[go: up one dir, main page]

CN103167049A - Translation method of network addresses distributed according to needs, equipment and system - Google Patents

Translation method of network addresses distributed according to needs, equipment and system Download PDF

Info

Publication number
CN103167049A
CN103167049A CN2011104128195A CN201110412819A CN103167049A CN 103167049 A CN103167049 A CN 103167049A CN 2011104128195 A CN2011104128195 A CN 2011104128195A CN 201110412819 A CN201110412819 A CN 201110412819A CN 103167049 A CN103167049 A CN 103167049A
Authority
CN
China
Prior art keywords
port piece
network address
piece
standby
standby port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011104128195A
Other languages
Chinese (zh)
Other versions
CN103167049B (en
Inventor
吴伟
毛东峰
杨国良
李阳春
伍佑明
谭景华
黄灿灿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201110412819.5A priority Critical patent/CN103167049B/en
Publication of CN103167049A publication Critical patent/CN103167049A/en
Application granted granted Critical
Publication of CN103167049B publication Critical patent/CN103167049B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a translation method of network addresses, equipment and a system. A unique network address after being translated and a basic port piece affiliated to the unique network address after being translated is distributed for a network address before being translated, and a basic port piece affiliated to the unique network address after being translated is distributed. When the basic port piece is used up, a spare port piece is added for the basic port piece. When the spare port piece is free, the spare port piece is recovered. The translation method of the network addresses distributed according to the needs, the equipment and the system can distribute ports according to needs, achieve port distribution according to the needs of a user, satisfy the needs of the user, and improve using efficiency of the ports.

