CN112671941A - Message processing method, device, equipment and medium - Google Patents
Message processing method, device, equipment and medium Download PDFInfo
- Publication number
- CN112671941A CN112671941A CN202011314751.2A CN202011314751A CN112671941A CN 112671941 A CN112671941 A CN 112671941A CN 202011314751 A CN202011314751 A CN 202011314751A CN 112671941 A CN112671941 A CN 112671941A
- Authority
- CN
- China
- Prior art keywords
- napt
- address
- message
- target
- processing unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 21
- 238000012545 processing Methods 0.000 claims abstract description 83
- 238000000034 method Methods 0.000 claims abstract description 26
- 238000013519 translation Methods 0.000 claims abstract description 12
- 238000004364 calculation method Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 5
- 230000009191 jumping Effects 0.000 claims description 5
- 239000013589 supplement Substances 0.000 claims description 3
- 239000002699 waste material Substances 0.000 abstract description 9
- 238000006243 chemical reaction Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 7
- 238000013507 mapping Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 101710180366 CDP-L-myo-inositol myo-inositolphosphotransferase Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a message processing method, a device, equipment and a medium. The method is applied to the switching equipment and comprises the following steps: acquiring a target message of NAPT (network address port translation); distributing the target message to a matched virtual processing unit, and carrying out NAPT processing through the matched virtual processing unit; the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units. The technical scheme improves the NAPT processing performance of the switching equipment, realizes high concurrent processing of NAPT, and the virtual processing unit only carries out NAPT processing on the target message to be NAPT without carrying out corresponding NAPT processing on the message which does not need NAPT, thereby avoiding the waste of the processing bandwidth and capability of the switching equipment.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a medium for processing a packet.
Background
NAPT (Network Address Port Translation), which allows multiple internal addresses (private Network addresses) to be mapped to a public Network Address, may also be referred to as "many-to-one Address Translation" or Address multiplexing. NAPT uses the form of "IP address + port number" for translation, i.e. between < private network address + private network port > and < public network address + public network port >. Essentially, NAPT is equivalent to sharing a public IP address by multiple private network users to access the external network by adding a variable.
When receiving PC private network message, the gateway device sends the private network message to CPU for NAPT processing, if finding the destination address of the data message is public network address, then converting the source IP private network address of the message into public network address capable of selecting route on Internet, and sending the message to external server, and at the same time recording the mapping in NAPT network address conversion table. After the response message sent to the PC by the external server reaches the gateway device, the external server finds a corresponding record in the network address translation table for address replacement by checking the content of the header of the message.
Currently, an ACL filtering rule corresponding to an NAPT conversion rule is configured on a private network Access interface in an ACL (Access Control list) redirection manner, so as to realize that a message is sent to a CPU for NAPT processing in a drainage manner. The implementation manner of NAPT is generally to run corresponding software code on a general CPU to process the packet, and all packets requiring NAPT processing are sent to the general CPU for processing, which may cause the general CPU to be busy, even reach the performance processing bottleneck, cause normal service interruption, and switch loss. Moreover, a message which does not need to be subjected to NAPT may also be uploaded to the general-purpose CPU for corresponding NAPT processing, resulting in waste of processing bandwidth and capacity of the general-purpose CPU.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a device, and a medium for packet processing, so as to improve packet NAPT processing performance of a switching device, avoid waste of CPU processing bandwidth and capacity, and implement high concurrent processing of NAPT.
In a first aspect, an embodiment of the present invention provides a packet processing method, applied to a switching device, including:
acquiring a target message of NAPT (network address port translation);
distributing the target message to a matched virtual processing unit, and carrying out NAPT processing through the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
In a second aspect, an embodiment of the present invention further provides a packet processing apparatus, applied in a switching device, including:
a module for acquiring NAPT message, which is set to acquire the target message of NAPT;
NAPT processing module, which is set to distribute the target message to the matched virtual processing unit, and carry out NAPT processing through the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
In a third aspect, an embodiment of the present invention further provides a switching device, which includes a memory, a processor, and a computer program that is stored in the memory and is executable on the processor, where the processor implements the message processing method according to any embodiment of the present invention when executing the computer program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the message processing method according to any embodiment of the present invention.
