[go: up one dir, main page]

CN101068212B - Device and method for network address translation forwarding - Google Patents

Device and method for network address translation forwarding Download PDF

Info

Publication number
CN101068212B
CN101068212B CN2007101188111A CN200710118811A CN101068212B CN 101068212 B CN101068212 B CN 101068212B CN 2007101188111 A CN2007101188111 A CN 2007101188111A CN 200710118811 A CN200710118811 A CN 200710118811A CN 101068212 B CN101068212 B CN 101068212B
Authority
CN
China
Prior art keywords
forwarding
network address
packet
forwarding entry
fast
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2007101188111A
Other languages
Chinese (zh)
Other versions
CN101068212A (en
Inventor
陈晨
贾皓昕
于伟
曲原
潘建农
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2007101188111A priority Critical patent/CN101068212B/en
Publication of CN101068212A publication Critical patent/CN101068212A/en
Application granted granted Critical
Publication of CN101068212B publication Critical patent/CN101068212B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a device and a method for network address translation forwarding, which are used for completing the forwarding of a data packet between a public network and a private network, and the device comprises: a common network address conversion and forwarding module, which is used for carrying out network address conversion and forwarding of data packets according to a normal mode; wherein, still include: a fast network address conversion and forwarding module, which is used to record the forwarding key information needed by the forwarding of the data packet, when the data packet is received, extract the related information of the data packet, search the fast forwarding entry containing the forwarding key information matched with the related information, if not, the normal network address conversion module performs the normal network address conversion and forwarding, if found, the forwarding key information in the forwarding entry is used to update the related information in the data packet, and directly obtain the routing information from the forwarding entry, and forward the data packet.

Description

一种网络地址转换转发的装置及方法 A device and method for network address translation and forwarding

技术领域technical field

本发明涉及网络通信地址转换方法与装置,具体的说,涉及一种用来提高网络中私网和公网之间网络地址转换效率的方法与装置。 The invention relates to a network communication address conversion method and device, in particular to a method and device for improving network address conversion efficiency between a private network and a public network in a network. the

背景技术Background technique

随着因特网的发展速度越来越快,人们在日常工作和生活中已将IP网络视为必不可少的工具,网络规模也是不断的扩大,网络用户的数量不断增加,然而公网的地址资源十分有限,因此,NAT(Network Address Translation,网络地址转换)技术就成为了一种解决这个问题的主要方法。它主要作用是使私网中的网络设备使用较少的公网地址就能够访问公网,使得网络资源充分得到了应用。由此,可以使资源紧张的公网IP地址分配给更多的私网用户来用。 With the rapid development of the Internet, people have regarded the IP network as an indispensable tool in their daily work and life, the network scale is also expanding, and the number of network users is increasing. Therefore, NAT (Network Address Translation, Network Address Translation) technology has become a main method to solve this problem. Its main function is to enable network devices in the private network to access the public network using fewer public network addresses, so that network resources are fully utilized. As a result, public network IP addresses with limited resources can be allocated to more private network users. the

目前用于实现NAT转发功能的方法有硬件和软件两种:硬件是通过直接使用FPGA,CPLD或ASIC等硬件基础上进行设计,这种方法最大的优点就是速度,因为硬件的速度优势很明显,所以这种实现方法的转换速率快,效率很高。但是随之而来的问题是,这种方法的成本较高,因此,只适宜于应用在配置较高的高端设备中,对于低端设备很不适合。而软件转发以其灵活性和低成本却非常适合在低端产品中使用。但是软件的实现也有着自己的局限性。因为软件实现多依赖于微处理器的运作,因此具有转换速度慢,系统效率低的缺点。 At present, there are two methods for implementing NAT forwarding function: hardware and software: hardware is designed on the basis of hardware such as FPGA, CPLD or ASIC. The biggest advantage of this method is speed, because the speed advantage of hardware is obvious. Therefore, the conversion rate of this implementation method is fast and the efficiency is very high. But the following problem is that the cost of this method is relatively high, so it is only suitable for high-end equipment with high configuration, and it is not suitable for low-end equipment. However, software forwarding is very suitable for use in low-end products because of its flexibility and low cost. But software implementation also has its own limitations. Because the software implementation mostly depends on the operation of the microprocessor, it has the disadvantages of slow conversion speed and low system efficiency. the

现有软件设计的NAT转换的过程主要是通过从包中获取到包括源IP地址,源端口号,目的IP地址,目的端口号等信息,查找由首包建立的转发条目表。查到后进行替换IP地址和端口信息,进行校验和的计算。更新校验和,然后通过查找相应的转发表完成数据转发。在这种情况下NAT业务会由于比正常业务多进行了NAT相关处理导致转发性能下降。并且在网络的使用中,常常会出现一种情况,即在某一段时间传输的报文的IP地址和端口号的信息相同或相近,例如:某个私网用户从公网的服务器上下载信息:电影,音乐等, 信息流量非常的大,这个时候通过NAT转换,需要进行NAT转发条目表的查找,通常使用的哈希算法,假如此时冲突链非常长,那么,就会出现在每个报文转换时候都要经过这条长冲突链的查找。那样的后果是效率将会非常低。 The process of NAT conversion of existing software design is mainly by obtaining information including source IP address, source port number, destination IP address, destination port number and the like from the packet, and searching the forwarding entry table established by the first packet. After finding it, replace the IP address and port information, and calculate the checksum. Update the checksum, and then complete the data forwarding by looking up the corresponding forwarding table. In this case, the NAT service will perform more NAT-related processing than the normal service, resulting in a decrease in forwarding performance. And in the use of the network, there is often a situation that the information of the IP address and port number of the message transmitted in a certain period of time is the same or similar, for example: a private network user downloads information from a server on the public network : Movies, music, etc. The information flow is very large. At this time, through NAT conversion, it is necessary to search the NAT forwarding entry table. The hash algorithm usually used, if the conflict chain is very long at this time, then it will appear in each When the message is converted, it must go through this long conflict chain search. The consequence of that is that the efficiency will be very low. the

现有技术中,公开了专利CN200510025134和专利“US6457061”两个方案。其中专利“CN200510025134”并不是专用于NAT转换领域的,且需要先处理“流”的第一个数据包,不能直接进行转换、转发,且其索引只能建立在高速缓冲中;专利“US6457061”是一种实现地址转换的大体方法,但其组织表结构仅限于Prtricia tree。 In the prior art, two schemes of patent CN200510025134 and patent "US6457061" are disclosed. Among them, the patent "CN200510025134" is not dedicated to the field of NAT conversion, and the first data packet of the "flow" needs to be processed first, and cannot be converted and forwarded directly, and its index can only be established in the cache; the patent "US6457061" It is a general method to realize address translation, but its organization table structure is limited to Prtricia tree. the

发明内容Contents of the invention

本发明的目的在于提出一种网络地址转换的装置及其方法,以解决普通NAT转换中,由于冲突链过长,所产生的在每个报文转换时都要经过长冲突链的查找,效率很低的问题。 The purpose of the present invention is to propose a kind of device of network address translation and method thereof, to solve in ordinary NAT conversion, because the conflict chain is too long, when each message is converted, it will go through the search of long conflict chain, and the efficiency will be reduced. Very low question. the

为实现上述目的,本发明提出了一种网络地址转换转发的装置,用于完成数据包在公网和私网之间的转发,包括:一普通网络地址转换转发模块,用于按照正常方式进行网络地址转换和数据包的转发;其中,进一步包括: In order to achieve the above object, the present invention proposes a network address translation and forwarding device, which is used to complete the forwarding of data packets between the public network and the private network, including: a common network address translation and forwarding module, used to perform Network address translation and forwarding of data packets; which further includes: 

一快速网络地址转换转发模块,用于记录所述数据包转发所需要的转发关键信息,当收到数据包时,提取所述数据包的相关信息,查找与其相匹配的包含所述转发关键信息的快速转发条目,若没有找到,则转由所述普通网络地址转换转发模块进行普通网络地址转换转发,若找到,使用所述快速转发条目中的转发关键信息更新所述数据包中的相关信息,并直接从所述快速转发条目中获取路由信息,转发所述数据包。 A fast network address translation and forwarding module, used to record the forwarding key information required for forwarding the data packet, when receiving the data packet, extract the relevant information of the data packet, and search for matching information containing the forwarding key information If the fast forwarding entry is not found, the normal network address translation forwarding module is used to forward the normal network address translation, if found, the relevant information in the data packet is updated using the forwarding key information in the fast forwarding entry , and directly obtain routing information from the fast forwarding entry, and forward the data packet. the

上述的网络地址转换转发的装置,其中,所述快速网络地址转换转发模块进一步包括: The above-mentioned device for network address translation and forwarding, wherein the fast network address translation and forwarding module further includes:

一快速转发信息记录模块,用于对没有匹配的转发关键信息的数据包,在对所述数据包进行普通网络地址转换转发后,记录所述数据包的转发关键信息; A fast forwarding information recording module, used to record the forwarding key information of the data packet after carrying out ordinary network address translation and forwarding on the data packet without matching forwarding key information;

一快速转发信息匹配模块,用于在收到所述数据包后,提取所述数据包中的相关信息,根据所述相关信息作为匹配条件,查找快速网络地址转换转发条目,若没有找到,则交由所述普通网络地址转换转发模块处理,若找到了,则 查找到的转发条目即被定位是快速网络地址转换转发需要更新的信息; A fast forwarding information matching module, used to extract relevant information in the data packet after receiving the data packet, and search for a fast network address translation forwarding entry according to the relevant information as a matching condition, if not found, then Handed over to the normal NAT forwarding module for processing, if found, the found forwarding entry is positioned as fast NAT forwarding information that needs to be updated;

一转发模块,用于从所述快速转发条目中获取所述数据包转发所需要的转发关键信息,将所述数据包内的相关信息替换,然后按照保存的路由索引,直接获取路由信息,转发所述数据包; A forwarding module, configured to obtain the key forwarding information required for forwarding the data packet from the fast forwarding entry, replace the relevant information in the data packet, and then directly obtain the routing information according to the saved routing index, and forward said packet;

一快速转发条目表,包含一个或多个快速转发条目,用于存储所述数据包的快速网络地址转换转发所需要的转发关键信息; A fast forwarding entry table, including one or more fast forwarding entries, used to store key forwarding information required for fast network address translation forwarding of the data packet;

其中,所述快速转发条目表进一步包括: Wherein, the fast forwarding entry table further includes:

一快速转发信息更新模块,用于将全部的快速转发条目按照未被使用时间的长短进行排序,并配置老化时间或采用默认值,定期检查所述快速转发条目的未被使用时间,删除超过老化时间的条目,或者用新数据包的转发关键信息更新超过老化时间的条目,并将更新后的条目或者新匹配到的条目放置于老化顺序的最后和条目查找冲突链的首部。 A fast-forwarding information update module, used to sort all fast-forwarding entries according to the length of unused time, and configure the aging time or adopt the default value, regularly check the unused time of the fast-forwarding entries, and delete Time entries, or update entries that exceed the aging time with the forwarding key information of new data packets, and place the updated entries or newly matched entries at the end of the aging sequence and the head of the entry search conflict chain. the

上述的网络地址转换转发的装置,其中,所述转发关键信息进一步包括:源IP地址、源端口号、目的IP地址、目的端口号和报文协议类型; The above-mentioned device for network address translation and forwarding, wherein the forwarding key information further includes: source IP address, source port number, destination IP address, destination port number and message protocol type;

网络地址转换后的IP地址、端口号和路由信息; IP address, port number and routing information after network address translation;

其它业务中需要变化的负荷分担索引、策略路由索引和/或VLAN_ID; Load sharing index, policy routing index and/or VLAN_ID that need to be changed in other services;

网络地址转换产生的IP地址和端口号的改变; Changes in IP addresses and port numbers resulting from network address translation;

生存时间的变化而导致的校验和更新的增量信息。 Incremental information of the checksum update caused by the change of the lifetime. the

上述的网络地址转换转发的装置,其中,所述快速转发条目表进一步包括:一私网到公网的快速转发条目表、和/或一公网到私网的快速转发条目表。 In the above-mentioned device for NAT forwarding, the fast forwarding entry table further includes: a fast forwarding entry table from a private network to a public network, and/or a fast forwarding entry table from a public network to a private network. the

上述的网络地址转换转发的装置,其中,所述快速转发条目表存储在内存或高速缓冲存储器中。 In the above-mentioned device for network address translation and forwarding, the fast forwarding entry table is stored in a memory or a cache memory. the

为实现上述目的,本发明还提供了一种网络地址转换转发的方法,用于完成数据包在公网和私网之间的转发,其中,该方法包括: In order to achieve the above object, the present invention also provides a method for network address translation and forwarding, which is used to complete the forwarding of data packets between the public network and the private network, wherein the method includes:

步骤一,收到数据包,提取所述数据包中的网路地址转换信息,在快速转发条目表中查找与其相匹配的包含转发关键信息的快速转发条目; Step 1, receiving a data packet, extracting the network address translation information in the data packet, and searching for a matching fast forwarding entry containing forwarding key information in the fast forwarding entry table;

步骤二,若没有查找到,则进行普通网络地址转换的转发,并在快速转发条目表中记录所述数据包的转发关键信息,若找到了所述快速转发条目,则使用所述快速转发条目中的转发关键信息更新所述数据包中的相关信息,并直接从所述快速转发条目中获取路由信息,转发所述数据包; Step 2, if not found, then carry out the forwarding of ordinary network address translation, and record the forwarding key information of the data packet in the fast forwarding entry table, if the fast forwarding entry is found, then use the fast forwarding entry Update the relevant information in the data packet by forwarding the key information in the data packet, and directly obtain the routing information from the fast forwarding entry, and forward the data packet;

其中,所述步骤二进一步包括: Wherein, said step 2 further includes:

步骤101,若查找到了相匹配的快速转发条目,则将所述快速转发条目放置在老化顺序的最后,并且将所述快速转发条目放在条目查找冲突链之首; Step 101, if a matching fast forwarding entry is found, placing the fast forwarding entry at the end of the aging sequence, and placing the fast forwarding entry at the head of the entry search conflict chain;

步骤102,若没有查找到相匹配的快速转发条目,则判断当前在老化顺序第一位的快速转发条目的最后一次使用时间到现在是否超过老化时间,若没有超过老化时间,则将所述数据包进行普通网络地址转换转发,若超过了老化时间,采用新数据包的转发关键信息更新超过老化时间的快速转发条目,并将更新后的快速转发条目放置在老化顺序的最后和条目查找冲突链的首部。 Step 102, if no matching fast forwarding entry is found, it is judged whether the last use time of the fast forwarding entry currently at the first place in the aging order exceeds the aging time, and if the aging time is not exceeded, the data The packet is forwarded by ordinary network address translation. If the aging time is exceeded, the forwarding key information of the new data packet is used to update the fast forwarding entry that exceeds the aging time, and the updated fast forwarding entry is placed at the end of the aging sequence and the entry search conflict chain of the first. the

上述的网络地址转换转发的方法,其中,所述步骤一进一步包括: The above-mentioned method for network address translation and forwarding, wherein said step 1 further includes:

步骤81,收到数据包后,判断是否进行快速网络地址转换转发; Step 81, after receiving the data packet, determine whether to perform fast network address translation forwarding;

步骤82,若不进行快速网络地址转换转发,则对所述数据包进行普通网络地址转换和路由转发,否则,提取所述数据包的源IP地址、源端口号、目的IP地址、目的端口号和报文协议类型,进行快速转发条目的匹配。 Step 82, if fast network address translation forwarding is not performed, then carry out common network address translation and route forwarding to the data packet, otherwise, extract the source IP address, source port number, destination IP address and destination port number of the data packet Match the fast forwarding entry with the packet protocol type. the

上述的网络地址转换转发的方法,其中,所述步骤一进一步包括: The above-mentioned method for network address translation and forwarding, wherein said step 1 further includes:

判断所述数据包的流向,若是由私网到公网,则源IP地址和端口号为私网IP地址和端口号,目的IP地址和端口号为公网的IP地址和端口号,开始进行快速转发条目的匹配查找,若是由公网到私网时,则源IP地址和端口号为公网IP地址和端口号,目的IP地址和端口号为私网网络地址转换后公网可见的IP地址和端口号,进行快速转发条目的匹配查找。 Judge the flow direction of described packet, if by private network to public network, then source IP address and port number are private network IP address and port number, purpose IP address and port number are public network IP address and port number, start to carry out For the matching search of fast forwarding entries, if it is from the public network to the private network, the source IP address and port number are the public network IP address and port number, and the destination IP address and port number are the IPs visible to the public network after the private network address translation Address and port number for matching lookup of fast forwarding entries. the

与现有技术相比较,本发明优点体现在以下三方面: Compared with the prior art, the advantages of the present invention are reflected in the following three aspects:

1.避开了在查找NAT转发条目时产生的长冲突链,例如是在一段时期内大量源和目的相同的数据包需经过NAT转换并且在NAT转换条目查找时冲突链过长的时候,由于每个包都可能需要经过很长的冲突链才能查找到转换条目,所以转发速率很低。而本发明中,将数据包的相关信息及转换条目的相关信息记录在一个简小的表项中,待后续的相同的数据报文到达后,可以直接从这个简小的表中已很快的速度获取到转换信息,进行NAT转换,这样可以大大的提高转换速率。 1. Avoid the long conflict chain generated when searching for NAT forwarding entries. For example, when a large number of data packets with the same source and destination need to be converted by NAT within a period of time and the conflict chain is too long when searching for NAT conversion entries, due to Each packet may need to go through a long collision chain to find the translation entry, so the forwarding rate is very low. However, in the present invention, the related information of the data packet and the related information of the conversion entry are recorded in a simple and small table item. Get the conversion information at a faster speed and perform NAT conversion, which can greatly improve the conversion rate. the

2.在上述的建立的简小表项中,可以储存大量的包括NAT转换,路由转发,还有其他业务的相关关键处理信息。在进行NAT转换时,可以将这些关键信息进行提取出以后,直接更新数据包的内容,包括路由查找得出的信息, 其它业务如负荷分担索引,策略路由索引等,还有由于NAT地址变换和TTL的变化导致的校验和变化的增量等,采取一步到位的方法,直接对数据包进行更新处理,减少了数据报处理的步骤。从而大大的提高了报文的转换转发速度,提高系统的性能。 2. A large number of related key processing information including NAT translation, routing and forwarding, and other services can be stored in the above-mentioned simple table entry. When performing NAT conversion, after extracting these key information, the content of the data packet can be directly updated, including the information obtained from routing lookup, other services such as load sharing index, policy routing index, etc., and due to NAT address conversion and For the increment of the checksum change caused by the change of TTL, etc., a one-step method is adopted to directly update the data packet, reducing the steps of datagram processing. Therefore, the conversion and forwarding speed of the message is greatly improved, and the performance of the system is improved. the

3.即使在第一次命中失败之后,进行普通NAT处理,由于前面的过程中已经完成了关键信息的收集操作,对于没有命中的快速NAT条目的数据包的转发性能也不会有较大影响。 3. Even if the normal NAT processing is performed after the first hit failure, since the key information collection operation has been completed in the previous process, the forwarding performance of the data packets of the fast NAT entries that do not hit will not be greatly affected . the

附图说明Description of drawings

图1是本发明的装置结构示意图; Fig. 1 is a device structural representation of the present invention;

图2是本发明的数据包流向示意图; Fig. 2 is a schematic diagram of packet flow of the present invention;

图3是本发明的工作流程示意图; Fig. 3 is a schematic diagram of the workflow of the present invention;

图4是本发明的快速NAT转发表的维护过程的示意图。 Fig. 4 is a schematic diagram of the maintenance process of the fast NAT forwarding table of the present invention. the

具体实施方式Detailed ways

下面结合附图对本发明快速NAT转换的软件实现系统处理方法进行说明。 The software-implemented system processing method for fast NAT conversion of the present invention will be described below in conjunction with the accompanying drawings. the

如图1所示,本发明NAT转发的装置100包括:普通转发模块110,一般的转发报文的流程模块,完成NAT的普通转换及其他业务的普通转发。这个模块中需要做的就是按照正常的方式进行NAT转换,数据包的转发。对业务的处理信息在配置时或者是对首包进行处理时统一维护在一张表项中,在进行转换转发时根据获取到的包的信息对这张表项进行查找条目,按照条目信息更新数据包后,接着再查找路由转发。每个包都是经过这个过程很耗时间,因此本发明的目的即是在下面的快速转发模块中提高转发速率。 As shown in FIG. 1 , the NAT forwarding device 100 of the present invention includes: a general forwarding module 110 , a general process module for forwarding messages, which completes normal conversion of NAT and normal forwarding of other services. What needs to be done in this module is to perform NAT conversion and data packet forwarding in the normal way. The business processing information is uniformly maintained in a table item during configuration or when the first packet is processed. When converting and forwarding, this table item is searched for entries according to the obtained package information, and updated according to the entry information. After the data packet, then look for routing forwarding. Each packet is very time-consuming through this process, so the purpose of the present invention is to improve the forwarding rate in the following fast forwarding module. the

快速NAT转发模块120,即是本发明的重要模块,主要工作是快速NAT转换和数据报文的快速转发。主要包含快速转发信息记录模块121,快速转发条目匹配模块122,转发模块123、快速NAT转发表124和快速转发信息更新模块125。 The fast NAT forwarding module 120 is an important module of the present invention, and its main work is fast NAT conversion and fast forwarding of data packets. It mainly includes a fast forwarding information recording module 121 , a fast forwarding entry matching module 122 , a forwarding module 123 , a fast NAT forwarding table 124 and a fast forwarding information update module 125 . the

快速转发信息记录模块121,这个模块使用的前提是快速转发功能打开使用后,一个陌生的报文进入系统的处理过程如下,首先,这个报文会按照普通 转发流程进行转发,在转发完成后,进行转发关键信息的记录。保存在一张临时表中,这些信息包括数据包的源IP地址,源端口号,目的IP地址,目的端口号,报文协议类型,NAT转换后的IP地址,端口号,路由信息,其它业务中的需变换的关键信息,如负荷分担索引,策略路由索引,VLAN_ID号等,还有因为NAT转换产生的IP地址和端口号改变,TTL的变化而导致的校验和更新的增量等信息。 Fast forwarding information recording module 121, the premise of this module is that after the fast forwarding function is opened and used, the processing process of an unfamiliar message entering the system is as follows. First, the message will be forwarded according to the normal forwarding process. After the forwarding is completed, Make a record of forwarding key information. Stored in a temporary table, the information includes the source IP address, source port number, destination IP address, destination port number, message protocol type, IP address after NAT conversion, port number, routing information, and other services of the data packet. The key information that needs to be changed, such as load sharing index, policy routing index, VLAN_ID number, etc., as well as information such as the change of IP address and port number due to NAT conversion, and the increment of checksum update caused by the change of TTL . the

快速转发条目匹配模块122,此模块在本发明中起的是判断和定位的作用。所谓判断,就是在NAT快速转发功能开启的时候,在收到数据包后,即从数据包中提取匹配条件,包括源IP地址,源端口号,目的IP地址,目的端口号,报文协议类型,用这些条件来作为匹配查找NAT快速转发条目的凭证。一但查到条目,即可按照所查到的条目直接进行快速NAT转发,否则就进行普通NAT转发,但是在普通NAT转发完成后,要记录下来转发关键信息,并保存到NAT快速转发条目之中去。以备后面来的有相同的源IP地址,源端口号,目的IP地址,目的端口号,报文协议类型的报文可以匹配查找到条目进行快速转发。所谓定位,即是在收到数据包进行匹配快速转发条目时,查到的快速转发条目即被定位是快速NAT转发需要更新的信息。NAT包括其他业务,还有路由的转发时所需要的关键信息都保存在这一张NAT快速转发条目表124中,所以,在进行业务转发时,所需的要更新的转发关键信息直接从快速转发条目表124中获取,不需要重新计算或者查找业务转发表,包括路由索引。也保存在其中,直接获取到,不用再进行繁琐的路由查找。 Fast forwarding entry matching module 122, this module plays the role of judging and positioning in the present invention. The so-called judgment means that when the NAT fast forwarding function is enabled, after receiving the data packet, the matching conditions are extracted from the data packet, including source IP address, source port number, destination IP address, destination port number, and packet protocol type , use these conditions as credentials for matching lookup NAT fast forwarding entries. Once the entry is found, fast NAT forwarding can be performed directly according to the found entry, otherwise normal NAT forwarding will be performed, but after the normal NAT forwarding is completed, the key forwarding information should be recorded and saved to the NAT fast forwarding entry to go. In case the following packets with the same source IP address, source port number, destination IP address, destination port number, and packet protocol type can be matched and found for fast forwarding. The so-called positioning means that when a data packet is received to match a fast forwarding entry, the found fast forwarding entry is positioned as information that needs to be updated for fast NAT forwarding. NAT includes other services, and the key information needed for routing forwarding is all stored in this NAT fast forwarding entry table 124, so when performing business forwarding, the required forwarding key information to be updated directly from the fast The forwarding entry table 124 is obtained without recalculating or searching the service forwarding table, including the routing index. It is also stored in it, and can be obtained directly, without the need for tedious routing lookups. the

转发模块123,这个模块的功能就是从快速转发条目表124中获取所在报文转发中可能会更改的关键信息,将在数据包内的信息替换。然后按照保存的路由索引,直接获取路由信息,进行转发。 The forwarding module 123, the function of this module is to obtain the key information that may be changed during the forwarding of the message from the fast forwarding entry table 124, and replace the information in the data packet. Then according to the saved routing index, the routing information is directly obtained and forwarded. the

快速转发条目表124,这个表的建立是为了保存NAT快速转发时所需要的关键信息。一般是在首包进行普通转发时,收集并保存下来。可以保存在cache(高速缓冲存储器)或者是内存中。里面保存的信息是源IP地址,源端口号,目的IP地址,目的端口号,报文协议类型,NAT转换后的IP地址,端口号,路由信息,其它业务中的需变换的关键信息,如负荷分担索引,策略路由索引,VLAN_ID号等,还有因为NAT转换产生的IP地址和端口号改变,TTL(生存时间)的变化而导致的校验和更新的增量等信息。 Fast forwarding entry table 124, this table is established to save the key information needed during NAT fast forwarding. Generally, when the first packet is forwarded normally, it is collected and saved. It can be stored in cache (cache memory) or in memory. The information stored in it is the source IP address, source port number, destination IP address, destination port number, packet protocol type, IP address after NAT conversion, port number, routing information, and other key information that needs to be transformed in the business, such as Load sharing index, policy routing index, VLAN_ID number, etc., as well as information such as the change of IP address and port number caused by NAT conversion, and the increment of checksum update caused by the change of TTL (time to live). the

快速转发信息更新模块125,用于将全部的快速转发条目按照未被使用时间的长短进行排序,并配置老化时间或采用默认值,定期检查该快速转发条目的未被使用时间,删除超过老化时间的条目,或者用新数据包的转发关键信息更新超过老化时间的条目,并将更新后的条目或者新匹配到的条目放置于老化顺序的最后和条目查找冲突链的首部。 The fast forwarding information update module 125 is configured to sort all fast forwarding entries according to the length of the unused time, and configure the aging time or adopt a default value, regularly check the unused time of the fast forwarding entry, and delete the unused time of the fast forwarding entry. entries, or update entries that exceed the aging time with forwarding key information of new data packets, and place the updated entries or newly matched entries at the end of the aging sequence and the head of the entry search conflict chain. the

由于快速转发条目表124要保存众多信息,所以这个表的每一表项要大,但是由于是需要快速转发,因此快速转发条目表124的表项个数不用建立的太多,以便保证在快速NAT转发时,能很快的就查到条目,继而提高转换速度。快速转发信息更新模块125采用老化机制,即在一段时间内保留最近转发过的报文的转发关键信息,并对该快速转发条目进行监视,当一段时间内条目仍然没有被使用,且没有相同属性的数据包的出现,可以删除条目,以便腾出空间供别的属性数据包保存关键信息进行快速转发。在查找快速转发条目表124的时候,由于表项的长度不是太长,且有老化机制的不断更新,可以实现对数据包信息哈希后,经过查找很短的甚至没有冲突的情况下即可获取所需条目,这条冲突链比在普通NAT转发查表时要查找的冲突链要短的多,而且碰到的几率也小的多。因此可以在查表的过程上节省更多时间,提高转换速率。 Because the fast forwarding entry table 124 will save many information, so each table item of this table will be big, but because need fast forwarding, so the table number of fast forwarding entry table 124 needn't set up too much, so that guarantee in fast When NAT forwards, the entry can be found quickly, and then the conversion speed can be improved. The fast forwarding information update module 125 adopts an aging mechanism, that is, retains the forwarding key information of the message that has been forwarded recently within a period of time, and monitors the fast forwarding entry. The appearance of the data packet can delete the entry, so as to make room for other attribute data packets to save key information for fast forwarding. When searching the fast forwarding entry table 124, since the length of the entry is not too long, and the aging mechanism is constantly updated, after the data packet information is hashed, it is possible to search for very short or even no conflicts To obtain the required entries, this conflict chain is much shorter than the conflict chain to be searched when the ordinary NAT forwards the lookup table, and the probability of encountering is much smaller. Therefore, more time can be saved in the process of table lookup and the conversion rate can be improved. the

另外,还可以在此基础上在进一步提高效率,因为只要是查找冲突链,即使是NAT快速转发条目冲突链很短,如果一段时期内很多属性的数据包不停的转发,每个包都要经过这些冲突链的查找,仍然是会占用一些时间。因此,为了进一步提高效率,可以在当前的数据包查到条目时,或者在建立条目时(默认下个接着来的包为相同属性),或者在进行一定数目的转发后(一定数目的转发后就可以有更多的可能后续的包都为相同属性),将其转发条目移至链首,从而可以使数据包在快速NAT转发时更快查到,提高转发效率。 In addition, the efficiency can be further improved on this basis, because as long as the conflict chain is searched, even if the conflict chain of the NAT fast forwarding entry is very short, if data packets with many attributes are continuously forwarded for a period of time, each packet must After searching these conflicting chains, it will still take some time. Therefore, in order to further improve efficiency, when an entry is found in the current data packet, or when an entry is created (by default, the next following packet has the same attribute), or after a certain number of forwardings (after a certain number of forwardings) Just can have more possible follow-up packets all be the same attribute), its forwarding entry is moved to the head of the chain, so that the data packet can be found faster during fast NAT forwarding, and the forwarding efficiency is improved. the

如图2所示,是数据包流向的示意图,包括: As shown in Figure 2, it is a schematic diagram of the flow of data packets, including:

步骤S201,系统收到数据包; Step S201, the system receives the data packet;

步骤S202,判断是否开启快速NAT功能,若是,则进入步骤S205,若不是,则进入步骤S203; Step S202, judging whether to enable the fast NAT function, if so, then enter step S205, if not, then enter step S203;

步骤S203,开始进行普通NAT转换; Step S203, start common NAT conversion;

步骤S204,报文转发结束; Step S204, message forwarding ends;

步骤S205,提取NAT转换所需信息,并进行快速条目匹配,如果没有匹 配到,则进入步骤S208,若匹配到了,则进入步骤S206; Step S205, extract the information required for NAT conversion, and perform fast entry matching, if not matched, then enter step S208, if matched, then enter step S206;

步骤S206,匹配到快速NAT转发条目; Step S206, matching the fast NAT forwarding entry;

步骤S207,在匹配到条目之后,快速进行NAT转换及路由转发,系统从条目中获取关键信息,对数据包进行修改。使数据包完成NAT转换,及其他的业务操作,并直接获取路由索引的信息,进行路由转发,以达到快速转发处理; Step S207, after the entry is matched, quickly perform NAT conversion and route forwarding, the system obtains key information from the entry, and modifies the data packet. Make the data packet complete NAT conversion and other business operations, and directly obtain the information of the routing index for routing and forwarding to achieve fast forwarding processing;

步骤S208,如果没有匹配到条目,系统会把数据包认为是首包,即一段相同数据流到来时的第一个包,这个包往往会留下转发关键信息以供后续的数据包直接使用,因为这些数据包都有着相同的属性,接着,首包进入普通NAT; Step S208, if there is no matching entry, the system will regard the data packet as the first packet, that is, the first packet when a section of the same data flow arrives, and this packet will often leave key forwarding information for subsequent data packets to use directly. Because these data packets all have the same attributes, then, the first packet enters the normal NAT;

步骤S209,普通NAT完成后,记录快速转发条目,如果已经开启快速NAT功能,则每次操作处理所获得的关键信息都被记录了下来,保存到快速转发条目表项124之中; Step S209, after the ordinary NAT is completed, record the fast forwarding entry, if the fast NAT function has been turned on, then the key information obtained by each operation process is recorded and stored in the fast forwarding entry entry 124;

步骤S210,报文转发结束。 Step S210, message forwarding ends. the

由于首包转发时已经保存了快速NAT转发条目,当和首包具有相同属性的后续数据包进到了NAT流程中,提取数据包中NAT转换所需的信息进行快速条目匹配时,就可以匹配到条目。 Since the fast NAT forwarding entry has been saved when the first packet is forwarded, when the subsequent data packet with the same attribute as the first packet enters the NAT process, and the information required for NAT conversion in the data packet is extracted for fast entry matching, it can be matched entry. the

如图3所示,是快速NAT转发方法的具体流程示意图。主要步骤如下: As shown in FIG. 3 , it is a schematic flow chart of the fast NAT forwarding method. The main steps are as follows:

步骤S301,接收数据包,经处理后进入IPV4报文处理流程,由入接口和出接口判断是否进入NAT流程;进入NAT处理流程; Step S301, receive the data packet, enter the IPV4 packet processing flow after processing, judge whether to enter the NAT flow by the incoming interface and the outgoing interface; enter the NAT processing flow;

步骤S302,判断是否启用快速NAT功能,如果没启用,就进行步骤S303和步骤S304;如果启用了,就进行步骤S305; Step S302, judge whether to enable the fast NAT function, if not enable, just proceed to step S303 and step S304; if enable, just proceed to step S305;

步骤S303,进行普通的NAT转换; Step S303, performing common NAT translation;

步骤S304,进行其他业务普通转发,进行普通路由查找转发。这里要注意的是某些业务在操作的时候就会进行路由查找,路由索引会进行变化。数据流程结束; Step S304, performing ordinary forwarding of other services, and performing ordinary route lookup and forwarding. It should be noted here that some services will perform routing lookup during operation, and the routing index will change. end of data flow;

步骤S305,如果启用快速NAT转发功能,则对数据包进行信息提取,包括如下信息:源IP地址,源端口号,目的IP地址,目的端口号,报文协议类型; Step S305, if the fast NAT forwarding function is enabled, the data packet is extracted, including the following information: source IP address, source port number, destination IP address, destination port number, message protocol type;

步骤S306,查看数据包的发送方向,是由公网到私网还是由私网到公网,若是由私网到公网,则进入步骤S307,若是由公网到私网,则进入步骤S316; Step S306, check the sending direction of the data packet, whether it is from the public network to the private network or from the private network to the public network, if it is from the private network to the public network, go to step S307, if it is from the public network to the private network, go to step S316 ;

这里要说明的是在无论是数据包从哪个方向流向那个方向,进行快速NAT转发的流程大体相同。不同之处在于,当快速转发条目表124是按照从私网到公网的方向建立的时候,若数据包由私网到公网转发时,源IP地址和端口号为私网IP地址和端口号,目的IP地址和端口号为公网的IP地址和端口号;而数据包由公网到私网转发时,源IP地址和端口号为公网的IP地址和端口号,而目的IP地址和端口号却是由私网转换后的公网可见的IP地址和端口号,因为在快速转发条目表124中要建立有关信息,即NAT转换后的IP地址,端口号信息,所以,在匹配查找时要注意在从公网到私网时的目的IP地址和端口号,要匹配的是转换后的IP地址和端口号,而不是私网的IP地址和端口号,这是不可见的。 What I want to explain here is that no matter which direction the data packet flows from to that direction, the process of fast NAT forwarding is basically the same. The difference is that when the fast forwarding entry table 124 is established according to the direction from the private network to the public network, if the data packet is forwarded from the private network to the public network, the source IP address and port number are the private network IP address and port number The destination IP address and port number are the IP address and port number of the public network; when the data packet is forwarded from the public network to the private network, the source IP address and port number are the IP address and port number of the public network, and the destination IP address and port number are the visible IP address and port number of the public network after private network conversion, because the relevant information will be established in the fast forwarding entry table 124, that is, the IP address after NAT conversion, port number information, so, in matching When searching, pay attention to the destination IP address and port number when going from the public network to the private network. What needs to be matched is the converted IP address and port number, not the IP address and port number of the private network, which is invisible. the

以上所说的是对一个条目表进行双向检索要注意的。若快速转发条目表124是按照由公网到私网的方向建立的,则与上述过程大体相同,不再重复。当然,如果资源空间允许的话可以在快速转发条目表124中分别建立一个公网到私网的表和一个私网到公网的表。 What has been said above is to pay attention to the two-way retrieval of an entry table. If the fast forwarding entry table 124 is established according to the direction from the public network to the private network, the above process is substantially the same and will not be repeated. Of course, if the resource space permits, a table from the public network to a private network and a table from the private network to the public network can be respectively established in the fast forwarding entry table 124 . the

另外,在NAT转发由公网到私网时,在经过NAT转换后,可能会进行路由的查找,在此,查找路有将会是很耗时间的行为,因此,使用快速NAT转发后,在快速条目表124中已经直接保存了路由信息,因此可以不必在这里查找路由耽误时间,直接一步到位,获取路由索引信息。 In addition, when NAT is forwarded from the public network to the private network, after the NAT conversion, the route search may be performed. Here, the search for the route will be a very time-consuming behavior. Therefore, after using fast NAT forwarding, in The routing information has been directly saved in the fast entry table 124, so it is not necessary to waste time searching for the routing here, and the routing index information can be obtained directly in one step. the

下面的步骤将不再区分数据包的转发方向了; The following steps will no longer distinguish the forwarding direction of the data packet;

步骤S307,用步骤S305获取到的数据包信息源IP地址、源端口号、目的IP地址、目的端口号和报文协议类型,根据此信息查找快速转发条目,如果没有匹配到条目,则进入步骤S313;否则,就是匹配到转发条目,由此可以提取里面的有关NAT、路由、业务的关键信息。准备后面的快速NAT转发,进行步骤S308; Step S307, use the packet information source IP address, source port number, destination IP address, destination port number and message protocol type obtained in step S305 to search for the fast forwarding entry according to this information, if no entry is matched, then enter step S307 S313; otherwise, the forwarding entry is matched, so that key information about NAT, routing, and services inside can be extracted. Prepare for the following fast NAT forwarding, proceed to step S308;

步骤S308,开始进行NAT快速转发; Step S308, start NAT fast forwarding;

步骤S309,获取快速NAT转发条目中的转换后的公网IP地址和端口号; Step S309, obtaining the converted public network IP address and port number in the fast NAT forwarding entry;

步骤S310,进行IP地址和端口替换,进行校验和更新,由于变化所产生的校验和增量,这个校验和增量包括TTL减1等每次IP头变换后的统一增量,此后,获取其它业务转发关键信息,直接对数据包的信息进行替换更改,不用再重新计算所需的信息或是查找快速转发条目表124,以达到节省系统操作时 间,转发速度增快的目的; Step S310, replace the IP address and port, and perform a checksum update. The checksum increment due to the change, this checksum increment includes a uniform increment after each IP header transformation such as TTL minus 1, and thereafter , obtain other business forwarding key information, directly replace and change the information of the data packet, without recalculating the required information or searching the fast forwarding entry table 124, so as to save system operation time and increase the forwarding speed;

步骤S311,获取快速转发条目中记录的路由信息,进行NAT转换,校验和更新等,快速转发所述数据包,流程处理结束; Step S311, obtain the routing information recorded in the fast forwarding entry, perform NAT conversion, checksum update, etc., fast forward the data packet, and the process ends;

步骤S312,进行普通的NAT转换; Step S312, performing common NAT translation;

步骤S313,进行其它业务转发,进行路由转发; Step S313, carry out other business forwarding, carry out route forwarding;

步骤S314,记录下该数据包的转发关键信息,并生成快速转发条目; Step S314, recording the forwarding key information of the data packet, and generating a fast forwarding entry;

步骤S315,查找快速转发条目,如果没有匹配到条目,则进入步骤S316;否则,就是匹配到转发条目,由此可以提取里面的有关NAT转换信息、路由信息的快速转发条目,进入步骤S319; Step S315, search for the fast forwarding entry, if no entry is matched, then enter step S316; otherwise, the forwarding entry is matched, so the fast forwarding entry related to NAT conversion information and routing information inside can be extracted, and then enter step S319;

步骤S316,对所述数据包进行普通NAT转换; Step S316, performing ordinary NAT conversion on the data packet;

步骤S317,进行其它业务转发,进行路由转发; Step S317, carry out other business forwarding, carry out route forwarding;

步骤S318,记录下该数据包的转发关键信息,并生成快速转发条目,构建快速转发表124; Step S318, recording the forwarding key information of the data packet, and generating a fast forwarding entry, constructing a fast forwarding table 124;

步骤S319,进行NAT快速转换; Step S319, performing NAT fast conversion;

步骤S320,获取快速NAT转发条目中的转换后的私网IP地址和端口号; Step S320, obtain the converted private network IP address and port number in the fast NAT forwarding entry;

步骤S321,进行IP地址和端口的替换更新,由于变化所产生的校验和增量,这个校验和增量包括TTL减1等每次IP头变换后的统一增量,此后,获取其它业务转发关键信息,直接对数据包的信息进行替换更改,不用再重新计算所需的信息或是查找快速转发条目表124,以达到节省系统操作时间,转发速度增快的目的; Step S321, replace and update the IP address and port, the checksum increment due to the change, this checksum increment includes the unified increment after each IP header transformation such as TTL minus 1, after that, obtain other services Forward key information, directly replace and change the information of the data packet, without recalculating the required information or searching the fast forwarding entry table 124, so as to save system operation time and increase the forwarding speed;

步骤S322,获取快速转发条目中记录的路由信息,进行NAT转换,校验和更新等,快速转发所述数据包,流程处理结束。 Step S322, obtain the routing information recorded in the fast forwarding entry, perform NAT conversion, checksum update, etc., and fast forward the data packet, and the flow process ends. the

如图4所示,快速NAT转发表的维护流程,步骤如下: As shown in Figure 4, the maintenance process of the fast NAT forwarding table is as follows:

步骤S401,配置快速转发条目老化时间,如果没有配置则采用默认值; Step S401, configure the aging time of the fast forwarding entry, if not configured, use the default value;

步骤S401,收到数据包; Step S401, receiving the data packet;

步骤S402,提取包信息:源地址、目的地址、源端口号、目的端口号和报文协议号等; Step S402, extracting packet information: source address, destination address, source port number, destination port number and message protocol number, etc.;

准备快速NAT转发; Prepare for fast NAT forwarding;

步骤S403,进行快NAT转发条目匹配,如果命中,进行步骤S404,否则,进行步骤S405; Step S403, perform fast NAT forwarding entry matching, if hit, proceed to step S404, otherwise, proceed to step S405;

步骤S404,增加相应计数,将转发条目放置在老化顺序最后,另外可以将此条目放在条目查找冲突链之首,这样可以使后续的相同属性的数据包能以最快的速度查找到转发条目,流程结束; Step S404, increase the corresponding count, and place the forwarding entry at the end of the aging sequence. In addition, this entry can be placed at the head of the entry search conflict chain, so that subsequent packets with the same attributes can find the forwarding entry at the fastest speed , the process ends;

步骤S405,判断当前在老化顺序第一位的条目,其最后一次使用时间到现在是否超过老化时间,如果没有超过老化时间,说明当前条目空间无法释放,因此不能建立NAT快速转发条目,因此进行步骤S406,否则,将要老化的条目按照新数据包的属性进行更新,进行步骤S404; Step S405, judging whether the last use time of the first entry in the aging sequence exceeds the aging time. If the aging time has not been exceeded, it means that the current entry space cannot be released, so the NAT fast forwarding entry cannot be established, so proceed to step S405. S406, otherwise, the entry to be aged is updated according to the attributes of the new data packet, and step S404 is performed;

步骤S406,数据包进行普通NAT转发,更新相应的临时结构,结束流程; Step S406, the data packet is forwarded by ordinary NAT, the corresponding temporary structure is updated, and the process is ended;

步骤S407,将超过老化时间的条目按照新数据包的转发关键信息进行更新,并将新更新的条目或新使用的条目放置于老化顺序的最后,或者放置于条目查找冲突链的首部。 Step S407, update the entries whose aging time has exceeded according to the forwarding key information of the new data packet, and place the newly updated or newly used entries at the end of the aging sequence, or at the head of the entry search conflict chain. the

当然,本发明还可有其它多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的普通技术人员当可根据本发明做出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。 Certainly, the present invention also can have other various embodiments, without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and deformations according to the present invention, but these Corresponding changes and deformations should belong to the scope of protection of the appended claims of the present invention. the

Claims (7)

1. the device that network address translation is transmitted is used to finish the forwarding of packet between public network and private network, and comprising: a general network address transition forwarding module is used for carrying out according to normal mode the forwarding of network address translation and packet; It is characterized in that, further comprise:
One fast network address transition forwarding module, be used to write down described packet and transmit needed forwarding key message, when receiving packet, extract the relevant information of described packet, search the quick forwarding entry that comprises described forwarding key message that is complementary with it, if do not find, then change by described general network address transition forwarding module and carry out the forwarding of general network address transition, if find, use forwarding key message in the described quick forwarding entry to upgrade relevant information in the described packet, and directly from described quick forwarding entry, obtain routing iinformation, transmit described packet;
Described fast network address transition forwarding module further comprises:
One quick forwarding information logging modle is used for the packet to the forwarding key message that does not have coupling, after described packet being carried out the forwarding of general network address transition, writes down the forwarding key message of described packet;
One quick forwarding information matching module, be used for after receiving described packet, extract the relevant information in the described packet, according to described relevant information as matching condition, search fast network address transition forwarding entry,, then transfer to described general network address transition forwarding module and handle if do not find, if found, it is that the forwarding of fast network address transition needs updated information that the forwarding entry that then finds promptly is positioned;
One forwarding module is used for obtaining described packet from described quick forwarding entry and transmits needed forwarding key message, and the relevant information in the described packet is replaced, and according to the routing index of preserving, directly obtains routing iinformation then, transmits described packet;
One quick forwarding entry table comprises one or more quick forwarding entrys, and the fast network address transition that is used to store described packet is transmitted needed forwarding key message;
Described quick forwarding entry table further comprises:
One quick forwarding information update module, be used for whole quick forwarding entrys is sorted according to the length that is not used the time, and configuration ageing time or employing default value, make regular check on the time that is not used of described quick forwarding entry, deletion surpasses the clauses and subclauses of ageing time, perhaps upgrade the clauses and subclauses that surpass ageing time, and the clauses and subclauses after will upgrading or the clauses and subclauses that newly match are positioned over the stem that the last and clauses and subclauses of aging order are searched the chain that conflicts with the forwarding key message of new data packets.
2. the device that network address translation according to claim 1 is transmitted is characterized in that described forwarding key message further comprises:
Source IP address, source port number, purpose IP address, destination slogan and message protocol type;
IP address, port numbers and routing iinformation after the network address translation;
Need the load sharing index that changes, tactful routing index and/or VLAN_ID in other business;
The IP address that network address translation produces and the change of port numbers;
The variation of life span and the verification that causes and the increment information of renewal.
3. the device that network address translation according to claim 2 is transmitted is characterized in that described quick forwarding entry table further comprises: the quick forwarding entry table of a private network to the quick forwarding entry table of public network and/or a public network to private network.
4. the device that network address translation according to claim 1 is transmitted is characterized in that described quick forwarding entry table is stored in internal memory or the cache memory.
5. the method that network address translation is transmitted is used to finish the forwarding of packet between public network and private network, it is characterized in that this method comprises:
Step 1 is received packet, extracts the networking information of address conversion in the described packet, is searching the quick forwarding entry of transmitting key message that comprises that is complementary with it in the forwarding entry table fast;
Step 2, if do not find, then carry out the forwarding of general network address transition, and in quick forwarding entry table the forwarding key message of the described packet of record, if found described quick forwarding entry, then use forwarding key message in the described quick forwarding entry to upgrade relevant information in the described packet, and directly from described quick forwarding entry, obtain routing iinformation, transmit described packet;
Described step 2 further comprises:
Step 101 if found the quick forwarding entry that is complementary, then is placed on described quick forwarding entry the last of aging order, and described quick forwarding entry is placed on clauses and subclauses searches first of the chain that conflicts;
Step 102, if do not find the quick forwarding entry that is complementary, then judge and whether surpass ageing time current last service time till now at the primary quick forwarding entry of aging order, if do not surpass ageing time, then described packet being carried out the general network address transition transmits, if surpassed ageing time, adopt the quick forwarding entry of the forwarding key message renewal of new data packets, and the quick forwarding entry after will upgrading is placed on the stem that aging last and clauses and subclauses are in proper order searched the chain that conflicts above ageing time.
6. the method that network address translation according to claim 5 is transmitted is characterized in that described step 1 further comprises:
Step 81, receive packet after, judge whether to carry out the fast network address transition and transmit;
Step 82, if not carrying out the fast network address transition transmits, then described packet is carried out general network address transition and routing forwarding, otherwise, extract source IP address, source port number, purpose IP address, destination slogan and the message protocol type of described packet, carry out the coupling of quick forwarding entry.
7. according to the method for claim 5 or 6 described network address translation forwardings, it is characterized in that described step 1 further comprises:
Judge the flow direction of described packet, if by private network to public network, then source IP address and port numbers are private network IP address and port numbers, purpose IP address and port numbers are the IP address and the port numbers of public network, begin to carry out the matched and searched of quick forwarding entry, if by public network during to private network, then source IP address and port numbers are public network IP address and port numbers, purpose IP address and port numbers are public network visible IP address and port numbers after the private network network address translation, carry out the matched and searched of quick forwarding entry.
CN2007101188111A 2007-06-11 2007-06-11 Device and method for network address translation forwarding Expired - Fee Related CN101068212B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007101188111A CN101068212B (en) 2007-06-11 2007-06-11 Device and method for network address translation forwarding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007101188111A CN101068212B (en) 2007-06-11 2007-06-11 Device and method for network address translation forwarding

Publications (2)

Publication Number Publication Date
CN101068212A CN101068212A (en) 2007-11-07
CN101068212B true CN101068212B (en) 2010-12-29

Family

ID=38880649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007101188111A Expired - Fee Related CN101068212B (en) 2007-06-11 2007-06-11 Device and method for network address translation forwarding

Country Status (1)

Country Link
CN (1) CN101068212B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571613A (en) * 2012-03-09 2012-07-11 华为技术有限公司 Method and network device for message forwarding

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299772B (en) * 2008-06-04 2011-05-11 中兴通讯股份有限公司 System and method for processing network address conversion preferable regulation
CN101877728B (en) * 2010-06-25 2014-12-31 中兴通讯股份有限公司 Method and device for converting and forwarding network addresses
CN102316012B (en) * 2010-06-30 2014-05-14 杭州华三通信技术有限公司 Method for realizing Internet protocol (IP) express forwarding and three-layer forwarding equipment
CN101938415B (en) * 2010-08-30 2012-07-18 北京傲天动联技术有限公司 Rapid forwarding method for network forwarding device
CN102469006B (en) * 2010-11-01 2015-03-18 杭州华三通信技术有限公司 Method and device for quickly forwarding data report
CN102801603B (en) * 2011-05-27 2017-04-05 中兴通讯股份有限公司 The flow-dividing control method and device that a kind of Network address translators accelerates
CN102821032B (en) * 2011-06-10 2016-12-28 中兴通讯股份有限公司 A kind of method of fast-forwarding packet and three-layer equipment
GB2496454B (en) * 2011-11-14 2013-10-09 Renesas Mobile Corp Wireless communication network
CN102819513A (en) * 2012-06-29 2012-12-12 安科智慧城市技术(中国)有限公司 Interactive method and interactive device based on serial port communication
CN103067281B (en) * 2012-12-28 2016-07-13 深圳市磊科实业有限公司 A kind of system of router fast forwarding method and enforcement the method
CN103227752A (en) * 2013-05-14 2013-07-31 盛科网络(苏州)有限公司 Method and device for realizing policy routing in Ethernet switch chip
CN103281246A (en) * 2013-05-20 2013-09-04 华为技术有限公司 Message processing method and network equipment
CN104283923A (en) * 2013-07-08 2015-01-14 中兴通讯股份有限公司 Method and device for network device data forwarding
CN103391335A (en) * 2013-08-01 2013-11-13 北京市翌晨通信技术研究所 Network communication method for accessing to IP private network directly
CN104135548B (en) * 2014-08-12 2018-12-11 邦彦技术股份有限公司 Static NAT realization method and device based on FPGA
CN104994178B (en) * 2015-05-12 2019-05-03 广东睿江云计算股份有限公司 Network address translation method and device
CN106331196A (en) * 2015-06-26 2017-01-11 中兴通讯股份有限公司 Method and device for realizing NAT
CN105162901B (en) * 2015-09-30 2019-05-14 北京特立信电子技术股份有限公司 Method and device for realizing NAT based on SOPC
JP6609199B2 (en) * 2016-03-01 2019-11-20 ルネサスエレクトロニクス株式会社 Embedded equipment
CN106656818B (en) * 2016-11-18 2019-11-08 杭州迪普科技股份有限公司 A kind of method and apparatus for removing fast-forwarding list item
CN106656615B (en) * 2016-12-29 2020-03-06 杭州迪普科技股份有限公司 Message processing method and device based on TRACERT command
CN108259645A (en) * 2018-02-05 2018-07-06 深圳市三旺通信技术有限公司 The method for network address translation of vehicle-mounted utilization is handed over based on rail
CN108881519A (en) * 2018-08-08 2018-11-23 成都俊云科技有限公司 A kind of NAT penetrating method and device
CN110191109B (en) * 2019-05-17 2021-11-02 杭州迪普信息技术有限公司 Message sampling method and device
CN112565091A (en) * 2020-11-18 2021-03-26 普联国际有限公司 Message forwarding method and device, storage medium and terminal equipment
CN113132242B (en) * 2021-03-19 2022-11-15 翱捷科技股份有限公司 Network equipment and method for sharing sending and receiving cache
CN113645188B (en) * 2021-07-07 2023-05-09 中国电子科技集团公司第三十研究所 A Fast Forwarding Method of Data Packet Based on Security Association
CN114006763A (en) * 2021-11-01 2022-02-01 许昌许继软件技术有限公司 Rapid retrieval matching method and system based on rapid table
CN115225483B (en) * 2022-06-29 2024-08-13 北京天融信网络安全技术有限公司 Data packet forwarding method, electronic device and storage medium
CN116248590B (en) * 2022-12-16 2024-05-10 中国联合网络通信集团有限公司 Data forwarding method, device, equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1474570A (en) * 2002-08-10 2004-02-11 华为技术有限公司 Method for recording access of address translation users during data transmission
CN1487704A (en) * 2003-08-26 2004-04-07 北京朗通环球科技有限公司 Network address converting data output method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1474570A (en) * 2002-08-10 2004-02-11 华为技术有限公司 Method for recording access of address translation users during data transmission
CN1487704A (en) * 2003-08-26 2004-04-07 北京朗通环球科技有限公司 Network address converting data output method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李庆海 等.高速网络环境下NAT快速转换算法.计算机工程与设计第24卷 第9期.2003,第24卷(第9期),1-3.
李庆海等.高速网络环境下NAT快速转换算法.计算机工程与设计第24卷 第9期.2003,第24卷(第9期),1-3. *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571613A (en) * 2012-03-09 2012-07-11 华为技术有限公司 Method and network device for message forwarding
CN102571613B (en) * 2012-03-09 2015-04-29 华为技术有限公司 Method and network device for message forwarding

Also Published As

Publication number Publication date
CN101068212A (en) 2007-11-07

Similar Documents

Publication Publication Date Title
CN101068212B (en) Device and method for network address translation forwarding
CN101819580B (en) System for forwarding packets with identifiers using exact-match lookup engine
US6594704B1 (en) Method of managing and using multiple virtual private networks in a router with a single routing table
US9473373B2 (en) Method and system for storing packet flows
US20100036820A1 (en) Method and System for Processing Access Control Lists Using a Hashing Scheme
US9836540B2 (en) System and method for direct storage access in a content-centric network
CN101854391B (en) Realization method of ares protocol analysis system based on peer-to-peer network
CN101662426B (en) T-MPLS tunnel protection processing method and system thereof
CN102970150A (en) Extensible multicast forwarding method and device for data center (DC)
CN102685177A (en) Transparent proxy caching of resources
WO2020114239A1 (en) Multicast message processing method and apparatus, storage medium and processor
CN101018206A (en) Packet message processing method and device
CN103457700A (en) Data packet content name coding compression method in NDN/CCN
WO2022143989A1 (en) Sid compression method and apparatus based on srv6 protocol
CN102035899B (en) Method and device for determining addresses in IPv6 (internet protocol version 6) based LAN (local area network)
CN109428825A (en) A kind of method for forwarding multicast message and device
CN102025796A (en) MAC (media access control) address updating method and device
CN101699796B (en) Stream trust-based method and system for transmitting data message at high speed and router thereof
CN117857637A (en) Cross-border transmission optimization method based on SDWAN
WO2008119282A1 (en) Method for routing lookup and system for forwarding
CN100450100C (en) A routing method and routing device
CN102143151B (en) Deep packet inspection based protocol packet spanning inspection method and deep packet inspection based protocol packet spanning inspection device
CN114338529B (en) Five-tuple rule matching method and device
CN101888303A (en) Recording method and related device of network flow information
CN102655476B (en) Internet protocol flow transmitting method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20101229

Termination date: 20160611

CF01 Termination of patent right due to non-payment of annual fee