Description

Demand assigned method for network address translation, equipment and system
Technical field
The present invention relates to the NAT technology field, relate in particular to a kind of method for network address translation, equipment and system.
Background technology
Network address translation (NAT, Network Address Translation) be the switch technology that a kind of IP address (normally private address) that will belong to certain network segment is converted into another one network segment address (normally publicly-owned address), be widely used in all kinds Internet access way and various types of network.The NAT technology has not only solved the problem of 1P address shortage, but also can effectively avoid the attack from network-external, hides the also computer of protecting network inside, at present, disposes large-scale NAT technology in carrier network.Use the justice of network for the maintenance customer, need to the port number after the conversion of user's use be limited, stipulate that each user uses the quantity of port, thereby the use of guaranteeing a user can not affect the another one user.Although employing can limit user's available port to the mode of user assignment port piece, this mode exists the user to exhaust the problem that can't continue to surf the Net after the port piece.The reason that the user exhausts the port piece has a lot, may be the concurrent a large amount of session of some application program, or subscriber computer suffered virus, and produce a large amount of junk traffics and cause, or because the port piece arranges very few causing.Because each user's demand is also inconsistent, if it is too small unified available port piece to be set for all users, can cause some users to satisfy the demands, excessive if port arranges, easily cause again the waste of port.Therefore, a kind of technology need to be arranged, can realize coming the dispatch ports size according to user's demand, accomplish farthest to satisfy user's demand, can improve again the efficient that port uses.
Summary of the invention
In view of this, the technical problem that the present invention will solve is to provide a kind of method for network address translation, can distribute port according to the demand that port is used.
A kind of method for network address translation is the network address after the unique conversion of the distribution of the network address before changing, and the basic port piece that is attached to the network address after described conversion; When described basic port piece exhausts, for described basic port piece increases the standby port piece; When described standby port piece is idle, reclaim described standby port piece; Wherein, described port piece is one section continuous port numbering scope.An embodiment according to the inventive method, need to carry out IPv4 address before the conversion of network address translation to each, whether after the conversion of described network address translation apparatus, the distribution method of IPv4 address and port piece comprises: during the message that sends the network address before receiving conversion, check the network address after corresponding conversion has been distributed in the network address before described conversion; If do not distribute, obtain the unique outside network address corresponding with the network address value before described conversion by hash algorithm from the network address translation address pond, described outside network address is distributed to the network address before described conversion, and the unique basic port piece that will be attached to described outside network address is distributed to the network address before described conversion.
An embodiment according to the inventive method, the described method that increases the standby port piece when described basic port piece exhausts, for described basic port piece comprises: the operating position that records described basic port piece, when monitoring described basic port piece and exhaust, for described basic port piece increases standby port piece 1, and record the operating position of standby port piece 1; After monitoring described standby port piece 1 and exhausting, then be that described basic port piece increases standby port piece 2, and record the operating position of standby port piece 2; After monitoring described standby port piece N-1 and exhausting, then be that described basic port piece increases standby port piece N, and record the operating position of standby port piece N, n=3,4 ... n; Wherein, described standby port block size is fixing or on-fixed.
According to an embodiment of the inventive method, when being newly-built session session when distributing port, the idle port of the described basic port piece of priority allocation; A plurality of standby port pieces of described basic port piece have different priority, after described basic port piece exhausts, distribute the idle port of standby port piece for newly-built session height according to priority.
According to an embodiment of the inventive method, described when described standby port piece is idle, reclaim described standby port piece and comprise: a plurality of standby port pieces of described basic port piece have different priority; When all session on the minimum standby port piece of a plurality of standby port piece medium priorities of described basic port piece all aging complete after, the standby port piece that described priority is minimum reclaims; The standby port piece of described basic port piece wait for its low standby port piece of priority ratio all reclaim complete and himself all session all aging complete after, be recovered.
According to an embodiment of the inventive method, the network address after distributing conversion and basic port piece, be after basic port piece increases standby port piece or withdrawal standby port piece, to report Operation Log information to support system.An embodiment according to the inventive method, described reporting to support system passes Operation Log information and comprise: adopt the Accounting-start information reporting Operation Log information of Radius agreement, the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece.
Described reporting to support system passes Operation Log information and comprise: adopt the Accounting-start information reporting Operation Log information of Radius agreement, the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece.The technical problem that the present invention will solve is to provide a kind of network address translation apparatus, can distribute port according to the demand that port is used.
A kind of network address translation apparatus, network address allocation units are used to the network address of changing after unique conversion is distributed in the front network address, and the basic port piece that is attached to the network address after described conversion; The standby port piece increases the unit, is used for when described basic port piece exhausts, for described basic port piece increases the standby port piece; Standby port piece recovery unit is used for reclaiming described standby port piece when described standby port piece is idle; Wherein, described port piece is one section continuous port numbering scope.
According to an embodiment of present device, during the message that sends the network address before receiving conversion, whether the allocation units inspection of the described network address has distributed the network address after corresponding conversion to the network address before described conversion; If do not distribute, described network address allocation units obtain the unique outside network address corresponding with the network address value before described conversion by hash algorithm from the network address translation address pond, described outside network address is distributed to the network address before described conversion, and the basic port piece that will be attached to described outside network address is distributed to the network address before described conversion.
According to an embodiment of present device, described port piece operating position record cell is for the operating position that records the port piece; When monitoring described basic port piece and exhaust, it is that described basic port piece increases standby port piece 1 that described standby port piece increases the unit; After monitoring described standby port piece 1 and exhausting, it be described basic port piece increase standby port piece 2 again that described standby port piece increases the unit; After monitoring described standby port piece N-1 and exhausting, it be described basic port piece increase standby port piece N again that described standby port piece increases the unit, and records the operating position of standby port piece N, n=3, and 4 ... n; Wherein, the standby port block size of described basic port piece is fixing or on-fixed.
According to an embodiment of present device, described session allocation units are used for newly-built session session and distribute port; When being newly-built session session when distributing port, the idle port of the described basic port piece of described session allocation units priority allocation; A plurality of standby port pieces of described basic port piece have different priority, and after described basic port piece exhausted, described session allocation units were the idle port that newly-built session height according to priority distributes the standby port piece.
According to an embodiment of present device, a plurality of standby port pieces of described basic port piece have different priority; When all session on the minimum standby port piece of a plurality of standby port piece medium priorities of described basic port piece all aging complete after, the standby port piece that described standby port piece recovery unit is minimum with described priority reclaims; The standby port piece of described basic port piece wait for its low standby port piece of priority ratio all reclaim complete and himself all session all aging complete after, reclaimed by described standby port piece.
An embodiment according to present device, described log information reports the unit, be used at the network address after the distribution conversion and basic port piece, be after basic port piece increases the standby port piece or regains the standby port piece, to report Operation Log information to support system.
An embodiment according to present device, described log information reports the unit to adopt the Accounting-start information reporting Operation Log information of Radius agreement, and the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece.
The technical problem that the present invention will solve is to provide a kind of network address transfer system, comprises above-mentioned network address translation apparatus.
Device, method of the present invention by being the network address after the unique conversion of the distribution of the network address before conversion and basic port piece, is that basic port piece increases the standby port piece when basic port piece exhausts; When the standby port piece is idle, reclaim the standby port piece, can distribute port according to the demand that port is used, and can improve the efficient that port uses.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, the below will do one to the accompanying drawing of required use in embodiment or description of the Prior Art and introduce simply, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart according to an embodiment of method for network address translation of the present invention;
Fig. 2 is the schematic diagram of the port piece that distributes in an embodiment according to method for network address translation of the present invention;
Fig. 3 is the schematic diagram according to an embodiment of network address translation apparatus of the present invention;
Fig. 4 is the schematic diagram according to another embodiment of network address translation apparatus of the present invention;
Fig. 5 uses the schematic diagram of an embodiment of method for network address translation of the present invention in network.
Embodiment
With reference to the accompanying drawings the present invention is described more fully, exemplary embodiment of the present invention wherein is described.Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Method for network address translation of the present invention by being the network address after the unique conversion of the distribution of the network address before conversion and basic port piece, is that basic port piece increases the standby port piece when basic port piece exhausts.When the standby port piece is idle, reclaim the standby port piece, can distribute port according to the demand that port is used, can realize coming the dispatch ports size according to user's demand, accomplish farthest to satisfy user's demand, can improve again the efficient that port uses.Below in conjunction with each figure and embodiment, technical scheme of the present invention is carried out many-sided description.
Fig. 1 is the flow chart according to an embodiment of method for network address translation of the present invention.As shown in Figure 1:
Step 102 is the network address after the unique conversion of the distribution of the network address before changing, and the basic port piece that is attached to the network address after conversion.
Step 103 is when basic port piece exhausts, for basic port piece increases the standby port piece.
Step 104 when the standby port piece is idle, reclaims the standby port piece.
Port piece in the present invention is one section continuous port numbering scope.Basic port piece is a unique continuous port numbering scope that is attached to the network address after conversion, in the present invention port range referred to as the port piece.After the network address before conversion and conversion, the network address is the IPv4 address, also can be the IPv6 address.
Method for network address translation of the present invention distributes port according to the demand that port is used, and can realize coming the dispatch ports size according to user's demand, accomplishes farthest to satisfy user's demand, can improve again the efficient that port uses.
According to one embodiment of present invention, during the message that sends the network address before receiving conversion, whether check the network address after corresponding conversion has been distributed in the network address before changing.If do not distribute, obtain from the network address translation address pond by hash algorithm with change before unique outside network address corresponding to network address value, outside network address is distributed to the network address before conversion, and the basic port piece that will be attached to outside network address is distributed to the network address before conversion.
