CN1567907A - A method for utilizing network address resource - Google Patents
A method for utilizing network address resourceDownload PDFInfo
- Publication number
- CN1567907A CN1567907ACN 03148859CN03148859ACN1567907ACN 1567907 ACN1567907 ACN 1567907ACN 03148859CN03148859CN 03148859CN 03148859 ACN03148859 ACN 03148859ACN 1567907 ACN1567907 ACN 1567907A
- Authority
- CN
- China
- Prior art keywords
- address
- network
- owned
- publicly
- counter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Translated fromChinese
Description
Technical field
The present invention relates to network address resources utilizing technology in the network address translation, be specifically related to a kind of network address resources utilizing method.
Background technology
Along with the Internet network expands with astonishing speed, shortage of IP address and route scale be increasing to have become a quite serious problem.In order to address this problem, multiple solution has appearred.A kind of in present network environment relatively effective method be NAT (network address translation) function.The function of NAT just is meant a network internal, as required can random self-defined IP address, and do not need through application.In network internal, each intercomputer carries out communication by the IP address of inside, and when inner computer will carry out communication with exterior I nternet network, the responsible IP address transition that it is inner of equipment (such as router) with nat feature is a legal IP address, promptly, communicate through the IP address of application.The typical application of NAT is that NAT is arranged on the router of junction of in-house network and external common net.NAT is responsible for converting the IP source address of the vacation of inside to legitimate ip address when the IP packet leaves in-house network.When the IP packet entered in-house network, NAT converted legal IP destination address to inner false IP address.
When carrying out address transition, because range of port number has only 64K at most, therefore a publicly-owned address is often not enough, usually form an address pool with one group of continuous publicly-owned address, when internal network visit external network, in address pool, select the source address in the alternative IP bag of an external address, and form an address transition relation table, utilize this table to realize forward network address translation and the reduction of reverse address.
For the address resource utilization in the address pool, the following two kinds of methods of many at present employings:
First method is static address conversion, adopts the address correlation mode, and address pool is divided into two groups, and first group is used for direct address assignment as the HASH table, and second group is used for using when first set of dispense is unsuccessful.The institutional framework in two group address ponds is identical, as shown in Figure 1, is the array of a 64K list item of each IP address assignment, and wherein each list item is represented a port, and this port numbers and IP address constitute an address pool resource together.When a data flow is made network address translation, choose a list item among the first group address pond IP1-IPk by this data flow being carried out HASH, utilizing the address that provides in this list item to carry out source address replaces, if this list item dispenses, then in the second group address pond IPn, distribute an idle list item, and should the free time list item in the list item in the first group address pond that HASH chooses with pointed, if the follow-up situation that also has identical HASH to hit, then proceed to and distribute an idle list item among the IPn, and prolong the conflict chained list.In the method, address pool and the unification of address transition relation table, forward and oppositely address transformational relation table unification.
Adopt this method, the utilance of address pool is lower, and especially when HASH was inhomogeneous, address conflict can be very big; The mode of using chained list to manage conflict in addition, efficient is very low when conflict is big.
Second method is the dynamic address conversion, adopt the bitmap interrelational form, as shown in Figure 2, each address pool has a plurality of IP address, address resource is distributed by port numbers in each IP address, corresponding one of each port numbers, and each ULONG represents the state of a port, so 2K ULONG type integer just can be represented all port numbers (range of port number has only 64K at most).During connection,,, connect when discharging, this is connected the corresponding position clear 0 of corresponding port then with the position 1 of this port correspondence if a port dispenses.The network address translation relation table is organized into the HASH list structure, searches as keyword with source/destination address, source/destination slogan, the IP protocol number of data flow, and forward and reverse network address translation is searched HASH table separately respectively.
Adopt this method, the utilance of address pool increases than first method, but an IP address+port numbers is to still being used for a connection, for example, support the connection of 512K, need 512K/64K=8 IP address at least, the utilance of address pool resource is still limited.
Summary of the invention
The objective of the invention is to overcome the shortcoming of above-mentioned prior art, provide a kind of reusable address pool resource, committed memory is few and safeguard simple address utilization of resources method, solves the address shortage problem of Internet effectively.
The invention provides a kind of network address resources utilizing method, be used for carrying out publicly-owned address assignment and conversion in network address translation, the method comprising the steps of:
Set up an address pool HASH table, described address pool is represented one group of continuous publicly-owned address, the corresponding publicly-owned address resource of the content of described address pool HASH table;
Publicly-owned " the IP address+port numbers " of taking out correspondence according to the purpose tlv triple " protocol number+purpose IP address+destination slogan " of internal network customer traffic from described address pool HASH table is right;
Five-tuple " source IP address+source port number+protocol number+purpose IP address+destination slogan " and described publicly-owned " IP address+port numbers " according to described internal network customer traffic are right, set up forward network address translation relation table and reverse network address translation relation table respectively.
Preferably, the described step of setting up an address pool HASH table comprises: the size of setting described address pool HASH table is 2 of 64KN(N=0,1,2...) doubly.
Alternatively, the described step of setting up an address pool HASH table comprises: set described address pool HASH table corresponding 2N(N=0,1,2 ...) individual IP address.
Preferably, the described step of setting up an address pool HASH table comprises: the content of setting each list item of described address pool HASH table is a counter, and described counter is represented the distribution pointer of all publicly-owned address resources.
Alternatively, the content of each list item of the described address pool HASH of described setting table is that the step of a counter comprises: the figure place of setting described counter be 16+N (N=0,1,2 ...).
Alternatively, the described step of setting up an address pool HASH table comprises: the content of setting each list item of described address pool HASH table is two counters, wherein, first counter is represented the distribution pointer of all publicly-owned address resources, and another counter is used for described first counter corresponding address resource allocation counting.
Preferably, described purpose tlv triple according to the internal network customer traffic " protocol number+purpose IP address+destination slogan " corresponding publicly-owned " IP address+port numbers " right step of taking-up from described address pool HASH table comprises step:
Get the purpose tlv triple " protocol number+purpose IP address+destination slogan " of internal network customer traffic and carry out the HASH computing, obtain a HASH value,
Search described address pool HASH table with described HASH value,
Take out the list item in the corresponding described address pool of described HASH value,
It is right to obtain described publicly-owned " IP address+port numbers " according to the list item in the described address pool of taking out.
Alternatively, describedly obtain described publicly-owned " IP address+port numbers " right step according to the list item in the described address pool of taking out and comprise step:
Obtain the value of the counter of described list item correspondence according to the list item in the described address pool of described taking-up,
By high 16 the corresponding publicly-owned port numbers of purpose tlv triple " protocol number+purpose IP address+destination slogan " that obtain described internal network customer traffic of value of described counter,
Deduct the corresponding public ip address of purpose tlv triple " protocol number+purpose IP address+destination slogan " that remaining low level after high 16 is obtained described internal network customer traffic by the value of described counter.
Alternatively, described value by described counter deducts remaining low level after high 16 and obtains the step of the corresponding public ip address of the purpose tlv triple " protocol number+purpose IP address+destination slogan " of described internal network customer traffic and comprise step:
Set up a public ip address concordance list, the content representation public ip address of described public ip address concordance list,
Remaining value after the value that obtains described counter deducts high 16,
As index value, search described public ip address concordance list with described remaining value,
Take out the public ip address of corresponding described index value in the described public ip address concordance list.
Alternatively, described five-tuple according to described internal network customer traffic " source IP address+source port number+protocol number+purpose IP address+destination slogan " and described publicly-owned " IP address+port numbers " are right, and the step of setting up forward network address translation relation table and reverse network address translation relation table respectively comprises step:
Data flow five-tuple " source IP address+source port number+protocol number+purpose IP address+destination slogan " and described publicly-owned " IP address+port numbers " to carrying out the HASH computing, are generated forward network address translation table item and reverse network address translation table item respectively;
The described forward network address translation table item that generates is inserted in the described forward network address translation relation table;
If existing same list item is then redistributed publicly-owned address to described internal network user in the described forward network address translation relation table;
The described reverse network address translation table item that generates is inserted in the described reverse network address translation relation table.
Owing in network address translation, adopted above-mentioned network address resources to utilize method, make the address pool resource dynamically to reuse, improved the utilance of address resource, like this, to only applying for a small amount of IP address but often there are a plurality of users to go up the situation of external network simultaneously, this conversion is extremely useful.
Description of drawings
Fig. 1 has described the network address resources of available technology adopting address correlation mode and has utilized schematic diagram;
Fig. 2 has described the network address resources of available technology adopting bitmap interrelational form and has utilized schematic diagram;
Fig. 3 has described the flow chart of the step of the preferred embodiments of the present invention network address resources utilizing method;
Fig. 4 has described the content and structure figure of the address pool HASH table of a 64K in the preferred embodiments of the present invention network address resources utilizing method;
Fig. 5 has described the content and structure figure of the address pool HASH table of a 128K in the preferred embodiments of the present invention network address resources utilizing method;
Fig. 6 has described the content and structure of a kind of preferred address pond HASH table in the preferred embodiments of the present invention network address resources utilizing method.
Embodiment
Before the present invention is described in further detail with execution mode in conjunction with the accompanying drawings, at first to the publicly-owned address resource of address pool can dynamic multiplexing principle do one and describe in detail:
The NAT technology improves effective rate of utilization to registered address by address multiplex.IP address multiplex method concrete in the NAT technology is: use privately owned virtual address, i.e. several sections private network IP addresses that kept by the Internet address assignment committee (IANA) in in-house network.Because the routing iinformation of this part address is under an embargo and appears in the Internet backbone network, if so use these addresses in Internet is can correctly do not transmitted by any router, thereby also just can not clash each other because of everybody uses these addresses.The real IP address pond (IP Pool) that certain address transition relation table is set in border router and keeps a registration, is corresponding registered address by the translation function in the router with the virtual address map of inside, make internal host can and external host between communicate pellucidly.
The general type of NAT technology is: the NAT gateway is according to certain rule, packet to all turnover carries out source and destination address identification, and source address in the packet from inside to outside replaced to a true address (legal address of registering), and the destination address in the packet of ecto-entad is replaced to corresponding virtual address (the non-registered address of inner usefulness).From the Inbound that goes out of gateway, NAT has forward conversion (to be also referred to as into to conversion, inbound), reverse conversion (is also referred to as out to conversion, outbound) and 3 kinds of forms of bi-directional conversion (bi-directional).From the angle of conversion corresponding relation, NAT also can be divided into static conversion and dynamic translation.So-called static conversion is exactly the one-to-one relationship that pre-sets virtual address and actual address on gateway, does not do real-time change when work; Dynamic translation then need not to set in advance, and directly decides address corresponding relation according to the operating position of network connection and address space by gateway when moving.
In network address translation, the address transition relation table records addresses distributed, port information at least, state, action, the timestamp state information of all right further recording conversation stream, and this moment, the address transition relation table can be described as the stream mode table again.
With the TCP/UDP agreement is example, session for the TCP/UDP agreement, wherein TCP (Transmission Control Protocol) is a transmission control protocol, UDP (User DatagramProtocol) is a User Datagram Protoco (UDP), TCP and UDP are two transport layer protocols in TCP/IP (the Transmission ControlProtocol/Internet Protocol) agreement, their use IP routing function that packet is sent to the destination, thereby provide services on the Internet for application program and application layer protocol.These two kinds of agreements can be carried out the sign of uniqueness according to the five metamessage groups " protocol number+IP source address+TCP/UDP source port number+IP destination address+TCP/UDP destination slogan " of customer traffic;
When carrying out the forward address transition because the IP address of different user and port numbers are inevitable inequality, therefore, only by the binary information group " source IP address+TCP/UDP source port number " of customer traffic but data flow of unique identification just; And when carrying out the reduction of reverse address, use the five metamessage groups " protocol number+IP source address+TCP/UDP source port number+IP destination address+TCP/UDP destination slogan " of customer traffic to come data flow of unique identification.So, when the purpose tlv triple " protocol number+IP destination address+TCP/UDP destination slogan " of user capture not simultaneously, even from address pool, distribute identical publicly-owned address resource (" IP address+TCP/UDP port numbers " to), can not bring conflict yet; On the other hand, if the purpose tlv triple of user capture " protocol number+IP destination address+TCP/UDP destination slogan " is identical, then need to distribute different publicly-owned address Pooled resources (" IP address+TCP/UDP port numbers " to) to distinguish different data flow.This shows that for each purpose tlv triple, the publicly-owned address resource of address pool can reuse.Target five-tuple " IP address+TCP/UDP port numbers+purpose tlv triple " with customer traffic is that the address transition relation table searched in keyword (KEY), just can determine unique transformation table entries, reaches the purpose of the publicly-owned address multiplex of address pool resource.
For other agreement, the publicly-owned address resource of address pool also can reuse:
For example: for the session of ICMP agreement, wherein ICMP (Internet Control MessageProtocol) is an Internet Control Message Protocol, ICMP query session can be by source IP address, purpose IP address and ICMP query ID identify, therefore can indicate different purposes with " purpose IP address+protocol number+ICMP type ", target tlv triple " purpose IP address+protocol number+ICMP type " with customer traffic is that the address transition relation table searched in keyword (KEY), just can determine unique transformation table entries, reach the purpose of the publicly-owned address multiplex of address pool resource;
For other agreement, at least also can indicate different purposes with two tuples " purpose IP address+protocol type " of data flow, and the publicly-owned address resource in multiplexing address pond in view of the above.
The present invention is described in further detail below in conjunction with drawings and embodiments:
With reference to Fig. 3, Fig. 3 has described the flow process of the step of the preferred embodiments of the present invention network address resources utilizing method:
At first set up an address pool HASH table instep 31, described address pool is represented one group of continuous publicly-owned address, the corresponding publicly-owned address resource of the content of described address pool HASH table, and the size of described address pool HASH table is 2 of 64KN(N=0,1,2 ...) doubly.Wherein, the value of N has directly determined the reusability of address, and N obtains big more, and object space is just divided carefully more, thereby the number of times that address pool can reuse is also just many more.During such as N=16, the size of address pool HASH table is 64K, and just each address pool resource at most may multiplexing 64k time, and during N=0, just degenerate for traditional multiplexing address resource method of salary distribution that do not have, promptly an address pool resource can only be connected use by one simultaneously.Simultaneously, notice that N obtains when big more, the internal memory of consumption is also many more.Therefore the value of N will consume in these two factors at reusability and address space and weigh.Hereinafter particular content and the structure that described address pool HASH shows is described in detail with reference to Fig. 4 and Fig. 5.
Refer again to Fig. 3, after setting up address pool HASH table, enterstep 32, get the purpose tlv triple " protocol number+purpose IP address+destination slogan " of internal network customer traffic and carry out the HASH computing, obtain a HASH value, the HASH value that the address pool HASH table of corresponding 64K obtains is 16, and (size that is address pool HASH table is 216=64K), the HASH value that the address pool HASH of corresponding 128K table obtains is 17, and (size that is address pool HASH table is 217=128K), the rest may be inferred;
After obtaining the HASH value, enterstep 33, search above-mentioned address pool HASH table with the HASH value that obtains;
Then, enterstep 34, take out the corresponding list item in the address pool HASH table;
After taking out the corresponding list item in the address pool HASH table, enterstep 35, publicly-owned " the IP address+port numbers " of purpose tlv triple " protocol number+purpose IP address+destination slogan " that obtains corresponding internal network customer traffic according to the corresponding list item in the address pool HASH table that takes out is right;
Then, enterstep 36, target five-tuple " source IP address+source port number+protocol number+purpose IP address+destination slogan " and publicly-owned " IP address+port numbers " are carried out the HASH computing, generate forward network address translation table item and reverse network address translation table item respectively;
Then, enterstep 37, judge the identical list item of forward network address translation table item that whether has in the forward network address translation table with above-mentioned generation,
If identical list item is arranged, then returnstep 34, described internal network user is redistributed
Publicly-owned address,
If there is not identical list item, then enterstep 38, with the forward network address translation that generates
List item is inserted in the forward network address translation relation table;
Then, enterstep 39, the reverse network address translation table item that generates is inserted in the reverse network address translation relation table.
According to the flow process of the step of the preferred embodiments of the present invention network address resources utilizing method shown in Figure 3, when connecting deletion, directly delete the transformation table entries of the correspondence in the NAT transformational relation table, to not operation of address pool.
The flow process of the step of the preferred embodiments of the present invention network address resources utilizing method of describing for Fig. 3 is not only applicable to TCP/UDP and connects, and is suitable equally to the connection based on other agreement, as long as use the KEY that searches of corresponding address transition relation table.
With reference to Fig. 4, Fig. 4 has described the content and structure of the address pool HASH table of a 64K in the preferred embodiments of the present invention network address resources utilizing method:
Address pool HASH table is made up of 64K list item, the content Counter1 of each list item, and Counter2 ..., Counter64K is respectively a counter, the figure place of these counters is identical, and shows the difference of corresponding IP address number and difference by address pool HASH:
Set address pool HASH table corresponding 2N(N=0,1 ...) and individual IP address, then in the address pool HASH table figure place of the counter of each list item representative be 16+N (N=0,1 ...),
For example: if corresponding 1 the IP address of address pool HASH table, N=0 then, each list item is represented one 16 counter in the address pool HASH table; If corresponding 2 the IP addresses of address pool HASH table, N=1 then, each list item is represented one 17 counter in the address pool HASH table.
Wherein, each counter correspondence the assignment of logical pointer of publicly-owned address resource.
In the present invention, need set up a public ip address concordance list, call number of each correspondence and a public ip address of this public ip address concordance list.How to introduce below counter by each list item representative in the address pool HASH table and described public ip address concordance list search publicly-owned " IP address+port numbers " right.
Represented the publicly-owned port numbers that to change for high 16 of counter, the call number of the public ip address concordance list that the low N bit representation of counter will be changed, the corresponding IP address number difference of address pool HASH table is mentioned in the front, then the figure place difference of each list item in the address pool HASH table.If only corresponding 1 the IP address of address pool HASH table, then counter is 16, deduct high 16 after the residue low level be 0 (being N=0), promptly the IP allocation index number is 0, the 1st public ip address in the corresponding public ip address concordance list; If corresponding 2 IP addresses of address pool HASH table, then counter is 17, the residue low level is 1 (being N=1) after deducting high 16, be expressed as 0 and 1 respectively, be that the IP allocation index number is respectively 0 and 1, first public ip address in the 0 corresponding public ip address concordance list, the 2nd public ip address in the 1 corresponding public ip address concordance list, the rest may be inferred.
Fig. 5 has described the content and structure of the address pool HASH table of a 128K in the preferred embodiments of the present invention network address resources utilizing method, the content and structure of this address pool HASH table and address pool HASH epiphase shown in Figure 4 are together, just the capacity of this table is bigger, 128K is arranged, that is to say 128K list item.
Refer again to the flow chart of the step of Fig. 3 the preferred embodiments of the present invention network address resources utilizing method, whereinstep 34 step of taking out the corresponding list item in the address pool HASH table comprises step: when address pool HASH table adopts Fig. 4 and content and structure shown in Figure 5, refresh the counter that each list item is represented in the above-mentioned address pool HASH table simultaneously after taking out the corresponding list item in the address pool HASH table, concrete operations are for adding this Counter Value 1 back write-back, i.e. next publicly-owned address resource is pointed in expression.If the value of counter is overflowed, then the value of counter resets, since 0 counting.Like this, if when an address pool HASH shows corresponding a plurality of IP address, the distribution of publicly-owned address is that the advanced road wheel of IP address field is changeed.
In the preferred embodiments of the present invention shown in Figure 3, when having a large amount of internal users to visit same outside network address by NAT simultaneously, have the conflict of certain probability.
Suppose that a plurality of users send 5K connection request to same destination address simultaneously, when address pool only has an IP address, the probability that may cause conflict on this destination address is 5K/64K=0.08, when also promptly having 8% connection to set up, redistribute the primary address resource.
Collision probability when reducing address assignment, the address pool resource allocation that can be limited to a target HASH space must not surpass a numerical value (such as 30%), so that NAT all the time with fast speed response user's request, can adopt the content and structure mode of address pool HASH table shown in Figure 6.
With reference to Fig. 6, Fig. 6 has described the content and structure of a kind of preferred address pond HASH table in the preferred embodiments of the present invention network address resources utilizing method: address pool HASH table is made up of 64K list item, the content of each list item is respectively two counters, Counter1, Counter1 ', Counter2, Counter2 ', ..., Counter64K, Counter64K '.
Counter Counter1 wherein, Counter2, ..., counter Counter1 described in the content and structure of the address pool HASH of 64K table in Counter64K and the preferred embodiments of the present invention network address resources utilizing method shown in Figure 4, Counter2, ..., Counter64K is identical, is used for the distribution of publicly-owned address resource.
The figure place of these counters is identical, and shows the difference of corresponding IP address number and difference by address pool HASH:
Set address pool HASH table corresponding 2N(N=0,1 ...) and individual IP address, then in the address pool HASH table figure place of the counter of each list item representative be 16+N (N=0,1 ...),
For example: if corresponding 1 the IP address of address pool HASH table, N=0 then, each list item is represented one 16 counter in the address pool HASH table; If corresponding 2 the IP addresses of address pool HASH table, N=1 then, each list item is represented one 17 counter in the address pool HASH table.
Wherein, each counter correspondence the assignment of logical pointer of publicly-owned address resource.
Represented the publicly-owned port numbers that to change for high 16 of counter, the call number of the public ip address concordance list that the low N bit representation of counter will be changed, the corresponding IP address number difference of address pool HASH table is mentioned in the front, then the figure place difference of each list item in the address pool HASH table.If only corresponding 1 the IP address of address pool HASH table, then counter is 16, deduct high 16 after the residue low level be 0 (being N=0), promptly the IP allocation index number is 0, the 1st public ip address in the corresponding public ip address concordance list; If corresponding 2 IP addresses of address pool HASH table, then counter is 17, the residue low level is 1 (being N=1) after deducting high 16, be expressed as 0 and 1 respectively, be that the IP allocation index number is respectively 0 and 1, first public ip address in the 0 corresponding public ip address concordance list, the 2nd public ip address in the 1 corresponding public ip address concordance list, the rest may be inferred.
Counter Counter1 ' wherein, Counter2 ' ..., Counter64K ' is used at same list item counter corresponding address resource allocation counting, and its figure place depends on to allow to have simultaneously what addresses to be assigned with use.If allow address pool resource to dispense half address simultaneously at most in a target HASH space, then Counter1 ' lacks 1 than Counter1, other is used for the counter Counter2 ' that address resource distributes counting ..., the rest may be inferred for Counter64K '; If allow the address pool resource in a target HASH space to dispense 1/4 address simultaneously at most, then Counter1 ' lacks 2 than Counter1, and other is used for the counter Counter2 ' that address resource distributes counting ..., the rest may be inferred for Counter64K '.
Refer again to the flow chart of the step of Fig. 3 the preferred embodiments of the present invention network address resources utilizing method, wherein the step of the corresponding list item in thestep 34 taking-up address pool HASH table comprises step: when address pool HASH table adopts content and structure shown in Figure 6, different during with employing Fig. 4 noted earlier and content and structure shown in Figure 5, refresh the counter that each list item is represented among the above-mentioned address pool HASH simultaneously after taking out the corresponding list item in the address pool HASH table, concrete operations all add 1 back write-back for two Counter Values with this list item, be that (for example: Counter1) point to next publicly-owned address resource, (for example: Counter1 ') the address pool resource of representing the target HASH space of this list item correspondence is assigned with away one again to first counter in the list item for second counter.
When second counter reaches maximum, represent that the address pool resource in the target HASH space of this list item correspondence can not be used again, then this address assignment failure will not distribute.
When the address pool resource in the target HASH space of this list item correspondence is finished using, connect when removing, then (for example: Counter1 ') subtract 1 back write-back with second counter in the list item, representing has one to be released in the address pool resource in target HASH space of this list item correspondence, (for example: Counter1) value is constant for first counter, when expression has new user to connect again, if distribute the address pool resource in the target HASH space of corresponding this list item correspondence, then from then on first counter of list item correspondence (for example: Counter1) current corresponding address is distributed downwards.
To need to prove that preceding 1024 port numbers of TCP/UDP keep usually, are not used in publicly-owned address assignment, in order simplifying, to have supposed that 64K port on the IP address all can distribute in the top description.In actual applications, can keep preceding 1024 port numbers of TCP/UDP, network address resources of the present invention be utilized the enforcement did not influence of method.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (10)
1. a network address resources utilizing method is used for carrying out publicly-owned address assignment and conversion in network address translation, and the method comprising the steps of:
Set up an address pool HASH table, described address pool is represented one group of continuous publicly-owned address, the corresponding publicly-owned address resource of the content of described address pool HASH table;
Publicly-owned " the IP address+port numbers " of taking out correspondence according to the purpose tlv triple " protocol number+purpose IP address+destination slogan " of internal network customer traffic from described address pool HASH table is right;
Five-tuple " source IP address+source port number+protocol number+purpose IP address+destination slogan " and described publicly-owned " IP address+port numbers " according to described internal network customer traffic are right, set up forward network address translation relation table and reverse network address translation relation table respectively.
2. network address resources utilizing method as claimed in claim 1, wherein, the described step of setting up an address pool HASH table comprises: the size of setting described address pool HASH table is 2 of 64KN(N=0,1,2...) doubly.
3. network address resources utilizing method as claimed in claim 2, wherein, the described step of setting up an address pool HASH table comprises: set described address pool HASH table corresponding 2N(N=0,1,2...) individual IP address.
4. network address resources utilizing method as claimed in claim 1, wherein, the described step of setting up an address pool HASH table comprises: the content of setting each list item of described address pool HASH table is a counter, and described counter is represented the distribution pointer of all publicly-owned address resources.
5. network address resources utilizing method as claimed in claim 4, wherein, the content of each list item of the described address pool HASH of described setting table is that the step of a counter comprises: the figure place of setting described counter be 16+N (N=0,1,2...).
6. network address resources utilizing method as claimed in claim 1, wherein, the described step of setting up an address pool HASH table comprises: the content of setting each list item of described address pool HASH table is two counters, wherein, first counter is represented the distribution pointer of all publicly-owned address resources, and another counter is used for described first counter corresponding address resource allocation counting.
7. network address resources utilizing method as claimed in claim 1, wherein, described purpose tlv triple according to the internal network customer traffic " protocol number+purpose IP address+destination slogan " corresponding publicly-owned " IP address+port numbers " right step of taking-up from described address pool HASH table comprises step:
Purpose tlv triple " protocol number+purpose IP address+destination slogan " to inner network user's data flow is carried out the HASH computing, obtains a HASH value,
Search described address pool HASH table with described HASH value,
Take out the list item in the corresponding described address pool of described HASH value,
It is right to obtain described publicly-owned " IP address+port numbers " according to the list item in the described address pool of taking out.
8. network address resources utilizing method as claimed in claim 7, wherein, describedly obtain described publicly-owned " IP address+port numbers " right step according to the list item in the described address pool of taking out and comprise step:
Obtain the value of the counter of described list item correspondence according to the list item in the described address pool of described taking-up,
By high 16 the corresponding publicly-owned port numbers of purpose tlv triple " protocol number+purpose IP address+destination slogan " that obtain described internal network customer traffic of value of described counter,
Deduct the corresponding public ip address of purpose tlv triple " protocol number+purpose IP address+destination slogan " that remaining low level after high 16 is obtained described internal network customer traffic by the value of described counter.
9. network address resources utilizing method as claimed in claim 8, wherein, described value by described counter deducts remaining low level after high 16 and obtains the step of the corresponding public ip address of the purpose tlv triple " protocol number+purpose IP address+destination slogan " of described internal network customer traffic and comprise step:
Set up a public ip address concordance list, the content representation public ip address of described public ip address concordance list,
Remaining value after the value that obtains described counter deducts high 16,
As index value, search described public ip address concordance list with described remaining value,
Take out the public ip address of corresponding described index value in the described public ip address concordance list.
10. network address resources utilizing method as claimed in claim 1, wherein, described five-tuple according to described internal network customer traffic " source IP address+source port number+protocol number+purpose IP address+destination slogan " and described publicly-owned " IP address+port numbers " are right, and the step of setting up forward network address translation relation table and reverse network address translation relation table respectively comprises step:
Data flow five-tuple " source IP address+source port number+protocol number+purpose IP address+destination slogan " and described publicly-owned " IP address+port numbers " to carrying out the HASH computing, are generated forward network address translation table item and reverse network address translation table item respectively;
The described forward network address translation table item that generates is inserted in the described forward network address translation relation table;
If existing same list item is then redistributed publicly-owned address to described internal network user in the described forward network address translation relation table;
The described reverse network address translation table item that generates is inserted in the described reverse network address translation relation table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031488595ACN100356752C (en) | 2003-06-14 | 2003-06-14 | A method for utilizing network address resource |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031488595ACN100356752C (en) | 2003-06-14 | 2003-06-14 | A method for utilizing network address resource |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1567907Atrue CN1567907A (en) | 2005-01-19 |
| CN100356752C CN100356752C (en) | 2007-12-19 |
Family
ID=34472393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031488595AExpired - LifetimeCN100356752C (en) | 2003-06-14 | 2003-06-14 | A method for utilizing network address resource |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100356752C (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100423512C (en)* | 2005-06-17 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for controlling use of network address translation device resources of virtual private network |
| CN100463448C (en)* | 2005-09-02 | 2009-02-18 | 中兴通讯股份有限公司 | Method for realizing network port address conversion |
| CN100471171C (en)* | 2006-03-10 | 2009-03-18 | 四川南山之桥微电子有限公司 | Establishment of TCP data flow connection by hardware |
| CN100536416C (en)* | 2005-04-01 | 2009-09-02 | 国际商业机器公司 | Method and apparatus for searching a network connection |
| CN101150505B (en)* | 2007-07-31 | 2010-06-16 | 杭州华三通信技术有限公司 | Method and device for forwarding data stream via network address translation |
| CN101431440B (en)* | 2008-11-28 | 2010-10-27 | 杭州华三通信技术有限公司 | A flow monitoring method and device |
| CN101610296B (en)* | 2009-07-21 | 2011-12-28 | 杭州华三通信技术有限公司 | Network address translation (NAT) outgoing interface balancing method and device |
| CN102611765A (en)* | 2005-10-26 | 2012-07-25 | 汤姆森许可贸易公司 | System and method for selecting multicast internet protocol (IP) address |
| CN102932490A (en)* | 2011-08-12 | 2013-02-13 | 中国电信股份有限公司 | Internet protocol (IP) address translation method and device, network address translation equipment and authentication system |
| CN103716243A (en)* | 2012-09-28 | 2014-04-09 | 华为技术有限公司 | Message forwarding method and device |
| CN104427013A (en)* | 2013-09-10 | 2015-03-18 | 中国电信股份有限公司 | Carrier-grade address translation device and customer address mapping relation processing method thereof |
| CN107248939A (en)* | 2017-05-26 | 2017-10-13 | 中国人民解放军理工大学 | Network flow high-speed associative method based on hash memories |
| CN107749899A (en)* | 2017-10-24 | 2018-03-02 | 新华三信息安全技术有限公司 | A kind of message forwarding method, device and electronic equipment |
| CN108011991A (en)* | 2017-11-30 | 2018-05-08 | 新华三技术有限公司 | Stream compression forwarding method, master control borad, interface board, engine plate and distributed fire wall |
| CN110519173A (en)* | 2019-09-10 | 2019-11-29 | 烽火通信科技股份有限公司 | A kind of lookup method and lookup system of IP five-tuple list item |
| CN113742285A (en)* | 2021-08-31 | 2021-12-03 | 珠海读书郎软件科技有限公司 | Resource management and synchronization method |
| CN114363433A (en)* | 2021-12-24 | 2022-04-15 | 山石网科通信技术股份有限公司 | Network resource allocation method and device, storage medium and processor |
| CN114785742A (en)* | 2022-06-21 | 2022-07-22 | 闪捷信息科技有限公司 | Access address information loading method, flow processing method and electronic equipment |
| CN115134334A (en)* | 2022-06-22 | 2022-09-30 | 上海弘积信息科技有限公司 | Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment |
| CN116112460A (en)* | 2021-11-11 | 2023-05-12 | 中国电信股份有限公司 | Method and device for processing network address resources, storage medium, and electronic equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6563824B1 (en)* | 1999-04-20 | 2003-05-13 | 3Com Corporation | Apparatus and methods for determining the correct workstation within a LAN for a LAN modem to route a packet |
| KR100333530B1 (en)* | 1999-09-29 | 2002-04-25 | 최명렬 | Method for configurating VPN(Virtual Private Network) by using NAT(Network Address Translation) and computer readable record medium on which a program therefor is recorded |
| US7058973B1 (en)* | 2000-03-03 | 2006-06-06 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
| CN1126326C (en)* | 2000-08-25 | 2003-10-29 | 深圳市中兴通讯股份有限公司 | IP address allocation method for access server |
- 2003
- 2003-06-14CNCNB031488595Apatent/CN100356752C/ennot_activeExpired - Lifetime
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100536416C (en)* | 2005-04-01 | 2009-09-02 | 国际商业机器公司 | Method and apparatus for searching a network connection |
| CN100423512C (en)* | 2005-06-17 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for controlling use of network address translation device resources of virtual private network |
| CN100463448C (en)* | 2005-09-02 | 2009-02-18 | 中兴通讯股份有限公司 | Method for realizing network port address conversion |
| CN102611765A (en)* | 2005-10-26 | 2012-07-25 | 汤姆森许可贸易公司 | System and method for selecting multicast internet protocol (IP) address |
| CN100471171C (en)* | 2006-03-10 | 2009-03-18 | 四川南山之桥微电子有限公司 | Establishment of TCP data flow connection by hardware |
| CN101150505B (en)* | 2007-07-31 | 2010-06-16 | 杭州华三通信技术有限公司 | Method and device for forwarding data stream via network address translation |
| CN101431440B (en)* | 2008-11-28 | 2010-10-27 | 杭州华三通信技术有限公司 | A flow monitoring method and device |
| CN101610296B (en)* | 2009-07-21 | 2011-12-28 | 杭州华三通信技术有限公司 | Network address translation (NAT) outgoing interface balancing method and device |
| CN102932490B (en)* | 2011-08-12 | 2016-06-08 | 中国电信股份有限公司 | IP address conversion method, device, network address translation apparatus and Verification System |
| CN102932490A (en)* | 2011-08-12 | 2013-02-13 | 中国电信股份有限公司 | Internet protocol (IP) address translation method and device, network address translation equipment and authentication system |
| CN103716243B (en)* | 2012-09-28 | 2017-07-21 | 华为技术有限公司 | Message forwarding method and device |
| CN103716243A (en)* | 2012-09-28 | 2014-04-09 | 华为技术有限公司 | Message forwarding method and device |
| CN104427013B (en)* | 2013-09-10 | 2018-06-12 | 中国电信股份有限公司 | Working level address-translating device and its processing method to station address mapping relations |
| CN104427013A (en)* | 2013-09-10 | 2015-03-18 | 中国电信股份有限公司 | Carrier-grade address translation device and customer address mapping relation processing method thereof |
| CN107248939B (en)* | 2017-05-26 | 2020-07-31 | 中国人民解放军理工大学 | Network flow high-speed correlation method based on hash memory |
| CN107248939A (en)* | 2017-05-26 | 2017-10-13 | 中国人民解放军理工大学 | Network flow high-speed associative method based on hash memories |
| CN107749899A (en)* | 2017-10-24 | 2018-03-02 | 新华三信息安全技术有限公司 | A kind of message forwarding method, device and electronic equipment |
| CN108011991A (en)* | 2017-11-30 | 2018-05-08 | 新华三技术有限公司 | Stream compression forwarding method, master control borad, interface board, engine plate and distributed fire wall |
| CN110519173A (en)* | 2019-09-10 | 2019-11-29 | 烽火通信科技股份有限公司 | A kind of lookup method and lookup system of IP five-tuple list item |
| CN113742285A (en)* | 2021-08-31 | 2021-12-03 | 珠海读书郎软件科技有限公司 | Resource management and synchronization method |
| CN113742285B (en)* | 2021-08-31 | 2022-09-20 | 珠海读书郎软件科技有限公司 | Resource management and synchronization method |
| CN116112460A (en)* | 2021-11-11 | 2023-05-12 | 中国电信股份有限公司 | Method and device for processing network address resources, storage medium, and electronic equipment |
| CN114363433A (en)* | 2021-12-24 | 2022-04-15 | 山石网科通信技术股份有限公司 | Network resource allocation method and device, storage medium and processor |
| CN114785742A (en)* | 2022-06-21 | 2022-07-22 | 闪捷信息科技有限公司 | Access address information loading method, flow processing method and electronic equipment |
| CN115134334A (en)* | 2022-06-22 | 2022-09-30 | 上海弘积信息科技有限公司 | Method for expanding and distributing ports of NAT (network Address translation) address pool of load balancing equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100356752C (en) | 2007-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1567907A (en) | A method for utilizing network address resource | |
| CN1158615C (en) | Method and device for implementing load balancing on streaming media server | |
| CN1217520C (en) | Device for converting internet protocol address and household network system using same | |
| CN1770718A (en) | Method and system for establishing bidirectional tunnel | |
| CN101068212A (en) | Device and method for network address translation and forwarding | |
| CN1913454A (en) | Method and device for implementing sharing IP message load | |
| CN1809032A (en) | Method of dynamically learning address on MAC layer | |
| CN101043421A (en) | Memory based method for searching quickly the longest matching of IP address | |
| CN102098355B (en) | Cloud service-based IPv6 (internet protocol version 6)/IPv4 (internet protocol version 4) translation method with communication initiated by IPv6 party | |
| CN1677981A (en) | Communication device, name resolution method and program | |
| CN1157898C (en) | method for internet communication | |
| CN101431477B (en) | P2P operator and campus network router combined IPv4/IPv6 grouping conversion method | |
| CN1380773A (en) | Enhanced NAT-PT protocol scheme | |
| CN1777194A (en) | Network address translation method supporting multi-session application layer protocol in PAT mode | |
| CN1691665A (en) | A method for realizing communication between IPv4 network and IPv6 network | |
| CN1917521A (en) | Method and system for realizing load balancing, and load balancing equipment | |
| CN1909518A (en) | Route method and equipment | |
| CN1744521A (en) | Network equipment management method and network management system | |
| CN1152516C (en) | Method for finding out IP network node | |
| CN1913456A (en) | Method of identifing VOIP flow based on SIP protocol process performance | |
| CN1235368C (en) | Address conversion method for simultaneously supporting one-to-one and many-to-many under the PAT mode | |
| CN101431478A (en) | P2P operator level router and home gateway combined IPv4/IPv6 grouping conversion method | |
| CN1601999A (en) | Service search system and service search method for wireless mobile ad hoc network | |
| CN103312795A (en) | Torrent dispatching method and device for P2P (peer-to-peer) system | |
| CN1909489A (en) | Method for distinguishing RTP/RTCP flow capacity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | Granted publication date:20071219 | |
| CX01 | Expiry of patent term |