CN103797774A - Device and method for network address conversion - Google Patents
Device and method for network address conversion Download PDFInfo
- Publication number
- CN103797774A CN103797774A CN201380002273.3A CN201380002273A CN103797774A CN 103797774 A CN103797774 A CN 103797774A CN 201380002273 A CN201380002273 A CN 201380002273A CN 103797774 A CN103797774 A CN 103797774A
- Authority
- CN
- China
- Prior art keywords
- cpu
- message
- port resource
- network address
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
Abstract
The present invention provides a device and a method for network address conversion, and aims for solving the problems that a control board is a choke point in port resource allocation and the utilization rate of the port resourse is low. The network address conversion device comprises the control board, a business board and an interface board. The business board comprises a plurality of CPUs, and the port resources of the network conversion device are allocated to the plurality of CPUs of the business board for management and allocation. The interface bord is used for transimitting a first message sent by a user station device to the first CPU of the bussines board. The first CPU of the business board determins a second CPU according to an NAT stategy to take response for managing port resource blocks needed by carrying out network address conversion for the first message. The second CPU acquires N port resources, and uses a first port resoruse of the acquired N port resources to carry out network address conversion for the first message. The network address is converted into the first message and then sent to the interface board. The interface board sends the first message which has undergone network address conversion to an external network. The port resources are managed by the CPUs of the business board, so that the problem that the control board is a choke point in port resource allocation; the plurality of CPUs are used in the network address conversion process, so that the advantages of a distributed system are brought into full play, and the utilization rate of the port resources is imporved.
Description
Technical field
The present invention relates to Internet technical field, relate in particular to the Apparatus and method for of a kind of network address translation (Network Address Translation, NAT).
Background technology
The IPv4(Internet Protocol version 4 that internet (internet) uses, internet protocol version 4) there are 32 (4 byte) addresses, can allow at most the computer of 2 32 power quantity to be linked in the Internet.Along with developing rapidly of the Internet, more and more large to the demand of IP address, IPv4 address will be assigned with totally this problem and cannot avoid.Under this demand, release the Internet protocol of next version, i.e. IPv6(Internet Protocol version6, internet protocol version 6).IPv6 adopts 128 bit address length, IP address almost can be provided without restriction, and have obvious improvement at aspects such as fail safe, network management, mobility and service quality, is the core standard that Next Generation Internet network agreement adopts.
But very ripe due to what use the network (hereinafter referred IPv4 network) of IPv4 to develop, IPv4 network is very huge, to such an extent as to the one section of long time of needs of having to (network of use IPv6) transition progressively from IPv4 network to IPv6 network.At IPv4 network to the very long transition period of IPv6 network, NAT(Network Address Translation, network address translation) technology will be used widely.NAT technology belongs to access wide area network (WAN) technology, is that one is the switch technology of public network (public) IP address by privately owned (private) address spaces, is widely used in the access way of various internets (internet).
Different from the NAT of normal domestic use or enterprise-level, for operator (Carrier), its client who faces is more, therefore the performance to NAT, manageability and manageability require high.
Carrier class networks address transition (Carrier Grade Network Address Translation, i.e. CGNAT are called for short CGN) technology is the transition scheme that current each operator extensively adopts.CGN was also once called as LSN (Large Scale NAT), and its essence is exactly NAT.The client who faces due to operator is a lot, mostly can calculate take hundred million as unit, and therefore the traffic carrying capacity of the required network address translation to be processed of CGN equipment is also very large.At IPv4 network to the very long transition period of IPv6 network, CGN needs to guarantee the normal use of existing terminal or business, can realize again real IPv6 application simultaneously, and in performance, can run degree and can manage the demand that meets business aspect degree.
Summary of the invention
In view of this, the invention provides a kind of Apparatus and method for of network address translation, the port resource that network address translation apparatus is managed sends to respectively the CPU of each business board, CPU by business board is responsible for port resource manage and distribute, and each port resource is managed independently by a CPU, like this in the whole process that realizes network address translation, the CPU of the business board of management port resource can be that the CPU that receives the business board of message distributes port resource, the common participation of CPU of multiple business boards realizes network address translation, give full play to the advantage of distributed system, allocative efficiency and the utilance of port resource are improved.
In order to address the above problem, first aspect, the embodiment of the present invention provides a kind of equipment of realizing network address translation, described equipment comprises: control board (11), business board and interface board (15), described business board comprises multiple CPU (central processing unit, CPU) multiple CPU that, the port resource of wherein said equipment is distributed to described business board manage and distribute; The first message of the first session that described interface board (15) sends for receiving customer premises equipment, CPE (301), and described the first message repeating is given to a CPU of described business board; A described CPU is used for, and determines that according to NAT strategy the 2nd CPU is in charge of described the first message and carries out the needed port resource of network address translation; Obtain N port resource from described the 2nd CPU; From a described N port resource, use the first port resource to carry out the message after network address translation is changed to described the first message; Message after described conversion is sent to described interface board (15); Described interface board (15) is also for sending to external network by the message after the described conversion receiving.
In conjunction with first aspect, in the possible implementation of the first, described equipment also comprises: control board is used for: the multiple CPU that port resource are broadcast to described business board; Or port assignment strategy is broadcast to multiple CPU of business board, wherein said port assignment strategy is distributed to the port resource of described equipment multiple CPU of described business board, and each described CPU is in charge of distributed port resource.
In the possible implementation of the second of first aspect, described equipment also comprises: described interface board (15) is further used for: a CPU who according to the source IP address of described the first message, described the first message repeating is given to described business board.
In the third possible implementation, described equipment also comprises: in the time that a described CPU receives the second message of described the first message place session, a described CPU is further used for according to the conversational list of preserving, described the second message being processed, and wherein said conversational list is set up after described the first message completes network address translation.
In the 4th kind of possible implementation, described equipment also comprises: in the time that a described CPU receives the 3rd message of the second session of described customer premises equipment, CPE (301) transmission, wherein said the second session is a new session different from described the first session, and a described CPU is further used for choosing the second port resource from a described N port resource described the 3rd message is carried out to network address translation.
In the 5th kind of possible implementation, described equipment also comprises: described network address transferring strategy is for determining corresponding port resource information according to the characteristic of the message receiving
In the 6th kind of possible implementation, described equipment also comprises: a described CPU is used for receiving the 4th message; Determine that according to described NAT strategy a described CPU is in charge of described the 4th message and carries out the needed port resource of network address translation; The port resource pond of managing from a CPU, be that the customer premises equipment, CPE that sends described the 4th message distributes M port resource; Use the first port resource in M port resource to carry out network address translation to described the 4th message.
In the 7th kind of possible implementation, described equipment also comprises: a described CPU is also for storing the use state of a described M port resource, and the use state of M port resource described in regular update.
In the 8th kind of possible implementation, described equipment also comprises: described the 2nd CPU is further used for storing the use state of a described N port resource, and the use state of a described N port resource is sent to a described CPU; A described CPU is further used for the use state of N port resource described in regular update, and the use state of described renewal is sent to described the 2nd CPU.
Second aspect, the embodiment of the present invention provides a kind of method for network address translation, wherein, the equipment of realizing described method for network address translation comprises control board (11), interface board (15) and the business board with multiple CPU, and multiple CPU that the port resource of described equipment is distributed to described business board manage and distribute; The one CPU of described business board receives the first message of the first session of customer premises equipment, CPE (301) transmission of described interface board (15) forwarding; Determine that according to network address transferring strategy the 2nd CPU manages described the first message and carries out the needed port resource of network address translation; Obtain N port resource from described the 2nd CPU; Use the first port resource in a described N port resource to carry out the message after network address translation is changed to described the first message; Message after described conversion is sent to described interface board (15); The message after described conversion is sent to external network by described interface board (15).
In conjunction with second aspect, in the possible implementation of the first, described method for network address translation also comprises: described control board (11) is broadcast to described port resource multiple CPU of described business board; Or described control board (11) is broadcast to port assignment strategy multiple CPU of described business board, wherein said port assignment strategy is for distributing to the port resource of described equipment multiple CPU of described business board, and each described CPU is in charge of distributed port resource.
In the possible implementation of the second of second aspect, described method for network address translation also comprises, described interface board (15) is distributed to described the first message according to the source IP address of described the first message a described CPU of described business board.
In the third possible implementation in conjunction with second aspect, described method for network address translation also comprises, in the time that a described CPU receives the second message that belongs to described the first message place session, a described CPU processes described the second message according to the conversational list of preserving, and wherein said conversational list is set up after described the first message completes network address translation.
In the 4th kind of possible implementation in conjunction with second aspect, described method for network address translation also comprises, in the time that a described CPU receives the 3rd message of the second session of described customer premises equipment, CPE (301) transmission, wherein said the second session is a new session different from described the first session, and a described CPU uses the second port resource in N port resource to carry out network address translation to described the 3rd message.
In the 5th kind of possible implementation in conjunction with second aspect, described method for network address translation also comprises, described network address transferring strategy is for determining corresponding port resource according to the characteristic of the message receiving.
In the 6th kind of possible implementation in conjunction with second aspect, described method for network address translation also comprises, described CPU reception the 4th message; Determine that according to described network address transferring strategy a described CPU is in charge of described the 4th message and carries out the needed port resource of network address translation; The port resource of managing from a CPU, be that the customer premises equipment, CPE that sends described the 4th message distributes M port resource; Use the first port resource in M port resource to carry out network address translation to described the 4th message.
In the 7th kind of possible implementation in conjunction with second aspect, described method for network address translation also comprises, a described CPU preserves the use state of a described M port resource, and the use state of M port resource described in regular update.
In the 8th kind of possible implementation in conjunction with second aspect, described method for network address translation also comprises, described the 2nd CPU stores the use state of a described N port resource, and the use state of a described N port resource is sent to a described CPU; The use state of N port resource described in a described CPU regular update, and the use state of described renewal is sent to described the 2nd CPU.
The embodiment of the present invention sends to respectively the CPU of each business board by the port resource that network address translation apparatus is managed, CPU by business board is responsible for management and the distribution to port resource, and each port resource is managed independently by a CPU, in the whole process that realizes network address translation, the CPU of the business board of management port resource can be that the CPU that receives the business board of message distributes port resource, and the common participation of CPU of multiple business boards realizes network address translation.By the CPU of business board, the port resource of network address translation apparatus is managed like this, avoided control board to become the bottleneck that port resource distributes, given full play to the advantage of distributed system, improved allocative efficiency and the utilance of port resource.
According to below with reference to accompanying drawing to detailed description of illustrative embodiments, it is clear that further feature of the present invention and aspect will become.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below.
Fig. 1 is the application scenarios schematic diagram of carrier class networks address transition service application;
Fig. 2 is the structural representation of carrier class networks address-translating device;
Fig. 3 is the schematic flow sheet of existing carrier class networks address conversion method;
Fig. 4 is the signal schematic representation of the network address translation in the embodiment of the present invention;
Fig. 5 is the method flow schematic diagram of the network address translation of the embodiment of the present invention.
Embodiment
Describe various exemplary embodiments of the present invention, feature and method in detail below with reference to accompanying drawing.
In addition, for better explanation the present invention, in embodiment below, provided numerous details.It will be appreciated by those skilled in the art that and there is no these details, the present invention can implement equally.In other example, method, means, element and the circuit known for everybody are not described in detail, so that highlight purport of the present invention.
Carrier class networks address transition (Carrier Grade Network Address Translation, i.e. CGNAT are called for short CGN) technology is the extensively transition scheme of the IPv4-IPv6 of employing of current each operator, and its essence is network address translation apparatus.CGN solution has multiple implementation, for example: DS-Lite(Dual-Stack Lite, two stacks are simplified technology), the double-deck NAT44 technology of NAT444(, be the address network address transition technology of double-deck IPv4 private address to the publicly-owned address of IPv4), PNAT(Prefix Based NAT, Host Based IPv6 transition NAT technology), the NAT technology between NAT64(IPv6 and IPv4).
CGN solution is mainly used in the network transition of metropolitan area network, and its application scenarios refers to accompanying drawing 1.Terminal use User (401) and customer premises equipment, CPE (Customer Presidial Equipment, be called for short CPE) (301) be connected, CPE (301) is as terminal use's (401) outlet gateway, by broad band remote access service (Broadband Remote Access Service, be called for short BRAS) (2) dialing reach the standard grade after, E-Packet to CGN equipment (1).CGN equipment (1) is that each CPE distributes port resource, and realizes operation level NAT conversion, and the message after conversion is sent in external network (5).
In DS-Lite solution, CPE (301) terminal use (401) can be sent message be encapsulated in IP address (CPE-IP) take cpe device in the IPv4-in-IPv6 channel message of source IP, issue CGN equipment (1).And in NAT444 solution, the source IP of the message that CPE (301) can send terminal use (401) is converted to after CPE-IP, issue CGN equipment.Therefore, in DS-Lite and NAT444 solution, the message that under each CPE, all terminal uses initiate arrives after CGN equipment (1), the source IP of message is the IP address of affiliated CPE, and the message that different CPE send be distinguished and be identified to CGN equipment (1) can by message source IP.Other CGN implementation is similar in the realization of port assignment scheme and nat feature, therefore, is to be mainly introduced based on DS-Lite and NAT444 solution in present specification, and the similar implementation of other solutions is described no longer separately.
Apply in order to meet high forwarding performance and to solve a large amount of NAT the difficult problem that the user that brings traces to the source, CGN provides port preassignment (port-range) technology and increment to distribute (semi-dynamic) technology.Port preassignment technology refers to, carrier class networks address-translating device (being called for short CGN equipment) is for each CPE allocates port resource in advance, and the message that all terminal uses that follow-up CPE connects send all uses the port resource having distributed to carry out network address translation.Along with the continuous increase of newly-built session, when the port resource that is assigned to as CPE is not enough, can be assigned as this CPE by increment and appends and distribute new port resource.
CGN equipment (1) is generally arranged at the network interface such as local area network (LAN) or metropolitan area network place, CGN equipment (1) can be an independently equipment, also can be integrated in firewall box, or can be integrated in router device, concrete set-up mode is determined according to service needed.The message that terminal use sends sends to CGN equipment by CPE, is undertaken sending in external network after network address translation by CGN equipment, obtains required service or information.
The structure of CGN equipment as shown in Figure 2, comprise control board (main processing unit, be called for short MPU, what have is also referred to as master control borad) (11), business board (service processing unit, be called for short SPU), and interface board (line processing unit is called for short LPU) (15).Mutual alignment relation between the each plate providing in Fig. 2 is only exemplary explanation, show annexation each other, in the CGN equipment that different manufacturers is produced, the number of various plates and concrete installation site have difference, can only have the plate that can realize similar functions.In addition, CGN equipment also comprises the building blocks such as network board, power supply, fan, similarly to the prior art, is not described in detail in this.
If when network address translation function is integrated in other equipment, as network address translation function being integrated in fire compartment wall or router, the function of control board, business board and interface board etc. can be realized by the components and parts that possess similar functions.Accordingly, the parts such as power supply, fan also arrange according to the situation of other integrated equipment.In this explanation no longer separately.In embodiments of the present invention, describe with independent CGN equipment.