According to one embodiment of present invention, a plurality of network addresss in local area network (LAN) and corresponding TCP/UDP port translation thereof can be become single outer net address and corresponding TCP/UDP port thereof, by multiplexing legitimate ip address, but make the equal independent access Internet of all computers in network, be in simultaneously the server of local area network (LAN) only for local area network (LAN) provides service, and do not allow the main frame in Internet that it is accessed.Multiplexed port and dynamic address conversion regime are adopted in the more legal outer net IP address that also can provide, and both can guarantee that all users can both obtain to access the power of Internet, and unlikely some computer is because using same IP address to be limited authority again.For the 4th layer be the packet of TCP or UDP, NAT by the change source port number, realize many to few mapping.Hash (hash or Hash) algorithm, (be called again pre-mapping, pre-image), by hashing algorithm, be transformed into the output of regular length, this output is exactly hashed value the input of random length.The hash algorithm provides a kind of method of RAD (rapid access data), it sets up corresponding relation between key assignments and actual value with a kind of algorithm, (each actual value can only have a key assignments, but key assignments can corresponding a plurality of actual values, be about to Data Discretization, to facilitate access), access data in the data structures such as array so fast.When the front network address of needs conversion, obtain from the network address translation address pond by hash algorithm with change before unique outside network address corresponding to network address value, outside network address has the basic port piece of unique correspondence, outside network address as the network address after changing, is distributed to together with basic port piece and changed the front network address.
According to one embodiment of present invention, the internal address before each conversion is corresponding with a mutually different outer net address, and the internal address before a plurality of conversions also can be corresponding with same outer net address.Pass through hash algorithm, internal address before conversion as actual value, is obtained a key assignments corresponding with changing front internal address, i.e. outer net address, outer net address corresponding to internal address that i.e. conversion is front, and an outer net address also can the front internal address of corresponding a plurality of conversions.Internal address and an outer net address corresponding relation, and the basic port piece that is attached to outer net address can be configured in advance.
Fig. 2 is the schematic diagram of the port piece that distributes in an embodiment according to method for network address translation of the present invention.As shown in Figure 2:
When the user accessed outer net, network address translation apparatus was received the message that send the network address before the user changes, and whether inspection is to changing the network address after corresponding conversion has been distributed in the front network address.If do not distribute, obtain from the network address translation address pond by hash algorithm with change before unique outside network address corresponding to network address value, outside network address is distributed to changed the front network address, reserving a standby port numbering scope is used for serving as standby, and the basic port piece 211 that will be attached to outside network address is distributed to the network address before changing, at this moment, only has basic port piece 211 in user's access end buccal mass 21.
Record the operating position of basic port piece 211, when monitoring basic port piece and exhaust, dynamically mark off a segment limit as its standby port piece 1 212 from the standby port piece, for basic port piece increases standby port piece 1 212, and record the operating position of standby port piece 1 212.After monitoring standby port piece 1 212 and exhausting, then be that basic port piece increases standby port piece 2213, and record the operating position of standby port piece 2 213.The processing of follow-up newly-increased port piece after monitoring standby port piece N-1 and exhausting, then is that basic port piece increases standby port piece N 214, and records the operating position of standby port piece N214 by that analogy, N=3, and 4 ... n.Each standby port block size of basic port piece is fixing or on-fixed.
According to one embodiment of present invention, Session especially in network application, is called " session " in computer.It specifically refers to the process of the communication that two terminal processes are carried out, usually distinguishing different sessions with triplet information (source IP address, source port, transport layer protocol type) or five-tuple information (source IP address, source port, purpose IP address, destination interface, transport layer protocol type) on network layer device.When being newly-built session when distributing port, the idle port of the basic port piece of priority allocation.A plurality of standby port pieces of basic port piece have different priority, after basic port piece exhausts, distribute the idle port of standby port piece for newly-built session height according to priority.A plurality of standby port pieces of basic port piece have different priority.
When all session on the minimum standby port piece of a plurality of standby port piece medium priorities of basic port piece all aging complete after, the standby port piece that priority is minimum reclaims.The standby port piece of basic port piece wait for its low standby port piece of priority ratio all reclaim complete and himself all session all aging complete after, be recovered.
According to one embodiment of present invention, when a plurality of users of appearance compete residue standby port piece, can adopt multiple competition mechanism agreement to decide the user of preferential use.When being newly-built session distribution port, preferentially adopt the idle port of basic port piece, the priority of standby port piece 1 is taken second place, and the priority of standby port fast 2 is taken second place again, and the processing of follow-up newly-increased port piece is by that analogy.The session that is based upon on basic port piece, standby port piece is aging in certain ageing time, and the two ageing time can be the same also can be different.Distribute in all of the port piece that same user uses, on the minimum standby port piece of priority all session all aging complete after, network address translation apparatus is reclaimed this standby port piece according to take-back strategy.All the other standby port pieces only have isopreference level all to reclaim complete than his low port piece and self all session all aging complete after, could according to take-back strategy, it be reclaimed by network address translation apparatus.The built-in take-back strategy of network address translation apparatus must guarantee can be because user session number is in the situation appearance that critical condition causes increasing continually, reclaiming the standby port piece, thereby avoid exporting a large amount of log informations to the associated support system, support system is impacted.All session on the basic port piece of user are aging when complete for network address translation apparatus, reclaim this basic port piece.The network address after distributing conversion and basic port piece, be after basic port piece increases standby port piece or withdrawal standby port piece, to report Operation Log information to support system.Adopt the Accounting-start information reporting Operation Log information of Radius agreement, the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece etc.After conversion, distribution, increase and the recovery of IPv4 address and port piece realize by the algorithm on link switch equipment.When a plurality of users occurring and compete residue standby port piece, can adopt multiple competition mechanism agreement to decide the user of preferential use, competition mechanism wherein can be by having decided preferential use by the order of priority of service priority or user gradation etc. rule.