In the technical scheme of the embodiment of the invention, a processor in the switching equipment adopts a multi-core processor, each core in the multi-core processor comprises a plurality of virtual processing units, and when NAPT is carried out on a target message to be NAPT, the target message is distributed to the corresponding virtual processing unit for NAPT and message forwarding, so that the NAPT processing performance of the message of the switching equipment is improved, and high concurrent processing of NAPT is realized. Moreover, the virtual processing unit only carries out NAPT processing on the target message to be NAPT, and does not need to carry out corresponding NAPT processing on the message which does not need NAPT, thereby avoiding the waste of processing bandwidth and capability of the switching equipment.
Drawings
Fig. 1 is a flowchart of a message processing method according to a first embodiment of the present invention;
fig. 2 is a schematic diagram of a NAPT application architecture according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram of service allocation of multi-core CPU processing according to a first embodiment of the present invention;
fig. 4 is a flowchart of a message processing method according to a second embodiment of the present invention;
fig. 5 is a schematic flow chart of table entry query based on a policy routing drainage manner in the second embodiment of the present invention;
fig. 6 is a flowchart of a message processing method in the third embodiment of the present invention;
fig. 7 is a schematic diagram of an address resolution agent in a third embodiment of the present invention;
fig. 8 is a schematic structural diagram of a message processing apparatus according to a fourth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a switching device in a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a message processing method according to an embodiment of the present invention, where this embodiment is applicable to a case of performing NAPT on a message, and the method may be executed by a message processing apparatus according to an embodiment of the present invention, where the apparatus may be implemented in a software and/or hardware manner, and may be generally integrated in a switching device.
As shown in fig. 1, the method of this embodiment is applied to a switching device, and specifically includes:
s110, obtaining a target message to be NAPT.
The target message to be NAPT refers to a message to be NAPT, and may be a message to be converted from a private network address to a public network address, where the target message is a message sent from a PC to an external server, or a message to be converted from a public network address to a private network address, where the target message is a message sent back to the PC by the external server. The conversion from the private network address to the public network address is specifically to perform conversion from a private network source IP address, a private network four-layer (namely, transmission layer) source port to a public network source IP address and a public network four-layer source port on a message, and the conversion from the public network address to the private network address is specifically to perform conversion from a public network destination IP address, a public network four-layer destination port to a private network IP address and a private network four-layer destination port on the message.
Optionally, before the message is sent to the CPU, the message is screened, and the message screened to be subjected to NAPT is used as a target message to be subjected to NAPT. Furthermore, in this embodiment, NAPT processing is performed only on a target packet to be NAPT, and corresponding NAPT processing is not required for a packet that does not need NAPT processing, thereby avoiding waste of processing bandwidth and capability of the switching device.
And S120, distributing the target message to the matched virtual processing unit, and performing NAPT processing through the matched virtual processing unit.
The switching device comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
In this embodiment, the processor of the switch device adopts a multi-core processor, and each core includes a plurality of threads, which may be referred to as VCPU (Virtual Central Processing Unit). One core is used for an operating system control layer, and the other cores are service cores and used for providing NAPT service for data processing.
Optionally, a high-speed SERDER (short for SERializer and DESerializer) is used as a data channel of a network processor and a multi-core processor in the switching device, and the high-speed SERDER may set a load sharing policy.
Taking the example that the multicore processor is a quad-core CPU and the network processor is an ASCI (Application Specific Integrated Circuit) chip, the NAPT Application architecture in the switch device may adopt four high-speed servers as data channels of the ASCI and the multicore CPU, as shown in fig. 2, and the high-speed servers set the load sharing policy. As shown in fig. 3, the multi-core CPU for forwarding the adopted service has four cores, which are CPU0-CPU 3. Each CPU core has four threads, called VCPU, and there are 16 VCPUs, which can be sequentially numbered as VCPU0-VCPU15, where the CPU0 can be defined for the operating system control plane, and the CPU1, CPU2, and CPU3 are service cores, which are provided for NAT service to perform data processing.
And aiming at the acquired target message to be NAPT, distributing the target message to be NAPT to a corresponding VCPU in a corresponding CPU core according to a preset load sharing strategy to carry out NAPT and message forwarding processing. Aiming at a plurality of target messages to be NAPT, the target messages can be simultaneously distributed to different VCPUs for NAPT processing, so that high concurrent processing of NAPT is realized.
As an optional implementation manner, the distributing the target packet to the matched virtual processing unit may specifically be: performing hash calculation according to the IP address of the target message, and determining a matched virtual processing unit according to a calculation result; and distributing the target message to the matched virtual processing unit.
The IP address of the target packet may be a source IP address or a destination IP address.
Optionally, for a target packet to be NAPT that needs to be converted from a private network address to a public network address, hash calculation may be performed according to a source IP address of the target packet, a matching virtual processing unit may be determined according to a calculation result, and the target packet may be distributed to the matching virtual processing unit.
Optionally, for a target packet to be NAPT that needs to be converted from a public network address to a private network address, hash calculation may be performed according to a destination IP address of the target packet, a matching virtual processing unit may be determined according to a calculation result, and the target packet may be distributed to the matching virtual processing unit.
In an optional implementation manner, the ethernet type matched with the target packet may be determined, hash calculation is performed according to the IP address corresponding to the matched ethernet type, and then the matched virtual processing unit is determined according to the calculation result.
If the Ethernet type matched with the target message is 0x0800, the IP address of the IPV4 is taken to carry out Hash value calculation, and then the VCPU is distributed according to the calculation result; and if the Ethernet type matched with the target message is 0x86dd, the IP address of the IPV6 is taken to calculate the hash value, and then the VCPU is distributed according to the calculation result.
In the technical scheme, the traffic of the acquired target message to be NAPT is sent to the corresponding VCPU for NAPT and message forwarding through the Hash calculation result, the more traffic changes, the more uniform the Hash value, and the higher the concurrency performance of the multi-core CPU.
In the technical scheme of the embodiment of the invention, a processor in the switching equipment adopts a multi-core processor, each core in the multi-core processor comprises a plurality of virtual processing units, and when NAPT is carried out on a target message to be NAPT, the target message is distributed to the corresponding virtual processing unit for NAPT and message forwarding, so that the NAPT processing performance of the message of the switching equipment is improved, and high concurrent processing of NAPT is realized. Moreover, the virtual processing unit only carries out NAPT processing on the target message to be NAPT, and does not need to carry out corresponding NAPT processing on the message which does not need NAPT, thereby avoiding the waste of processing bandwidth and capability of the switching equipment.
Example two
Fig. 4 is a flowchart of a message processing method according to a second embodiment of the present invention. On the basis of the foregoing embodiment, this embodiment provides a specific implementation manner, where when a target packet to be NAPT needs to be converted from a private network address to a public network address, acquiring the target packet to be NAPT may include: and acquiring a target message to be NAPT based on a preset strategy routing drainage mode.
Aiming at the condition that the flow direction of the target message to be NAPT points to an external server by an internal PC, the message can be screened before the message is uploaded to a CPU, and the message to be NAPT which needs NAPT is screened out and uploaded. And if the message meets the matching rule in the preset strategy route, the message is transmitted to a CPU for corresponding NAPT processing in a drainage mode. For example, the matching rule may be that a NAPT identifier is added to the packet, where the NAPT identifier may be determined based on a reserved field in a header of the packet, which is not specifically limited in this embodiment. Furthermore, the message can be screened according to whether the NAPT identifier added in advance exists, if the NAPT identifier is added to the message, the message is determined to be the target message of the NAPT to be treated, the message can be guided and uploaded to the CPU, and at the moment, the target message of the NAPT to be treated can be obtained to carry out subsequent NAPT processing.
And distributing the target message to be NAPT to a matched virtual processing unit, performing NAPT processing through the matched virtual processing unit, and specifically, performing conversion from a private network source IP address, a private network four-layer source port to a public network source IP address and a public network four-layer source port on the target message through the matched virtual processing unit.
Generally, the method of sending a message to a CPU is to direct and send the message to the CPU based on ACL rule redirection, but because the determination on whether NAPT is needed is not performed, a message that does not need to be sent to the CPU for NAPT processing (for example, a network address translation table of NAPT is queried according to an IP address, and whether a network address translation record corresponding to the IP exists is determined), which further causes waste of CPU processing bandwidth and processing capability, and performance degradation. Compared with the prior art, the route drainage mode based on the preset strategy only sends the target message to be NAPT to the CPU, thus effectively avoiding the waste of CPU processing bandwidth and capacity and improving the NAPT processing performance of the message.
As an optional implementation manner, the obtaining of the target packet to be NAPT according to a preset policy routing drainage manner may specifically be: and if the target message has NAPT identification at a three-layer inlet in the switching equipment, acquiring the target message to be NAPT sent by the drainage.
The preset matching rule of the policy routing may be that a packet has a NAPT identifier at a three-layer entry in the switching device. If the target message has NAPT identification at the three-layer entrance in the switching equipment, the target message is determined to be a message to be NAPT, and the message to be NAPT sent by the flow guide can be further acquired.
In this embodiment, the NAPT identifier for determining whether the packet is NAPT traffic may be added to a three-layer entry of the packet In the switching device, where the three-layer entry is an input logical interface (In local interface) of a network layer. Wherein, the three-layer entry added with NAPT identification in advance can be regarded as NAPT enabled, and the three-layer entry not added with NAPT identification can be regarded as NAPT not enabled.
Optionally, after receiving the message, performing protocol type judgment on the message: if the message is an IP (Internet Protocol ) message, the message is directed to a three-layer inlet added with NAPT (network Address translation) identification in advance, so that the three-layer inlet of the message in the switching equipment is the three-layer inlet added with NAPT identification in advance; if the message is not an IP message, for example, a UDP (User Datagram Protocol) message, the message is directed to a three-layer entry to which no NAPT identifier is added, so that the three-layer entry of the message in the switching device is a three-layer entry to which no NAPT identifier is added.
And then, whether the message needs NAPT or not is determined by inquiring whether the message has NAPT identification on a three-layer inlet in the switching equipment or not, if so, the message is determined to be a target message of NAPT, and if not, the message is not a NAPT flow message and does not need to be sent to a CPU for NAPT processing.
As shown In fig. 5, after a packet enters, first, the IPCT entry of the packet is queried to obtain port Information of the packet, that is, a private network four-layer source port of the packet, then, whether a NAPT identifier exists on a three-layer entry (In local interface) of the packet is queried, if so, the packet is determined to be a target packet of the packet to be NAPT, and then, a NAPT mapping table can be queried to determine a mapping relationship between the packet and a private network source IP address and a public network source IP address, NAPT conversion is performed, then, a FIB (Forwarding Information Base) software routing table is queried to perform packet Forwarding, and the packet is sent through a three-layer exit (Out local interface) In the switching device. If the packet does not have a NAPT identifier on the three-layer entry in the switching device, the three-layer entry does not enable NAPT, the packet is not NAPT traffic, NAPT processing is not required, and the packet can be discarded.
In the embodiment, the outgoing direction query is performed on the uplink message, and only the message entering from the three-layer inlet configured with the NAPT identifier is subjected to NAT conversion, so that the condition that all traffic is drained and uploaded to the CPU for NAPT processing, and the CPU processing bandwidth and capacity are wasted is avoided.
As shown in fig. 4, when a target packet to be NAPT needs to be converted from a private network address to a public network address, and the flow direction of the packet is an INBOUND direction, that is, the internal PC points to an external server, the packet processing method specifically includes:
s210, obtaining the message.
S220, judging whether the three-layer entrance of the message in the exchange equipment has NAPT identification, if so, executing S230, and if not, executing S270.
And S230, taking the message which is guided and uploaded as a target message to be NAPT.
S240, if the Ethernet type matched with the target message is 0x0800, extracting a source IP address of the target message IPV4 to perform hash calculation, determining a matched target VCPU according to a calculation result, and distributing the target message to the target VCPU.
And S250, inquiring an FIB software routing table according to the destination IP address of the destination message through the destination VCPU, judging whether a relevant routing record can be inquired, if so, executing S260, and if not, executing S270.
The FIB software routing table may be queried according to the destination IP address of the target packet and VRF (a field used to describe a virtual local area network VLAN may be set to zero). If the FIB software routing table is inquired according to the destination IP address of the target message, the relevant routing record can be inquired, and the outgoing interface and the next hop information of the target message can be acquired.
S260, the target VCPU uses the extracted private network source IP address and private network four-layer source port of the target message to search NAPT INBOUND table items, determines the matched public network source IP address and public network four-layer source port, and converts the target message from the private network source IP address, the private network four-layer source port to the public network source IP address and the public network four-layer source port.
The public network address pool is configured with a mapping table of public network IP addresses and four-layer ports, and a NAPT MAP table is also stored through software, wherein the mapping relation between the public network IP addresses and the private network IP addresses is recorded in the NAPT MAP table. Further, an NAPT bound entry corresponding to the target packet may be created according to the NAPT MAP: private network source IP address, private network four-layer source port, public network source IP address, public network four-layer source port.
Optionally, the NAPT bound entry is searched according to the private network source IP address, the private network four-layer source port, and the VRF, and the matched public network source IP address and the public network four-layer source port are determined.
And S270, discarding the message.
For those parts of this embodiment that are not explained in detail, reference is made to the aforementioned embodiments, which are not repeated herein.
EXAMPLE III
Fig. 6 is a flowchart of a message processing method according to a third embodiment of the present invention. On the basis of the foregoing embodiment, this embodiment provides a specific implementation manner, where when a target packet to be NAPT needs to be converted from a public network address to a private network address, performing NAPT processing by using a matched virtual processing unit includes:
searching an FIB software routing table according to the public network destination IP address of the target message through the matched virtual processing unit, and jumping to a corresponding IP tunnel;
and the target message is converted from a public network destination IP address, a public network four-layer destination port to a private network destination IP address and a private network four-layer destination port in the IP tunnel through the matched virtual processing unit, and the target message is rerouted to a private network host routing table.
Aiming at the condition that the flow direction of a target message to be NAPT points to an internal PC (personal computer) by an external server, the source IP address of the target message is the address of the external server, and the destination IP address is a public network IP address in a public network address pool. After receiving the target message, firstly, inquiring an FIB software routing table according to the target IP of the target message, and determining an outgoing interface and next hop information of the target message. In this embodiment, the next hop information of the target packet in the FIB software routing table is an IP tunnel (tunnel) index number, and the target packet can be further skipped to the IP tunnel for processing.
In the IP tunnel, the target message is converted from the public network destination IP address, the public network four-layer destination port to the private network destination IP address and the private network four-layer destination port, and the target message is re-routed to the private network host routing table, so that the private network host routing table is inquired according to the private network destination IP address of the target message to continuously forward the target message. If the routing record corresponding to the private network destination IP address can be inquired in the private network host routing table, forwarding the target message according to the routing record; if the route record corresponding to the private network destination IP address can not be inquired in the private network host routing table, the target message is discarded.
In the technical scheme, the IP tunnel is used for rerouting the target message to the private network host routing table for forwarding after the target message is converted from the public network address to the private network address, so that the accuracy of message issuing is ensured.
As shown in fig. 6, when a target packet to be NAPT needs to be converted from a public network address to a private network address, and the packet flow direction is an OUTBOUND direction, that is, the external server points to an internal PC, the packet processing method specifically includes:
s310, obtaining a target message to be NAPT.
S320, if the Ethernet type matched with the target message is 0x0800, extracting a source IP address of the target message IPV4 to perform hash calculation, determining a matched target VCPU according to a calculation result, and distributing the target message to the target VCPU.
S330, inquiring an FIB software routing table through the target VCPU according to the public network destination IP address of the target message, and jumping to a corresponding IP tunnel.
The FIB software routing table can be queried according to the public network destination IP address and the VRF to output an interface and next hop information.
S340, searching NAPT OUTBOUND table items by the target VCPU according to the extracted public network destination IP address and the public network destination port in the IP tunnel, determining a matched private network destination IP address and a private network destination port, converting the target message from the public network destination IP address, the public network four-layer destination port to the private network destination IP address and the private network four-layer destination port, and re-routing the target message to a private network host routing table.
The public network address pool is configured with a mapping table of public network IP addresses and four-layer ports, and a NAPT MAP table is also stored through software, wherein the mapping relation between the public network IP addresses and the private network IP addresses is recorded in the NAPT MAP table. Furthermore, a NAPT OUTBOUND table entry corresponding to the target message may be created according to the NAPT MAP: a public network destination IP address, a public network four-layer destination port, a private network destination IP address and a private network four-layer destination port. Optionally, the NAPT OUTBOUND table entry may further include an IP tunnel index number corresponding to the target packet.
S350, inquiring a private network host routing table according to the private network destination IP address through the target VCPU, and if a corresponding routing record can be inquired, continuing to forward the target message according to the routing record.
And if the corresponding routing record is not inquired, discarding the target message.
For those parts of this embodiment that are not explained in detail, reference is made to the aforementioned embodiments, which are not repeated herein.
On the basis of the above technical solution, before the FIB software routing table is searched by the matched virtual processing unit according to the destination IP of the target packet and the corresponding IP tunnel is skipped, the method further includes:
searching a public network host routing table according to the destination IP address of the target message through the matched virtual processing unit; if the host route of the destination IP Address does not exist, an ARP (Address Resolution Protocol) request corresponding to the destination IP Address is triggered and sent to supplement an ARP table entry in a public network host route table.
After receiving a target message from an external server to an internal PC, a public network host routing table may be first searched according to a destination IP address of the target message to determine whether the destination IP address (i.e., a public network destination IP address) can ping. In view of the fact that the ARP entry may age at regular time or be cleared manually, APR learning is required during NAPT processing in the OUTBOUND direction to ensure that the message can be successfully forwarded subsequently.
Referring to fig. 7, if a host route (for example, a 32-bit host route) of a destination IP address cannot be found when searching a public network host routing table according to the destination IP address of a target packet, an ARP request may be triggered to be sent, where the destination IP address in the ARP request packet is the public network destination IP address, and the destination MAC address is an MAC address of all 0 s. After receiving the ARP response fed back by the host corresponding to the public network destination IP address, supplementing an ARP table entry corresponding to the public network destination IP address according to the MAC address corresponding to the public network destination IP address in the ARR response, thereby ensuring the accuracy of the NAPT converted message and realizing the successful forwarding of the message.
In the technical scheme, when the target message is forwarded from the internal PC to the external server, the conversion from the private network address to the public network address is carried out, correspondingly, the target message returned to the internal PC by the external server also needs to be converted from the public network address to the private network address, in order to avoid that the public network address cannot be successfully ping-passed in the OUTBOUND direction, ARP learning is triggered to realize the perfection of an APR table item, and the accuracy of message uploading and issuing is ensured.
Example four
Fig. 8 is a schematic structural diagram of a message processing apparatus according to a fourth embodiment of the present invention, which may be implemented in software and/or hardware and may be generally integrated in a switching device. As shown in fig. 8, the apparatus is applied to a switching device, and specifically includes:
a to-be-NAPT message acquisition module 410 configured to acquire a target message of the to-be-NAPT;
a NAPT processing module 420 configured to distribute the target packet to a matched virtual processing unit, and perform NAPT processing by the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
In the technical scheme of the embodiment of the invention, a processor in the switching equipment adopts a multi-core processor, each core in the multi-core processor comprises a plurality of virtual processing units, and when NAPT is carried out on a target message to be NAPT, the target message is distributed to the corresponding virtual processing unit for NAPT and message forwarding, so that the NAPT processing performance of the message of the switching equipment is improved, and high concurrent processing of NAPT is realized. Moreover, the virtual processing unit only carries out NAPT processing on the target message to be NAPT, and does not need to carry out corresponding NAPT processing on the message which does not need NAPT, thereby avoiding the waste of processing bandwidth and capability of the switching equipment.
Further, the NAPT processing module 420 is specifically configured to perform hash calculation according to the IP address of the target packet, and determine a matched virtual processing unit according to a calculation result; and distributing the target message to the matched virtual processing unit.
In an optional implementation manner, the module 410 for acquiring a to-be-NAPT packet is specifically configured to acquire the to-be-NAPT target packet based on a preset policy routing drainage manner when the to-be-NAPT target packet needs to be converted from a private network address to a public network address.
Further, the module 410 for acquiring a to-be-NAPT packet is specifically configured to acquire the to-be-NAPT packet that is uploaded by the drainage if the target packet has a NAPT identifier at a three-layer entry in the switching device.
Further, the NAPT processing module 420 is specifically configured to perform, when the target packet to be NAPT needs to be converted from the private network address to the public network address, conversion from the private network source IP address, the private network four-layer source port to the public network source IP address, and the public network four-layer source port on the target packet through the matched virtual processing unit.
In an optional implementation manner, the NAPT processing module 420 is specifically configured to, when the target packet of the to-be-NAPT needs to be converted from a public network address to a private network address, search, by the matched virtual processing unit, a forwarding information base FIB software routing table according to the public network destination IP address of the target packet, and jump to a corresponding IP tunnel; and converting the target message from a public network destination IP address, a public network four-layer destination port to a private network destination IP address and a private network four-layer destination port in the IP tunnel through the matched virtual processing unit, and rerouting the target message to a private network host routing table.
Further, the above apparatus further comprises: the ARP agent module is set to search a FIB software routing table according to the destination IP of the target message through the matched virtual processing unit, and search a public network host routing table according to the destination IP address of the target message through the matched virtual processing unit before jumping to a corresponding IP tunnel; and if the host route of the target IP address does not exist, triggering and sending an Address Resolution Protocol (ARP) request corresponding to the target IP address so as to supplement an ARP table entry in the public network host route table.
The message processing device can execute the message processing method provided by any embodiment of the invention, and has the corresponding functional module and beneficial effect of the executed message processing method.
EXAMPLE five
Fig. 9 is a schematic diagram of a hardware structure of a switching device according to a fifth embodiment of the present invention, and as shown in fig. 9, the switching device includes:
one or more processors 510, one processor 510 being illustrated in FIG. 9;
a memory 520;
the processor 510 and the memory 520 in the switching device may be connected by a bus or other means, and fig. 9 illustrates the connection by a bus as an example.
The memory 520 is a non-transitory computer-readable storage medium, and can be used to store a software program, a computer-executable program, and program instructions corresponding to a message processing method in an embodiment of the present invention, including:
acquiring a target message of NAPT (network address port translation);
distributing the target message to a matched virtual processing unit, and carrying out NAPT processing through the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
The processor 510 executes various functional applications of the switching device and data processing by executing software program instructions stored in the memory 520, i.e. implements a message processing method of the above-described method embodiment.
The memory 520 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the switching device, and the like. Further, the memory 520 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device.
EXAMPLE six
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to perform a message processing method, and the method includes:
acquiring a target message of NAPT (network address port translation);
distributing the target message to a matched virtual processing unit, and carrying out NAPT processing through the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
Optionally, the computer executable instruction, when executed by the computer processor, may be further used to implement a technical solution of a message processing method provided in any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes instructions for enabling a switching device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the message processing apparatus, each unit and each module included in the embodiment are only divided according to functional logic, but are not limited to the above division, as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A message processing method is applied to a switching device, and comprises the following steps:
acquiring a target message of NAPT (network address port translation);
distributing the target message to a matched virtual processing unit, and carrying out NAPT processing through the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
2. The method of claim 1, wherein distributing the target packet to the matched virtual processing unit comprises:
performing hash calculation according to the IP address of the target message, and determining a matched virtual processing unit according to a calculation result;
and distributing the target message to the matched virtual processing unit.
3. The method according to claim 1 or 2, wherein when the target packet to be NAPT needs to be converted from a private network address to a public network address, acquiring the target packet to be NAPT, comprising:
and acquiring a target message to be NAPT based on a preset strategy routing drainage mode.
4. The method according to claim 3, wherein obtaining the target packet to be NAPT according to a preset policy routing drainage manner comprises:
and if the target message has NAPT identification at a three-layer inlet in the switching equipment, acquiring the target message to be NAPT sent by the drainage.
5. The method according to claim 4, wherein performing NAPT processing by the matched virtual processing unit comprises:
and the target message is converted from a private network source IP address, a private network four-layer source port to a public network source IP address and a public network four-layer source port through the matched virtual processing unit.
6. The method according to claim 1 or 2, wherein when the target packet to be NAPT needs to be converted from a public network address to a private network address, performing NAPT processing by the matched virtual processing unit, includes:
searching a routing table of FIB software of a forwarding information base according to the public network destination IP address of the target message through the matched virtual processing unit, and jumping to a corresponding IP tunnel;
and converting the target message from a public network destination IP address, a public network four-layer destination port to a private network destination IP address and a private network four-layer destination port in the IP tunnel through the matched virtual processing unit, and rerouting the target message to a private network host routing table.
7. The method of claim 6, wherein before jumping to the corresponding IP tunnel by the matching virtual processing unit looking up the FIB software routing table according to the destination IP of the target packet, further comprising:
searching a public network host routing table according to the destination IP address of the target message through the matched virtual processing unit;
and if the host route of the target IP address does not exist, triggering and sending an Address Resolution Protocol (ARP) request corresponding to the target IP address so as to supplement an ARP table entry in the public network host route table.
8. A message processing apparatus, applied to a switching device, comprising:
a module for acquiring NAPT message, which is set to acquire the target message of NAPT;
NAPT processing module, which is set to distribute the target message to the matched virtual processing unit, and carry out NAPT processing through the matched virtual processing unit;
the switching equipment comprises a multi-core processor, and each core of the multi-core processor comprises a plurality of virtual processing units.
9. A switching device, characterized in that the switching device comprises:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011314751.2A CN112671941A (en) | 2020-11-20 | 2020-11-20 | Message processing method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011314751.2A CN112671941A (en) | 2020-11-20 | 2020-11-20 | Message processing method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112671941A true CN112671941A (en) | 2021-04-16 |
Family
ID=75402918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011314751.2A Pending CN112671941A (en) | 2020-11-20 | 2020-11-20 | Message processing method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671941A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113194162A (en) * | 2021-04-28 | 2021-07-30 | 浙江宇视科技有限公司 | Data transmission method, device, electronic equipment and medium |
| CN114157632A (en) * | 2021-10-12 | 2022-03-08 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465889A (en) * | 2008-12-03 | 2009-06-24 | 北京星网锐捷网络技术有限公司 | Network address translation equipment and request method of response address analysis protocol |
| CN101656677A (en) * | 2009-09-18 | 2010-02-24 | 杭州迪普科技有限公司 | Message diversion processing method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| CN109067935A (en) * | 2018-08-16 | 2018-12-21 | 深圳市风云实业有限公司 | Packet message processing method and multi-core processor system |
-
2020
- 2020-11-20 CN CN202011314751.2A patent/CN112671941A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465889A (en) * | 2008-12-03 | 2009-06-24 | 北京星网锐捷网络技术有限公司 | Network address translation equipment and request method of response address analysis protocol |
| CN101656677A (en) * | 2009-09-18 | 2010-02-24 | 杭州迪普科技有限公司 | Message diversion processing method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| CN109067935A (en) * | 2018-08-16 | 2018-12-21 | 深圳市风云实业有限公司 | Packet message processing method and multi-core processor system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113194162A (en) * | 2021-04-28 | 2021-07-30 | 浙江宇视科技有限公司 | Data transmission method, device, electronic equipment and medium |
| CN114157632A (en) * | 2021-10-12 | 2022-03-08 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
| CN114157632B (en) * | 2021-10-12 | 2023-11-21 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112965824B (en) | Message forwarding method and device, storage medium and electronic equipment | |
| US8566257B2 (en) | Address data learning and registration within a distributed virtual bridge | |
| US20150172156A1 (en) | Detecting end hosts in a distributed network environment | |
| JP6437693B2 (en) | Multicast data packet forwarding | |
| US10313154B2 (en) | Packet forwarding | |
| JP6488426B2 (en) | Multicast data packet forwarding | |
| US10326712B2 (en) | Multicast data packet forwarding | |
| CN104734955A (en) | Network function virtualization implementation method, wide-band network gateway and control device | |
| WO2015113410A1 (en) | Data packet processing method and apparatus | |
| US10212083B2 (en) | Openflow data channel and control channel separation | |
| EP2890064B1 (en) | Packet forwarding method and system | |
| US20090296706A1 (en) | Method, system and processor for processing network address translation service | |
| CN112671941A (en) | Message processing method, device, equipment and medium | |
| JP6437692B2 (en) | Packet forwarding | |
| JP6437694B2 (en) | Packet forwarding | |
| CN112565053B (en) | Method, device, service system and storage medium for identifying private network user | |
| CN111294316B (en) | Network isolation method and device based on user mode protocol stack virtual router | |
| JP7044223B2 (en) | Service handling method and network device | |
| JPH0934816A (en) | Large scale ip network | |
| CN116939053A (en) | Inter-container communication method across hosts and network equipment | |
| CN114257473A (en) | Method, device, equipment and medium for realizing multiple transparent bridges in resource pool | |
| CN113923187A (en) | Network access method and device, electronic equipment and storage medium | |
| CN114039894A (en) | Network performance optimization method, system, device and medium based on vector packet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210416 |