CN104168338A - Network address conversion device and network address conversion method - Google Patents
Network address conversion device and network address conversion method Download PDFInfo
- Publication number
- CN104168338A CN104168338A CN201310185284.1A CN201310185284A CN104168338A CN 104168338 A CN104168338 A CN 104168338A CN 201310185284 A CN201310185284 A CN 201310185284A CN 104168338 A CN104168338 A CN 104168338A
- Authority
- CN
- China
- Prior art keywords
- conversion
- data message
- address
- record
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a network address conversion device and a network address conversion method that are applied to network equipment having an NAT function. The device executes the following processing flows: A, after forward direction data messages sent by an internal network host to an external network are received, the forward direction data messages are subjected to NAT conversion operation, and conversion record and corresponding relation of host access identification is recorded; B, after reverse direction data messages sent by the external network are received, the reverse direction data messages are sent to the host through an interface corresponding to the access identification according to the conversion record and the corresponding relation. Through the technical solution of the network address conversion device and the network address conversion method, the problem that conversation faults are caused in NAT conversion processes due to reuse of an internal host address in the prior art can be effectively solved.
Description
Technical field
The present invention relates to network communication field, relate in particular to a kind of network address conversion device and method.
Background technology
Along with the development of network, the scale of network is in continuous expansion, and the network user's quantity is also in continuous increase, yet due to the limitation of historical reasons and the IPV4 network address, network address resources is very limited.The problem exhausting in order to alleviate the network address, in IPV4 address, defined private network IP address section, can be for building private network, such as company and enterprise's internal network, but these private network IP address can only be in the inner use of local area network (LAN), externally network (Internet) is upper uses.So can access the host/server on external network in order to make private network main frame, in private network exit, dispose NAT(Network Address Translation, network address translation) equipment, is converted to public network IP address by private network IP address, so that private network main frame can use on public network.
In prior art, NAT translation function is mainly, by the five-tuple in message (source IP address, source port, object IP address, destination interface and protocol number), private network IP address is converted to public network IP address, but because can causing the main frame of two different departments, the reasons such as network management configuration or company amalgamation use identical private network IP address, like this, in NAT conversion, just may there is identical five-tuple, and then cause conflict talk.
Summary of the invention
In view of this, the invention provides a kind of network address conversion device and method, the deficiency existing to solve prior art.
Particularly, described application of installation has on the network equipment of nat feature, and this device comprises:
Forward conversion module, for receiving internal network main frame after the forward data message of external network transmission, host IP address and host side slogan as source IP address and source port number in this data message is converted to public network IP address and local port number, and the corresponding conversion of generation record, this forward conversion module is further used for determining the access sign of this main frame, and conversion record and this access sign corresponding relation are kept in conversion record sheet, then described forward data message is sent;
Reverse conversion module, for after receiving the reverse data message of external network transmission, according to the object IP address of this reverse data message and destination slogan, inquire about described conversion record sheet, if conversion record of query hit is converted to corresponding host IP address and host side slogan according to this conversion record by the object IP address of this reverse data message and destination slogan, then according to conversion record, from conversion record sheet, obtain with the conversion of hitting and record corresponding access sign, this reverse data message is sent to main frame from interface corresponding to this access sign.
Said method comprising the steps of:
A, after receiving the forward data message that internal network main frame sends to external network, host IP address and host side slogan as source IP address and source port number in this data message is converted to public network IP address and local port number, and the corresponding conversion of generation record, this forward conversion module is further used for determining the access sign of this main frame, and conversion record and this access sign corresponding relation are kept in conversion record sheet, then described forward data message is sent;
B, after receiving the reverse data message that external network sends, according to the object IP address of this reverse data message and destination slogan, inquire about described conversion record sheet, if conversion record of query hit is converted to corresponding host IP address and host side slogan according to this conversion record by the object IP address of this reverse data message and destination slogan, then according to conversion record, from conversion record sheet, obtain with the conversion of hitting and record corresponding access sign, this reverse data message is sent to main frame from interface corresponding to this access sign.
From above technical scheme, compared to prior art, the present invention, without at the extra NAT device of a plurality of switch deploy, also can avoid switch to be difficult to dispose the embarrassment of nat feature to a great extent.
Accompanying drawing explanation
Fig. 1 is the application scenarios schematic diagram of one embodiment of the present invention;
Fig. 2 is the device logic diagram of one embodiment of the present invention;
Fig. 3 is the method flow diagram of one embodiment of the present invention.
Embodiment
Fig. 1 is an application scenarios schematic diagram in embodiment of the present invention, please refer to Fig. 1, and intranet host PC1 and PC2 are connected on router by switch, and then can access various servers, such as Web server.Wherein, due to historical reasons, the private network IP address of host PC 1 and PC2 is identical, is all 192.168.0.12, and PC1 and PC2 can be positioned at different local area network (LAN)s conventionally, therefore when this local area network communication, does not affect mutually.If but PC1 and PC2 access external network, may clash.Such as host PC 1 is used 80 ports of port one access Web server, now, if host PC 2 is also accessed 80 ports of identical Web server by port one, on router, carry out so NAT conversion time, because their five-tuple information is in full accord, just there will be session mistake.
In prior art, want to solve the above-mentioned conflict talk producing due to address multiplex, a kind of scheme being easily understood is to dispose NAT translation functions at switch 1 and switch 2 places.By NAT, change, before message arrives router, the PC1 private network IP address identical with PC2 is converted to different public network IP address, when the message after such two conversions arrives router, just the problem of above-mentioned conflict talk can not occur.But, in actual applications, having very much the switch device of having disposed in network is all older equipment or the access device of comparison low side, cannot dispose NAT conversion, therefore need to change the equipment of supporting NAT conversion, the transducer switching system more in order to solve this local problem, obviously cost is higher.
The apparatus and method that the invention provides a kind of network address translation cheaply solve the problems referred to above, and it is applied on the network equipment with nat feature, and on the router such as Fig. 1, the present invention does not need the respective switch under router to carry out any variation.In order to make those skilled in the art more clear and clear, below in conjunction with drawings and Examples, introduce in detail specific implementation of the present invention.
Please refer to Fig. 2 and Fig. 3, described device can be realized by software, and it operates in the hardware environment of router, and the present invention there is no specific (special) requirements to the hardware environment of router, and this device comprises: forward conversion module and reverse conversion module.This device is carried out following handling process in running:
Step 101, receiving internal network main frame after the forward data message of external network transmission, host IP address and host side slogan as source IP address and source port number in this data message is converted to public network IP address and local port number, and the corresponding conversion of generation record, this forward conversion module is further used for determining the access sign of this main frame, and conversion record and this access sign corresponding relation are kept in conversion record sheet, then described forward data message is sent.This step is carried out by forward conversion module.
In this step, suppose under the application scenarios shown in Fig. 1, host PC 1 and PC2 are by 80 ports of local port 1 access Web server, router receives after the data message of main frame transmission, resolve described data message, obtain wherein five-tuple information, because the five-tuple information of host PC 1 and PC2 may be identical, think the hexa-atomic sign of differentiation when the different sessions of distinguishing two different main frames, the present invention are introduced the access sign of main frame and change as NAT.
A kind of preferred embodiment in, the access of described main frame sign is the incoming interface sign of forward data message on router, by network management configuration, generally, the incoming interface between different departments on router is also different.The present invention utilizes this feature to introduce access sign just, and session is expanded to hexa-atomic group from five-tuple.Six tuple information of host PC 1 and PC2 can be not identical, so the session that PC1 and PC2 initiate can not clash, and can be routed device and treat as different sessions, even if IP address is all identical with port numbers in both messages.When the forward data message (namely its data message sending to external network) of receiving from PC, forward conversion module can be converted to public network IP address and local port number using host IP address and the host side slogan as source IP address and source port number in this forward data message, and described local port number is that NAT device (router in corresponding diagram 1) is the port numbers of its distribution.Then preserve conversion record sheet as shown in table 1.
| Main frame | Host IP address | Host side slogan | Message incoming interface | Public network IP address | Local port number |
| PC1 | 192.168.0.12 | 1 | P1 | 202.108.32.33 | 255 |
| PC2 | 192.168.0.12 | 1 | P2 | 202.108.32.33 | 256 |
Table 1
Like this, through NAT conversion host PC 1 and PC2 later, just have unique mutually do not conflict public network IP address and local port number.And then router just can send described forward data message.The situation that table 1 is described is situation about all sending from same outgoing interface after the message of hypothesis PC1 and PC2 is changed by NAT.If when certainly sending from the different outgoing interfaces of router, public network IP address is normally different.
Step 102, after receiving the reverse data message of external network transmission, according to the object IP address of this reverse data message and destination slogan, inquire about described conversion record sheet, if conversion record of query hit is converted to corresponding host IP address and host side slogan according to this conversion record by the object IP address of this reverse data message and destination slogan, then according to conversion record, from conversion record sheet, obtain with the conversion of hitting and record corresponding access sign, described reverse data message is sent to main frame from interface corresponding to this access sign.This step is carried out by reverse conversion module.
Particularly, receive after the reverse data message of external network transmission, resolve described data message, if the object IP address of this data message is 202.108.32.33, destination slogan is 255, by the inquiry to conversion record sheet, find that its corresponding host IP address is 192.168.0.12, corresponding host side slogan is 1, corresponding two main frames of described IP address and port numbers, now, for guaranteeing that data message can normally send, also need to continue to check described conversion record sheet, in the conversion record of query hit, corresponding access identifies, then the access by this correspondence identifies corresponding interface described reverse data message is sent to main frame.A kind of preferred embodiment in, the access of described main frame sign is the incoming interface sign of forward data message, the outgoing interface that is to say reverse data message is exactly the incoming interface of forward data message.Further check table 1, described message incoming interface is P1, so reverse conversion module just sends to host PC 1 by described reverse data message by described forward data message incoming interface P1.
Owing to having occurred two main frames that IP address is identical in Intranet, so in the process sending at described reverse data message, just can not search the overall ARP list item on NAT device, because only can preserve a corresponding MAC Address for same IP address in ARP list item.Now to the forwarding of described reverse data message, can adopt the mode of broadcasting in local area network (LAN) to send to PC1.Also can adopt the mode of Real-time Obtaining MAC Address, in this mode, first to broadcast an Address requests bag, the private network IP address that is filled with PC1 in this request bag, sends by described interface P1, and the All hosts in the local area network (LAN) at PC1 place all can receive this request, only have under normal circumstances PC1 can provide response packet, in this bag, be filled with the MAC Address of PC1, after obtaining the MAC Address of PC1, further send described reverse data message.
In the better execution mode of another kind, the present invention is in step 101 processing procedure, and forward conversion module is further used for preserving the corresponding relation between this conversion record and host MAC address, like this, will preserve conversion record sheet as shown in table 2.
Table 2
Oppositely forwarding module just can further find the MAC Address of described main frame when forwarding reverse data message from table 2, and then encapsulates described reverse data message according to described host MAC address, and it is directly sent to main frame 1 from incoming interface P1.
By above description, can find out, technical scheme provided by the invention can realize the in the situation that of address multiplex, the normal forwarding of data message.Further, forward message is distinguished by message incoming interface, is convenient to management, and oppositely message is realized message correctly by incoming interface and MAC Address and sent to main frame.Compare traditional NAT conversion regime, the present invention, without at the extra NAT device of a plurality of switch deploy, realizes cost cheaper, more can avoid to a great extent switch to be difficult to dispose the embarrassment of nat feature.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (8)
1. a network address conversion device, is applied on the network equipment with nat feature, and this device comprises:
Forward conversion module, for receiving internal network main frame after the forward data message of external network transmission, host IP address and host side slogan as source IP address and source port number in this data message is converted to public network IP address and local port number, and the corresponding conversion of generation record, this forward conversion module is further used for determining the access sign of this main frame, and conversion record and this access sign corresponding relation are kept in conversion record sheet, then described forward data message is sent;
Reverse conversion module, for after receiving the reverse data message of external network transmission, according to the object IP address of this reverse data message and destination slogan, inquire about described conversion record sheet, if conversion record of query hit is converted to corresponding host IP address and host side slogan according to this conversion record by the object IP address of this reverse data message and destination slogan, then according to conversion record, from conversion record sheet, obtain with the conversion of hitting and record corresponding access sign, this reverse data message is sent to main frame from interface corresponding to this access sign.
2. device according to claim 1, is characterized in that,
Described access is designated the incoming interface sign of forward data message.
3. device according to claim 1, is characterized in that,
Forward conversion module is further used for preserving the corresponding relation between this conversion record and host MAC address;
Reverse conversion module is further used for obtaining corresponding host MAC address according to the conversion record hitting, and then according to described host MAC address, encapsulates described reverse data message.
4. device according to claim 1, is characterized in that, reverse conversion module is further used for described reverse data message by the mode of broadcasting, to send to main frame from corresponding interface.
5. a method for network address translation, is applied on the network equipment with nat feature, and the method comprises:
A, after receiving the forward data message that internal network main frame sends to external network, host IP address and host side slogan as source IP address and source port number in this data message is converted to public network IP address and local port number, and the corresponding conversion of generation record, this forward conversion module is further used for determining the access sign of this main frame, and conversion record and this access sign corresponding relation are kept in conversion record sheet, then described forward data message is sent;
B, after receiving the reverse data message that external network sends, according to the object IP address of this reverse data message and destination slogan, inquire about described conversion record sheet, if conversion record of query hit is converted to corresponding host IP address and host side slogan according to this conversion record by the object IP address of this reverse data message and destination slogan, then according to conversion record, from conversion record sheet, obtain with the conversion of hitting and record corresponding access sign, this reverse data message is sent to main frame from interface corresponding to this access sign.
6. method according to claim 5, is characterized in that,
Described access is designated the incoming interface sign of forward data message.
7. method according to claim 6, is characterized in that,
Steps A further comprises: preserve the corresponding relation between this conversion record and host MAC address;
Step B further comprises: according to the conversion record hitting, obtain corresponding host MAC address, then according to described host MAC address, encapsulate described reverse data message.
8. method according to claim 6, is characterized in that,
Step B further comprises: described reverse data message is sent to main frame from corresponding interface by the mode of broadcasting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310185284.1A CN104168338A (en) | 2013-05-16 | 2013-05-16 | Network address conversion device and network address conversion method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310185284.1A CN104168338A (en) | 2013-05-16 | 2013-05-16 | Network address conversion device and network address conversion method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104168338A true CN104168338A (en) | 2014-11-26 |
Family
ID=51911959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310185284.1A Pending CN104168338A (en) | 2013-05-16 | 2013-05-16 | Network address conversion device and network address conversion method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104168338A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104754074A (en) * | 2015-03-31 | 2015-07-01 | 江苏恒信和安电子科技有限公司 | Self-conversion network segment router |
| WO2016206511A1 (en) * | 2015-06-26 | 2016-12-29 | 中兴通讯股份有限公司 | Method and device for implementing nat |
| CN107172120A (en) * | 2017-03-27 | 2017-09-15 | 联想(北京)有限公司 | Information processing method, processing node and network node |
| CN107547666A (en) * | 2016-06-24 | 2018-01-05 | 迈普通信技术股份有限公司 | The implementation method and device of network address translation |
| CN108337299A (en) * | 2018-01-18 | 2018-07-27 | 新华三技术有限公司 | NAT information synchronization methods and device |
| CN111147618A (en) * | 2019-12-20 | 2020-05-12 | 视联动力信息技术股份有限公司 | Communication method, communication device, electronic equipment and storage medium |
| CN111953770A (en) * | 2020-08-07 | 2020-11-17 | 平安科技(深圳)有限公司 | Route forwarding method and device, route equipment and readable storage medium |
| CN112333298A (en) * | 2020-12-01 | 2021-02-05 | 武汉绿色网络信息服务有限责任公司 | Message transmission method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7333492B2 (en) * | 2004-08-31 | 2008-02-19 | Innomedia Pte Ltd | Firewall proxy system and method |
| CN101465889A (en) * | 2008-12-03 | 2009-06-24 | 北京星网锐捷网络技术有限公司 | Network address translation equipment and request method of response address analysis protocol |
| CN101552745A (en) * | 2008-03-31 | 2009-10-07 | 华为技术有限公司 | Method and device for realizing NAT |
| CN101599899A (en) * | 2009-07-06 | 2009-12-09 | 杭州华三通信技术有限公司 | The access method of employing network address translation (NAT) device for supporting multi-networking and equipment |
| CN101729606A (en) * | 2008-10-22 | 2010-06-09 | 华为技术有限公司 | Method and relevant equipment for realizing network address conversion |
-
2013
- 2013-05-16 CN CN201310185284.1A patent/CN104168338A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7333492B2 (en) * | 2004-08-31 | 2008-02-19 | Innomedia Pte Ltd | Firewall proxy system and method |
| CN101552745A (en) * | 2008-03-31 | 2009-10-07 | 华为技术有限公司 | Method and device for realizing NAT |
| CN101729606A (en) * | 2008-10-22 | 2010-06-09 | 华为技术有限公司 | Method and relevant equipment for realizing network address conversion |
| CN101465889A (en) * | 2008-12-03 | 2009-06-24 | 北京星网锐捷网络技术有限公司 | Network address translation equipment and request method of response address analysis protocol |
| CN101599899A (en) * | 2009-07-06 | 2009-12-09 | 杭州华三通信技术有限公司 | The access method of employing network address translation (NAT) device for supporting multi-networking and equipment |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104754074A (en) * | 2015-03-31 | 2015-07-01 | 江苏恒信和安电子科技有限公司 | Self-conversion network segment router |
| WO2016206511A1 (en) * | 2015-06-26 | 2016-12-29 | 中兴通讯股份有限公司 | Method and device for implementing nat |
| CN107547666A (en) * | 2016-06-24 | 2018-01-05 | 迈普通信技术股份有限公司 | The implementation method and device of network address translation |
| CN107172120A (en) * | 2017-03-27 | 2017-09-15 | 联想(北京)有限公司 | Information processing method, processing node and network node |
| CN107172120B (en) * | 2017-03-27 | 2022-06-28 | 联想(北京)有限公司 | Information processing method, processing node and network node |
| CN108337299A (en) * | 2018-01-18 | 2018-07-27 | 新华三技术有限公司 | NAT information synchronization methods and device |
| CN111147618A (en) * | 2019-12-20 | 2020-05-12 | 视联动力信息技术股份有限公司 | Communication method, communication device, electronic equipment and storage medium |
| CN111147618B (en) * | 2019-12-20 | 2022-12-23 | 视联动力信息技术股份有限公司 | Communication method, communication device, electronic equipment and storage medium |
| CN111953770A (en) * | 2020-08-07 | 2020-11-17 | 平安科技(深圳)有限公司 | Route forwarding method and device, route equipment and readable storage medium |
| CN111953770B (en) * | 2020-08-07 | 2022-11-25 | 平安科技(深圳)有限公司 | Route forwarding method and device, route equipment and readable storage medium |
| CN112333298A (en) * | 2020-12-01 | 2021-02-05 | 武汉绿色网络信息服务有限责任公司 | Message transmission method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104168338A (en) | Network address conversion device and network address conversion method | |
| US8767737B2 (en) | Data center network system and packet forwarding method thereof | |
| CN101227407B (en) | Method and apparatus for sending message based on two layer tunnel protocol | |
| US7836160B2 (en) | Methods and apparatus for wiretapping IP-based telephone lines | |
| CN102160328B (en) | Central controller for coordinating multicast message transmissions in distributed virtual network switch environment | |
| CN102355417A (en) | Data center two-layer interconnection method and device | |
| CN107317752B (en) | Method and device for forwarding data message | |
| WO2007009367A1 (en) | A method for duplicate address detection in the two-layer access network supporting ipv6 and a system thereof | |
| CN101924707A (en) | Method and equipment for processing message of address resolution protocol (ARP) | |
| CN103248720A (en) | Method and device for inquiring physical address | |
| CN109639552B (en) | Three-layer forwarding method and device | |
| CN101877671A (en) | Sending method of mirror image message, switch chip and Ethernet router | |
| WO2021008591A1 (en) | Data transmission method, device, and system | |
| CN102984031B (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN1856163B (en) | Communication system with dialog board controller and its command transmitting method | |
| CN112968965B (en) | Metadata service method, server and storage medium for NFV network node | |
| CN107733930B (en) | Method and system for forwarding Internet Protocol (IP) packets at multiple WAN network gateways | |
| CN105897542B (en) | Tunnel establishment method and video monitoring system | |
| US20060209830A1 (en) | Packet processing system including control device and packet forwarding device | |
| CN110351772B (en) | Mapping between wireless links and virtual local area networks | |
| CN107547621B (en) | Message forwarding method and device | |
| CN108667735B (en) | Method and device for forwarding multicast data | |
| CN104320340A (en) | Method and device for defining study source MAC address in network by software | |
| WO2017036384A1 (en) | Provider edge device and data forwarding method | |
| CN104683491B (en) | A kind of method and system for the Internet Protocol address for obtaining virtual machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141126 |
|
| RJ01 | Rejection of invention patent application after publication |