Fig. 3 is the schematic diagram according to an embodiment of network address translation apparatus of the present invention.As shown in Figure 3:
Network address translation apparatus 31 comprises: network address allocation units 311, standby port piece increase unit 312 and standby port piece recovery unit 313.Network address allocation units 311 are the network address after unique conversion is distributed in the network address before conversion, and the basic port piece that is attached to the network address after conversion.When basic port piece exhausted, it was that basic port piece increases the standby port piece that the standby port piece increases unit 312.When the standby port piece was idle, standby port piece recovery unit 313 reclaimed the standby port piece.The port piece is one section continuous port numbering scope.
According to one embodiment of present invention, during the message that sends the network address before receiving conversion, whether network address allocation units 311 check the network address after corresponding conversion have been distributed in the network address before changing.If do not distribute, network address allocation units 311 obtain from the network address translation address pond by hash algorithm with change before unique outside network address corresponding to network address value, outside network address is distributed to the network address before conversion, and the basic port piece that will be attached to outside network address is distributed to the network address before conversion.Support system is preserved relevant log information.Consider the problem of tracing to the source in the address, each distribution end buccal mass, increase port piece or recovery end buccal mass after, all will be uploaded to support system to relevant log information, but to reduce as far as possible between network address translation apparatus and other equipment alternately.This support system can integrate with AAA system.
Fig. 4 is the schematic diagram according to another embodiment of network address translation apparatus of the present invention.As shown in Figure 4:
Network address translation apparatus 41 comprises: network address allocation units 411, standby port piece increase unit 412 and standby port piece recovery unit 413.Port piece operating position record cell 414 records the operating position of port piece.When monitoring basic port piece and exhaust, it be basic port piece increase standby port piece 1 that the standby port piece increases unit 412.After monitoring standby port piece 1 and exhausting, it be basic port piece increase standby port piece 2 again that the standby port piece increases unit 412.The processing of follow-up newly-increased port piece by that analogy, after monitoring standby port piece N-1 and exhausting, it be basic port piece increase standby port piece N again that the standby port piece increases unit 412, and records the operating position of standby port piece N, N=3,4 ... n; The standby port block size of basic port piece is fixing or on-fixed.
Session allocation units 415 are that newly-built session session distributes port.When being newly-built session session when distributing port, the idle port of the session allocation units 415 basic port pieces of priority allocation.A plurality of standby port pieces of basic port piece have different priority, and after basic port piece exhausted, session allocation units 415 were the idle port that newly-built session height according to priority distributes the standby port piece.A plurality of standby port pieces of basic port piece have different priority.When all session on the minimum standby port piece of a plurality of standby port piece medium priorities of basic port piece all aging complete after, the standby port piece that standby port piece recovery unit 413 is minimum with priority reclaims.The standby port piece of basic port piece wait for its low standby port piece of priority ratio all reclaim complete and himself all session all aging complete after, reclaimed by standby port piece 413.
Log information report unit 416 after distributing conversion the network address and basic port piece, for after basic port piece increases the standby port piece or regain the standby port piece, report Operation Log information to support system.Log information reports unit 416 can adopt the Accounting-start information reporting Operation Log information of Radius agreement, and the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece.
Fig. 5 uses the schematic diagram of an embodiment of method for network address translation of the present invention in network.As shown in Figure 5.
Gateway 53 is that Intranet user 51,52 arranges dynamic mapping relationship between home address and publicly-owned address, port piece as network address translation apparatus.After user 51 reached the standard grade, completes authentication and address assignment, gateway 53 reported accounting-start message by internet to support system 54, carries the attribute informations such as station address, publicly-owned address, port piece.
User 51 reaches the standard grade, completing user authentication and address assignment.This process is completed user's access process of standard.Gateway 53 is random publicly-owned address, the port piece selected of user 51 home address, creates user's 51 address mapping relations, and increases, reclaims the standby port piece according to set algorithm for the user.The selection algorithm that gateway 53 adopts can be the hash algorithm, guarantees to be the different publicly-owned address of different user address choice, port piece.Gateway 53 in accounting-start message to distribution corresponding to the home address of support system 54 report of user 51, increase, recovery port block message.This report method requires the support of Radius protocol attribute.Radius server in support system 54 obtains user 51 corresponding distribution, increase, the recovery port block message of home address, and replys and the request of tracing to the source of the address of user information correlation.Adopt the Radius extended attribute in gateway 53 reports pattern, carry distribution corresponding to station address, increase, recovery port block message in accouting-start message.Gateway 53 is station address Dynamic Selection publicly-owned address, basic port piece, standby port piece, supports to determine with hash algorithm the parameters such as publicly-owned address corresponding to station address, port piece.Management equipment 55 can be accessed support system 54, is managed for configuration.
Description of the invention provides for example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.May realize in many ways method and system of the present invention.For example, can realize method and system of the present invention by any combination of software, hardware, firmware or software, hardware, firmware.The said sequence that is used for the step of method is only in order to describe, and the step of method of the present invention is not limited to above specifically described order, unless otherwise specify.In addition, in certain embodiments, can be also the program that is recorded in recording medium with the invention process, these programs comprise be used to the machine readable instructions that realizes the method according to this invention.Thereby the present invention also covers the recording medium that storage is used for the program of execution the method according to this invention.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is for better explanation principle of the present invention and practical application, thereby and makes those of ordinary skill in the art can understand the various embodiment with various modifications that the present invention's design is suitable for special-purpose.

Claims (15)

1. method for network address translation is characterized in that:
Be the network address after the unique conversion of the distribution of the network address before changing, and the basic port piece that is attached to the network address after described conversion;
When described basic port piece exhausts, for described basic port piece increases the standby port piece;
When described standby port piece is idle, reclaim described standby port piece;
Wherein, described port piece is one section continuous port numbering scope.
2. the method for claim 1, is characterized in that, described the basic port piece of the network address after distributing the network address after unique conversion and being attached to described conversion comprises for the network address before conversion:
During the message that sends the network address before receiving conversion, whether check the network address after corresponding conversion has been distributed in the network address before described conversion;
If do not distribute, obtain the unique outside network address corresponding with the network address value before described conversion by hash algorithm from the network address translation address pond, described outside network address is distributed to the network address before described conversion, and unique basic port piece that will be attached to described outside network address is distributed to the network address before described conversion.
3. the method for claim 1, is characterized in that, and is described when described basic port piece exhausts, comprise for described basic port piece increases the standby port piece:
Record the operating position of described basic port piece, when monitoring described basic port piece and exhaust, be that described basic port piece increases standby port piece 1, and record the operating position of standby port piece 1;
After monitoring described standby port piece 1 and exhausting, then be that described basic port piece increases standby port piece 2, and record the operating position of standby port piece 2;
After monitoring described standby port piece N-1 and exhausting, then be that described basic port piece increases standby port piece N, and record the operating position of standby port piece N, N=3,4 ... n;
Wherein, each standby port block size of described basic port piece increase is fixing or on-fixed.
4. method as claimed in claim 3 is characterized in that:
When being newly-built session session when distributing port, the idle port of the described basic port piece of priority allocation; A plurality of standby port pieces of described basic port piece have different priority, after described basic port piece exhausts, distribute the idle port of standby port piece for newly-built session height according to priority.
5. the method for claim 1 is characterized in that: described when described standby port piece is idle, reclaim described standby port piece and comprise:
A plurality of standby port pieces of described basic port piece have different priority;
When all session on the minimum standby port piece of a plurality of standby port piece medium priorities of described basic port piece all aging complete after, the standby port piece that described priority is minimum reclaims;
The standby port piece of described basic port piece wait for its low standby port piece of priority ratio all reclaim complete and himself all session all aging complete after, just be recovered.
6. the method for claim 1 is characterized in that:
The network address after distributing conversion and basic port piece, be after basic port piece increases standby port piece or withdrawal standby port piece, to report Operation Log information to support system.
7. method as claimed in claim 6, is characterized in that, described reporting to support system passes Operation Log information and comprise:
Adopt the Accounting-start information reporting Operation Log information of Radius agreement, the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece.
8. a network address translation apparatus, is characterized in that, comprising:
Network address allocation units are used to the network address of changing after unique conversion is distributed in the front network address, and the basic port piece that is attached to the network address after described conversion;
The standby port piece increases the unit, is used for when described basic port piece exhausts, for described basic port piece increases the standby port piece;
Standby port piece recovery unit is used for reclaiming described standby port piece when described standby port piece is idle;
Wherein, described port piece is one section continuous port numbering scope.
9. equipment as claimed in claim 8 is characterized in that:
During the message that sends the network address before receiving conversion, whether the allocation units inspection of the described network address has distributed the network address after corresponding conversion to the network address before described conversion;
If do not distribute, described network address allocation units obtain the unique outside network address corresponding with the network address value before described conversion by hash algorithm from the network address translation address pond, described outside network address is distributed to the network address before described conversion, and unique basic port piece that will be attached to described outside network address is distributed to the network address before described conversion.
10. equipment as claimed in claim 9, is characterized in that, also comprises:
Port piece operating position record cell is for the operating position that records the port piece;
When monitoring described basic port piece and exhaust, it is that described basic port piece increases standby port piece 1 that described standby port piece increases the unit;
After monitoring described standby port piece 1 and exhausting, it be described basic port piece increase standby port piece 2 again that described standby port piece increases the unit;
After monitoring described standby port piece N-1 and exhausting, it be described basic port piece increase standby port piece N again that described standby port piece increases the unit, and records the operating position of standby port piece N, N=3, and 4 ... n;
Wherein, each standby port block size of described basic port piece increase is fixing or on-fixed.
11. equipment as claimed in claim 10 is characterized in that, also comprises:
The session allocation units are used for newly-built session session and distribute port;
When being newly-built session session when distributing port, the idle port of the described basic port piece of described session allocation units priority allocation; A plurality of standby port pieces of described basic port piece have different priority, and after described basic port piece exhausted, described session allocation units were the idle port that newly-built session height according to priority distributes the standby port piece.
12. equipment as claimed in claim 8 is characterized in that:
A plurality of standby port pieces of described basic port piece have different priority;
When all session on the minimum standby port piece of a plurality of standby port piece medium priorities of described basic port piece all aging complete after, the standby port piece that described standby port piece recovery unit is minimum with described priority reclaims;
The standby port piece of described basic port piece wait for its low standby port piece of priority ratio all reclaim complete and himself all session all aging complete after, reclaimed by described standby port piece.
13. equipment as claimed in claim 8 is characterized in that, also comprises:
Log information reports the unit, is used at the network address after the distribution conversion and basic port piece, is after basic port piece increases the standby port piece or regains the standby port piece, to report Operation Log information to support system.
14. equipment as claimed in claim 13 is characterized in that,
Described log information reports the unit to adopt the Accounting-start information reporting Operation Log information of Radius agreement, and the information of carrying in Accouting-start message comprises: the network address after the network address before conversion, conversion, basic port piece and standby port piece.
15. a network address transfer system is characterized in that:
Comprise network address translation apparatus as described in claim 8 to 14 any one.
CN201110412819.5A 2011-12-13 2011-12-13 Demand assigned method for network address translation, equipment and system Active CN103167049B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110412819.5A CN103167049B (en) 2011-12-13 2011-12-13 Demand assigned method for network address translation, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110412819.5A CN103167049B (en) 2011-12-13 2011-12-13 Demand assigned method for network address translation, equipment and system

Publications (2)

Publication Number Publication Date
CN103167049A true CN103167049A (en) 2013-06-19
CN103167049B CN103167049B (en) 2016-09-07

Family

ID=48589784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110412819.5A Active CN103167049B (en) 2011-12-13 2011-12-13 Demand assigned method for network address translation, equipment and system

Country Status (1)

Country Link
CN (1) CN103167049B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104427013A (en) * 2013-09-10 2015-03-18 中国电信股份有限公司 Carrier-grade address translation device and customer address mapping relation processing method thereof
CN104702710A (en) * 2013-12-09 2015-06-10 中国联合网络通信集团有限公司 Port allocation method and device
CN105100297A (en) * 2015-06-30 2015-11-25 杭州华三通信技术有限公司 Resource processing method and device
CN106506724A (en) * 2016-11-23 2017-03-15 杭州华三通信技术有限公司 A kind of method and device of distribution port block
CN106899710A (en) * 2017-04-26 2017-06-27 上海优刻得信息科技有限公司 IP address conversion method, IP address conversion device and gateway system
CN109120732A (en) * 2018-07-18 2019-01-01 北京天融信网络安全技术有限公司 The hot insert method of business board, system and storage medium in distributed NAT system
CN114157633A (en) * 2021-12-03 2022-03-08 北京天融信网络安全技术有限公司 Message forwarding method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073704A1 (en) * 2002-10-15 2004-04-15 Nomadix, Inc. Intelligent network address translator and methods for network address translation
CN101262506A (en) * 2008-04-21 2008-09-10 杭州华三通信技术有限公司 NAT port resource allocation method and system under distributed architecture
CN102223287A (en) * 2010-04-16 2011-10-19 国基电子(上海)有限公司 Network device and method thereof for dynamic distribution of system resources

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073704A1 (en) * 2002-10-15 2004-04-15 Nomadix, Inc. Intelligent network address translator and methods for network address translation
CN101262506A (en) * 2008-04-21 2008-09-10 杭州华三通信技术有限公司 NAT port resource allocation method and system under distributed architecture
CN102223287A (en) * 2010-04-16 2011-10-19 国基电子(上海)有限公司 Network device and method thereof for dynamic distribution of system resources

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104427013A (en) * 2013-09-10 2015-03-18 中国电信股份有限公司 Carrier-grade address translation device and customer address mapping relation processing method thereof
CN104427013B (en) * 2013-09-10 2018-06-12 中国电信股份有限公司 Working level address-translating device and its processing method to station address mapping relations
CN104702710A (en) * 2013-12-09 2015-06-10 中国联合网络通信集团有限公司 Port allocation method and device
CN105100297A (en) * 2015-06-30 2015-11-25 杭州华三通信技术有限公司 Resource processing method and device
CN105100297B (en) * 2015-06-30 2019-01-22 新华三技术有限公司 A kind of method for processing resource and device
CN106506724A (en) * 2016-11-23 2017-03-15 杭州华三通信技术有限公司 A kind of method and device of distribution port block
CN106506724B (en) * 2016-11-23 2020-10-30 新华三技术有限公司 Method and device for distributing port blocks
CN106899710A (en) * 2017-04-26 2017-06-27 上海优刻得信息科技有限公司 IP address conversion method, IP address conversion device and gateway system
CN106899710B (en) * 2017-04-26 2020-11-13 优刻得科技股份有限公司 IP address conversion method, IP address conversion device and gateway system
CN109120732A (en) * 2018-07-18 2019-01-01 北京天融信网络安全技术有限公司 The hot insert method of business board, system and storage medium in distributed NAT system
CN109120732B (en) * 2018-07-18 2022-03-11 北京天融信网络安全技术有限公司 Service board hot-plug method, system and storage medium in distributed NAT system
CN114157633A (en) * 2021-12-03 2022-03-08 北京天融信网络安全技术有限公司 Message forwarding method and device

Also Published As

Publication number Publication date
CN103167049B (en) 2016-09-07

Similar Documents

Publication Publication Date Title
CN103167049A (en) Translation method of network addresses distributed according to needs, equipment and system
CN102739810B (en) The method and apparatus of IPv4CP/SP and IPv6 network interworking
CN101237378B (en) Mapping method and device of virtual LAN
CN103117947B (en) A kind of load sharing method and device
CN102932498A (en) Virtual machine internet protocol (IP) resource management method of cloud computing platform
CN104219334B (en) User's source tracing method, device and BAS Broadband Access Server
CN101150502A (en) A kind of NAT-PT equipment and its load sharing method
CN102137001B (en) Routing information exchange method, equipment and system
CN110769080B (en) Domain name resolution method, related product and computer readable storage medium
CN101043461A (en) Method for testing DHCPv6 service and client
CN106506724B (en) Method and device for distributing port blocks
CN103595638B (en) A kind of MAC address learning method and device
US20120185487A1 (en) Method, device and system for publication and acquisition of content
CN117714389A (en) Method for converting network address and port of network forwarding equipment and related equipment
CN101056218A (en) A network performance measurement method and system
CN102546364A (en) Network data distribution method and device
CN104301229A (en) Data packet forwarding method and device and routing table generating method and device.
CN112217653B (en) Strategy issuing method, device and system
CN103118115B (en) Facing cloud calculates virtual machine management method and the device of user
CN105357332B (en) A kind of method for network address translation and device
CN109618015B (en) Data center-based de-stacking implementation method and device
CN100531215C (en) Method for realizing multiple network device link aggregation
CN1753411A (en) An Improved Method of Assigning Network Identifiers Through Interface Identifiers
CN112714133B (en) ND attack prevention method and device suitable for DHCPv6 server
CN111935336B (en) IPv 6-based network governance method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant