the IPv6 protocol stack is forwarded to the outbound interface nbif virtual device, and forwards the IPv6 packet to the WAN side according to the sending function of the outbound interface nbif virtual device;
(5)获得WAN侧回复的AAAA应答报文;(5) Obtaining an AAAA response message replied by the WAN side;
(6)将所述AAAA应答报文还原为对应的IPv4报文,并转发至IPv4协议栈;(6) Restoring the AAAA response packet to a corresponding IPv4 packet, and forwarding the packet to the IPv4 protocol stack;
(7)IPv4报文在IPv4协议栈中被路由至DNS代理进程,DNS代理进程将IPv4报文进行解析,将AAAA记录转换为A记录,并将IPv6地址还原为对应的IPv4地址;(7) The IPv4 packet is routed to the DNS proxy process in the IPv4 protocol stack. The DNS proxy process parses the IPv4 packet, converts the AAAA record into an A record, and restores the IPv6 address to the corresponding IPv4 address.
(8)将包含A记录的DNS应答报文转发至LAN侧主机。(8) Forward the DNS response message containing the A record to the LAN side host.
本实施例中,LAN侧HOST主机对TCP/UDP等数据报文进行前缀网络地址转换PNAT的流程(如图2中实线部分所示)包括:In this embodiment, the process of performing a prefix network address translation PNAT on a data packet such as TCP/UDP by the host device on the LAN side (as shown by the solid line in FIG. 2) includes:
TCP/UDP等数据报文的转发流程与1)中的DNS报文类似,不同的地方是:CPE不再作为代理,所以TCP/UDP报文无需再经过CPE本地进程的处理,对于上行报文来说,当LAN侧报文到达br0设备后,经路由直接转发至PNAT0设备,对于下行报文在IPv6协议栈经转换后到达IPv4协议栈,直接路由至br0设备,再经ethx设备转发至LAN侧。The forwarding process of data packets such as TCP/UDP is similar to the DNS packet in 1). The difference is that the CPE is no longer acting as a proxy. Therefore, the TCP/UDP packets do not need to be processed by the CPE local process. After the LAN-side packet reaches the br0 device, the packet is directly forwarded to the PNAT0 device. The downlink packet is forwarded to the IPv4 protocol stack after being translated to the IPv4 protocol stack, and then directly routed to the br0 device and then forwarded to the LAN through the ethx device. side.
由于本发明中,所述网络接入设备CPE的PNAT0设备和PREROUTINGHOOK挂接点对IPv4/IPv6报文执行相互转换处理,TCP/UDP等数据报文与DNS报文在这两处的处理流程是一致的,这里不再赘述。In the present invention, the PNAT0 device of the network access device CPE and the PREROUTINGHOOK connection point perform mutual conversion processing on the IPv4/IPv6 packet, and the processing flow of the TCP/UDP data packet and the DNS packet are consistent in the two processes. , no longer repeat them here.
本发明实施例还提供了一种网络接入设备CPE,其包括如上所述的基于PNAT向IPv6过渡的网络转换实现装置,继续参考图3所示,所述装置部署在位于LAN侧与WAN侧之间的网络接入设备CPE之上,包括:The embodiment of the present invention further provides a network access device CPE, which includes a network conversion implementation device based on PNAT to IPv6 transition as described above. Referring to FIG. 3, the device is deployed on the LAN side and the WAN side. Above the network access device CPE, including:
第一传输模块100,设置为获取报文;The first transmission module 100 is configured to obtain a packet;
PNAT模块200,设置为对所述报文进行前缀网络地址转换;The PNAT module 200 is configured to perform prefix network address translation on the packet.
第二传输模块300,设置为将PNAT模块200提供的转换结果执行相应的上行或下行发送。 The second transmission module 300 is configured to perform a corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module 200.
对于在所述网络接入设备CPE上应用PNAT技术,以实现前缀网络地址转换的具体描述可参考上文,这里不重复赘述。For a detailed description of the application of the PNAT technology on the network access device CPE to implement the prefix network address translation, reference may be made to the above, and details are not described herein.
参考图4所示,本发明实施例还提供了一种系统,其包括:Referring to FIG. 4, an embodiment of the present invention further provides a system, including:
LAN侧;LAN side;
WAN侧;WAN side;
以及如上所述的位于LAN侧与WAN侧之间的网络接入设备CPE,具体地,所述网络接入设备CPE包括如上所述的基于PNAT向IPv6过渡的网络转换实现装置,所述装置部署在位于LAN侧与WAN侧之间的网络接入设备CPE之上,参考图3,所述基于PNAT向IPv6过渡的网络转换实现装置包括:And the network access device CPE located between the LAN side and the WAN side as described above, and specifically, the network access device CPE includes a PNAT-to-IPv6-based network switching implementation device as described above, the device deployment On the network access device CPE located between the LAN side and the WAN side, referring to FIG. 3, the device for implementing network transition based on PNAT to IPv6 transition includes:
第一传输模块100,设置为获取报文;The first transmission module 100 is configured to obtain a packet;
PNAT模块200,设置为对所述报文进行前缀网络地址转换;The PNAT module 200 is configured to perform prefix network address translation on the packet.
第二传输模块300,设置为将PNAT模块200提供的转换结果执行相应的上行或下行发送。The second transmission module 300 is configured to perform a corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module 200.
在所述LAN侧,包括PC,所述PC可支持IPv4协议栈。在本发明中,由于只需要对网络接入设备CPE进行改造,所以对所述PC不做特殊功能要求。On the LAN side, including a PC, the PC can support an IPv4 protocol stack. In the present invention, since only the network access device CPE needs to be modified, no special functional requirements are imposed on the PC.
对于所述网络接入设备CPE,其用于实现PNAT功能,可以对LAN侧提供的IPv4报文、NAT64设备转换的IPv6报文、WAN侧IPv6服务器(Server)以及WAN侧IPv6主机的IPv6报文进行转换或者映射,以使得WAN侧或OLT(optical line terminal,光线路终端)设备侧IPv6报文与LAN侧报文的无缝交互。For the network access device CPE, which is used to implement the PNAT function, the IPv4 packet provided by the LAN side, the IPv6 packet converted by the NAT64 device, the IPv6 server (Server) on the WAN side, and the IPv6 packet of the IPv6 host on the WAN side. The conversion or mapping is performed to enable seamless interaction between the WAN side or the OLT (optical line terminal) device side IPv6 message and the LAN side message.
在所述WAN侧,包括OLT、NAT64以及DNS64等:On the WAN side, including OLT, NAT64, DNS64, etc.:
所述NAT64,根据配置的前缀信息对IPv6和IPv4报文进行NAT转换,使两种网络可互通。The NAT 64 performs NAT translation on the IPv6 and IPv4 packets according to the configured prefix information, so that the two networks can communicate with each other.
所述DNS64,与NAT64配合部署,提供DNS ALG功能。将IPv4网络中域名对应的A记录转换为AAAA记录转发给IPv6请求端。 The DNS64 is deployed in conjunction with the NAT64 to provide a DNS ALG function. The A record corresponding to the domain name in the IPv4 network is converted into an AAAA record and forwarded to the IPv6 requesting end.
如图5所示,其示出了本实施例中PC访问IPv4网络时DNS报文处理流程示意图,该流程应用于内网IPV4主机设备经IPV6网络访问IPV4的场景,现以访问www.baidu.com IPv4域名为例进行说明:As shown in FIG. 5, it is a schematic diagram of a process of processing a DNS packet when a PC accesses an IPv4 network in the embodiment. The process is applied to a scenario where an IPV4 host device accesses IPV4 via an IPV6 network, and is now accessed by www.baidu. The com IPv4 domain name is used as an example:
步骤2a01:IPv4主机发起域名为www.baidu.com的A记录DNS请求报文;Step 2a01: The IPv4 host initiates an A-record DNS request message whose domain name is www.baidu.com.
步骤2a02:CPE对DNS请求报文进行解析,当发现为A记录请求时,转换为AAAA记录请求报文,经OLT、BRAS等设备的转发到达DNS64设备;Step 2a02: The CPE parses the DNS request packet, and when it finds that it is an A record request, it converts it into an AAAA record request message, and forwards it to the DNS64 device through forwarding by the OLT, BRAS, and the like;
步骤2a03:DNS64设备首先会将接收到的AAAA记录请求报文转发到DNS Server,查询是否有对应该域名的IPv6地址存在;Step 2a03: The DNS64 device first forwards the received AAAA record request message to the DNS server to check whether an IPv6 address corresponding to the domain name exists.
步骤2a04:www.baidu.com域名对应的IP为IPv4地址,则DNS Server对AAAA类型请求报文的回复中不包含IP地址;Step 2a04: The IP address corresponding to the www.baidu.com domain name is an IPv4 address, and the DNS server does not include an IP address in the reply to the AAAA type request packet.
步骤2a05:DNS64设备收到AAAA记录的空应答报文后,会再发送A记录的请求报文;Step 2a05: After receiving the null response message of the AAAA record, the DNS64 device sends the request message of the A record again.
步骤2a06:DNS Server对A记录请求报文做出回应,回复包含www.baidu.com域名对应IPv4地址220.181.112.143的应答报文;Step 2a06: The DNS server responds to the A record request message, and responds with a response message including the IPv4 address 220.181.112.143 of the www.baidu.com domain name;
步骤2a07:DNS64设备收到A记录的应答报文后,根据NAT64前缀将A记录转换为AAAA记录经BRAS、OLT等设备的转发至CPE设备;Step 2a07: After receiving the response message of the A record, the DNS64 device converts the A record into an AAAA record according to the NAT64 prefix and forwards it to the CPE device through the BRAS, OLT, and the like;
步骤2a08:CPE设备收到AAAA记录的应答报文后,去掉NAT64前缀将AAAA记录恢复为A记录转发至LAN侧PC。Step 2a08: After receiving the response message of the AAAA record, the CPE device removes the NAT64 prefix and restores the AAAA record to the A record and forwards it to the LAN side PC.
如图6所示,其示出了本实施例中PC访问IPv6网络时DNS报文处理流程示意图,该流程应用于内网IPV4主机设备经IPV6网络访问IPV6的场景,现以访问ipv6.google.com IPv6域名为例进行说明:As shown in FIG. 6, the flow chart of the processing of the DNS packet when the PC accesses the IPv6 network in the embodiment is shown in the embodiment. The process is applied to the scenario where the IPV4 host device accesses the IPV6 through the IPV6 network, and now accesses ipv6.google. The com IPv6 domain name is used as an example:
步骤2b01:Pv4主机发起域名为ipv6.google.com的A记录DNS请求报文;Step 2b01: The Pv4 host initiates an A-record DNS request message whose domain name is ipv6.google.com;
步骤2b02:CPE对DNS请求报文进行解析,当发现为A记录请求时,转换为AAAA记录请求报文,经OLT、BRAS等设备的转发到达DNS Server设备;Step 2b02: The CPE parses the DNS request packet, and when it is found to be the A record request, it is converted into an AAAA record request message, and is forwarded to the DNS Server device by the OLT, BRAS, and the like;
步骤2b03:ipv6.google.com域名对应的IPv6地址为2a00:1450:4004:803::1011,DNS Server回复包含此IPv6地址的应答报文,经BRAS、OLT等设备转发至CPE; Step 2b03: The IPv6 address corresponding to the ipv6.google.com domain name is 2a00:1450:4004:803::1011, and the DNS server replies with the response packet containing the IPv6 address, and forwards it to the CPE through the BRAS, OLT, and the like;
步骤2b04:因为域名对应的IPv6地址不包含NAT64前缀,CPE收到DNS应答报文后,将IPv6地址映射为类似1.0.0.1形式的IPv4地址,同时将AAAA记录报文转化为A记录转发至LAN侧PC。Step 2b04: The IPv6 address corresponding to the domain name does not contain the NAT64 prefix. After receiving the DNS response packet, the CPE maps the IPv6 address to an IPv4 address of the form similar to 1.0.0.1, and converts the AAAA record packet to the A record and forwards it to the LAN. Side PC.
继续参考图2所示,其示出了为本实施例中报文在网络接入设备CPE内部的转发流程,其中虚线部分为DNS报文的转发流程,实线部分为TCP/UDP等数据报文的转发流程,以下着重对这两种转发流程进行描述:With reference to FIG. 2, it shows the forwarding process of the packet in the CPE of the network access device in this embodiment, where the dotted line part is the forwarding process of the DNS packet, and the solid line part is the data packet such as TCP/UDP. The forwarding process of the text, the following focuses on the description of the two forwarding processes:
一、LAN侧HOST主机获取IPv4域名的流程(虚线部分所示):First, the LAN side HOST host obtains the IPv4 domain name process (shown in the dotted line):
(1)LAN侧HOST主机发出A记录DNS请求报文,经CPE设备中的ethx、br0等虚拟设备到达DNS代理进程;(1) The HOST host on the LAN side sends an A-record DNS request packet to the DNS proxy process via a virtual device such as ethx or br0 in the CPE device.
(2)DNS代理进程对请求报文进行解析,若为A记录请求报文,则转换为AAAA记录报文,然后路由至PNAT0虚拟设备;(2) The DNS proxy process parses the request packet, and if it is the A record request packet, it is converted into an AAAA record packet, and then routed to the PNAT0 virtual device;
其中,PNAT0是部署于CPE设备中的网络虚拟设备,主要完成IPv4到IPv6报文的翻译转换工作。PNAT0收到AAAA记录的DNS请求报文后,分别利用LIR前缀和WKP前缀将IPv4报文源IP和目的IP转换为IPv6地址,并将IPv4报头转换为IPv6报头,交由IPv6协议栈继续处理;Among them, PNAT0 is a network virtual device deployed in a CPE device, and mainly performs translation and conversion of IPv4 to IPv6 packets. After receiving the DNS request packet from the AAAA, the PNAT0 uses the LIR prefix and the WKP prefix to translate the source IP address and the destination IP address of the IPv4 packet into an IPv6 address, and converts the IPv4 header into an IPv6 header for processing by the IPv6 protocol stack.
(3)IPv6协议栈收到PNAT0设备转换的IPv6报文后,路由至出接口nbif虚拟设备,最终经该设备的发送函数转发到WAN侧;(3) After receiving the IPv6 packet converted by the PNAT0 device, the IPv6 protocol stack is routed to the outbound interface nbif virtual device, and finally forwarded to the WAN side through the sending function of the device;
(4)参考如图4所示DNS报文在WAN侧的转发流程,CPE最终获得DNS Server回复的AAAA类型应答报文。(4) Referring to the forwarding process of the DNS message on the WAN side as shown in FIG. 4, the CPE finally obtains the AAAA type response message replied by the DNS server.
(5)本发明实施例在ip6tables框架的PREROUTINGHOOK挂接点上添加相应规则,对以WKP前缀为源IP或以LIR前缀为目的IP的IPv6报文进行转换,将这些报文还原为对应的IPv4报文。AAAA类型的IPv6应答报文在经过IPv6协议栈的PREROUTINGHOOK挂接点时将被还原为IPv4报文,转发至IPv4协议栈。(5) In the embodiment of the present invention, a corresponding rule is added to the PREROUTINGHOOK connection point of the ip6tables framework, and the IPv6 packet with the WKP prefix as the source IP or the LIR prefix as the destination IP is converted, and the packets are restored to the corresponding IPv4 report. Text. The AAAA type IPv6 response packet is reverted to an IPv4 packet and forwarded to the IPv4 protocol stack when it passes the PREROUTINGHOOK attachment point of the IPv6 protocol stack.
(6)DNS报文在IPv4协议栈中被路由至DNS代理进程,DNS代理进程将报文进行解析,把AAAA记录转化为A记录,域名对应的IPv6地址去掉前缀还原为IPv4地址。(6) The DNS packet is routed to the DNS proxy process in the IPv4 protocol stack. The DNS proxy process parses the packet and converts the AAAA record into an A record. The IPv6 address corresponding to the domain name is deleted and restored to the IPv4 address.
(7)最终,包含A记录的DNS应答报文在IPv4协议栈中经由br0、ethx等虚拟设备转发至LAN侧HOST主机。 (7) Finally, the DNS response message including the A record is forwarded to the LAN-side HOST host via the virtual device such as br0 or ethx in the IPv4 protocol stack.
二、LAN侧HOST TCP/UDP等数据报文的的转发流程(实线部分所示):Second, the LAN side HOST TCP / UDP and other data packets forwarding process (shown in the solid line):
TCP/UDP等数据报文的转发流程与1)中的DNS报文类似,不同的地方是:CPE不再作为代理,所以TCP/UDP报文无需再经过CPE本地进程的处理,对于上行报文来说,当LAN侧报文到达br0设备后,经路由直接转发至PNAT0设备,对于下行报文在IPv6协议栈经转换后到达IPv4协议栈,直接路由至br0设备,再经ethx设备转发至LAN侧。The forwarding process of data packets such as TCP/UDP is similar to the DNS packet in 1). The difference is that the CPE is no longer acting as a proxy. Therefore, the TCP/UDP packets do not need to be processed by the CPE local process. After the LAN-side packet reaches the br0 device, the packet is directly forwarded to the PNAT0 device. The downlink packet is forwarded to the IPv4 protocol stack after being translated to the IPv4 protocol stack, and then directly routed to the br0 device and then forwarded to the LAN through the ethx device. side.
由于本发明实施例的主要侧重点在于网络接入设备CPE的PNAT0设备和PREROUTINGHOOK挂接点对IPv4/IPv6报文执行相互转换处理,TCP/UDP等数据报文与DNS报文在这两处的处理流程是一致的,所以不再赘述。The main focus of the embodiment of the present invention is that the PNAT0 device and the PREROUTINGHOOK connection point of the network access device CPE perform mutual conversion processing on IPv4/IPv6 packets, and the processing of TCP/UDP data packets and DNS packets in these two places. The process is consistent, so I won't go into details.
以上所述仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the invention and the drawings are directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of the present invention.
工业实用性Industrial applicability
基于本发明实施例提供的上述技术方案,采用在网络接入设备CPE上实现PNAT功能以实现向IPv6过渡,避免了现有技术中存在的技术问题:双栈技术本身也要消耗IPv4地址,这导致在实施双栈迁移方案的过程中,IPv4地址枯竭不会得到根本性的解决,而隧道技术必须有隧道对端设备的对称使用,才能完成IPv4负载在IPv6网络中的传输,且其应用场景有限,无法完成IPv4主机与对端IPv6网络的相互访问。解决了现有技术中主机设备修改方案中存在的需要对大量主机进行修改以及可行性不高的问题。 Based on the foregoing technical solution provided by the embodiment of the present invention, the PNAT function is implemented on the network access device CPE to implement the transition to the IPv6, and the technical problem existing in the prior art is avoided: the dual stack technology itself also consumes the IPv4 address, which As a result, in the process of implementing the dual-stack migration scheme, the IPv4 address depletion will not be fundamentally solved, and the tunnel technology must have symmetric use of the tunnel peer device to complete the transmission of the IPv4 payload in the IPv6 network, and its application scenario Limited, the mutual access between the IPv4 host and the peer IPv6 network cannot be completed. The problem that the modification of the host device in the prior art needs to be modified for a large number of hosts and the feasibility is not high is solved.

Claims (12)

  1. 一种基于PNAT向IPv6过渡的网络转换实现方法,应用在位于局域网LAN侧与广域网WAN侧之间的网络接入设备CPE上,包括:A network switching implementation method based on PNAT to IPv6 transition is applied to a network access device CPE located between a local area network LAN side and a wide area network WAN side, and includes:
    获取报文;Obtain a message;
    对所述报文进行前缀网络地址转换PNAT,并将转换结果执行相应的上行或下行发送。Performing a prefix network address translation PNAT on the packet, and performing a corresponding uplink or downlink transmission on the conversion result.
  2. 如权利要求1所述的基于PNAT向IPv6过渡的网络转换实现方法,其中,对于上行IPV4报文,所述前缀网络地址转换PNAT包括:The method for implementing a network transition based on PNAT to IPv6 according to claim 1, wherein for the uplink IPV4 message, the prefix network address translation PNAT includes:
    将所述上行IPV4报文转换为上行IPv6报文。The uplink IPV4 packet is converted into an uplink IPv6 packet.
  3. 如权利要求2所述的基于PNAT向IPv6过渡的网络转换实现方法,其中,所述上行IPV4报文由LAN侧产生或由本地产生。The method for implementing a network transition based on PNAT to IPv6 according to claim 2, wherein the uplink IPV4 message is generated by a LAN side or generated locally.
  4. 如权利要求1-3任一项所述的基于PNAT向IPv6过渡的网络转换实现方法,其中,对于下行IPV6报文,所述前缀网络地址转换PNAT包括:The method for implementing a network transition based on the transition from PNAT to IPv6 according to any one of claims 1-3, wherein, for the downlink IPV6 packet, the prefix network address translation PNAT includes:
    将所述下行IPV6报文转换为下行IPv4报文;Converting the downlink IPV6 packet into a downlink IPv4 packet;
    将所述下行IPv4报文放入IPv4协议栈,以等待路由转发。The downlink IPv4 packet is placed in the IPv4 protocol stack to wait for route forwarding.
  5. 如权利要求4所述的基于PNAT向IPv6过渡的网络转换实现方法,其中,在ip6tables框架的PREROUTINGHOOK挂接点上添加前缀网络地址转换PNAT规则,以实现将所述下行IPV6报文转换为下行IPv4报文。The method for implementing a network transition based on PNAT to IPv6 according to claim 4, wherein a prefix network address translation PNAT rule is added to the PREROUTINGHOOK attachment point of the ip6tables framework to convert the downlink IPV6 packet into a downlink IPv4 packet. Text.
  6. 一种基于PNAT向IPv6过渡的网络转换实现装置,其部署在位于局域网LAN侧与广域网WAN侧之间的网络接入设备CPE上,包括:A device for implementing a network transition device based on the transition from PNAT to IPv6, which is deployed on a network access device CPE located between a local area network LAN side and a wide area network WAN side, and includes:
    第一传输模块,设置为获取报文;a first transmission module, configured to acquire a message;
    PNAT模块,设置为对所述报文进行前缀网络地址转换;a PNAT module, configured to perform prefix network address translation on the packet;
    第二传输模块,设置为将PNAT模块提供的转换结果执行相应的上行或下行发送。 The second transmission module is configured to perform corresponding uplink or downlink transmission by using the conversion result provided by the PNAT module.
  7. 如权利要求6所述的基于PNAT向IPv6过渡的网络转换实现装置,其中,当所述第一传输模块获取到上行IPV4报文时,所述PNAT模块设置为将所述上行IPV4报文转换为上行IPv6报文。The apparatus for implementing a network transition based on PNAT to IPv6 according to claim 6, wherein when the first transmission module acquires an uplink IPV4 packet, the PNAT module is configured to convert the uplink IPV4 packet into Upstream IPv6 packets.
  8. 如权利要求7所述的基于PNAT向IPv6过渡的网络转换实现装置,其中,所述上行IPV4报文由LAN侧产生或由本地产生。The apparatus for implementing network transition based on PNAT to IPv6 according to claim 7, wherein the uplink IPV4 message is generated by a LAN side or locally generated.
  9. 如权利要求6-8任一项所述的基于PNAT向IPv6过渡的网络转换实现装置,其中,当所述第一传输模块获取到下行IPV6报文时,所述PNAT模块设置为将所述下行IPV6报文转换为下行IPv4报文,以及设置为将所述下行IPv4报文放入IPv4协议栈,以等待路由转发。The apparatus for implementing a network transition based on PNAT to IPv6 according to any one of claims 6-8, wherein when the first transmission module acquires a downlink IPV6 packet, the PNAT module is configured to set the downlink The IPV6 packet is converted into a downlink IPv4 packet, and is set to put the downlink IPv4 packet into the IPv4 protocol stack to wait for route forwarding.
  10. 如权利要求9所述的基于PNAT向IPv6过渡的网络转换实现装置,其中,所述PNAT模块还设置为在ip6tables框架的PREROUTINGHOOK挂接点上添加前缀网络地址转换PNAT规则,以实现将所述下行IPV6报文转换为下行IPv4报文。The apparatus for implementing a network transition based on PNAT to IPv6 according to claim 9, wherein the PNAT module is further configured to add a prefix network address translation PNAT rule to a PREROUTINGHOOK attachment point of the ip6tables framework to implement the downlink IPV6. The packet is translated into a downlink IPv4 packet.
  11. 一种网络接入设备CPE,包括如权利要求6-10任一项所述的基于PNAT向IPv6过渡的网络转换实现装置。A network access device CPE, comprising: a network transition implementation device based on PNAT to IPv6 transition according to any one of claims 6-10.
  12. 一种系统,包括:A system comprising:
    局域网LAN侧;LAN side of the local area network;
    广域网WAN侧;WAN side of the WAN;
    以及如权利要求11所述的位于LAN侧与WAN侧之间的网络接入设备CPE。 And a network access device CPE located between the LAN side and the WAN side according to claim 11.
PCT/CN2015/072456 2014-11-18 2015-02-06 Network translation realization method and apparatus for transiting to ipv6 on the basis of pant WO2016078235A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410659846.6 2014-11-18
CN201410659846.6A CN105681481A (en) 2014-11-18 2014-11-18 Method and device for realizing network translation to IPv6 (Internet Protocol Version 6) based on PNAT (Prefix Network Address Translation) and terminal device

Publications (1)

Publication Number Publication Date
WO2016078235A1 true WO2016078235A1 (en) 2016-05-26

Family

ID=56013150

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/072456 WO2016078235A1 (en) 2014-11-18 2015-02-06 Network translation realization method and apparatus for transiting to ipv6 on the basis of pant

Country Status (2)

Country Link
CN (1) CN105681481A (en)
WO (1) WO2016078235A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230188492A1 (en) * 2021-12-10 2023-06-15 Cisco Technology, Inc. Systems and Methods for Translating IPV6 Packets for DIA in an SD-WAN Environment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547687B (en) * 2017-08-31 2021-02-26 新华三技术有限公司 Message transmission method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1965515A (en) * 2004-06-25 2007-05-16 思科技术公司 Arrangement for reaching IPv4 public network nodes by a node in an IPv4 private network via an IPv6 access network
CN101599999A (en) * 2008-06-06 2009-12-09 冲电气工业株式会社 Communication system
CN101848247A (en) * 2009-03-26 2010-09-29 华为技术有限公司 Method for implementing access of IPv6 host to IPv4 host, method for acquiring IPv6 address prefix and conversion device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137170A (en) * 2010-01-26 2011-07-27 中兴通讯股份有限公司 Method and device for distributing IPv6 (Internet Protocol version 6) addresses
CN102281336A (en) * 2010-06-13 2011-12-14 中兴通讯股份有限公司 Method and system for host to initiate address conversion
CN102487407B (en) * 2010-12-03 2015-03-25 华为终端有限公司 Network address translating method and equipment and system
JP2012209847A (en) * 2011-03-30 2012-10-25 Nippon Telegraph & Telephone West Corp Return communication method in ipv6 nat device
CN103428303A (en) * 2012-05-22 2013-12-04 中兴通讯股份有限公司 Method and system for IPv6 host to have access to IPv4 server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1965515A (en) * 2004-06-25 2007-05-16 思科技术公司 Arrangement for reaching IPv4 public network nodes by a node in an IPv4 private network via an IPv6 access network
CN101599999A (en) * 2008-06-06 2009-12-09 冲电气工业株式会社 Communication system
CN101848247A (en) * 2009-03-26 2010-09-29 华为技术有限公司 Method for implementing access of IPv6 host to IPv4 host, method for acquiring IPv6 address prefix and conversion device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230188492A1 (en) * 2021-12-10 2023-06-15 Cisco Technology, Inc. Systems and Methods for Translating IPV6 Packets for DIA in an SD-WAN Environment
US11863515B2 (en) 2021-12-10 2024-01-02 Cisco Technology, Inc. Systems and methods for translating IPV6 packets for DIA in an SD-WAN environment

Also Published As

Publication number Publication date
CN105681481A (en) 2016-06-15

Similar Documents

Publication Publication Date Title
JP5335886B2 (en) Method and apparatus for communicating data packets between local networks
KR101785760B1 (en) Method and network element for enhancing ds-lite with private ipv4 reachability
US7639686B2 (en) Access network clusterhead for providing local mobility management of a roaming IPv4 node
US8909812B2 (en) Method and device for communication for host device with IPv4 application
US20060251088A1 (en) Private network gateways interconnecting private networks via an access network
US20120317252A1 (en) Method and system for address conflict resolution
US9516070B2 (en) Method for establishing channel for managing IPV4 terminal and network gateway
JP2009017429A (en) Network relay control program, network relay control apparatus, and network relay control method
KR20140099598A (en) Method for providing service of mobile vpn
US8194683B2 (en) Teredo connectivity between clients behind symmetric NATs
WO2012083657A1 (en) Packet processing method, system and customer premises equipment
JP6386166B2 (en) Translation method and apparatus between IPv4 and IPv6
EP2675117A1 (en) Routing method and device for host in multi-homing site
JP2015522880A (en) Data interaction method, apparatus, and system
WO2014063606A1 (en) Packet forwarding method and corresponding device
WO2016078235A1 (en) Network translation realization method and apparatus for transiting to ipv6 on the basis of pant
WO2014156143A1 (en) Home gateway device and packet forwarding method
JP6947167B2 (en) Management device, L3CPE, and control method thereof
WO2015139397A1 (en) Nat64 resource acquisition method and acquisition/distribution apparatus
KR101124635B1 (en) Connecting gateway with ipv4/ipv6
JP7408150B2 (en) Communication method
JP5225300B2 (en) Route control method for mobile IP via private network, mobile router, and program
JP7370066B2 (en) Communication method
JP2010157857A (en) Vpn connection device, packet control method, and program
CN114390021A (en) IPv6 single stack-based IDC service providing system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15860610

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15860610

Country of ref document: EP

Kind code of ref document: A1