Summary of the invention
In view of this, the invention provides a kind of method and apparatus that improves the nat address pool level of resources utilization, make the nat address pool resource in polymerization board can be multiplexing, solved the waste problem of nat address pool resource in polymerization board.
For realizing the object of the invention, implementation of the present invention is specific as follows:
A kind of method that improves the nat address pool level of resources utilization, be applied to the network equipment, the described network equipment comprises at least one business board, and multiple business boards of processing same kind are divided into same aggregation group, the business mainboard of described same aggregation group disposes identical nat address pool resource, said method comprising the steps of:
Receive the forward message sending to outer net, extract the object IP address in described forward message, according to described object IP address, described forward dispatching message to the business board card with nat feature is processed;
Receive the reverse message sending to Intranet, extract the source IP address of described reverse message, according to described source IP address, described reverse dispatching message to the business board card with nat feature is processed, wherein, when the source IP of described reverse message is identical with the object IP of described forward message, described forward message is processed at same business board card with reverse message.
The present invention also provides a kind of device that improves the nat address pool level of resources utilization, be applied to the network equipment, the described network equipment comprises at least one business board, and multiple business boards of processing same kind are divided into same aggregation group, it is characterized in that, the business mainboard of described same aggregation group disposes identical nat address pool resource, and described device comprises:
Preposition module, for receiving the forward message sending to outer net, extracts the object IP address in described forward message, according to described object IP address, described forward dispatching message to the business board card with nat feature is processed;
Rearmounted module, for receiving the reverse message sending to Intranet, extract the source IP address of described reverse message, according to described source IP address, described reverse dispatching message to the business board card with nat feature is processed, wherein, when the source IP of described reverse message is identical with the object IP of described forward message, described forward message is processed at same business board card with reverse message.
Compared with prior art, the present invention by configuring identical nat address pool resource on all business mainboards of same aggregation group, allow all business boards in same aggregation group share nat address pool resource, and the forward message of same session and reverse message are carried out on the same business board with nat feature, ensureing on the basis of aggregation group business datum shunting, network while having realized a certain business board card failure switches fast, and has solved the problem of the NAT wasting of resources.
Embodiment
The invention provides a kind of method and apparatus that improves the nat address pool level of resources utilization, by configure identical nat address pool resource on all business boards of same polymerization, and make forward message and reverse message through the same business board with nat feature, can ensure data distribution, and when in aggregation group, a certain business board breaks down, handover network solve the problem of the nat address pool wasting of resources fast.
In carrying out network design, manager may insert the business board that can do Business Processing of the same race in distributed apparatus (such as typical frame type equipment) simultaneously, then does the polymerization of board level to doing the business board of business of the same race.Business, can be interpreted as visually that a business board adds same cloud territory here, owing to relating to NAT business, NAT business need to be distinguished inside and outside both direction conventionally, and therefore in logical concept, this cloud territory can be divided into again cloud and overseas cloud in territory.In theory, can select respectively in territory (conventionally corresponding to NAT Intranet) to share algorithm and overseas (NAT outer net outer net) shares algorithm, in territory, cloud and overseas cloud are symmetries just conventionally.
Next manager can configure the nat address pool resource in cloud territory, and the every business board that now belongs to this cloud territory all has identical nat address pool resource information.If certain piece board generation equipment fault in cloud territory, equipment is automatically from the deletion fault board in cloud territory, because there being identical nat address pool resource information on all business boards, so a business board card failure in cloud territory can't cause the waste of nat address pool resource.
Please refer to Fig. 1, for a kind of method that improves nat address pool resource utilization provided by the invention, be applied to the network equipment, the described network equipment comprises at least one business board, and the business board of processing same kind is divided into same aggregation group, the business mainboard of described same aggregation group disposes identical nat address pool resource, said method comprising the steps of:
Step 101, receives the forward message sending to outer net, extracts the object IP address in described forward message, according to described object IP address, described forward dispatching message to the business board card with nat feature is processed;
Particularly, client, carrying out in mutual process with outer net, is first sent to the IP message that carries private network IP on NAT device, after the source IP address of IP message being converted to public network IP by private network IP after NAT conversion, then is forwarded to outer net by NAT device.In the present invention, in the message interaction process of Intranet and outer net, mutual message carries out NAT conversion and forwarding by the network equipment that includes the business board with nat feature.
The described network equipment is generally frame type equipment, can insert polylith business board simultaneously, in the present invention, the business board of processing same kind is divided into same aggregation group, and configure identical nat address pool resource for same aggregation group, just can share nat address pool resource at all business boards of same aggregation group like this, nat address pool resource generally comprises one or more public network IP address.In the present invention, for the different business board in same aggregation group, it also likely uses identical public network address simultaneously, greatly like this can improve NAT resource utilization.In order to express easily, the message that is sent to outer net by Intranet is called to forward message.When the described network equipment receive Intranet to outer net send forward message time, first extract the object IP address in described forward message, utilize default forward message to share algorithm according to described object IP address and calculate, and described forward dispatching message to the business board card of the nat feature having calculating is processed.Step 102, receive the reverse message sending to Intranet, extract the source IP address of described reverse message, according to described source IP address, described reverse dispatching message to the business board card with nat feature is processed, wherein, when the source IP of described reverse message is identical with the object IP of described forward message, described forward message is processed at same business board card with reverse message.
Particularly, corresponding with step 101, outer network server receives after described forward message, can return to corresponding message to client, and service turns back to the message of client and will process the message source IP address returning is converted to private net address by public network address through NAT equally.In order to express easily, the message that is sent to Intranet by outer net is become to reverse message herein.In the present invention, when the described network equipment receive outer net to Intranet send reverse message time, can extract the source IP address in described reverse message, utilizing default reverse message to share algorithm according to described IP address calculates, and described reverse dispatching message to the business board card with nat feature calculating is processed, wherein, described reverse message shares algorithm and described forward message is shared algorithm symmetry, be used for ensureing the forward message of same session and oppositely message on same business board, process, ensure in Intranet between a certain main frame and outer net main frame communicate by letter unaffected.In the present invention by configuration forward message the algorithm of sharing with reverse message, can no longer specify message through which the piece business board in aggregation group, a large amount of IP address-based ACL configurations are reduced, simultaneously because equipment can be delivered to business in aggregation group upper the sharing of service traffics of having accomplished of applying for card message according to sharing algorithm.It should be noted that equally, described reverse message is shared algorithm to be had multiplely, specifically uses which kind of algorithm to be selected according to actual needs by user.
Step 103 in the time that at least one business board breaks down in same aggregation group, is deleted the business board breaking down in aggregation group.
Particularly, in the normal course of operation of equipment, if in aggregation group there is suddenly equipment fault in certain piece business board, equipment is deleted the business board breaking down automatically in aggregation group, so no matter sharing in algorithm computational process in forward message repeating or reverse message repeating process, can not have the business board breaking down, business datum flow just can not delivered to the business board breaking down yet.In the time E-Packeting arrival equipment, can, according to the business board of sharing algorithm and reselect data message process, so also just realize the quick switching of service traffics, and can not affect normally carrying out of network.
Because nat address pool resource distribution is in aggregation group on all business board, nat address pool resource distribution is for whole aggregation group, as long as have business board normally to move in same aggregation group, nat address pool resource just can normally be used, therefore, even if wherein a certain business board breaks down, the nat address pool resource of same aggregation group is still in effective status, there will not be to monopolize nat address pool resource because of certain business board and cannot reclaim the situation that causes the NAT wasting of resources.
The present invention describe in detail below in conjunction with specific embodiment in order to illustrate in further detail.Please refer to Fig. 2, is the network environment figure of the embodiment of the present invention.For example, in the time that the PC1 of Intranet in Fig. 2 accesses the server 1 of outer net, wherein, the private network IP address of described PC1 is 192.168.0.2, needing the IP address of the outer network server 1 of access is 218.30.13.36, sends to source IP, object IP in the forward message of the network equipment as shown in the list item before NAT in table 1 changes so at PC1.The network equipment is received after described forward message, extract the object IP address 218.30.13.36 of described forward message, utilizing default forward message to share algorithm, to calculate the business board that described IP address 218.30.13.36 is corresponding be business board 1, so described forward dispatching message to the business board 1 of the nat feature having is processed.Please refer to table 1, business board 1 does NAT conversion to described forward message, obtain the public network IP address 61.159.62.130 in nat address pool resource pool, source IP address in described forward message is converted to public network IP address 61.159.62.130 by private network IP address 192.168.0.2, and the forward message after conversion is forwarded to the server 1 of outer net according to object IP address 218.30.13.36.
Table 1
Further, receive after described forward message when server, respond reverse message to described PC.Source IP, object IP in the reverse message that server 1 returns is so as shown in the list item before NAT conversion in table 2.Server 1 is sent to the network equipment according to object IP address in reverse message by described reverse message.The network equipment is received after described reverse message, extract the source IP address 218.30.13.36 of described reverse message, utilizing default reverse message to share algorithm, to calculate the business board that described IP address 218.30.13.36 is corresponding be business board 1, so described reverse dispatching message to the business board 1 of the nat feature having is processed.Business board 1 does NAT conversion to described reverse message, according to the NAT conversion record of this equipment, object IP address in described reverse message is converted to private network IP address 192.168.0.2 by public network IP address 61.159.62.130, and the reverse message after conversion is forwarded to Intranet PC1 according to object IP address 192.168.0.2.
Table 2
It should be noted that, in above-mentioned message repeating process, because described forward message is shared algorithm and described reverse message is shared algorithm symmetry, just realized identical IP address 218.30.13.36 corresponding and business board 1 simultaneously.In addition, the process of the outer network server 2 of PC2 access of Intranet is identical with said process, no longer burdensome at this.Mutual message between PC2 and server 2 is applied for card and 2 is carried out NAT conversion and forwarding through business, has so just realized service distributing.
Especially it should be noted that: the IP address 192.168.0.3 that supposes PC2, the object IP address 218.30.13.37 of its access, suppose that forward message that PC2 sends is shared on business board 2 and process, now business board 2 can complete NAT conversion with this public network IP address of 61.159.62.130 equally.In the time that reverse message is returned, share owing to now adopting source IP address (identical with the object IP address of forward message), therefore send to the reverse message of PC1 to be scheduled on business board 1 and to process because of the sharing algorithm of symmetry, send to the reverse message of PC2 can be scheduled for processing on business board 2.Now business board 1 can be converted to 192.168.0.2 by the object IP address 61.159.62.130 of reverse message according to the NAT conversion record of self, then sends to PC1; Business board 2 can be converted to 192.168.0.3 by the object IP address 61.159.62.130 of reverse message according to the NAT conversion record of self, then sends to PC2.
It should be noted that, the present invention is applicable equally for use side slogan NAT switch technology, in this NAT switch technology, the concept of public network IP address is extended to " public network IP address+port numbers ", and equipment can be changed with " public network IP address+port numbers " this combination the combination of " private network IP address+port numbers " in message." public network IP address+port numbers " can be shared multiplexing equally in the present invention, that is to say that different business boards is stuck in the mode that can use identical " public network IP address+port numbers " when carrying out NAT conversion, specific implementation principle is consistent, repeats no more.
Can be found by above description, in the present invention, different business boards can provide NAT Transformation Service by identical nat address pool resource, the utilance of public network IP address obtains lifting exponentially, it is better than prior art far away in saving public network IP address resources, in today of IPv4 address scarcity, its meaning is self-evident.
In the reciprocal process of above-mentioned forward and reverse message, if when business board 1 breaks down, the network equipment is just deleted business board 1, in the time that the network equipment receives that PC1 sends to the forward message of server again, can utilize forward message share algorithm or anyway message share algorithm and calculate the new business board for IP address 218.30.13.36, such as the business N that applies for card, so just can the transmission of guarantee business normal.Meanwhile, due to business board N and the shared identical nat address pool resource of business board 1, there is not the situation of the nat address pool wasting of resources.
Please refer to Fig. 3, the present invention also provides a kind of device that improves the nat address pool level of resources utilization, be applied to the network equipment, the described network equipment comprises at least one business board, and the business board of processing same kind is divided into same aggregation group, the business mainboard of described same aggregation group disposes identical nat address pool resource, and described device comprises:
Preposition module 301, for receiving the forward message sending to outer net, extracts the object IP address in described forward message, according to described object IP address, described forward message repeating to the business board card with nat feature is processed;
Described preposition module 301 is further used for: extract the object IP address in described forward message, utilizing default forward message to share algorithm according to described IP address calculates, and described forward dispatching message to the business board card of the nat feature having calculating is processed, wherein, described forward message is shared algorithm and is shared algorithm symmetry with reverse message.
Rearmounted module 302, for receiving the reverse message sending to Intranet, extract the source IP address of described reverse message, according to described source IP address, described reverse dispatching message to the business board card with nat feature is processed, wherein, when the source IP of described reverse message is identical with the object IP of described forward message, described forward message is processed at same business board card with reverse message.
Described rearmounted module 302 is further used for: extract the source IP address in described reverse message, utilizing default reverse message to share algorithm according to described IP address calculates, and described reverse dispatching message to the business board card with nat feature calculating is processed, wherein, described reverse message is shared algorithm and described forward message is shared algorithm symmetry.
Further, described device also comprises: fault processing module 303, in the time that at least one business board breaks down in same aggregation group, in aggregation group, delete the business board breaking down.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.