In CGN equipment, control board (11) is responsible for CGN equipment (1) to manage, the nat address pool that particularly responsible this CGN equipment has and distribution and the use of port resource.The set of the public network IP address that can be used for network address translation that described nat address pool is managed for CGN equipment.Described port resource refers to the set that can be used for the public network IP address of network address translation and the port numbers section of correspondence.
Business board is connected with control board (11), is responsible for message to process.In CGN equipment, generally have polylith business board, to meet the demand of processing a large amount of messages, multiple business boards are connected with control board (11) respectively, and each business board is also connected to each other; Connection between connection and each business board between business board and control board (11) is identical with existing connected mode.Each business board can comprise single cpu or comprise multiple CPU.For operator, because need message traffic to be processed is large, therefore, business board mostly comprises multiple CPU.Message is carried out to the function of network address translation, realized by the CPU in business board.
Interface board (15) is connected with control board (11), business board, and connected mode is identical with existing connected mode.The message that interface board (15) sends the terminal use who receives (401) is shunted to business board according to pre-configured strategy, business board is processed message, message after treatment is sent to interface board (15), interface board (15) sends to message after treatment business board in external network and goes again again.Interface board receives the function of message and transmission message can separately be responsible for by an interface board message that receiving terminal user sends, and is responsible for message after treatment business board to send in public network and go by another one interface board.
Accompanying drawing 3 has provided existing CGN equipment carries out the schematic diagram of network address translation to message.
As shown in Figure 3, the message that CPE1 (301) sends terminal use user1 (401) sends to CGN equipment (1) by BRAS (2); The interface board (15) of CGN equipment (1) receives after the message that CPE1 (301) sends, and forwards the packet to corresponding business board according to predetermined strategy.For example forward the packet to corresponding business board, as SPU1 according to the source IP of message.
The CPU0 (1311) of for example SPU1 of the CPU(of business board (131)) while receiving first message of Article 1 session that CPE1 (301) sends, to N port resource of control board (11) application, and from N port resource, take out a port resource and carry out network address translation for first message of this Article 1 session, preserve the session status of this Article 1 session, i.e. conversational list simultaneously.When the message receiving as the CPU0 (1311) of SPU1 (131) is the subsequent packet of this Article 1 session, according to conversational list, the subsequent packet of this Article 1 session is forwarded, this technology is well known to those skilled in the art, is not described in detail in this.
By that analogy, in the time that the CPU0 (1311) of SPU1 (131) receives the Article 1 message of a new session of CPE1 (301) transmission, from remaining port resource, take out a port resource and carry out port translation for the Article 1 message of this new session, and preserve corresponding session status, i.e. conversational list.For example, when the CPU0 (1311) of SPU1 (131) receive be first message of Article 2 session time, from remaining N-1 port except the port having adopted for Article 1 session, take out a port and carry out network address translation for first message of Article 2 session, and preserve the session status of described Article 2 session, i.e. conversational list; In the time that the CPU0 (1311) of SPU1 (131) receives the subsequent packet of Article 2 session, according to the conversational list of the Article 2 session of preserving, this message is forwarded.
In this scheme, port resource is by control board (11) unified management, and the CPU of each business board need to use in the time that control board application port resource does network address translation for newly-built session.Now, control board (11) is the unique channel that each CPU of each business board obtains port resource, and the while is also the bottleneck place that each CPU of each business board obtains port resource performance, cannot bring into play the advantage of distributed system.
And, the new session quantity receiving as the CPU0 (1311) of SPU1 (131) increases, N the port resource that control board (11) distributes is used up while finishing, CPU0 (1311) needs again to apply for new port resource to control board (11), can cause like this secondary distribution of port resource and the problem of management, increase the complexity that port resource distributes.
In addition, the CPU of business board can also directly distribute to the CPE that sends message to N port resource of control board (11) application, in the time receiving other the message of CPE, the CPU of business board newly applies for M port resource to control board (11) again.Or the CPU of business board, after N port resource of control board (11) application, divides M port resource to the CPE that sends message from this N port resource; In the time receiving other the session message of CPE, the CPU of business board distributes Q port resource to distribute to the CPE of new access again from a remaining N-M port resource.Same, the mode of these two kinds of port resources can face bottleneck that the port resource of control board distributes and the problem of port resource secondary distribution and management.M, N herein and P are an integer, do not represent concrete quantity.
In order to overcome the bottleneck of control board and the problem of port resource secondary distribution and management, also has another implementation method.Control board is by port resource piecemeal and be allocated to each CPU of each business board, has so just avoided control board to become that reason port resource distributes and the bottleneck of management.When the CPU of each business board receives the message of newly-built session, the port resource of directly dividing from this CPU, obtain port and carry out network address translation.In this scheme, it is that the session that CPE sends distributes port resource that the CPU of each business board can only utilize divided nat port resource, when the remaining port inadequate resource of CPU, can only wait for after discharging port resource and processing, the advantage that cannot bring into play distributed system, port utilization ratio is low.
The invention provides the Apparatus and method for of a kind of port resource distribution and network address translation, can solve control board is the problem of the bottleneck of port resource distribution, can solve again the problem of the management of port resource between multi-service plate CPU and distribution conflict, improve port utilization ratio, give full play to the advantage of distributed system.
In the solution that the embodiment of the present invention provides, the CPU that port resource is mapped to each business board is upper, by the CPU of business board, port resource is managed, and each port resource is managed separately by shone upon CPU.Port resource is managed and is distributed by the CPU of business board like this, has avoided control board to become the problem of the bottleneck of port resource distribution and management; And each port resource manages separately by shone upon CPU, the secondary distribution of the port resource management in distributed system and the problem of management are solved; In addition, in the process of port resource distribution and network address translation, there are multiple CPU jointly to participate in, improved like this port utilization ratio, give full play to again framework and the performance advantage of distributed system.
In embodiments of the present invention, CGN equipment comprises control board (11), business board and interface board (15), as shown in Figure 2.The parts identical with existing implementation (not illustrating in the drawings) such as network board, power supply, fan, are not described in detail in this.The fire compartment wall of integrated CGN function or router are realized the network address translation of carrier-class, explanation no longer separately in embodiments of the present invention herein with reference to the solution of mentioning by the components and parts with identical function.
Control board (11) comprises CPU (1101) and memory (1103).CPU (1101) in control board (11) manages for all resources and information to CGN equipment and CGN, and port resource is distributed to the CPU of each business board according to port assignment strategy; Nat address pool and port resource that memory (1103) can be managed for storing CGN equipment, and corresponding relation between the business board CPU of port resource and distribution.The set composition nat address pool of the public network IP address of network address translation that what CGN equipment was managed can be used for.Described port resource refers to the set that can be used for each public network IP address of network address translation and the port numbers section of correspondence.
Business board comprises CPU and memory.CPU in business board, for the treatment of the message receiving, comprises port resource distribution, network address translation etc.Memory is used for storing subscriber's meter and conversational list.Described subscriber's meter includes the information such as the corresponding relation between port resource and customer premises equipment, CPE, and described conversational list includes the information such as session status.Subscriber's meter and conversational list can utilize existing implementation in this area, no longer describe in detail in the present embodiment.
Interface board (15) comprises CPU (1503), receiver (1501) and transmitter (1505).The message that receiver (1501) sends for receiving CPE, and message is sent to the CPU of interface board.The CPU of interface board is distributed to message according to certain rule the CPU of business board, and the CPU of for example interface board is distributed to message according to the source IP address of the message receiving the CPU of business board.Transmitter (1505) is for the message that receives the CPU of business board and send over and send to external network.Under the application scenarios of carrier class networks address transition, also can, according to the needs of traffic carrying capacity, the function that receives message be completed by two interface boards respectively with the function that sends message.Also be that CGN equipment can comprise two interface boards, an interface board comprises CPU and receiver, and another one interface board comprises CPU and transmitter.
The composition of the public network IP address for the network address translation nat address pool that CGN equipment has, is kept in the memory (1103) of control board (11).The spendable public network IP address of CGN equipment can form a nat address pool, also can be divided into multiple nat address pools, in embodiments of the present invention, describes as an example of a nat address pool example.The corresponding one section of available port numbers section of each public network IP address, for example port 2049-65535, also be kept in the memory (1103) of control board (11), described in can be used for each public network IP address of network address translation and corresponding port numbers section composition port resource.The CPU (1101) of control board (11) shines upon respectively the CPU to each business board according to port assignment strategy port resource, and the corresponding relation of the CPU in port resource and business board is kept in memory.Port assignment strategy is a kind of algorithm, the port resource of CGN equipment is distributed to the CPU of business board, is in charge of respectively distributed port resource by the CPU of business board.Control board can executing arithmetic be mapped to port resource the CPU of business board, then each port resource is broadcast to the CPU of business board; Control board also can be broadcast to port assignment strategy the CPU of business board, the port resource that the CPU of business board obtains being in charge of by operation port assignment strategy.Like this, just the management to port resource with distribute from control board and be transferred to the CPU of business board, by the CPU of business board, the port resource distributing is independently managed.
For example, have the N can be for the public network IP address of network address translation in the nat address pool of described CGN equipment control, each public network IP address has operational one section of port numbers.CGN equipment uses fixing algorithm port resource to be mapped to respectively to the CPU of each business board, then port resource is broadcast to the CPU of corresponding business board.Concrete port assignment strategy can be set according to each performance parameter of CGN equipment and the actual needs of operator.In port assignment strategy, can comprise several parameters as shown in Table 1.Parameter in table one is only example, this programme is not limited, and in actual use, can modify to the numerical value of parameter and parameter as required.
| Public network IP address ID | Public network IP address | SPU numbering | CPU numbering | Port piece | Port assignment granularity |
| … | … | … | … | … | … |
| 199 | 10.10.2.0 | 1 | 0 | 2049-65535 | 256 |
| 200 | 10.10.2.1 | 1 | 1 | 2049-65535 | 256 |
| 201 | 10.12.2.2 | 1 | 1 | 2049-65535 | 256 |
| 202 | 10.12.2.3 | 1 | 2 | 2049-33793 | 256 |
| … | … | … | … | … | … |
Table one port resource allocation policy institute containing parameter
As shown in Table 1, first group of Parametric Representation: be the CPU0 that SPU1 was divided and distributed to a piece by the port resource of the 199th public network IP address (10.10.2.0) according to 256 ports, the CPU0 of SPU1 is the CPU that is in charge of the 199th port resource that public network IP address is corresponding.Second group of Parametric Representation: be the CPU2 that SPU0 was divided and distributed to a piece by the port resource of the 200th public network IP address (10.10.2.1) according to 256 ports, the CPU2 of SPU0 is the CPU that is in charge of the port resource of the 200th public network IP address.Because quantity is many, in table, cannot list one by one, unlisted parameter with ellipsis (...) represent.
Like this management of port resource is just transferred to the CPU of each business board by control board, avoided control board to become the bottleneck that port resource distributes and manages.Meanwhile, each port resource is independently managed by a CPU, has avoided the conflict of port assignment.
CPU(in business board the one CPU) the Article 1 message (the first message) of message first session that CPE sends if of the interface board distribution that receives, the one CPU searches NAT strategy, the one CPU determines No. ID of public network IP address that need to carry out network address translation according to the characteristic of the message that receives, calculate being HASH for public network IP address No. ID, obtain managerial demand and carry out CPU(the 2nd CPU of the port resource of network address translation).The characteristic of described message can be the five-tuple information such as the ACL information of message, source IP, object IP, source port, destination interface and the agreement of message, one or more in the information such as NAT type.The method of determining the IP address of carrying out network address translation according to the characteristic of message is close with existing implementation, is not described in detail in this.
If described the 2nd CPU and a described CPU are not same CPU, the CPU that receives the business board of message is different from the CPU of the business board of management port resource, described the first message is sent to the 2nd CPU by a described CPU, and the CPU that receives the business board of message sends to described the first message the CPU of the business board of management port resource.A described CPU and described the 2nd CPU can be positioned at same business board, also can be positioned at different business boards.Realization on the technical scheme in the embodiment of the present invention does not affect.
Described the 2nd CPU receives after described the first message, from the port resource of management, be that the CPE that sends described the first message distributes N port, and preserve the use state of a described N port resource, for example by the use state of the N of a distribution port resource and and corresponding CPE between relation be saved in subscriber's meter.N port of described the first message, described distribution sent to a described CPU by described the 2nd CPU.
After a described CPU receives the first message that described the 2nd CPU sends over, a described N port resource, from N port resource, choose a port resource described the first message is carried out to network address translation, and preserve the use state of a described N port resource, for example by the use state of the N of a described distribution port resource and and corresponding CPE between relation be saved in subscriber's meter, and subscriber's meter is upgraded in timing.Similar in other information in subscriber's meter and existing techniques in realizing mode, in this explanation no longer separately.The first message that has completed network address translation is sent to interface board by the one CPU, by interface board, described the first message that has completed network address translation sent in external network.Can do not reclaimed by the 2nd CPU in order to ensure N port, a CPU timing is upgraded the use state of a described N port resource and is sent refresh message to the 2nd CPU.After all sessions of this CPE all disconnect, the one CPU no longer refreshes the use state of a described N port resource, also no longer send refresh message to the 2nd CPU, if the use state of described N port resource on the 2nd CPU is not received refresh message in the time range of setting, discharge a described N port resource for redistributing.
If the CPU(that is in charge of described public network IP address drawing i.e. the 2nd CPU) with the i.e. CPU of CPU(that receives the first message) be same CPU, a described CPU is that the customer premises equipment, CPE that sends described the first message distributes N port from the port resource of management, and from N port resource, choose a port resource described the first message carried out to network address translation, by the use state of the N of a described distribution port resource and and corresponding CPE between relation be saved in subscriber's meter and upgrade the subscriber's meter of storage.Similar in other information in subscriber's meter and existing techniques in realizing mode, in this explanation no longer separately.The first message that has completed network address translation is sent to interface board by the one CPU, by interface board, described the first message that has completed network address translation sent in network.
In the time that a described N resource is used not, can use method described above newly to apply for that again M new port resource, for network address translation, is not described in detail in this.
Like this, a port resource is managed by unique CPU, has solved the problem of the distribution of prior art middle port resource and complex management.In addition, the CPU of multiple business boards is common participates in complete network address translation overall process, and in the time that port resource does not re-use, can discharge for reusing, and can give full play to like this advantage of distributed system, improves the utilance of port resource.
As the one CPU of the CPU(in business board) message of the interface board distribution that receives is while being the subsequent packet of a session (the second message), a described CPU sends the second message according to the conversational list of storage, processing mode now can, with reference to the processing mode of same session subsequent packet in existing mode, be not described in detail in this.
As the one CPU of the CPU(in business board) message of the interface board distribution that receives is while being first message of the new session that sends of same CPE (the 3rd message), a described CPU selects the second port resource to carry out network address translation to described the 3rd message from N the port resource distributing.That is to say N the port resource from distributing, in other port resources (being N-1 port resource) except distributing to the port resource of the first message, select a port resource to carry out network address translation to the 3rd message.Processing mode below and the first message are similar, in this explanation no longer separately.Now, a CPU no longer needs message repeating, to the 2nd CPU, directly from the port resource having distributed, to choose untapped port resource and to carry out network address translation, has given full play to the advantage of distributed system.
Due in CGN scheme, the terminal use's of a CPE connection quantity may be a lot, may occur N the port resource situation of use not of distributing, now can again apply for M port resource, the method for application is identical with the method for an aforesaid N port resource.
By embodiment provided by the invention, solve in prior art control board and be that port resource management and the bottleneck distributing, port resource distribute and problem of management complexity and low etc. the problem of port resource utilance, take full advantage of the advantage of distributed system, improved the utilization ratio of port resource.
Illustrate with a concrete example CGN equipment is how to realize efficient simple port resource distribute and manage in the process that realizes network address translation below.
The method flow of the network address translation that the embodiment of the present invention provides is as shown in accompanying drawing 4 and accompanying drawing 5.
The composition of the public network IP address for the network address translation nat address pool that CGN equipment has, the spendable public network IP address of CGN equipment can form a nat address pool, also can be divided into multiple nat address pools, in embodiments of the present invention, describe as an example of a nat address pool example.The corresponding one section of port numbers section in each IP address is used for carrying out network address translation, and having formed for the public network IP address of network address translation and corresponding port numbers section can be for the port resource of network address translation.The CPU (1101) of control board (11) is mapped to port resource according to port assignment strategy the CPU of each business board, by the CPU of business board, the port resource being assigned to is managed and is distributed.Control board (11) can move port assignment algorithm port resource is mapped to the CPU of business board, then each port resource is broadcast to the CPU of business board; Control board (11) also can be broadcast to port assignment strategy the CPU of business board, the port resource that the CPU of business board obtains being in charge of by operation port assignment strategy.
For example, CGN equipment has N public network IP address that can be used for network address translation, and the available port resource that each public network IP address is corresponding is 2049-65535, is stored in the memory (1103) of control board (11).Port resource is mapped to each CPU on business board SPU by the CPU (1101) of control board (11) MPU.For example, certain public network IP address that can be used for network address translation of CGN equipment is 10.10.2.0, its corresponding port resource is 2049-65535, this port resource is shone upon CPU0 (1311) management to SPU1 (131) by the CPU of control board (11), is responsible for management and the distribution of the port resource of this public network IP address by the CPU0 (1311) of SPU1 (131).Mapping relations between port resource and each business board SPU and each CPU are saved in the memory (1103) of MPU (11).Port assignment strategy has provided concrete example above, this different detailed description in detail.
Like this, each port resource is managed independently by the CPU of shone upon business board.Like this, a port resource only can be managed by a CPU, has avoided port assignment conflict; And from the whole process of network address translation, multiple CPU of business board participate in management and the distribution of port resource jointly, take full advantage of the framework advantage of distributed system.
Interface board (15) branches to according to the source IP address of message the message receiving the CPU of corresponding business board.All messages therefore with identical source IP address all can be diverted on the same CPU of same business board.In DS-Lite and NAT444 solution, the source IP address of message is the IP address of CPE, i.e. CPE-IP is processed so the message that all terminal uses that same CPE connects send all can branch to the same CPU of same business board.The processing of the message that CPE sends the terminal use who receives is mentioned above, in this explanation no longer separately.The CPU that is assigned to business board according to the source IP address of message is well known to those skilled in the art, is not described in detail in this.
As shown in Figure 4, the receiver (1501) on interface board LPU (15) receives the message that CPE1 sends, and sends to the CPU (1503) of interface board (15).The CPU (1503) of interface board (15), according to the source IP address of message, shunts the CPU0 (1311) to SPU1 (131) by message.When follow-up CPE1 sends new message or new session, because the source IP address of message is the IP address of CPE1, so these messages still can be by shunting to the CPU0 (1311) on SPU1 (131).If what the receiver (1501) of interface board LPU (15) received is the message that CPE2 sends, send to after the CPU of interface board, the CPU of interface board, according to the source IP address of this message, shunts message to the CPU1 (1313) on SPU1 (131).In order clearly to demonstrate a complete process, the message that CPE2 sends, not shown in Figure 5.The IP address that the source IP address of the message sending due to CPE2 is described CPE2, therefore, new message or new session that CPE2 sends also can be divided to the CPU1 (1313) on SPU1 (131).That is to say, the message that all terminals under same CPE are sent can be processed to the same CPU of same business board by shunting.
For convenience, the CPU of the message that receives interface board shunting is referred to as to a CPU.If the Article 1 message (the first message) of first session that the message that a CPU receives is CPE to be sent, the one CPU searches NAT strategy, according to the characteristic of the first message, acquisition need to be carried out No. ID of public network IP address of network address translation, carry out Hash calculation to described public network IP address No. ID, obtain being in charge of CPU(the 2nd CPU of the port resource that need to carry out network address translation).The characteristic of described message can comprise the ACL information of described message, the five-tuple information such as source IP, object IP, source port, destination interface and the agreement of message, and one or more in the information such as NAT type.The method of determining the IP address of carrying out network address translation according to the characteristic of message is close with existing implementation, is not described in detail in this.A described CPU and described the 2nd CPU can be positioned at same business board, also can be positioned at different business boards.
Described NAT strategy can write in advance and be saved in the memory (1103) of control board (11), when a CPU receives after the first message, read public network IP address that the acquisition of NAT strategy need to carry out network address translation to the memory (1103) of control board (11) No. ID, carry out Hash calculation to described public network IP address No. ID, draw corresponding No. CPU of port resource.Described NAT strategy also can write in advance and be saved in the memory of each business board, when a CPU receives after the first message, read public network IP address that the acquisition of NAT strategy need to carry out network address translation to the memory of the business board at place No. ID, carry out Hash calculation to described public network IP address No. ID, draw corresponding No. CPU of port resource.
If the 2nd CPU calculating and a described CPU are same CPU, go to step 4 continuation processing.If the 2nd CPU calculating and a described CPU are not same CPU, go to step 5 continuation processing.
As shown in Figure 4, when CPU0 (1311) module (i.e. a CPU) of business board SPU1 (131) receives the message of CPE1 of interface board LPU (15) transmission, the Article 1 message of first session that if the message receiving is CPE1 to be sent, the CPU0 (1311) of business board SPU1 (131) obtain carrying out according to the ACL information of message network address translation public network IP address be for No. ID 199, ID to described IP address carries out Hash calculation, the CPU that obtains managing this port resource is the CPU2 (1353) (i.e. the 2nd CPU) of SPU0 (135).Now the 2nd CPU and a CPU are not same CPU, go to step 5 continuation processing.
Step 4, if the 2nd CPU and a described CPU are same CPU, a described CPU is that the customer premises equipment, CPE that sends described the first message distributes N port resource, continues execution step 8.
If the CPU(of the business board of management port resource is the 2nd CPU) be exactly CPU(the one CPU that receives the business board of message), a described CPU is that the customer premises equipment, CPE that sends described the first message distributes N port resource.In addition, a described CPU also preserves the use state of a described N port resource, the use state of N the port resource for example distributing with the form record of subscriber's meter and and corresponding CPE between corresponding relation, this subscriber's meter is stored in the memory of business board at a CPU place.
If the CPU(of the business board of management port resource the 2nd CPU) with CPU(the one CPU of business board that receives message) be not same CPU, the CPU of business board that receives message is the CPU to the business board of management port resource the message repeating receiving.In this example, described the first message repeating that the CPU0 (1311) of SPU1 (131) sends the CPE1 receiving is to the CPU2 (1353) of SPU0 (135).
Step 6, described the 2nd CPU distributes N port resource to the CPE of described the first message of this transmission.
In this example, after the first message that the CPU2 (1353) of SPU0 (135) receives, distribute N port resource to the CPE1 that sends this first message.
Step 7, described N the port resource and described the first message that distribute are sent to a described CPU by described the 2nd CPU.
In the present embodiment, the CPU2 (1353) of SPU0 (135) sends to N port resource and the first message the CPU0 (1311) of SPU1 (131).
Step 8, a CPU chooses a port resource described the first message is carried out to network address translation from N the port resource distributing.
N the port resource that a described CPU distributes from the 2nd CPU receiving, choose a port resource described the first message is carried out to network address translation.In addition, a described CPU preserves the use state of a described N port resource, and preserves the session status of described the first message place session, when a remaining N-1 port carries out NAT conversion for the message of follow-up other the newly-built session of this CPE.
As shown in Figure 4, the Article 1 message of choosing first session of a port resource to CPE1 transmission N the port resource that the CPU0 (1311) of SPU1 (131) distributes from the CPU2 (1353) of SPU0 (135) carries out NAT conversion.A described CPU preserves the use state of a described N port resource, and timing is upgraded.
CPU0 (1311) module of SPU1 (131), by the first message carrying out after network address translation, sends to external network by interface board (15).
Method as shown in Figure 4, control board is managed the management of port resource and assignment transfer and distribute to the CPU of business board, and certain port resource is managed by a unique CPU, avoided control board to become the bottleneck that port resource distributes, and port resource distribute and the problem of complex management.In addition, message is carried out in the whole process of network address translation, multiple CPU by business board participate in jointly, can solve like this management of distributed system port resource and the problem of distribution conflict, can improve again port utilization ratio, allow CPU as much as possible participate in address pool management, give full play of the advantage of distributed structure/architecture.
In addition, in order to make full use of the advantage of distributed system, improve the utilance of port resource, in above-mentioned steps 4, the CPE that a described CPU is described transmission the first message distributes after N port resource, preserve the use state of a described N port resource, for example, record the use state of N port resource and the corresponding relation with corresponding CPE with the form of subscriber's meter, and described subscriber's meter is upgraded in timing.When within predetermined time, when the use state of a described N port resource no longer includes new renewal, a described CPU discharges a described N port resource, for sub-distribution again.Similarly, in above-mentioned steps 6, the CPE that described the 2nd CPU is described transmission the first message distributes after N port, the 2nd CPU preserves the use state of a described N port resource, the use state of N the port resource for example distributing with the form record of subscriber's meter and and corresponding CPE between corresponding relation, and subscriber's meter is sent to a described CPU.Simultaneously, a described CPU is after N the port that receives the first message of described the 2nd CPU transmission and distribute for the CPE of described transmission the first message, also preserve the use state of a described N port resource, for example with the form of subscriber's meter preserve a described N port resource use state and and the CPE of described transmission the first message between corresponding relation, subscriber's meter is upgraded in timing; And timed sending refresh message is to the 2nd CPU, avoids a described N port to be recovered and redistributes.When within predetermined time, when the use state of N the port resource that the 2nd CPU preserves does not have new renewal, described the 2nd CPU discharges a described N port resource, for sub-distribution again.
Like this, can give full play to the advantage of distributed system, the port resource between each CPU can use mutually; After the port resource not re-using can reclaim simultaneously, redistribute, improved the utilance of port resource.
If when the subsequent packet of first session that the message that a described CPU receives is described customer premises equipment, CPE to be sent, a described CPU sends to subsequent packet in network according to the conversational list of preserving.Send the technology that is well known to those skilled in the art of message according to conversational list, and be not described in emphasis of the present invention, be not described in detail in this.
First message of the newly-built session that if the message that a described CPU receives is described customer premises equipment, CPE to be sent, a CPU takes out a port resource first message of newly-built session is carried out to network address translation from N-1 the port resource distributing, and first message of the newly-built session after network address translation is sent to external network by interface board.That is to say N the port resource from distributing, in other port resources (being N-1 port resource) except distributing to the port resource of the first message, select a port resource to carry out network address translation to the 3rd message.Like this, when the one CPU receives first message of newly-built session of described customer premises equipment, CPE transmission, do not need again first message repeating of the newly-built session receiving to the 2nd CPU, save like this traffic consumes of business board CPU, alleviate the burden of business board CPU, and accelerated the time of message processing.The one CPU takes out a port resource from N-1 the port resource distributing to carry out after network address translation first message of newly-built session, upgrade subscriber's meter and the conversational list of storage, and send the subscriber's meter that refresh message is stored to the memory refress of the 2nd CPU place business board.
In this enforcement, when the message receiving when the CPU0 (1311) of SPU1 (131) module is first message of a newly-built session sending of CPE1, N-1 the port resource that the CPU0 (1311) of SPU1 (131) distributes from the CPU2 (1353) of SPU0 (135), take out a port resource first message of newly-built session is carried out to network address translation, and first message of the newly-built session after network address translation is sent by interface board.In the port resource of other except distributing to the port resource of first message of first session that CPE1 sends, the CPU0 (1311) of SPU1 (131) chooses a port resource first message of newly-built session is carried out to network address translation from remaining N-1 port resource.The CPU0 (1311) of SPU1 (131) is saved in new session status in the memory of SPU1, and sends the subscriber's meter that refresh message is stored to the memory refress of SPU0.
The present invention is by being assigned to nat port resource the CPU of different business plate, be in charge of and distribute port resource by these CPU, avoid control board to become the bottleneck of port resource, also avoided the collision problem of Port Management, give full play to the advantage of distributed system, improved the utilance of port resource.
If when a CPU receives the Article 1 message of new newly-built session of described customer premises equipment, CPE E transmission, the 2nd CPU is that N the port resource that this CPE distributes all used, and does not have remaining port resource to have used.Processing mode that can be when receive the Article 1 message of first session that CPE sends as a CPU.When receiving CPU(the one CPU of business board of message) with CPU(the 2nd CPU of the business board of management port resource) while being not same CPU, the Article 1 message repeating of this new newly-built session of CPU is given the 2nd CPU.The 2nd CPU is M the port resource of customer premises equipment, CPE reallocation of this this message of transmission, and upgrades the subscriber's meter of storing in the memory of place business board, upgrades the corresponding relation between CPE and the port resource of distribution wherein recording.The Article 1 message of a newly assigned M port resource and described new newly-built session is sent to a CPU by the 2nd CPU, the one CPU chooses a port resource Article 1 message of described new newly-built session is done to network address translation from M the port resource receiving, and the message after network address translation is sent to external network by interface board.In addition, a CPU can upgrade the session status of storage, and timed sending refreshes new information and upgrade the subscriber's meter of storage of the memory of the 2nd CPU place business board to the 2nd CPU, to guarantee that corresponding end buccal mass resource can not reclaimed by the 2nd CPU.As the CPU(of the described business board that receives message the one CPU) with CPU(the 2nd CPU of the business board of management port resource) while being same CPU, the one CPU is M the port resource of customer premises equipment, CPE reallocation that sends this message, upgrade the subscriber's meter of storing in the memory of business board, from M the port resource distributing, select again a port resource to do network address translation to the Article 1 message of described new newly-built session, the message after network address translation is sent to external network by interface board.In addition, a CPU can upgrade session status and the subscriber's meter of storage.According to above-mentioned aspect, the increment of having realized port resource distributes.
The present invention is by management to port resource with distribute the CPU that is transferred to business board by control board, and certain port resource is managed independently by a CPU, avoid control board to become the bottleneck of management and the distribution of port resource, also simplified the complexity that port resource is managed and distributed.And in the process that realizes network address translation, have the CPU of multiple business boards to participate in whole process, and port resource is dynamic assignment, so just given full play to the advantage of distributed system.And improve the utilance of port resource.
The management of the port resource of pointing out in technical solution of the present invention and distribution method also go for common network address translation apparatus.As long as the control of the management of port resource and distribution is transferred to business board by control board, be technical scheme of the present invention and contain.
Those of ordinary skills can recognize, unit and the method step of each example of describing in conjunction with embodiment disclosed herein, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions are carried out with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can realize described function with distinct methods to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
If described function realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium using the form of SFU software functional unit.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or the part of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: various media that can be program code stored such as USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CDs.
Above execution mode is only for illustrating the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (18)
1. an equipment of realizing network address translation (network address translation, NAT), described equipment comprises control board (11), business board and interface board (15), is characterized in that:
Described business board comprises multiple CPU (central processing unit, CPU), and multiple CPU that the port resource of wherein said equipment is distributed to described business board manage and distribute;
The first message of the first session that described interface board (15) sends for receiving customer premises equipment, CPE (301), and described the first message repeating is given to a CPU of described business board;
A described CPU is used for,
Determine that according to NAT strategy the 2nd CPU is in charge of described the first message and carries out the needed port resource of network address translation;
Obtain N port resource from described the 2nd CPU;
From a described N port resource, use the first port resource to carry out the message after network address translation is changed to described the first message;
Message after described conversion is sent to described interface board (15);
Described interface board (15) is also for sending to external network by the message after the described conversion receiving.
2. equipment as claimed in claim 1, is characterized in that, described control board (11) for:
Port resource is broadcast to multiple CPU of described business board; Or
Port assignment strategy is broadcast to multiple CPU of business board, wherein said port assignment strategy is distributed to the port resource of described equipment multiple CPU of described business board, and each described CPU is in charge of distributed port resource.
3. equipment as claimed in claim 1, is characterized in that, described interface board (15) is further used for:
According to the source IP address of described the first message, described the first message repeating is given to a CPU of described business board.
4. equipment as claimed in claim 1, it is characterized in that, in the time that a described CPU receives the second message of described the first message place session, a described CPU is further used for according to the conversational list of preserving, described the second message being processed, and wherein said conversational list is set up after described the first message completes network address translation.
5. equipment as claimed in claim 1, it is characterized in that, in the time that a described CPU receives the 3rd message of the second session of described customer premises equipment, CPE (301) transmission, wherein said the second session is a new session different from described the first session, and a described CPU is further used for choosing the second port resource from a described N port resource described the 3rd message is carried out to network address translation.
6. the equipment as described in as arbitrary in claim 1 to 5, is characterized in that, described NAT strategy is for determining corresponding port resource information according to the characteristic of the message receiving.
7. equipment as claimed in claim 1, is characterized in that, a described CPU is further used for,
Receive the 4th message;
Determine that according to described NAT strategy a described CPU is in charge of described the 4th message and carries out the needed port resource of network address translation;
The port resource pond of managing from a CPU, be that the customer premises equipment, CPE that sends described the 4th message distributes M port resource;
Use the first port resource in M port resource to carry out network address translation to described the 4th message.
8. equipment as claimed in claim 7, is characterized in that, a described CPU is also for storing the use state of a described M port resource, and the use state of M port resource described in regular update.
9. equipment as claimed in claim 1, is characterized in that, described the 2nd CPU is further used for storing the use state of a described N port resource, and the use state of a described N port resource is sent to a described CPU;
A described CPU is further used for the use state of N port resource described in regular update, and the use state of described renewal is sent to described the 2nd CPU.
10. a network address translation (network address translation, NAT) method, the equipment of wherein realizing described method for network address translation comprises control board (11), interface board (15) and the business board with multiple CPU, it is characterized in that: multiple CPU that the port resource of described equipment is distributed to described business board manage and distribute;
The one CPU of described business board receives the first message of the first session of customer premises equipment, CPE (301) transmission of described interface board (15) forwarding;
Determine that according to network address transferring strategy the 2nd CPU manages described the first message and carries out the needed port resource of network address translation;
Obtain N port resource from described the 2nd CPU;
Use the first port resource in a described N port resource to carry out the message after network address translation is changed to described the first message;
Message after described conversion is sent to described interface board (15);
The message after described conversion is sent to external network (5) by described interface board (15).
11. methods as claimed in claim 10, is characterized in that, further comprise:
Described control board (11) is broadcast to described port resource multiple CPU of described business board; Or
Described control board (11) is broadcast to port assignment strategy multiple CPU of described business board, wherein said port assignment strategy is for distributing to the port resource of described equipment multiple CPU of described business board, and each described CPU is in charge of distributed port resource.
12. methods as claimed in claim 10, is characterized in that, described interface board (15) is distributed to described the first message according to the source IP address of described the first message a described CPU of described business board.
13. methods as claimed in claim 10, it is characterized in that, the method further comprises: in the time that a described CPU receives the second message that belongs to described the first message place session, a described CPU processes described the second message according to the conversational list of preserving, and wherein said conversational list is set up after described the first message completes network address translation.
14. methods as claimed in claim 10, it is characterized in that, the method further comprises: in the time that a described CPU receives the 3rd message of the second session of described customer premises equipment, CPE (301) transmission, wherein said the second session is a new session different from described the first session, and a described CPU uses the second port resource in N port resource to carry out network address translation to described the 3rd message.
15. methods as described in as arbitrary in claim 10-14, is characterized in that, described network address transferring strategy is for determining corresponding port resource according to the characteristic of the message receiving.
16. methods as claimed in claim 10, is characterized in that, the method further comprises:
A described CPU receives the 4th message;
Determine that according to described network address transferring strategy a described CPU is in charge of described the 4th message and carries out the needed port resource of network address translation;
The port resource of managing from a CPU, be that the customer premises equipment, CPE that sends described the 4th message distributes M port resource;
Use the first port resource in M port resource to carry out network address translation to described the 4th message.
17. methods as claimed in claim 16, is characterized in that, a described CPU preserves the use state of a described M port resource, and the use state of M port resource described in regular update.
18. methods as claimed in claim 10, is characterized in that, described the 2nd CPU stores the use state of a described N port resource, and the use state of a described N port resource is sent to a described CPU;
The use state of N port resource described in a described CPU regular update, and the use state of described renewal is sent to described the 2nd CPU.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2013/086560 WO2015066840A1 (en) | 2013-11-05 | 2013-11-05 | Device and method for network address conversion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103797774A true CN103797774A (en) | 2014-05-14 |
| CN103797774B CN103797774B (en) | 2017-07-21 |
Family
ID=50671631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201380002273.3A Active CN103797774B (en) | 2013-11-05 | 2013-11-05 | A kind of network address translation apparatus and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103797774B (en) |
| WO (1) | WO2015066840A1 (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104270394A (en) * | 2014-10-24 | 2015-01-07 | 南京贝伦思网络科技有限公司 | Method for implementing high-speed loading of ACL rule in blocking equipment |
| CN104270396A (en) * | 2014-10-24 | 2015-01-07 | 南京贝伦思网络科技有限公司 | Method for implementing high-speed concurrent loading of multi-board-card ACL rules in blocking equipment |
| CN104601738A (en) * | 2014-12-09 | 2015-05-06 | 国家计算机网络与信息安全管理中心 | Distributed network address translation system |
| CN105939400A (en) * | 2015-12-24 | 2016-09-14 | 杭州迪普科技有限公司 | PPPoE address distribution method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| WO2016183926A1 (en) * | 2015-05-18 | 2016-11-24 | 中兴通讯股份有限公司 | Carrier-grade network address translation method and device |
| WO2016192686A1 (en) * | 2015-06-04 | 2016-12-08 | 杭州华三通信技术有限公司 | Data packet forwarding |
| CN106326189A (en) * | 2015-07-02 | 2017-01-11 | 杭州海康威视数字技术股份有限公司 | Processor control method and apparatus |
| CN106571944A (en) * | 2015-10-10 | 2017-04-19 | 中兴通讯股份有限公司 | User side equipment, server, port resource management method and system |
| CN103825976B (en) * | 2014-03-04 | 2017-05-10 | 新华三技术有限公司 | NAT (network address translation) processing method and device in distributed system architecture |
| CN106878117A (en) * | 2016-12-15 | 2017-06-20 | 新华三技术有限公司 | A kind of data processing method and device |
| CN107547508A (en) * | 2017-06-29 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of message sending, receiving method, device and the network equipment |
| WO2018161632A1 (en) * | 2017-03-09 | 2018-09-13 | 华为技术有限公司 | Capacity updating method and apparatus for distributed device |
| WO2018166308A1 (en) * | 2017-03-13 | 2018-09-20 | 中兴通讯股份有限公司 | Distributed nat dual-system hot backup traffic switching system and method |
| CN108924272A (en) * | 2018-06-26 | 2018-11-30 | 新华三信息安全技术有限公司 | A kind of port resource distribution method and device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131048A (en) * | 2019-12-31 | 2020-05-08 | 杭州迪普科技股份有限公司 | Network traffic forwarding method and device, electronic equipment and machine-readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060185010A1 (en) * | 2000-03-03 | 2006-08-17 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
| CN102739820A (en) * | 2012-06-28 | 2012-10-17 | 杭州华三通信技术有限公司 | Message network address conversion processing method and network equipment |
| CN102821036A (en) * | 2012-04-20 | 2012-12-12 | 杭州华三通信技术有限公司 | Method and device for achieving packet forwarding |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150502A (en) * | 2007-10-22 | 2008-03-26 | 中兴通讯股份有限公司 | A NAT-PT device and its load share method |
| CN103152269B (en) * | 2013-02-26 | 2016-03-02 | 杭州华三通信技术有限公司 | A kind of message forwarding method based on NAT and equipment |
-
2013
- 2013-11-05 CN CN201380002273.3A patent/CN103797774B/en active Active
- 2013-11-05 WO PCT/CN2013/086560 patent/WO2015066840A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060185010A1 (en) * | 2000-03-03 | 2006-08-17 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
| CN102821036A (en) * | 2012-04-20 | 2012-12-12 | 杭州华三通信技术有限公司 | Method and device for achieving packet forwarding |
| CN102739820A (en) * | 2012-06-28 | 2012-10-17 | 杭州华三通信技术有限公司 | Message network address conversion processing method and network equipment |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825976B (en) * | 2014-03-04 | 2017-05-10 | 新华三技术有限公司 | NAT (network address translation) processing method and device in distributed system architecture |
| CN104270396A (en) * | 2014-10-24 | 2015-01-07 | 南京贝伦思网络科技有限公司 | Method for implementing high-speed concurrent loading of multi-board-card ACL rules in blocking equipment |
| CN104270394A (en) * | 2014-10-24 | 2015-01-07 | 南京贝伦思网络科技有限公司 | Method for implementing high-speed loading of ACL rule in blocking equipment |
| CN104270394B (en) * | 2014-10-24 | 2017-06-23 | 南京贝伦思网络科技股份有限公司 | The acl rule High speed load implementation method of blocking equipment |
| CN104270396B (en) * | 2014-10-24 | 2017-06-16 | 南京贝伦思网络科技股份有限公司 | The high speed of many board acl rules of blocking equipment concurrently loads implementation method |
| CN104601738B (en) * | 2014-12-09 | 2018-04-10 | 国家计算机网络与信息安全管理中心 | A kind of distributed network address conversion system |
| CN104601738A (en) * | 2014-12-09 | 2015-05-06 | 国家计算机网络与信息安全管理中心 | Distributed network address translation system |
| CN106302841A (en) * | 2015-05-18 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of method and device of carrier class networks address conversion |
| WO2016183926A1 (en) * | 2015-05-18 | 2016-11-24 | 中兴通讯股份有限公司 | Carrier-grade network address translation method and device |
| WO2016192686A1 (en) * | 2015-06-04 | 2016-12-08 | 杭州华三通信技术有限公司 | Data packet forwarding |
| US10333845B2 (en) | 2015-06-04 | 2019-06-25 | New H3C Technologies Co., Ltd | Forwarding data packets |
| CN106326189A (en) * | 2015-07-02 | 2017-01-11 | 杭州海康威视数字技术股份有限公司 | Processor control method and apparatus |
| CN106326189B (en) * | 2015-07-02 | 2019-08-23 | 杭州海康威视数字技术股份有限公司 | The control method and device of processor |
| CN106571944A (en) * | 2015-10-10 | 2017-04-19 | 中兴通讯股份有限公司 | User side equipment, server, port resource management method and system |
| CN105939400A (en) * | 2015-12-24 | 2016-09-14 | 杭州迪普科技有限公司 | PPPoE address distribution method and device |
| CN105939400B (en) * | 2015-12-24 | 2019-06-07 | 杭州迪普科技股份有限公司 | A kind of PPPoE address distribution method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| CN106878117A (en) * | 2016-12-15 | 2017-06-20 | 新华三技术有限公司 | A kind of data processing method and device |
| WO2018161632A1 (en) * | 2017-03-09 | 2018-09-13 | 华为技术有限公司 | Capacity updating method and apparatus for distributed device |
| WO2018166308A1 (en) * | 2017-03-13 | 2018-09-20 | 中兴通讯股份有限公司 | Distributed nat dual-system hot backup traffic switching system and method |
| CN107547508A (en) * | 2017-06-29 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of message sending, receiving method, device and the network equipment |
| CN107547508B (en) * | 2017-06-29 | 2021-07-30 | 新华三信息安全技术有限公司 | Message sending and receiving method, device and network equipment |
| CN108924272A (en) * | 2018-06-26 | 2018-11-30 | 新华三信息安全技术有限公司 | A kind of port resource distribution method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015066840A1 (en) | 2015-05-14 |
| CN103797774B (en) | 2017-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103797774A (en) | Device and method for network address conversion | |
| CN110301104B (en) | Optical line terminal OLT equipment virtualization method and related equipment | |
| CN100502413C (en) | IP address requesting method for DHCP client by DHCP repeater | |
| US9860117B2 (en) | Automatically generated virtual network elements for virtualized packet networks | |
| US9332067B2 (en) | Load sharing method and apparatus | |
| WO2018019299A1 (en) | Virtual broadband access method, controller, and system | |
| CN112965824A (en) | Message forwarding method and device, storage medium and electronic equipment | |
| CN101018159A (en) | Load balance method under the multi-gateway environment and DHCP server | |
| CN109121026B (en) | Method and system for realizing VOLT (Voice over Internet protocol) based on logic port | |
| CN102594660A (en) | Virtual interface exchange method, device and system | |
| CN104954155B (en) | The network equipment with multiple business boards and multi-service plate sharing method | |
| CN106576120A (en) | Internet protocol address allocation method and router | |
| CN114338397A (en) | Cloud platform network configuration method, device, server, storage medium and system | |
| US9900804B2 (en) | Method and device for processing to share network resources, and method, device and system for sharing network resources | |
| WO2015154458A1 (en) | Node logic id allocation device, method and communication system | |
| CN104104749A (en) | Method and device for allocating tunnel IP addresses | |
| CN104486453A (en) | Ageing-time adjusting method and device | |
| CN107547247B (en) | IP address allocation method and device for three-layer management network in intelligent elastic architecture | |
| WO2016202016A1 (en) | Device management method, apparatus and system | |
| CN101808037A (en) | Method and device for traffic management in switch network | |
| WO2018161795A1 (en) | Routing priority configuration method, device, and controller | |
| CN105357332B (en) | A kind of method for network address translation and device | |
| CN110636149B (en) | Remote access method, device, router and storage medium | |
| CN104506668A (en) | Route configuration method and device of dedicated cloud host | |
| WO2015196719A1 (en) | Address configuration method, apparatus and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |