WO2011103820A2 - Method and apparatus for network address translation - Google Patents

Method and apparatus for network address translation Download PDF

Info

Publication number
WO2011103820A2
WO2011103820A2 PCT/CN2011/072863 CN2011072863W WO2011103820A2 WO 2011103820 A2 WO2011103820 A2 WO 2011103820A2 CN 2011072863 W CN2011072863 W CN 2011072863W WO 2011103820 A2 WO2011103820 A2 WO 2011103820A2
Authority
WO
WIPO (PCT)
Prior art keywords
ipid
address
source
data packet
destination
Prior art date
Application number
PCT/CN2011/072863
Other languages
French (fr)
Chinese (zh)
Other versions
WO2011103820A3 (en
Inventor
徐靖
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2011/072863 priority Critical patent/WO2011103820A2/en
Priority to CN201180000517.5A priority patent/CN102232288A/en
Publication of WO2011103820A2 publication Critical patent/WO2011103820A2/en
Publication of WO2011103820A3 publication Critical patent/WO2011103820A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses

Abstract

The invention relates to a method and an apparatus for Network Address Translation (NAT). The method includes that: a NAT device receives a data package transmitted from an intranet host, parses the data package, obtains a first source Internet Protocol (IP) address, a first source port, a first destination IP address and a first IP data package Identifier (IPID) contained in the data package, performs processing, which includes the steps of translating the first source IP address into a second source IP address and translating the first source port into a second source port, for the first source IP address and the first source port in the data package, performs processing for the first IPID in the data package, and transmits the processed data package according to the first destination IP address. The method and apparatus for network address translation proposed in the invention can modify the IPIDs of messages at the same time when the address translation is performed at the NAT device, and thus ensure that no mistake will occur when a destination device performs message recombination.

Description

一种网络地址转换方法及装置  Network address translation method and device
技术领域 Technical field
本发明涉及网络技术领域, 具体来说是关于一种网络地址转换方法及装置。 背景技术  The present invention relates to the field of network technologies, and in particular, to a network address translation method and apparatus. Background technique
在现有技术中, 由于地址规划等原因, IPv4 (互联网协议第四版, Internet Protocol version 4 ) 地址面临迅速耗尽的境地, 为此 IETF (互联网工程任务组, Internet Engineering Task Force ) 在 IPv4 地址中定义了私有 IP 地址段, 包括: ΙΟ.χ.χ.χ , 172.16.x.x-172.31.x.x, 192.168.x.x。 这些私有 IP地址可以被用于构建私有网络 (内部网 络) , 例如公司、 企业内部网络, 从而大大减少了对公网地址的需求, 一定程度上解决 了公网 IP地址耗尽问题, 但是这些私有 IP地址无法在公网 (Internet) 上路由。 为了使 私网主机能够访问公网上的主机 /服务器, 在私网出口处要部署 NAT (;网络地址转换, Network Address Translation)设备, 在私有 IP地址和公网 IP地址间进行转换。  In the prior art, due to address planning and the like, IPv4 (Internet Protocol version 4) addresses are rapidly exhausted, for which the IETF (Internet Engineering Task Force) is in an IPv4 address. A private IP address segment is defined, including: ΙΟ.χ.χ.χ, 172.16.xx-172.31.xx, 192.168.xx. These private IP addresses can be used to build private networks (internal networks), such as companies and enterprise internal networks, thus greatly reducing the need for public network addresses, and to some extent, solving the problem of public network IP address exhaustion, but these private The IP address cannot be routed on the public network (Internet). In order to enable the private network host to access the host/server on the public network, a NAT (Network Address Translation) device is deployed at the private network exit to convert between the private IP address and the public IP address.
NAT的实现方式有三种, 即静态转换 (Static Nat) 、 动态转换 (Dynamic Nat) 和 端口复用 (Port Address Translation, PAT ) , 目前网络中应用最多的就是端口复用方 式。 端口复用将 "私有 IP地址+端口号" 转换为 "公网 IP地址+新的端口号" 的形 式, 在将内部网络的私有 IP地址转换为公网 IP地址时, 可以将多个内部私有 IP地址替 换为同一个公网 IP地址, 但是采用不同端口。 采用端口复用方式, 内部网络的所有主机 均可共享一个合法公网 IP地址实现对 Internet的访问, 从而可以最大限度地节约公网 IP 地址资源, 同时又可隐藏网络内部的所有主机, 有效避免来自 internet的攻击。  There are three ways to implement NAT, namely, Static Nat, Dynamic Nat, and Port Address Translation (PAT). Currently, the most widely used network is the port multiplexing mode. Port multiplexing converts "private IP address + port number" into "public network IP address + new port number". When converting the private IP address of the internal network to the public IP address, multiple internal privates can be used. The IP address is replaced with the same public IP address, but with different ports. Ports are multiplexed. All hosts on the internal network can share a valid public IP address to access the Internet. This saves public IP address resources and hides all hosts in the network. Attack from the internet.
目前网络上的大部分流量是基于 TCP (Transmission Control Protocol, 传输控制协 议) 或 UDP (User Datagram Protocol, 用户数据包协议) 协议的, 通过五元组, 即源 IP 地址 +源端口号 ( TCP或 UDP端口号) +目的 IP地址 +目的端口号 +IP协议号可唯一确定 一条流量。 在网络数据传输中, 即当报文的长度超过线路的 MTU ( Maximum Transmission Unit, 最大传输单元) 时, 报文会被分片, 使得每一个分片报文的长度不超 过线路的 MTU。 TCP或 UDP报文在分片以后, 只有第一片报文具有 TCP或 UDP头, 后续分片报文只有 IP头, 没有 TCP或 UDP头, 即只有第一片报文具有源端口号和目的 端口号, 后续分片不具有源端口号和目的端口。 目的设备, 例如服务器, 一般根据三元 组: 源 IP地址 +目的 IP地址 +IP数据包的标识 (IPID) 来进行报文重组。 由于源主机发出的 IP数据包的标识一般是依次加一的, 不同的源主机发出的 IP数 据包的标识完全有可能相同。 在进行 NAT地址替换以后, 多个不同的流 (通过五元组确 定的) 可能具有相同的源 IP地址和目的 IP地址, 同时这些数据包也具有相同的 IPID, 在这种情况下, 目的设备在进行数据包重组时就会发生错误。 发明内容 At present, most of the traffic on the network is based on the TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) protocol. The quintuple is the source IP address + source port number (TCP or UDP port number) + destination IP address + destination port number + IP protocol number can uniquely identify a traffic. In network data transmission, when the length of the packet exceeds the MTU (Maximum Transmission Unit) of the line, the packet is fragmented so that the length of each fragmented packet does not exceed the MTU of the line. After the TCP or UDP packet is fragmented, only the first packet has a TCP or UDP header. The subsequent fragment packet has only an IP header. There is no TCP or UDP header, that is, only the first fragment of the stationery active port number and destination. Port number. Subsequent fragments do not have a source port number and a destination port. The destination device, such as the server, generally performs packet reassembly based on the triplet: source IP address + destination IP address + IP packet identifier (IPID). Since the identifiers of the IP packets sent by the source host are generally incremented one by one, the identifiers of the IP packets sent by different source hosts may be identical. After NAT address replacement, multiple different streams (determined by quintuple) may have the same source IP address and destination IP address, and these packets also have the same IPID, in which case the destination device An error occurs when the packet is reorganized. Summary of the invention
为克服现有技术中存在的问题, 本发明的实施例提供一种网络地址转换方法及装 置, 以便保证目的设备进行数据包重组时不发生错误。  To overcome the problems in the prior art, embodiments of the present invention provide a network address translation method and apparatus, so as to ensure that no error occurs when the destination device performs packet reassembly.
本发明实施例提供一种网络地址转换方法, 所述的方法包括: 网络地址转换 NAT设 备接收内网主机发送的数据包; 解析所述的数据包, 获取数据包中包含的第一源互联网 协议 IP地址、 第一源端口、 第一目的 IP地址和第一 IP数据包的标识 IPID; 对数据包中 的第一源 IP地址和第一源端口进行处理, 包括: 将第一源 IP地址转换为第二源 IP地 址, 将第一源端口转换为第二源端口; 对数据包中的第一 IPID进行处理; 根据第一目的 IP地址, 发送处理后的数据包。  An embodiment of the present invention provides a network address translation method, where the method includes: a network address translation NAT device receives a data packet sent by an intranet host; parses the data packet, and obtains a first source Internet protocol included in the data packet. The IP address, the first source port, the first destination IP address, and the identifier IPID of the first IP data packet; processing the first source IP address and the first source port in the data packet, including: converting the first source IP address For the second source IP address, converting the first source port to the second source port; processing the first IPID in the data packet; and transmitting the processed data packet according to the first destination IP address.
本发明实施例还提供一种网络地址转换装置, 所述的装置包括:  An embodiment of the present invention further provides a network address translation apparatus, where the apparatus includes:
接收单元 (501 ) , 用于接收内网主机发送的数据包;  a receiving unit (501), configured to receive a data packet sent by an intranet host;
解析单元 (502) , 用于解析所述的数据包, 获取数据包中包含的第一源互联网协议 IP地址、 第一源端口、 第一目的 IP地址和第一 IP数据包的标识 IPID;  The parsing unit (502) is configured to parse the data packet, and obtain the first source Internet Protocol IP address, the first source port, the first destination IP address, and the identifier IPID of the first IP data packet included in the data packet;
地址转换单元 (503 ) , 用于将数据包中的第一源 IP地址转换为第二源 IP地址, 将 第一源端口转换为第二源端口;  The address conversion unit (503) is configured to convert the first source IP address in the data packet to the second source IP address, and convert the first source port to the second source port;
IPID处理单元 (504) , 用于对数据包中的第一 IPID进行处理;  An IPID processing unit (504), configured to process the first IPID in the data packet;
发送单元 (505 ) , 用于将处理后的数据包发送至目的 IP地址。  The sending unit (505) is configured to send the processed data packet to the destination IP address.
本发明提出的网络地址转换方法及装置, 在 NAT设备上进行地址替换时, 同时处理 数据包的 IPID, 可保证目的设备进行数据包重组时不发生错误。 附图说明  The network address translation method and device provided by the present invention can simultaneously process the IPID of the data packet when the address is replaced on the NAT device, so that the destination device does not generate an error when the data packet is reassembled. DRAWINGS
此处所说明的附图用来提供对本发明实施例的进一步理解, 构成本申请的一部分, 并不构成对本发明的限定。 在附图中:  The drawings described herein are provided to provide a further understanding of the embodiments of the invention, and are in no way In the drawing:
图 1是本发明实施例提供的应用场景示意图;  FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present invention;
图 2是本发明一个实施例提供的一种网络地址转换方法流程图; 图 3是本发明又一实施例提供的一种网络地址转换方法流程图; 2 is a flowchart of a network address translation method according to an embodiment of the present invention; 3 is a flowchart of a network address translation method according to another embodiment of the present invention;
图 4是本发明另一实施例提供的一种网络地址转换方法流程图;  4 is a flowchart of a network address translation method according to another embodiment of the present invention;
图 5是本发明一个实施例提供的一种网络地址转换装置框图;  FIG. 5 is a block diagram of a network address translation apparatus according to an embodiment of the present invention; FIG.
图 6a、 6b是本发明又一实施例提供的一种网络地址转换装置框图;  6a, 6b are block diagrams of a network address translation apparatus according to another embodiment of the present invention;
图 7a、 7b是本发明另一实施例提供的一种网络地址转换装置框图。 具体实施方式  7a and 7b are block diagrams of a network address translation apparatus according to another embodiment of the present invention. detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚明白, 下面结合实施方式和附 图, 对本发明的实施例做进一步详细说明。 在此, 本发明的示意性实施方式及其说明用 于解释本发明, 但并不作为对本发明的限定。  In order to make the objects, technical solutions, and advantages of the embodiments of the present invention more clearly, the embodiments of the present invention are further described in detail below in conjunction with the embodiments and drawings. The illustrative embodiments of the invention and the description thereof are intended to be illustrative of the invention, and are not intended to limit the invention.
图 1是本发明实施例的一个应用场景示意图, 如图 1所示, 现有技术中, 内网主机 101和 102通过 NAT设备 103访问公网服务器 104, 其中内网主机 101的地址是 10.1.1.100, 内网主机 102的地址是 10.1.1.200, 公网服务器 104的公网地址是  1 is a schematic diagram of an application scenario of the embodiment of the present invention. As shown in FIG. 1, in the prior art, the intranet hosts 101 and 102 access the public network server 104 through the NAT device 103, wherein the address of the intranet host 101 is 10.1. 1.100, the address of the intranet host 102 is 10.1.1.200, and the public network address of the public network server 104 is
211.100.7.34。 NAT设备 103为内网主机 101和 102分配了同样的公网 IP地址 211.100.7.34. The NAT device 103 assigns the same public IP address to the intranet hosts 101 and 102.
162.105.178.65, 并分别为内网主机 101和 102分配了不同的端口号 16384和 16400, 所 以公网服务器 104可以区分这两台主机的流量。 162.105.178.65, and different port numbers 16384 and 16400 are assigned to the intranet hosts 101 and 102 respectively, so the public network server 104 can distinguish the traffic of the two hosts.
当内网主机 101和 102发送至公网服务器 104的报文的长度超过线路的 MTU时, 报文会被分成多个不超过 MTU的分片报文。 在现有技术中, 内网主机 101或 102发送 的报文在分片以后, 只有第一片报文具有源端口号 16384或 16400, 后续分片不包括源 端口号。 公网服务器 104只能根据三元组: 源 IP地址 162.105.178.65、 目的 IP地址 211.100.7.34和 IPID来进行报文重组。  When the length of the packet sent by the intranet hosts 101 and 102 to the public network server 104 exceeds the MTU of the line, the packet is divided into multiple fragments that do not exceed the MTU. In the prior art, after the packet sent by the intranet host 101 or 102 is fragmented, only the first piece of the stationery active port number is 16384 or 16400, and the subsequent fragment does not include the source port number. The public network server 104 can only perform packet reassembly according to the triplet: source IP address 162.105.178.65, destination IP address 211.100.7.34, and IPID.
当内网主机 101和 102发出的 IP报文的 ID相同时, 公网服务器 104接收到的内网 主机 101和 102的后续分片报文均具有相同的源 IP地址 162.105.178.65、 相同的目的 IP 地址 211.100.7.34和相同的 IPID, 因此公网服务器 104在进行报文重组时就会发生错 误, 无法区分主机 101和 102的分片报文。 图 2是本发明实施例提供的一种网络地址转换方法流程图, 如图 2所示, 网络地址 转换方法包括:  When the IDs of the IP packets sent by the intranet hosts 101 and 102 are the same, the subsequent fragments of the intranet hosts 101 and 102 received by the public network server 104 have the same source IP address 162.105.178.65, the same purpose. The IP address is 211.10.0.7.34 and the same IPID. Therefore, the public network server 104 generates an error when performing packet reassembly, and cannot distinguish the fragmented packets of the hosts 101 and 102. 2 is a flowchart of a network address translation method according to an embodiment of the present invention. As shown in FIG. 2, the network address translation method includes:
S201 , NAT设备接收内网主机发送的数据包。 5202, 解析所述的数据包, 获取数据包中包含的第一源 IP地址、 第一源端口、 第一 目的 IP地址和第一 IPID。 S201. The NAT device receives a data packet sent by an intranet host. S202. Parse the data packet, and obtain a first source IP address, a first source port, a first destination IP address, and a first IPID included in the data packet.
5203, 对数据包中的第一源 IP地址和第一源端口进行处理, 包括: 将数据包中的第 一源 IP地址转换为第二源 IP地址, 将第一源端口转换为第二源端口。  S203: Processing the first source IP address and the first source port in the data packet, including: converting the first source IP address in the data packet to the second source IP address, and converting the first source port to the second source port.
在本发明实施例中, NAT设备为内网主机发送的数据包分配公网 IP地址和新的端 口, 将内网主机发送的数据包中的私网 IP地址和源端口转换为公网 IP地址和新的端 π。  In the embodiment of the present invention, the NAT device allocates a public network IP address and a new port to the data packet sent by the intranet host, and converts the private network IP address and the source port in the data packet sent by the intranet host into the public network IP address. And the new end π.
5204, 对数据包中的第一 IPID进行处理。  5204. Process the first IPID in the data packet.
在本发明实施例中, NAT设备对数据包中的第一 IPID进行处理; , 以使得当 NAT 设备发往目的设备的数据包具有相同的源 IP地址和目的 IP地址时, IPID不会出现重 复, 从而保证目的设备对接收到的数据包进行重组时, 不会因为 IPID重复而产生重组错 误。  In the embodiment of the present invention, the NAT device processes the first IPID in the data packet, so that the IPID does not repeat when the data packet sent by the NAT device to the destination device has the same source IP address and destination IP address. Therefore, when the destination device reassembles the received data packet, no reorganization error occurs due to the duplicate IPID.
5205, 根据第一目的 IP地址, 发送处理后的数据包。  5205. Send the processed data packet according to the first destination IP address.
本发明实施例提出的网络地址转换方法, 在 NAT设备上进行地址替换时, 同时处理 数据包的 IPID, 可保证目的设备进行数据包重组时不发生错误。 图 3是本发明另一实施例提供的一种网络地址转换方法流程图, 如图 3所示, 网络 地址转换方法包括:  The network address translation method in the embodiment of the present invention, when the address replacement is performed on the NAT device, simultaneously processes the IPID of the data packet, so that the destination device does not generate an error when the data packet is reassembled. FIG. 3 is a flowchart of a network address translation method according to another embodiment of the present invention. As shown in FIG. 3, the network address translation method includes:
5301 , NAT设备接收内网主机发送的数据包。  5301. The NAT device receives a data packet sent by an intranet host.
以图 1所示的场景为例, NAT设备 103可以接收内网主机 101和 102中的至少一个 发往公网服务器 104的数据包。 为了简便, 以下均以 NAT设备 103接收内网主机 101和 102发往公网服务器 104的数据包为例进行说明。  Taking the scenario shown in FIG. 1 as an example, the NAT device 103 can receive at least one of the intranet hosts 101 and 102 and send the data packet to the public network server 104. For the sake of simplicity, the NAT device 103 receives the data packets sent by the intranet hosts 101 and 102 to the public network server 104 as an example.
5302, 解析所述的数据包, 获取数据包中包含的第一源 IP地址、 第一源端口、 第一 目的 IP地址和第一 IPID。  S302: Parse the data packet, and obtain a first source IP address, a first source port, a first destination IP address, and a first IPID included in the data packet.
例如, NAT设备 103解析接收到的内网主机 101和 102发送的发往公网服务器 104 的数据包, 获取数据包中包含的第一源 IP地址、 第一源端口、 第一目的 IP地址和第一 IPID, 其中内网主机 101发送的数据包中, 第一源 IP地址为 10.1.1.100, 第一源端口为 1025, 第一目的 IP地址为 211.100.7.34, 第一 IPID为 9527。 可选的, 还可以获取数据包 中包含的第一目的端口 24。 5303, 将数据包中的第一源 IP地址转换为第二源 IP地址, 将第一源端口转换为第 二源端口。 For example, the NAT device 103 parses the received data packets sent by the intranet hosts 101 and 102 to the public network server 104, and obtains the first source IP address, the first source port, the first destination IP address, and the data packet. The first IPID, where the intranet host 101 sends the data packet, the first source IP address is 10.1.1.100, the first source port is 1025, the first destination IP address is 211.10.0.7.34, and the first IPID is 9527. Optionally, the first destination port 24 included in the data packet may also be obtained. S303. Convert the first source IP address in the data packet to the second source IP address, and convert the first source port to the second source port.
例如, NAT设备 103为内网主机 101发送的数据包分配公网 IP地址和新的端口, 将 数据包中的第一源 IP地址 10.1.1.100和第一源端口 1025分别转换为公网 IP地址  For example, the NAT device 103 allocates a public network IP address and a new port to the data packet sent by the intranet host 101, and converts the first source IP address 10.1.1.100 and the first source port 1025 in the data packet into a public network IP address, respectively.
162.105.178.65和新的端口 16384。 162.105.178.65 and the new port 16384.
5304, 判断是否存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 如果 不存在对应的 IPID存储表, 则执行 S305; 如果存在对应的 IPID存储表, 则执行 S306。  5304. Determine whether there is an IPID storage table corresponding to the second source IP address and the first destination IP address. If the corresponding IPID storage table does not exist, execute S305. If the corresponding IPID storage table exists, execute S306.
例如, NAT设备 103判断是否存在与公网 IP地址 162.105.178.65和第一目的 IP地 址 211.100.7.34对应的 IPID存储表。  For example, the NAT device 103 determines whether there is an IPID storage table corresponding to the public network IP address 162.105.178.65 and the first destination IP address 211.100.7.34.
S305, 建立与第二源 IP地址和第一目的 IP地址对应的 IPID存储表。  S305. Establish an IPID storage table corresponding to the second source IP address and the first destination IP address.
例如, NAT设备 103经过判断, 确定不存在与公网 IP地址 162.105.178.65和第一目 的 IP地址 211.100.7.34对应的 IPID存储表时, NAT设备 103可以根据公网 IP地址 162.105.178.65和第一目的 IP地址 211.100.7.34建立 IPID存储表, 该 IPID存储表中包括 第二源 IP地址 (即本例中的公网 IP地址) 、 第一目的 IP地址以及 IPID (参见下表 1 ) 。  For example, when the NAT device 103 determines that there is no IPID storage table corresponding to the public network IP address 162.105.178.65 and the first destination IP address 211.10.0.7.34, the NAT device 103 can be based on the public network IP address 162.105.178.65 and the first The destination IP address 211.10.0.7.34 establishes an IPID storage table, which includes a second source IP address (ie, a public network IP address in this example), a first destination IP address, and an IPID (see Table 1 below).
可选的, 在表 1所示的 IPID存储表中, IPID的初始值为 0, 后续 NAT设备 103每 发送一个数据包, IPID的数值增加 1 ; 当然, 也可以设定初始值后, 每发送一个数据 包, IPID的数据减 1, 本发明的实施例对此不做限定。 进一步可选的, 还可以设定 IPID 存储表中 IPID值的长度, 例如, 可以是 16bit, 溢出后重新回到初始值。
Figure imgf000007_0001
Optionally, in the IPID storage table shown in Table 1, the initial value of the IPID is 0, and the value of the IPID is increased by 1 for each subsequent data packet sent by the NAT device 103. Of course, the initial value may also be set after each transmission. For a data packet, the data of the IPID is decremented by one, which is not limited by the embodiment of the present invention. Further, optionally, the length of the IPID value in the IPID storage table may be set, for example, may be 16 bits, and then returned to the initial value after overflow.
Figure imgf000007_0001
表 1  Table 1
5306, 对数据包中的第一 IPID进行处理, 包括: 根据与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 将数据包中的第一 IPID转换为第二 IPID, 上述第二 IPID为 IPID存储表中包含的 IPID。  5306. Processing the first IPID in the data packet, including: converting the first IPID in the data packet to the second IPID according to the IPID storage table corresponding to the second source IP address and the first destination IP address, where the foregoing The second IPID is the IPID contained in the IPID storage table.
例如, NAT设备 103经过判断, 确定存在与公网 IP地址 162.105.178.65和第一目的 IP地址 211.100.7.34对应的 IPID存储表, 如表 1所示, NAT设备 103根据与公网 IP地 址 162.105.178.65和第一目的 IP地址 211.100.7.34对应的 IPID存储表, 并将数据包中的 第一 IPID (9527) 替换为存储表中包含的 IPID (0) 。  For example, the NAT device 103 determines that there is an IPID storage table corresponding to the public network IP address 162.105.178.65 and the first destination IP address 211.10.0.7.34. As shown in Table 1, the NAT device 103 is based on the public network IP address 162.105. 178.65 The IPID storage table corresponding to the first destination IP address 211.10.0.7.34, and replace the first IPID (9527) in the data packet with the IPID (0) contained in the storage table.
5307, 根据第一目的 IP地址, 发送处理后的数据包。 在本发明实施例中, NAT设备 103将处理后的数据包发送至第一目的 IP地址, 即 公网服务器 104。 5307. Send the processed data packet according to the first destination IP address. In the embodiment of the present invention, the NAT device 103 sends the processed data packet to the first destination IP address, that is, the public network server 104.
可选的, 在发送数据包后, 在本发明实施例中, 还可以将 IPID存储表中的 IPID的 数值加 1或者减 1。  Optionally, after the data packet is sent, in the embodiment of the present invention, the value of the IPID in the IPID storage table may also be incremented or decremented by one.
本发明实施例提出的网络地址转换方法, 在 NAT设备上进行地址替换时, 根据 The network address translation method proposed in the embodiment of the present invention, when performing address replacement on a NAT device, according to
IPID存储表处理数据包的 IPID, 使得 IPID不会出现重复, 从而保证目的设备对接收到 的数据包进行重组时, 不会因为 IPID重复而产生重组错误。 图 4是本发明实施例提供的一种网络地址转换方法流程图, 如图 4所示, 网络地址 转换方法包括: The IPID storage table processes the IPID of the data packet so that the IPID does not overlap, so that when the destination device reassembles the received data packet, no reorganization error occurs due to duplicate IPID. 4 is a flowchart of a network address translation method according to an embodiment of the present invention. As shown in FIG. 4, the network address translation method includes:
5401 , NAT设备接收内网主机发送的数据包。  5401. The NAT device receives a data packet sent by an intranet host.
仍以图 1所示的场景为例, NAT设备 103接收内网主机 101和 102发送的发往公网 服务器 104的数据包。  Still taking the scenario shown in FIG. 1 as an example, the NAT device 103 receives the data packets sent by the intranet hosts 101 and 102 to the public network server 104.
5402, 解析所述的数据包, 获取数据包中包含的第一源 IP地址、 第一源端口、 第一 目的 IP地址和第一 IPID。  S402. Parse the data packet, and obtain a first source IP address, a first source port, a first destination IP address, and a first IPID included in the data packet.
例如, NAT设备 103解析接收到的内网主机 101和 102发送的发往公网服务器 104 的数据包, 获取数据包中包含的第一源 IP地址、 第一源端口、 第一目的 IP地址和第一 IPID, 其中内网主机 101发送的 IP报文中, 第一源 IP地址为 10.1.1.100, 第一源端口为 1025, 第一目的 IP地址为 211.100.7.34, 第一 IPID为 9527。  For example, the NAT device 103 parses the received data packets sent by the intranet hosts 101 and 102 to the public network server 104, and obtains the first source IP address, the first source port, the first destination IP address, and the data packet. The first IPID, in the IP packet sent by the intranet host 101, the first source IP address is 10.1.1.100, the first source port is 1025, the first destination IP address is 211.10.0.7.34, and the first IPID is 9527.
S403, 将数据包中的第一源 IP地址转换为第二源 IP地址, 将第一源端口转换为第 二源端口。  S403. Convert the first source IP address in the data packet to the second source IP address, and convert the first source port to the second source port.
例如, NAT设备 103为内网主机 101发送的数据包分配公网 IP地址和新的端口, 将 数据包中的第一源 IP地址 10.1.1.100和第一源端口 1025分别转换为公网 IP地址  For example, the NAT device 103 allocates a public network IP address and a new port to the data packet sent by the intranet host 101, and converts the first source IP address 10.1.1.100 and the first source port 1025 in the data packet into a public network IP address, respectively.
162.105.178.65和新的源端口 16384。 162.105.178.65 and the new source port 16384.
S404, 判断是否存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储表。 如果 不存在对应的 IPID存储表, 则执行 S405; 如果存在对应的 IPID存储表, 执行 S406。  S404. Determine whether there is an IPID storage table corresponding to the second source IP address and the first destination IP address. If the corresponding IPID storage table does not exist, S405 is performed; if there is a corresponding IPID storage table, S406 is performed.
例如, NAT设备 103判断是否存在与公网 IP地址 162.105.178.65和第一目的 IP地 址 211.100.7.34对应的 IPID存储表。  For example, the NAT device 103 determines whether there is an IPID storage table corresponding to the public network IP address 162.105.178.65 and the first destination IP address 211.100.7.34.
S405, 建立与根据第二源 IP地址和第一目的 IP地址对应的 IPID存储表。 执行 例如, NAT设备 103经过判断, 确定不存在与公网 IP地址 162.105.178.65和第一目 的 IP地址 211.100.7.34对应的 IPID存储表时, NAT设备 103可以根据公网 IP地址 162.105.178.65和第一目的 IP地址 211.100.7.34建立 IPID存储表, 该 IPID存储表中包括 第二源 IP地址 (即本例中的公网 IP地址) 、 第一目的 IP地址以及 IPID (参见下表 2) 。 S405. Establish an IPID storage table corresponding to the second source IP address and the first destination IP address. carried out For example, when the NAT device 103 determines that there is no IPID storage table corresponding to the public network IP address 162.105.178.65 and the first destination IP address 211.10.0.7.34, the NAT device 103 can be based on the public network IP address 162.105.178.65 and the first The destination IP address 211.10.0.7.34 establishes an IPID storage table, which includes a second source IP address (ie, a public network IP address in this example), a first destination IP address, and an IPID (see Table 2 below).
可选的, 在本发明的实施例中, 针对某一组 IP地址对 (第二源 IP地址和第一目的 IP地址) , 建立的 IPID存储表可以包含一个或多个 IPID, 例如, 可以存储 128个 IPID。 Optionally, in the embodiment of the present invention, for a certain set of IP address pairs (the second source IP address and the first destination IP address), the established IPID storage table may include one or more IPIDs, for example, may be stored. 128 IPIDs.
Figure imgf000009_0001
Figure imgf000009_0001
表 2  Table 2
S406, 判断在上述与第二源 IP地址和第一目的 IP地址对应的 IPID存储表中, 是否 包含与上述数据包中的第一 IPID相等的 IPID。 当包含与上述数据包中的第一 IPID相等 的 IPID时, 执行 S407。 当不包含与上述数据包中的第一 IPID相等的 IPID时, 执行 在本发明实施例中, NAT设备 103根据新的源 IP地址 162.105.178.65和目的 IP地 址 211.100.7.34在 IPID存储表获取与新的源 IP地址和目的 IP地址对应的 IPID,  S406. Determine whether the IPID storage table corresponding to the second source IP address and the first destination IP address includes an IPID equal to the first IPID in the data packet. When an IPID equal to the first IPID in the above packet is included, S407 is performed. When the IPID equal to the first IPID in the foregoing data packet is not included, in the embodiment of the present invention, the NAT device 103 acquires the IPID storage table according to the new source IP address 162.105.178.65 and the destination IP address 211.10.0.7.34. The IPID corresponding to the new source IP address and destination IP address,
S407, 对数据包中的第一 IPID进行处理, 包括: 根据与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 将数据包中的第一 IPID转换为第二 IPID, 其中, 第二 IPID 与 IPID存储表中包含的 IPID均不相同。  S407. The processing, by the first IPID in the data packet, the first IPID in the data packet is converted into a second IPID according to the IPID storage table corresponding to the second source IP address and the first destination IP address, where The second IPID is different from the IPID contained in the IPID storage table.
在本发明实施例中, 如果存储表中存储的 IPID中包含与数据包中的第一 IPID相等 的 IPID, 则说明该数据包的第一 IPID可能与之前发送的数据包重复, 导致公网服务器 104接收到源 IP地址、 目的 IP地址和 IPID均相同的数据包, 从而导致重组出现错误, 为避免此类错误的发生, NAT设备 103转换数据包中的第一 IPID, 以保证 IPID存储表 中存储的 IPID与转换后的第二 IPID均不相同, 从而保证最近发送的 N个数据包中的 IPID不会发生冲突。 例如, 在更新数据包中的第一 IPID时, 可以采用随机数来为数据 包分配新的 IPID, 并同时保证新的 IPID与 IPID存储表中存储的 IPID均不相同。 5408, 将数据包中的第二 IPID存储到上述与第二源 IP地址和第一目的 IP地址对应 的 IPID存储表中, 执行 S410。 In the embodiment of the present invention, if the IPID stored in the storage table includes an IPID equal to the first IPID in the data packet, it indicates that the first IPID of the data packet may be duplicated with the previously sent data packet, resulting in the public network server. 104 receives the data packet whose source IP address, destination IP address, and IPID are the same, thereby causing an error in reassembly. To avoid such an error, the NAT device 103 converts the first IPID in the data packet to ensure the IPID storage table. The stored IPID is different from the converted second IPID, so that the IPIDs in the recently transmitted N packets do not conflict. For example, when updating the first IPID in the data packet, a random number may be used to allocate a new IPID to the data packet, and at the same time ensure that the new IPID is different from the IPID stored in the IPID storage table. S408: Store the second IPID in the data packet in the IPID storage table corresponding to the second source IP address and the first destination IP address, and execute S410.
5409, 对数据包中的第一 IPID进行处理, 包括: 将数据包中的第一 IPID存储到上 述与第二源 IP地址和第一目的 IP地址对应的 IPID存储表中, 执行 S410。  The processing of the first IPID in the data packet includes: storing the first IPID in the data packet in the IPID storage table corresponding to the second source IP address and the first destination IP address, and executing S410.
在本发明实施例中, 每发送出一个数据包, 均将发送出的数据包的 IPID存储在 In the embodiment of the present invention, each time a data packet is sent, the IPID of the sent data packet is stored in
IPID存储表中, 针对一组新的源 IP地址和目的 IP地址可以存储 N个 IPID, 例如, N可 以取值为 128, 这样 IPID存储表中可以存储 N个最近使用过的 IPID。 In the IPID storage table, N IPIDs can be stored for a new set of source IP addresses and destination IP addresses. For example, N can be set to 128, so that the N most recently used IPIDs can be stored in the IPID storage table.
5410, 将处理后的数据包发送至第一目的 IP地址。  5410. Send the processed data packet to the first destination IP address.
在本发明实施例中, NAT设备 103将处理后的数据包发送至目的 IP地址, 即公网 服务器 104。  In the embodiment of the present invention, the NAT device 103 sends the processed data packet to the destination IP address, that is, the public network server 104.
本发明实施例提出的网络地址转换方法, 在 NAT设备上进行地址替换时, 根据 IPID存储表处理数据包的 IPID, 使得 IPID不会出现重复, 从而保证目的设备对接收到 的数据包进行重组时, 不会因为 IPID重复而产生重组错误。 图 5是本发明实施例提供的一种网络地址转换装置框图, 如图 5所示, 网络地址转 换装置 500包括:  The network address translation method of the embodiment of the present invention, when performing address replacement on the NAT device, processes the IPID of the data packet according to the IPID storage table, so that the IPID does not overlap, thereby ensuring that the destination device reassembles the received data packet. , there will be no reorganization errors due to duplicate IPIDs. FIG. 5 is a block diagram of a network address translation apparatus according to an embodiment of the present invention. As shown in FIG. 5, the network address translation apparatus 500 includes:
接收单元 501, 用于接收内网主机发送的数据包。  The receiving unit 501 is configured to receive a data packet sent by the intranet host.
解析单元 502, 用于解析所述的数据包, 获取数据包中包含的第一源 IP地址、 第一 源端口、 第一目的 IP地址和第一 IPID。  The parsing unit 502 is configured to parse the data packet, and obtain a first source IP address, a first source port, a first destination IP address, and a first IPID included in the data packet.
地址转换单元 503, 用于将数据包中的第一源 IP地址转换为第二源 IP地址, 将第一 源端口转换为第二源端口。  The address conversion unit 503 is configured to convert the first source IP address in the data packet to the second source IP address, and convert the first source port to the second source port.
IPID处理单元 504, 用于对数据包中的第一 IPID进行处理。  The IPID processing unit 504 is configured to process the first IPID in the data packet.
发送单元 505, 用于将处理后的数据包发送至目的 IP地址。  The sending unit 505 is configured to send the processed data packet to the destination IP address.
本发明实施例提出的网络地址转换装置, 在 NAT设备上进行地址替换时, 同时处理 数据包的 IPID, 可保证目的设备进行数据包重组时不发生错误。 可选的, 如图 6a所示, 上述网络地址转换装置还可以包括:  The network address translation device of the embodiment of the present invention processes the IPID of the data packet at the same time when the address is replaced on the NAT device, so that the destination device does not generate an error when the data packet is reassembled. Optionally, as shown in FIG. 6a, the foregoing network address translation apparatus may further include:
第一 ID判断单元 604, 用于判断是否存在与第二源 IP地址和第一目的 IP地址对应 的 IPID存储表, 如果不存在对应的 IPID存储表, 触发第一建立单元 605; 如果存在对 应的 IPID存储表, 触发 IPID处理单元 504。 上述第一建立单元 605, 用于建立与第二源 IP地址和第一目的 IP地址对应的 IPID 存储表。 The first ID determining unit 604 is configured to determine whether there is an IPID storage table corresponding to the second source IP address and the first destination IP address, and if there is no corresponding IPID storage table, triggering the first establishing unit 605; if there is a corresponding The IPID storage table triggers the IPID processing unit 504. The first establishing unit 605 is configured to establish an IPID storage table corresponding to the second source IP address and the first destination IP address.
可选的, 如图 6b所示, 上述 IPID处理单元 504可以包括:  Optionally, as shown in FIG. 6b, the foregoing IPID processing unit 504 may include:
第一获取模块 5041, 用于获取第二的 IPID, 其中, 第二 IPID为与第二源 IP地址和 第一目的 IP地址对应的 IPID存储表中包含的 IPID;  The first obtaining module 5041 is configured to obtain a second IPID, where the second IPID is an IPID included in an IPID storage table corresponding to the second source IP address and the first destination IP address;
第一转换模块 5042, 用于将数据包中的第一 IPID转换为第二 IPID。  The first conversion module 5042 is configured to convert the first IPID in the data packet to the second IPID.
本发明实施例提出的网络地址转换装置, 根据 IPID存储表处理数据包的 IPID, 使 得 IPID不会出现重复, 从而保证目的设备对接收到的数据包进行重组时, 不会因为 IPID重复而产生重组错误。 可选的, 如图 7a所示, 上述网络地址转换装置还可以包括:  The network address translation apparatus according to the embodiment of the present invention processes the IPID of the data packet according to the IPID storage table, so that the IPID does not overlap, thereby ensuring that the destination device does not reorganize the IPID when the received data packet is reorganized. error. Optionally, as shown in FIG. 7a, the foregoing network address translation apparatus may further include:
第二 ID判断单元 704, 用于判断是否存在与第二源 IP地址和第一目的 IP地址对应 的 IPID存储表, 如果不存在对应的 IPID存储表, 触发第二建立单元 705; 如果存在对 应的 IPID存储表, 触发 IPID处理单元 504。  The second ID determining unit 704 is configured to determine whether there is an IPID storage table corresponding to the second source IP address and the first destination IP address, if there is no corresponding IPID storage table, triggering the second establishing unit 705; if there is a corresponding The IPID storage table triggers the IPID processing unit 504.
第二建立单元 705, 用于建立与第二源 IP地址和第一目的 IP地址对应的 IPID存储 表。  The second establishing unit 705 is configured to establish an IPID storage table corresponding to the second source IP address and the first destination IP address.
存储表更新单元 706, 用于将数据包中的第一 IPID存储在 IPID存储表中。  The storage table updating unit 706 is configured to store the first IPID in the data packet in the IPID storage table.
可选的, 如图 7b所示, 上述 IPID处理单元 504可以包括:  Optionally, as shown in FIG. 7b, the foregoing IPID processing unit 504 may include:
第二获取模块 5043, 用于获取与第二源 IP地址和第一目的 IP地址对应的 IPID存储 表中存储的 IPID。  The second obtaining module 5043 is configured to obtain an IPID stored in an IPID storage table corresponding to the second source IP address and the first destination IP address.
判断模块 5044, 用于判断获取到的 IPID中, 是否包含与上述数据包中的第一 IPID 相等的 IPID, 如果包含, 触发第二转换模块 5045; 如果不包含, 触发存储表更新单元 706。  The determining module 5044 is configured to determine whether the acquired IPID includes an IPID equal to the first IPID in the data packet, and if so, triggering the second converting module 5045; if not, triggering the storage table updating unit 706.
上述第二转换模块 5045, 用于将数据包中的第一 IPID转换为第二 IPID, 其中, 第 二 IPID与 IPID存储表中存储的 IPID均不相同。  The second conversion module 5045 is configured to convert the first IPID in the data packet into a second IPID, where the second IPID and the IPID stored in the IPID storage table are different.
更新模块 5046, 用于将数据包中的第二 IPID存储在 IPID存储表中。  The update module 5046 is configured to store the second IPID in the data packet in the IPID storage table.
本发明实施例提出的网络地址转换装置, 根据 IPID存储表处理数据包的 IPID, 使 得 IPID不会出现重复, 从而保证目的设备对接收到的数据包进行重组时, 不会因为 IPID重复而产生重组错误。 以上所述的具体实施方式, 对本发明的目的、 技术方案和有益效果进行了进一步详 细说明, 所应理解的是, 以上所述仅为本发明的具体实施方式而已, 并不用于限定本发 明的保护范围, 凡在本发明的精神和原则之内, 所做的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 The network address translation apparatus according to the embodiment of the present invention processes the IPID of the data packet according to the IPID storage table, so that the IPID does not overlap, thereby ensuring that the destination device does not reorganize the IPID when the received data packet is reorganized. error. The above described embodiments of the present invention are further described in detail, and the embodiments of the present invention are intended to be illustrative only. The scope of the protection, any modifications, equivalents, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权利要求书 Claim
1.一种网络地址转换方法, 其特征在于, 包括: A network address translation method, comprising:
网络地址转换 NAT设备接收内网主机发送的数据包;  Network address translation The NAT device receives the data packet sent by the intranet host;
解析所述的数据包, 获取数据包中包含的第一源互联网协议 IP地址、 第一源端口、 第一目的 IP地址和第一 IP数据包的标识 IPID;  Parsing the data packet, obtaining a first source Internet Protocol IP address, a first source port, a first destination IP address, and an identifier IPID of the first IP data packet included in the data packet;
对数据包中的第一源 IP地址和第一源端口进行处理, 包括: 将第一源 IP地址转换 为第二源 IP地址, 将第一源端口转换为第二源端口;  Processing the first source IP address and the first source port in the data packet, including: converting the first source IP address to the second source IP address, and converting the first source port to the second source port;
对数据包中的第一 IPID进行处理;  Processing the first IPID in the data packet;
根据第一目的 IP地址, 发送处理后的数据包。  The processed data packet is sent according to the first destination IP address.
2.如权利要求 1所述的网络地址转换方法, 其特征在于, 在对数据包中的第一 IPID 进行处理之前, 所述的方法还包括:  The network address translation method according to claim 1, wherein before the processing of the first IPID in the data packet, the method further includes:
判断是否存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储表。  It is determined whether there is an IPID storage table corresponding to the second source IP address and the first destination IP address.
3.如权利要求 2所述的网络地址转换方法, 其特征在于, 若存在与第二源 IP地址和 第一目的 IP地址对应的 IPID存储表, 则对数据包中的第一 IPID进行处理, 具体包括; 根据与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 将数据包中的第一 IPID转换为第二 IPID, 所述第二 IPID为所述与第二源 IP地址和第一目的 IP地址对应的 IPID存储表中包含的 IPID。  The network address translation method according to claim 2, wherein if there is an IPID storage table corresponding to the second source IP address and the first destination IP address, processing the first IPID in the data packet, Specifically, the method includes: converting, according to the IPID storage table corresponding to the second source IP address and the first destination IP address, the first IPID in the data packet to the second IPID, where the second IPID is the second source IP address The IPID contained in the IPID storage table corresponding to the first destination IP address.
4.如权利要求 2所述的网络地址转换方法, 其特征在于, 若不存在与第二源 IP地址 和第一目的 IP地址对应的 IPID存储表, 则对数据包中的第一 IPID进行处理之前, 所述 方法还包括:  The network address translation method according to claim 2, wherein if there is no IPID storage table corresponding to the second source IP address and the first destination IP address, processing the first IPID in the data packet Previously, the method further includes:
建立与第二源 IP地址和第一目的 IP地址对应的 IPID存储表;  Establishing an IPID storage table corresponding to the second source IP address and the first destination IP address;
所述对数据包中的第一 IPID进行处理, 具体包括:  The processing the first IPID in the data packet includes:
将数据包中的第一 IPID转换为第二 IPID, 所述第二 IPID为所述与第二源 IP地址和 第一目的 IP地址对应的 IPID存储表中包含的 IPID。  The first IPID in the data packet is converted into a second IPID, and the second IPID is an IPID included in the IPID storage table corresponding to the second source IP address and the first destination IP address.
5. 如权利要求 2所述的网络地址转换方法, 其特征在于, 若存在与第二源 IP地址 和第一目的 IP地址对应的 IPID存储表, 则对数据包中的第一 IPID进行处理之前, 所述 方法还包括:  5. The network address translation method according to claim 2, wherein if there is an IPID storage table corresponding to the second source IP address and the first destination IP address, before processing the first IPID in the data packet The method further includes:
获取与第二源 IP地址和第一目的 IP地址对应的 IPID存储表中存储的 IPID;  Obtaining an IPID stored in an IPID storage table corresponding to the second source IP address and the first destination IP address;
判断获取到的 IPID中是否包含与所述第一 IPID相等的 IPID。 It is determined whether the acquired IPID includes an IPID equal to the first IPID.
6.如权利要求 5所述的网络地址转换方法, 其特征在于, 如果获取到的 IPID中包含 与所述第一 IPID相等的 IPID, 则所述对数据包中的第一 IPID进行处理, 具体包括: 根据与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 将数据包中的第一 IPID转换为第二 IPID, 其中, 第二 IPID与所述与第二源 IP地址和第一目的 IP地址对应 的 IPID存储表中包含的 IPID均不相同。 The network address translation method according to claim 5, wherein if the acquired IPID includes an IPID equal to the first IPID, the processing the first IPID in the data packet, specifically The method includes: converting, according to an IPID storage table corresponding to the second source IP address and the first destination IP address, a first IPID in the data packet to a second IPID, where the second IPID is related to the second source IP address and The IPIDs included in the IPID storage table corresponding to the first destination IP address are different.
7.如权利要求 6所述的网络地址转换方法, 其特征在于, 将所述数据包中的第一 IPID转换为第二 IPID后, 所述方法还包括:  The network address translation method according to claim 6, wherein after the first IPID in the data packet is converted into the second IPID, the method further includes:
将数据包中的第二 IPID存储到上述与第二源 IP地址和第一目的 IP地址对应的 IPID 存储表中。  The second IPID in the data packet is stored in the above IPID storage table corresponding to the second source IP address and the first destination IP address.
8.如权利要求 5所述的网络地址转换方法, 其特征在于, 如果获取到的 IPID中不包 含与所述第一 IPID相等的 IPID, 则所述对数据包中的第一 IPID进行处理, 具体包括: 将数据包中的第一 IPID存储到所述与第二源 IP地址和第一目的 IP地址对应的 IPID 存储表中。  The network address translation method according to claim 5, wherein if the acquired IPID does not include an IPID equal to the first IPID, the processing the first IPID in the data packet, Specifically, the method includes: storing, in the IPID storage table corresponding to the second source IP address and the first destination IP address, the first IPID in the data packet.
9.如权利要求 2所述的网络地址转换方法, 其特征在于, 若不存在与第二源 IP地址 和第一目的 IP地址对应的 IPID存储表, 则对数据包中的第一 IPID进行处理之前, 所述 方法还包括:  The network address translation method according to claim 2, wherein if there is no IPID storage table corresponding to the second source IP address and the first destination IP address, processing the first IPID in the data packet Previously, the method further includes:
建立与第二源 IP地址和第一目的 IP地址对应的 IPID存储表;  Establishing an IPID storage table corresponding to the second source IP address and the first destination IP address;
所述对数据包中的第一 IPID进行处理, 具体包括:  The processing the first IPID in the data packet includes:
将数据包中的第一 IPID存储到所述与第二源 IP地址和第一目的 IP地址对应的 IPID 存储表中。  The first IPID in the data packet is stored in the IPID storage table corresponding to the second source IP address and the first destination IP address.
10.—种网络地址转换装置, 其特征在于, 所述的装置包括:  10. A network address translation apparatus, wherein the apparatus comprises:
接收单元 (501 ) , 用于接收内网主机发送的数据包;  a receiving unit (501), configured to receive a data packet sent by an intranet host;
解析单元 (502) , 用于解析所述的数据包, 获取数据包中包含的第一源互联网协议 IP地址、 第一源端口、 第一目的 IP地址和第一 IP数据包的标识 IPID;  The parsing unit (502) is configured to parse the data packet, and obtain the first source Internet Protocol IP address, the first source port, the first destination IP address, and the identifier IPID of the first IP data packet included in the data packet;
地址转换单元 (503 ) , 用于将数据包中的第一源 IP地址转换为第二源 IP地址, 将 第一源端口转换为第二源端口;  The address conversion unit (503) is configured to convert the first source IP address in the data packet to the second source IP address, and convert the first source port to the second source port;
IPID处理单元 (504) , 用于对数据包中的第一 IPID进行处理;  An IPID processing unit (504), configured to process the first IPID in the data packet;
发送单元 (505 ) , 用于将处理后的数据包发送至目的 IP地址。  The sending unit (505) is configured to send the processed data packet to the destination IP address.
11.如权利要求 10所述的网络地址转换装置, 其特征在于, 所述的装置还包括: 第一 ID判断单元 (604) , 用于判断是否存在与第二源 IP地址和第一目的 IP地址 对应的 IPID存储表, 如果不存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储 表, 触发第一建立单元 (605 ) ; 如果存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 触发 IPID处理单元 (504) ; The network address translation device according to claim 10, wherein the device further comprises: The first ID determining unit (604) is configured to determine whether there is an IPID storage table corresponding to the second source IP address and the first destination IP address, if there is no IPID corresponding to the second source IP address and the first destination IP address Storing the table, triggering the first establishing unit (605); if there is an IPID storage table corresponding to the second source IP address and the first destination IP address, triggering the IPID processing unit (504);
所述第一建立单元 (605 ) , 用于建立与第二源 IP地址和第一目的 IP地址对应的 The first establishing unit (605) is configured to establish a correspondence with the second source IP address and the first destination IP address.
IPID存储表。 IPID storage table.
12.如权利要求 11所述的网络地址转换装置, 其特征在于, 所述 IPID处理单元 (504) 包括:  The network address translation device according to claim 11, wherein the IPID processing unit (504) comprises:
第一获取模块 (5041 ) , 用于获取第二的 IPID, 其中, 第二 IPID为与第二源 IP地 址和第一目的 IP地址对应的 IPID存储表中包含的 IPID;  The first obtaining module (5041) is configured to obtain a second IPID, where the second IPID is an IPID included in an IPID storage table corresponding to the second source IP address and the first destination IP address;
第一转换模块 (5042) , 用于将数据包中的第一 IPID转换为第二 IPID。  The first conversion module (5042) is configured to convert the first IPID in the data packet to the second IPID.
13.如权利要求 10所述的网络地址转换装置, 其特征在于, 所述的装置还包括: 第二 ID判断单元 (704) , 用于判断是否存在与第二源 IP地址和第一目的 IP地址 对应的 IPID存储表, 如果不存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储 表, 触发第二建立单元 (705 ) ; 如果存在与第二源 IP地址和第一目的 IP地址对应的 IPID存储表, 触发 IPID处理单元 (504) ;  The network address translation apparatus according to claim 10, wherein the apparatus further comprises: a second ID determining unit (704), configured to determine whether there is a second source IP address and a first destination IP address The IPID storage table corresponding to the address, if there is no IPID storage table corresponding to the second source IP address and the first destination IP address, triggering the second establishing unit (705); if there is a second source IP address and the first destination IP address The IPID storage table corresponding to the address, triggering the IPID processing unit (504);
所述第二建立单元 (705 ) , 用于建立与第二源 IP地址和第一目的 IP地址对应的 IPID存储表;  The second establishing unit (705) is configured to establish an IPID storage table corresponding to the second source IP address and the first destination IP address;
存储表更新单元 (706) , 用于将数据包中的第一 IPID存储在与第二源 IP地址和第 一目的 IP地址对应的 IPID存储表中。  The storage table updating unit (706) is configured to store the first IPID in the data packet in an IPID storage table corresponding to the second source IP address and the first destination IP address.
14.如权利要求 13所述的网络地址转换装置, 其特征在于, 所述 IPID处理单元 (504) 包括:  The network address translation apparatus according to claim 13, wherein the IPID processing unit (504) comprises:
第二获取模块 (5043 ) , 用于获取与第二源 IP地址和第一目的 IP地址对应的 IPID 存储表中存储的 IPID;  a second obtaining module (5043), configured to acquire an IPID stored in an IPID storage table corresponding to the second source IP address and the first destination IP address;
判断模块 (5044) , 用于判断获取到的 IPID中, 是否包含与上述数据包中的第一 a judging module (5044), configured to determine whether the acquired IPID includes the first one of the foregoing data packets
IPID相等的 IPID, 如果包含, 触发第二转换模块 (5045 ) ; 如果不包含, 触发存储表更 新单元 (706) ; IPID with equal IPID, if included, triggers the second conversion module (5045); if not, triggers the storage table update unit (706);
所述第二转换模块 (5045 ) , 用于将数据包中的第一 IPID转换为第二 IPID, 其 中, 第二 IPID与所述与第二源 IP地址和第一目的 IP地址对应的 IPID存储表中存储的 IPID均不相同;  The second conversion module (5045) is configured to convert the first IPID in the data packet into a second IPID, where the second IPID is stored with the IPID corresponding to the second source IP address and the first destination IP address. The IPIDs stored in the table are not the same;
更新模块 (5046) , 用于将数据包中的第二 IPID存储在与第二源 IP地址和第一目 的 IP地址对应的 IPID存储表中 An update module (5046) for storing the second IPID in the data packet with the second source IP address and the first destination IP address corresponding to the IPID storage table
PCT/CN2011/072863 2011-04-15 2011-04-15 Method and apparatus for network address translation WO2011103820A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2011/072863 WO2011103820A2 (en) 2011-04-15 2011-04-15 Method and apparatus for network address translation
CN201180000517.5A CN102232288A (en) 2011-04-15 2011-04-15 Method and apparatus for network address translation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/072863 WO2011103820A2 (en) 2011-04-15 2011-04-15 Method and apparatus for network address translation

Publications (2)

Publication Number Publication Date
WO2011103820A2 true WO2011103820A2 (en) 2011-09-01
WO2011103820A3 WO2011103820A3 (en) 2012-03-22

Family

ID=44507266

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/072863 WO2011103820A2 (en) 2011-04-15 2011-04-15 Method and apparatus for network address translation

Country Status (2)

Country Link
CN (1) CN102232288A (en)
WO (1) WO2011103820A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3065380A1 (en) * 2011-10-06 2016-09-07 QUALCOMM Incorporated Systems and methods for data packet processing
CN106789666A (en) * 2016-11-22 2017-05-31 东软集团股份有限公司 A kind of method and apparatus for determining conversion rear port
CN114205328A (en) * 2021-12-11 2022-03-18 英赛克科技(北京)有限公司 OPC data forwarding method and device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108259645A (en) * 2018-02-05 2018-07-06 深圳市三旺通信技术有限公司 The method for network address translation of vehicle-mounted utilization is handed over based on rail
CN111953807B (en) * 2020-07-30 2022-02-22 新华三信息安全技术有限公司 Message identifier processing method and device and storage medium
CN114531417B (en) * 2020-10-30 2023-09-22 华为技术有限公司 Communication method and device
CN115022423A (en) * 2022-06-22 2022-09-06 上海弘积信息科技有限公司 IPv4 identifier distribution method in load balancing equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006272A (en) * 1998-02-23 1999-12-21 Lucent Technologies Inc. Method for network address translation
CN1960316A (en) * 2005-11-04 2007-05-09 华为技术有限公司 Network address conversion method for segmented messages
CN101567852A (en) * 2009-05-20 2009-10-28 中兴通讯股份有限公司 Method and device for switching the network address of IP message

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006272A (en) * 1998-02-23 1999-12-21 Lucent Technologies Inc. Method for network address translation
CN1960316A (en) * 2005-11-04 2007-05-09 华为技术有限公司 Network address conversion method for segmented messages
CN101567852A (en) * 2009-05-20 2009-10-28 中兴通讯股份有限公司 Method and device for switching the network address of IP message

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3065380A1 (en) * 2011-10-06 2016-09-07 QUALCOMM Incorporated Systems and methods for data packet processing
CN106789666A (en) * 2016-11-22 2017-05-31 东软集团股份有限公司 A kind of method and apparatus for determining conversion rear port
CN106789666B (en) * 2016-11-22 2020-05-08 东软集团股份有限公司 Method and device for determining converted port
CN114205328A (en) * 2021-12-11 2022-03-18 英赛克科技(北京)有限公司 OPC data forwarding method and device
CN114205328B (en) * 2021-12-11 2023-06-02 英赛克科技(北京)有限公司 OPC data forwarding method and device

Also Published As

Publication number Publication date
WO2011103820A3 (en) 2012-03-22
CN102232288A (en) 2011-11-02

Similar Documents

Publication Publication Date Title
US10110555B2 (en) Method, device, and system for quickly informing CGN exception
JP5054114B2 (en) Method and apparatus for interfacing an IP network
JP3494610B2 (en) IP router device with TCP termination function and medium
WO2011103820A2 (en) Method and apparatus for network address translation
JP5798598B2 (en) IPv6 network host blocking and searching method
WO2011147353A1 (en) Method and apparatus for message transmission
WO2016210196A1 (en) Media relay server
WO2016210193A1 (en) Media session
WO2009052668A1 (en) A nat-pt device and a load-sharing method for nat-pt device
JP2006086800A (en) Communication apparatus for selecting source address
WO2016210202A1 (en) Media relay server
WO2010072096A1 (en) Method and broadband access device for improving the security of neighbor discovery in ipv6 environment
US20070171836A1 (en) Estimating system, terminal, estimating method, and program
US20130089092A1 (en) Method for preventing address conflict, and access node
WO2014026571A1 (en) Method and device for sending generic routing encapsulation tunnel message
WO2009124477A1 (en) Method, system and device for packet transmission
WO2009082896A1 (en) A method and a converter for data message transmission
WO2014063606A1 (en) Packet forwarding method and corresponding device
US10164937B2 (en) Method for processing raw IP packet and device thereof
WO2012041168A1 (en) Processing method for network connection for ipv6 network and device thereof
WO2015139397A1 (en) Nat64 resource acquisition method and acquisition/distribution apparatus
WO2014107905A1 (en) Cluster and forwarding method
WO2015184979A1 (en) Methods and devices for processing packet, sending information, and receiving information
JP2017123580A (en) Communication system and communication device
WO2018090865A1 (en) Method and apparatus for registering network device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180000517.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11746862

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11746862

Country of ref document: EP

Kind code of ref document: A2