CN1192552C - Combined address resolving scheme and combined address route device thereof - Google Patents

Combined address resolving scheme and combined address route device thereof Download PDF

Info

Publication number
CN1192552C
CN1192552C CNB011332603A CN01133260A CN1192552C CN 1192552 C CN1192552 C CN 1192552C CN B011332603 A CNB011332603 A CN B011332603A CN 01133260 A CN01133260 A CN 01133260A CN 1192552 C CN1192552 C CN 1192552C
Authority
CN
China
Prior art keywords
address
network
nat
combined
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB011332603A
Other languages
Chinese (zh)
Other versions
CN1406026A (en
Inventor
刘庆智
张世发
林晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB011332603A priority Critical patent/CN1192552C/en
Publication of CN1406026A publication Critical patent/CN1406026A/en
Application granted granted Critical
Publication of CN1192552C publication Critical patent/CN1192552C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to a combined address resolving scheme and a combined address router thereof, which aims to solve the problem of the lack of IP address resources. The present invention is characterized in that public/private addresses in a local network are completely combined and are not converted, and the router of the local network simultaneously supports the routers of the public/private addresses; the addresses are converted by a combined address converting router at a network outlet, and the data messages of only the private addresses are converted. The present invention has the advantages that a problem that a great number of addresses are occupied when a broadband accesses to a district/ personal user for forever on-line is solved; performance requirements for NATs which are uniformly exported are lowered; when a personal user with a private address accesses to city domain services, value-added services, such as VoIP, ephones, network meetings, pay televisions, video-on-demand, etc., can not be limited by the NATs.

Description

A kind of combined address solution and combined address router thereof
Technical field:
What the present invention relates to is a kind of solution of alleviating shortage of ip address, and specifically, what the present invention relates to is a kind of combined address solution and combined address router thereof.
Background technology:
Several metropolitan area network solutions that prior art proposes comprise:
1. use public network address in the metropolitan area network fully; 2. use private net address in the metropolitan area network fully, do network address translation (nat) in metropolitan area network outlet or province's net outlet unification; 3. NAT is, other local unified use public network addresses such as metropolitan area network backbone and enterprise in IP address consumption in the metropolitan area network maximum sub-district or regional exit.For the dial user, in the total address of vpn gateway dynamic assignment.
Such scheme 1 is based on the enough situations in IP address; In metropolitan area network planning, under the guaranteed situation in publicly-owned address, use publicly-owned address as far as possible.
In such scheme 2, because the position of NAT device is than higher, the outlet that is placed on the metropolitan area or economizes net, do large-scale NAT conversion in the exit unification, in this case, to the performance requirement of NAT device than higher, otherwise will become bottleneck, see shown in the accompanying drawing 1 that all IP addresses all need to do address transition in the metropolitan area network, comprise distribute to enterprise with the individual's.
The position of the NAT device that scheme 3 is adopted is very low, is placed on the outlet of sub-district, shown in the concrete visible accompanying drawing 2, can be integrated in the outlet device router or L3 of sub-district; In the sub-district outlet, number of users can be not a lot, are not very high to the NAT performance requirement; Can remove the part that consumes the IP address in the metropolitan area network most in this way, backbone in the metropolitan area network and enterprise customer and VPN dial user then distribute total address.
But there is following defective in above-mentioned several schemes:
Scheme 1 is to use publicly-owned address, and under the sufficient prerequisite in publicly-owned address, it is best that yes.
But, development along with network broadband, narrowband dialing the user replaced by the broadband user gradually, the IP address of present global extensive use is based on the IPv4 that the edition 4 of IP agreement just has 32 bit address space, though its theoretical space has 4,200,000,000, consider that come into operation and existing waste, the number of users of Internet is this limit of Gonna breakthrough soon, therefore, how alleviating IP address resource anxiety is a problem that presses for solution.On the other hand, it is more much more than dialing dynamic assignment IP address far away that the Broadband Internet of " always online " inserts the IP address that is consumed; In the construction of broadband metropolitan area network, Ethernet becomes very welcome access way, be suitable for the sub-district that density is concentrated, but because the main frame that Ethernet inserts need take the IP address for a long time, like this, any one medium above city, when broadband ethernet access customer number amount develops into hundreds of thousands when up to a million, the address resource of Ipv4 must satisfy the demands.
Adopt the IPv6 of 128 bit address space can support 2 in theory 128Individual IP address, thus the nervous problem in IP address fundamentally solved, but online the switching in from IPv4 to IPv6 it seems it almost is impossible at present, this switching is more reengined difficulty as aligning in-flight aircraft.
The situation that prior art is alleviated IP address resource deficiency comprises following several:
Traditional IP unicast address is divided into A, B, C three classes, and the IP address sort causes the waste of IP address; Adopt no Categories Address route (CIDR) scheme and VLSM (VISM) technology can alleviate IP address resource deficiency in the prior art; Wherein, CIDR can reduce the waste of IP address, but does not fundamentally solve the problem of IP address resource deficiency.
The method that dynamic IP addressing is distributed; IP address dynamic assignment can be given the current user who needs online by PPP mode and DHCP mode, can improve the utilance of IP address like this, but can't solve the demand of " forever online ".
In sum, because the shortage of IP address, present broadband IP metropolitan area network construction can't all be used public network IP address as original " 163 ", in the construction of broadband IP metropolitan area network, inevitably to use private network IP address, two kinds of modes that realize the private net address conversion are arranged in the prior art: by acting server or through NAT device.
Acting server is operated in application layer by the work of PROXY agreement, so handling property is very poor, cost is higher simultaneously, and the higher layer applications support property is limited, can't be this big online use of metropolitan area network.
NAT, claim the address agency again, be used for realizing the conversion between private network address and the global network address, privately owned internal network adopts privately owned address, adopts the equipment with nat feature to realize address transition in the internal network exit, similar to acting server, in this mode, only be that NAT device need take publicly-owned address, this mode has reduced taking publicly-owned address significantly, NAT has the transparency in network simultaneously, and is irrelevant with subscriber equipment.Characteristics owing to NAT self in above-mentioned scheme 2 and the scheme 3 make this application that certain limitation be arranged.It below is the case study that the NAT technology is used in public operation Internet.
1. ALG problem
Not all application can both be passed through NAT device smoothly, a lot of use resemble FTP, ICQ, H.323, MGCP etc. comes negotiation data tunnel ip address and port numbers by control channel, their are placed on packet to IP address of the data channel of consulting and port numbers and transmit by its control channel.Therefore must follow the tracks of the message that transmits in these control channels, the IP address that translation data bag the inside is entrained and the information of port numbers, that realize above-mentioned functions is exactly ALG (ALG).Present common broadband multimedia services: as VoIP, Ethernet, Web conference, pay TV, video request program or the like is professional all can't directly pass through NAT, and must could realize address transition by ALG.ALG need realize complicated application layer protocol, and requires to support more application layer protocol example, so ALG may become the bottleneck of network performance.
2. the inner private ownership of external service problem that provide owing to home address, the main frame of extranets can't directly be initiated the visit to inner host's machine, because extranets can't carry out routing forwarding to privately owned destination address IP bag, therefore in in-house network, can't set up the website of external service.Realize of the static state binding of internal server address by NAT device, can realize that two-way NAT makes external host can visit the server of in-house network to publicly-owned address.There are two shortcomings but do like this: the one, because the static binding in server address and total address does not reduce total address and occupies; The 2nd, many higher layer applications are subjected to the restriction of NAT, and are higher to the NAT device performance requirement.
3.NAT performance issue
When NAT device is in metropolitan area network or economizes the exit of net, require NAT device to have higher performance.Be mainly reflected in the performance parameter of three aspects: throughput, the fluxion amount of keeping simultaneously, stream tear down and build speed.Metropolitan area network or province's net export requirement reach 2.5G, and the stream of keeping simultaneously requires to reach more than 1,000,000, and the rate requirement of tearing down and building of stream reaches for 100,000/second.So high performance requirement is that common firewall box can't be realized at present.If the performance of NAT can not satisfy the demands, the performance of user's online will be subjected to very big influence.
If NAT is in the exit position of subzone network,, and need realize address transition by ALG because many broad band value-added services can't directly pass through NAT.Because application layer protocol can't realize by high-speed hardware, so ALG will be the serious bottleneck of value-added service performance, even broad band value-added service can't be carried out, and make the characteristic in broadband metropolitan area network forfeiture broadband.
4, enterprise customer online is through NAT problem repeatedly
If whole metropolitan area network adopts privately owned address, then also can only distribute privately owned address to the enterprise in the metropolitan area, in general enterprises has Intranet address, the privately owned address of the employing planning of oneself, the planning of metropolitan area network address should not influence the address planning of Intranet, therefore enterprise generally can be linked into metropolitan area network by NAT device, and metropolitan area network must could insert Internet by NAT device, causes the enterprise staff online to reduce network performance through twice NAT like this.
In sum, in above-mentioned second kind of scheme, all stream all needs to do the NAT conversion, but because ALG will cause the existence of bottleneck, higher to the performance requirement of NAT; The simultaneously local difficulty of external site for service that provides; Enterprise online will be through twice NAT etc.In above-mentioned the third scheme, community user visit metropolitan area service need be passed through NAT, influences carrying out of broad band value-added service, makes the advantage in broadband networks forfeiture broadband; Need more NAT device, cost is higher, safeguards difficulty.
NAT device is realized the conversion of public network address and private net address in metropolitan area network, the networking plan of its position and combined address is relevant, also needs to solve simultaneously because the problem that NAT brings.
In sum, because IP address resource growing tension, can apply for that in the broadband metropolitan area network construction IP address is very limited, broadband metropolitan area network/province's net has used a large amount of privately owned addresses in building in this case, it is the hybrid network of publicly-owned address and privately owned address, under the networking mode of this combined address, prior NAT equipment can not provide good support at present, at this problem, researcher of the present invention has proposed the combined address solution, and (Coexistent Address Switch Router CASR) satisfies the networking demand that adopts the combined address solution to release the combined address switch router.
Summary of the invention:
Main purpose of the present invention provides the combined address solution of a kind of public affairs/private network IP address.
Another object of the present invention is to provide a kind of combined address router that is used for the combined address solution.
The present invention can be solved in the following way: publicly-owned address and privately owned address are mixed use fully in the local network (metropolitan area network or province's net), do not do address transition between inner publicly-owned address and the privately owned address, the routing device of local network is not distinguished publicly-owned/privately owned address is supported publicly-owned address and privately owned address route simultaneously; Network egress adopts the combined address switch router to carry out address transition, only privately owned address data message is changed the normal routing forwarding of publicly-owned address message; The publicly-owned address of the server-assignment at local data center guarantees that the Internet user beyond local user and this locality can both visit home server, and is not subjected to the restriction of NAT.
The present invention also provides a kind of combined address switch router (CASR) simultaneously, is made up of master control borad, web plate and business board; Internal interface and external interface are business board, and business board provides distributed route disposal ability, realize hardware route querying and forwarding; On existing platform, increase the NAT module being responsible for handling the address transition between public and private net and realizing the ALG function at least; Internal interface is the interface that is connected with local network, is the combined address space, need support VPN route and public network route simultaneously.
The advantage that the present invention manifested is as follows:
1. can realize mixing the NAT under public network/private net address situation, general fire compartment wall can not be realized.
2. can under the situation of existing platform (for example being 8750/8850 platform that Shenzhen Huawei Company is developed) not being made any change, increase the NAT module and get final product, and each NAY module implementation specification requirement can be too not high.
3. the mode of combined address has consumed a large amount of local services and the business of total address, and the NAT performance requirement of unified outlet can suitably be reduced.
4. solve broadband access sub-district/personal user " always online " and take a large amount of address problems, alleviate the not enough pressure of address resource.
5. the personal user with privately owned address visits the metropolitan area service, do not need through NAT, therefore in the metropolitan area scope: VoIP, Ephone, Web conference, pay TV, value-added services such as video request program can not be subjected to the restriction of NAT.
6. server uses public network address in the metropolitan area, and the service to outside internet can be provided, and also is not subjected to the restriction of NAT, need not two DNS﹠amp; The DNS-ALG scheme.
7. enterprise customer's online does not need by twice NAT, and enterprise realizes address transition with the general proxy of employing of outlet, and the metropolitan area outlet is no longer done conversion process to the message of having done address transition.
8. can distribute the IP address unitedly for the little operator in this locality, and not need oneself to consider NAT.
9. adopt the combined address switch router to realize address transition, the switching strategy that can dispose, control is flexibly.Only the part message is changed, performance is higher.
10.CASR the position of equipment is the same with the position of second kind of NAT device, in the local network outlet, the position equally has higher requirements to performance than higher; Thereby CASR is distributed to each module by the NAT module array with the NAT processing and removes to promote overall performance.
Description of drawings:
By description of drawings and in conjunction with later detailed description, can clearly understand the present invention more, in the accompanying drawings:
Fig. 1 is the schematic diagram of prior art of the present invention to second kind of metropolitan area network solution;
Fig. 2 is the schematic diagram of prior art of the present invention to the segmentation scheme of the third metropolitan area network solution;
Fig. 3 is the simple schematic diagram of one of embodiment of combined address solution of the present invention;
Fig. 4 is two the simple schematic diagram of the embodiment of combined address solution of the present invention;
Fig. 5 is the simple schematic diagram of combined address router of the present invention;
Fig. 6 is the IP forwarding handling principle block diagram according to one embodiment of the invention;
Fig. 7 is the modular structure block diagram of business board;
Fig. 8 is the theory diagram that route is handled;
Fig. 9 is that three layers after increase NAT handles are transmitted process charts;
Figure 10 is that the present invention is the NAT plate structure chart of the service processing board of exploitation separately;
Figure 11 is a NAT part forwarding process block diagram;
Figure 12 represents the flow chart that NAT handles:
Figure 13 represents the schematic diagram of software processes and configuring maintenance.
Preferred forms:
So that correctly define difference between the present invention and the prior art, in the present invention, the definition of following speech, implication, abbreviation are as follows in order clearly to define part vocabulary of the present invention:
IP:internet protocol Internet protocol uses IPv4 at present;
The virtual private network of VPN:virtual private network;
NAT:network address translate network address translation;
NAPT:network address port translate network port address transition;
ALG:application 1evel gateway ALG;
CASR:Coexistent Address Switch Router combined address switch router;
Privately owned address and publicly-owned address (Private Address and Public Address):
Privately owned address is meant internal network address, and it is only effective to internal network usually, and public network address is meant the global unique address that distributes by the IP address management organization.In private network, can use public network addresses distributed, but Internet Assigned Number Authority stipulates that following three network addresss keep as privately owned address:
10.0.0.0~10.255.255.255
172.16.0.0~172.31.255.255
192.168.0.0~192.168.255.255
The address of these three networks will not distributed on the internet, can use an enterprises.A suitable network address can be selected according to its oneself network size by each enterprise, and wherein 10.0.0.0/8 is the address of a category-A, and 172.16.0.0/12 has 16 category-B addresses, and 192.168.0.0/24 has 256 C class addresses.The identical network address can be selected by different enterprises, if but select the network address of the non-above-mentioned network segment, may cause the confusion of routing table.Because select the above-mentioned network segment, as long as internal network address is to outdiffusion, still can receive the route of public network, unique because internal network and public network are still when mixing.
Session stream and packet flow:
NAT can be based on session or connection, and the TCP/UDP session can be identified by source IP address, source port number, purpose IP address and destination slogan.ICMP query session can be identified by source IP address, purpose IP address and ICMP query ID.Other can be identified by source IP, purpose IP and protocol type.
Initial (the START OF SESSION) of session:
For TCP, can indicate and discern that first wraps SYN set and not set of ACK by the FLAG in the TCP head, other bag ACK set certainly, whether different with TCP, UDP is connectionless, therefore can only by existing corresponding list item to judge the beginning of session.
The end of session (END OF SESSION):
TCP is after often both sides all can send FIN and confirm back or the monolateral RST of sending when conversation end, but can not be because of receiving that FIN bag just thinks conversation end, because this bag may be lost in transport process, need to retransmit, think conversation end so it is generally acknowledged after detecting 4 minutes.Certainly session also might be interrupted under the unpredictable situation of NAT device, restart as main frame, NAT need remove these useless connections, but whether NAT device can't be distinguished these idle connections and should remove, concerning UDP, can't whether finish by differentiating sessions especially.The method that the NAT of terminating hints obliquely at is as follows: can adopt aging method, to a period of time list item of usefulness not, think conversation end, to TCP, can think several hrs, to UDP, can be a few minutes.
ALG (ALG):
Not all application can both be passed through ONAT equipment smoothly, a lot of use resemble FTP, ICQ, H.323, MGCP etc. comes negotiation data tunnel ip address and port numbers by control channel, their are placed on packet to IP address of the data channel of consulting and port numbers and transmit by its control channel.Therefore must follow the tracks of the message that transmits in these control channels, the IP address that translation data bag the inside is entrained and the information of port numbers, that realize above-mentioned functions is exactly ALG.
Address pool (Address Pool):
When carrying out address transition, can carry out IP address transition (NAT) and also can change (NAPT) according to port numbers.To cause simultaneously the IP address of using very few according to the IP address transition, can not satisfy the demand, so generally all adopt the port numbers conversion regime now for conversion.Because the restriction of range of port number has only 64K at most, a publicly-owned address is often not enough, so the notion in call address pond.Address pool generally is made up of one group of continuous publicly-owned address, and the set of this group address is called address pool.When internal network visit external network, in address pool, select the source address in the alternative IP bag of an external address, when carrying out NAPT, also relate to the replacement of port numbers, can improve the ability of internal network visit external network so greatly.
Because various schemes of the present invention all are based on the NAT realization, so following elder generation simply introduces NAT: address transition is divided two types, that is: the 1. 2. network address one port numbers conversion (NAPT) of base address conversion (NAT).
1. the base address conversion is: distribute the publicly-owned address of some for certain in-house network, but number of addresses is less than the host number of in-house network, in-house network adopts privately owned address, when certain main frame need be with PERCOM peripheral communication, its in-house network address dynamically is mapped on the public network legitimate ip address by NAT device.The number that can depend on this group public network IP address simultaneously with the number of host of PERCOM peripheral communication.
2. the network address one port numbers conversion: realize the mapping between (internal private address, port numbers) to (outside publicly-owned address, port numbers).Because the port numbers of TCP/UDP is 16 bit lengths, space encoder with 64K, but the port numbers quantity that computer uses simultaneously is generally fewer, and therefore the port numbers space of a publicly-owned address just can be mapped to many internal private address and port numbers, the expansion of realization number of addresses.In the Intranet of enterprise, the NAT technology obtains extensive successful Application.When the mid-90, microcomputer extensively adopted the TCR/IP networking, NAT and proxy server technology made Ipv4 hide the not enough crisis of address space for the first time, even make people suspect the necessity of IPv6.But because there are many problems in NAT and agent skill group in public operation Internet, in today of Internet operationization, simple NAT technology can not satisfy the demands, this is because the thought of NAT is a kind of " patch " scheme, a lot of application all can not directly be passed through NAT, need the support of ALG (ALG), as FTP, ICQ/OICQ, VoIP (comprise H.323, MGCP, H.248 wait), SNMP, DNS or the like.The feature of these application comprises: directly session end to end of needs, transmitted IP address/port number etc. in application layer data.In order to overcome the above-mentioned defective that prior art exists, researcher of the present invention has proposed the combined address solution, and releases combined address switch router (CASR) to satisfy the networking demand that adopts the combined address solution.
The principle of combined address solution of the present invention is as follows:
1, publicly-owned address and privately owned address are mixed use fully in the local network (metropolitan area network or province's net), do not do address transition between inner publicly-owned address and the privately owned address, the routing device of local network is not distinguished publicly-owned/privately owned address is supported publicly-owned address and privately owned address route simultaneously; Network egress adopts the combined address switch router to carry out address transition, only privately owned address data message is changed the normal routing forwarding of publicly-owned address message.
2, the address that takies of backbone and content network is limited, but data volume is maximum, uses publicly-owned address can greatly reduce the workload of NAT.
3, broadband access personal user in sub-district usually distributes privately owned address, unifiedly when going out local network is NAT, as individual user's special requirement, needs the visit NAT device unsupported when professional outside the province, also can obtain publicly-owned address by the tunnel dial mode.
4, the enterprise customer distributes publicly-owned address, and enterprises has generally adopted privately owned address to set up in-house network, and inserts Internet by NAT device or acting server (PROXY).Distribute publicly-owned address can not influence the address planning of enterprise to enterprise.Enterprise customer's number is less, but quantity is bigger, can reduce the workload of NAT device by distributing total address.The enterprise customer also can provide server capability, as enterprise's homepage and vpn tunneling etc., distributes total address not limited by NAT.
5, the publicly-owned address of the server-assignment at local data center guarantees that the Internet user beyond local user and this locality can both visit home server, and is not subjected to the restriction of NAT.
6, for bigger city or area, realize that the combined address switch router of nat feature can by reducing the network layer of the equipment of realizing nat feature, realize the distributed address conversion in the convergence-level of network, can improve the performance of address transition.Regional privately owned address or unified addressing, combined address switch router are carried out location conversion selectively according to configured strategy to the data message, guarantee that NAT does not destroy the globality of local network.
It below is description to the embodiment of combined address switch router of the present invention (CASR).
Combined address switch router of the present invention has following function:
1. carry out address transition selectively according to strategy;
2. have automatic load sharing function, the data flow that assurance need be done address transition is evenly distributed;
3. support FTP, SMTP, H.323, multiple ALG such as ICQ;
4. support many office directions address transition;
Combined address switch router of the present invention as shown in Figure 5 is made up of master control borad, web plate and business board, business board provides business interface, can meet Fast Ethernet, gigabit Ethernet and POS, ATM etc., as shown in Figure 5, internal interface and external interface are business board, business board provides distributed route disposal ability, realizes hardware route querying and forwarding.Based on platform of the present invention, increase by one or some NAT modules, the NAT module is responsible for handling the address transition between public and private net, realizes functions such as ALG.
Internal interface is the interface that is connected with local network, is the combined address space, need support VPN route and public network route simultaneously.External interface is connected to ISP/NAP, can be connected on province's net or the net backbone of country.Only there is publicly-owned address in this interface, only safeguards the public network routing iinformation.
Internal interface disposes some strategies, makees the bag of NAT according to strategy identification needs, and directly is forwarded in local network, and source IP is that the data flow of private ip need be NAT simultaneously.Other data flow such as source IP be public network IP or between internal interface the data flow of route then be not NAT and handle.
The accurately configuration of control strategy, the function of increase NAT intermodule equilibrium can make the NAT flow distribute between each NAT module uniformly, realizes the load sharing of NAT, can reduce the performance requirement of monolithic NAT module and realize difficulty.Similar with the load sharing of route, the balance policy of NAT plate can also can be more meticulous traffic classification based on source IP, purpose IP.The strategy that distributes should make NAT transform the phase homogeneous turbulence a NAT resume module, makes flow at each NAT intermodule as far as possible evenly simultaneously.
Internal interface does not need to do the direct routing forwarding of outlet message of NAT to corresponding exit plate.
The packet that external interface receives is only done the routing forwarding of standard, and the bag that need be NAT passes through the destination address routing forwarding to corresponding N AT resume module.Passable mode is, the total IP of in address pool certain distributes to a NAT module, dispose the routing table of all outlet ports plate so, make to have one, make the purpose IP of all data flow of returning from external interface go to handle for this NAT module that is forwarded to of this IP.
Because the load sharing distributed treatment, each NAT module is negative but less, can have enough disposal abilities to realize more ALG, guarantees that inner private net address user can have access to more external service.
Followingly explain one embodiment of the present of invention with reference to Fig. 6-13.
Fig. 6 is that IP transmits the theory diagram of handling, and as shown in Figure 6, the PHY module realizes the function of TCP/IP physical layer, mainly is to finish the desired content of IEEE 802.3 standards for Ethernet for example.The producer of being PHY at present abroad is a lot, and BROADCOM, MARVELL etc. are for example arranged.Two layers of processing module mainly are the link layers of TCP/IP, for its basic function of Ethernet is to realize the desired MAC function of IEEE 802.3 standards, also need to realize the function of two layers of LANSWITCH simultaneously, finish the reception of MAC bag and transmit, deliver three layers of processing after then peeling off the MAC layer for the IP bag of three layers of processing of needs.Because this part belongs to content commonly known in the art, this paper is not further explained.
Three layers of forwarding, traffic classification, MPLS, VPN, ACL module are finished the function more than three layers and three layers of TCP/IP.Transmit part for three layers and mainly finish route querying and IP packet routing function; Traffic classification is mainly finished the differentiation of various flows according to the stream rule list, provide different Q OS to guarantee to make things convenient for various flows; MPLS partly finishes IP and is routed to MPLS FEC mapping, realizes that MPLS transmits; VPN (virtual private network) part realizes IP tunnel function (as VPRN); ACL (Access Control List (ACL)) part realizes the access control of different user.
The CAR scheduler module is finished the function of traffic monitoring, abandons illegal flow; The queue scheduling module realizes the output scheduling between the different priorities formation, and queue scheduling algorithm has SP, WRR etc., is the part of QOS; The function that the descending scheduling module is finished is similar with it.
Switching fabric is the switching network of entire equipment, and the nothing of finishing bag abandons exchange.
Descending package module mainly is responsible for finishing two layers and is sealed dress, finishes two layers of encapsulation of message as the three layers of IP message by searching ARP table or two layers of adjacency list, delivers to corresponding PHY then and does forwarding.
The NAT forwarding process relates generally to business board and NAT processing module.Business board is finished professional access and is transmitted and handle and other functions.The NAT module is finished NAT conversion and and the processing of the special message that cooperates of ALG.
Fig. 7 is the modular structure block diagram of business board.As shown in Figure 7, the PHY module with at a high speed three layers transmit among processing modules (comprising two layer segments) and Fig. 6 identical.ATM physical layer and three layers of forwarding module join with UTOPIA II interface, the ATM physical layer of back and ATM processing module are mainly finished the function of ATM physical layer and ATM layer, realize the function of SAR and the processing of ATM cell, realize based on the traffic shaping of ATM and queue scheduling etc.; High-speed interface is finished string and the conversion of data at High speed rear panel, and caching process partly is used for the bag of buffer memory atm module to High-speed Interface Card; This plate cpu system is finished protocol processes of the control of each module of this plate, initialization, functional configuration and relevant ATM, IP etc.
Fig. 8 is the theory diagram that route is handled.In Fig. 8, the 1st, the software section among the CPU, the 2nd, its hardware components; Black line 3 expression control flows, arrow 4 is represented the hardware bundle forwarding process; FIB storehouse 5 is route forwarding tables of software maintenance, and FIB storehouse 6 is the route forwarding tables in the hardware memory; Route search engine 7 is used to realize the algorithm of searching of routing table; Look-up table 8 is used to obtain the index of fib table item; The effect of searching management maintenance 9 is the consistency that keep software and hardware.Transmit handling processes as shown in Figure 9 for three layers after increase NAT handles.
At first see up processing, judge that through two layers the packet that needs three layers of processing enters three layers of module and does the inspection of IP header, have only by the message of validity checking and do further processing; Then discern this message and whether need to be NAT, at first needing to distinguish this veneer is internal interface or external interface, different processing is arranged, for internal interface, whether according to source, purpose IP identification is that needs are NAT, for source address is that private network range address, destination address are that the packet of public network range address is NAT and is handled, and other messages are done normal IP route querying.To not needing to do the message of NAT, search fib table and obtain to be sent to scheduler module after the information such as outlet information, downstream neighbor information and COS and exchange to switching network.If search less than, if default route arranged then walk default route, otherwise dropping packets and produce the unreachable icmp packet of purpose.Do the message that NAT handles for needs, then continue to be HASH and calculate (can be simply folding XOR) the linear NAT of searching sharing table of acquisition index according to source IP address, which obtain piece NAT module carrying out NAT conversion and relevant forwarding information from sharing table by, and be sent to scheduler module and exchange to this NAT module by switching network and do further processing, handle like this and make each NAT resume module plate be responsible for the address realm of one section private network separately, certainly use other allocation strategy, as increasing destination address etc. again.For external interface, the IP message all need be searched routing table, but route table items is divided into two kinds, a kind of is normal routing forwarding list item, another kind is the NAT public network address, configure interface message for going corresponding N AT module (software arrangements of back will be talked about) for this list item, its purpose of IP message IP address from public network returns of private net address main frame initiation is the NAT public network address like this, search the forwarding information that the fib table acquisition can correspondingly be discerned the NAT module of this message, exchange to this NAT module by switching network.Three layers of route handled work such as also will finishing basic TTL subtracts one, CHECKSUM re-computation.
The business board downlink processing be responsible for finishing come from the incoming interface plate or through the IP message downlink encapsulation work after the NAT conversion, mainly be according to downstream neighbor index search adjacency list.
The present invention be the NAT plate separately the service processing board of exploitation structure as shown in figure 10.Dotted portion is an outgoing interface among the figure, and as the gigabit Ethernet mouth etc., less and when having only an outgoing interface in traffic carrying capacity, monolithic NAT plate is finished the function of NAT module and the function of outgoing interface business board; Perhaps, use under the situations such as principal and subordinate's frame, do not do description here in other situation.The NAT plate is not the single armed disposable plates when having the GE interface, and wherein the NAT processing module is finished the NAT conversion.The major part functional description is as follows, and the switching network functional module is mainly finished adaptive to switching network of NAT forwarding module; The NAT forwarding module realizes that the NAT of the packet of linear speed searches and changes, and can realize by processor Network Based at present; High performance CPU not only need to finish the configuration of this plate and and the function of Master Communications, also need to finish NAT configuration software client functionality, the NAT service end that receives master control is to the NAT modules configured, realize that relevant ALG handles, maintenance and the processing of first message, the distribution of port and the functions such as processing of the IP stack that some are relevant of NAT forwarding module list item, performance requirement is higher.
As shown in figure 10, external interface module (GE) mainly provide external interface, according to the performance of NAT forwarding module, can consider to provide the pos interface of gigabit ethernet interface or 622, also can be pos interface of 2.5G etc.
The NAT forwarding module is finished the NAT conversion that the major function of this plate is promptly wrapped.The hardware searching nat translation table realizes the conversion of bag, then hands over CPU to handle for special control message (as the TCP control flows etc.).The buffer memory that memory cell is used to wrap and the storage of list item.
Switching network IWF module is used to realize the interface of NAT modular converter and switching network, mainly is the format conversion etc. of bag.
The string that high-speed interface is finished data also/and string conversion etc., support High speed rear panel.Other control circuits comprise cpu system, clock circuit, power supply etc., and CPU finishes the support of initialization, configuration, maintenance and the upper-layer protocol of this plate, particularly to the software processes of NAT, and the following list item of joining, remove entries, special ALG realization etc.; Clock circuit provides clock for each module of this plate.
NAT part forwarding process block diagram as shown in figure 11, among Figure 11 the top on rectangle part 21 be software section among the CPU, following rectangle part 22 is a hardware components; Vertical arrows is represented control flow, and horizontal arrow is represented the hardware bundle forwarding process; The set of 23 expression unappropriated IP addresses, NAT address port pond and unappropriated port numbers, then getting a unappropriated port numbers when a new stream need be done the NAT conversion from address port pond 23 flows to this, then distribute since a new IP address when the port number assignment of an IP address is intact, the port numbers from this IP address begins to distribute simultaneously next time; Search algorithm 24 fast and be used for index NAT mapping table 25 fast; The NAT mapping table is placed on hardware components, realizes quick NAT conversion; NAT modular converter 26 is done conversion according to the information that the back of tabling look-up obtains to bag, as the change of part field, the re-computation of CHECKSUM etc.; The main maintenances of being responsible for the NAT mapping table of NAT mapping table management maintenance module 27, the Cheng Sheng of list item and aging etc.; ALG (ALG) 28 is used for the NAT conversion to special control flows message, based on application layer, because the bad realization of hardware is placed on software section and finishes.
In Figure 11, the too fast quick checking of circulating looks for the NAT mapping table to finish address transition for UDP, tcp data.A data flow can be searched and can do the index that HASH calculates the acquisition list item according to the IP five-tuple according to five-tuple (purpose IP address, source, source destination slogan, protocol type).The foundation of list item is based on the stream driving model, gives NAT processing module for first message of data flow, and NAT processing module identification message distributes an address port to give this data flow from nat address pool, and is configured in the corresponding list item.The NAT processing module is also discerned the control flows of special applications layer protocol, gives corresponding ALG and processes.
Process chart as shown in figure 12.At first, the message of delivering to the NAT forwarding module calculates its index search NAT mapping table according to five-tuple HASH, if hit then directly obtain the address port after the conversion and do corresponding conversion, also needs to do again the calculating of CHECKSUM at last; If it is miss then be expressed as first message of this stream, delivering to this plate CPU handles, software is identified as the control message or the data message of particular port according to type of message, if data message, then represent first bag that this message is a data flow, the NAT processing module is distributed address port and is configured to and transmits this message in the NAT mapping table simultaneously., transmit after needing the message of ALG aid in treatment to deliver to corresponding ALG resume module for special control message such as FTP control message etc.ALG processing module and NAT processing module are mainly finished by this plate CPU.
Software processes and configuring maintenance can be referring to Figure 13.The each several part function is as follows among Figure 13.Master control borad NAT config master is responsible for to each veneer NAT configuration (configuring interface board, NAT processing module veneer), safeguards that the distribution of address pool is distributed to the NAT disposable plates with relevant IP address pool, with outgoing interface plate and the binding of NAT disposable plates or the like.NAT configagent is positioned at each interface board and NAT disposable plates, is responsible for receiving configuration and the querying command of master.NAT transmits and handles the conversion with NAT of searching of being responsible for list item, and most of data message is finished the conversion of NAT at this, and this part function is finished in network processing unit; The special control message that can't finish or first message of packet are then delivered to software processes by cpu i/f.NAT process finishes message classification of sending up and identification, and assignment of port numbers generates hardware table item and transmits packet, and the message of NAT process identification particular port is delivered to corresponding ALG resume module.The ALG module is finished the replacement of NAT, as FTP control message, then discern the message of negotiation data message port number information such as PORT, revise the port information in the payload simultaneously, the NAT information that produces corresponding N AT mapping and dispose this data message is in hardware NAT mapping table, so that the data message that comes from ftp server can arrive client by NAT.The configuration of NAT mapping item and deletion:
After software is received the IP datagram literary composition, judge whether control message for particular port, not to judge that then this message initiates or initiate from public network from private network, abandon the message of initiating from public network, from the private network initiation then is first bag of general data message, software distributes an address port to give this data flow from the port pool of idle address, does the NAT conversion and finishes the software forwarding; Dispose the NAT mapping table simultaneously, mapping table need dispose two tables, is called forward NAT table and reverse NAT table, and forward NAT is the data flow of private network side toward the public network side, need be configured to the source address port is done conversion; Oppositely NAT is the data flow of public network side toward private network side, need be configured to the destination address port is done conversion.Message for particular port is then delivered to the ALG module, the ALG module is when transmitting this data flow of processing, also to judge whether that needs consult to generate other TCP or UDP message stream according to the characteristics of application layer protocol separately, need then to dispose corresponding list item to the NAT mapping table according to negotiation result, the list item configuration mode is the same.Software is also supported static configuration.
The NAT mapping table is by software maintenance, and refreshing by ageing timer of NAT list item realizes.Because the element in forward NAT table and the reverse NAT table is an one-to-one relationship, so forward NAT table can be realized refreshing reverse NAT table when refreshing.Ageing timer of software startup, the ageing timer time-out time is T, the timestamp item in NAT table is set as N*T, can be different according to the value of the different N of session, different as UDP session and TCP session N value.After aging overtime, begin to travel through forward NAT table.Traversal forward NAT table obtains the timestamp of list item.For timestamp has been 0 list item, and the expression list item is invalid, needs to discharge corresponding space, and it is invalid that this list item is changed to.Software will be found out corresponding reverse NAT list item and removing according to corresponding destination address in the forward NAT table simultaneously.To timestamp is not that 0 list item subtracts T with its value, and refreshes the timestamp of the list item of forward NAT, does not do removing.When normal data forwarding is carried out the NAT processing, whenever receive the bag of a connection, just need handle the timestamp in the NAT table.If the timestamp value is not N*T and is not 0, it is set to N*T (to session of different nature, as TCP or UDPN value difference).Connect for TCP, N*T can be set to 4 minutes.Because oppositely the existence of HASH list item depends on forward HASH list item, get final product so can only timestamp be set at forward NAT table.

Claims (13)

1. combined address solution, it is characterized in that: publicly-owned address and privately owned address are comprising metropolitan area network or are economizing to mix fully in the local network of netting and use, the routing device of local network is put on an equal footing publicly-owned/privately owned address, supports publicly-owned address and privately owned address route simultaneously; Network egress adopts the combined address switch router to carry out address transition, only privately owned address data message is changed, and publicly-owned address message is by normal routing forwarding.
2. combined address solution according to claim 1 is characterized in that sub-district broadband access personal user adopts privately owned address, and network address translation (nat) is done in unification when going out local network.
3. combined address solution according to claim 1 is characterized in that described personal user needs the accesses network address-translating device unsupported when professional outside the province, adopts the tunnel dial mode to obtain publicly-owned address.
4. combined address solution according to claim 1 is characterized in that the described enterprise customer who has adopted privately owned address to set up in-house network adopts publicly-owned address, and inserts Internet by network address translation apparatus or acting server (PROXY).
5. combined address solution according to claim 1 is characterized in that the server at described local data center adopts the publicly-owned address that can make local user and this locality Internet user in addition visit home server and not be subjected to the network address translation restriction.
6. combined address solution according to claim 1 is characterized in that the combined address switch router of described realization network address translation function is arranged on the convergence-level of network.
7. combined address solution according to claim 1 is characterized in that the network layer of described realization network address translation function equipment realizes the distributed address conversion.
8. combined address switch router, it is characterized in that, comprise external interface processing module, internal interface processing module, network address conversion module and main control module, described internal interface processing module comprises an above internal interface disposable plates, the inter-process module provides the interface that is connected with local network, provide distributed route to handle, support VPN route and public network route simultaneously;
Described external interface processing module comprises an above external interface disposable plates, the external interface processing module provides the interface that is connected with public network, provide distributed route to handle, external interface is connected to public network, only there is publicly-owned address in this interface, only safeguard the public network routing iinformation, the packet that external interface receives is only done the routing forwarding of standard, and the bag that need do network address translation is handled to network address conversion module by the destination address routing forwarding;
Described network address conversion module comprises an above network address translation plate, and the network address translation mould provides the conversion of the network address;
Described main control module provides control and configuration network address transition mode function.
9. combined address switch router according to claim 8, it is characterized in that certain the total IP in address pool distributes to a network address translation plate, dispose the routing table of all external interface disposable plates, make to have one, the purpose IP that makes all data flow of returning from external interface goes to handle for this network address translation plate that is forwarded to of this IP.
10. combined address switch router according to claim 8, it is characterized in that described internal interface module provides configuration interface, and can according to configuration identification needs do the bag of network address translation or not needs make the bag of network address translation, need not to do network address translation for the bag that does not need to do network address translation and handle.
11. combined address switch router according to claim 8 is characterized in that increasing the equilibrium between the network address translation plate, and the network address translation flow is distributed between each network address translation plate equably, shares the load of network address translation.
12. combined address switch router according to claim 10 is characterized in that network address translation is transformed the phase homogeneous turbulence to be handled in a network address translation plate, make flow even between each network address translation plate simultaneously.
13. combined address switch router according to claim 10, it is characterized in that using the firm and hard existing network network of the network address translation address transition of single armed to be distributed in the synchronous problem of situation lower network address transition list item that each exit plate is handled, external interface is only done the route conversion.
CNB011332603A 2001-09-16 2001-09-16 Combined address resolving scheme and combined address route device thereof Expired - Fee Related CN1192552C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB011332603A CN1192552C (en) 2001-09-16 2001-09-16 Combined address resolving scheme and combined address route device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB011332603A CN1192552C (en) 2001-09-16 2001-09-16 Combined address resolving scheme and combined address route device thereof

Publications (2)

Publication Number Publication Date
CN1406026A CN1406026A (en) 2003-03-26
CN1192552C true CN1192552C (en) 2005-03-09

Family

ID=4671661

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB011332603A Expired - Fee Related CN1192552C (en) 2001-09-16 2001-09-16 Combined address resolving scheme and combined address route device thereof

Country Status (1)

Country Link
CN (1) CN1192552C (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100448223C (en) * 2003-05-26 2008-12-31 国际商业机器公司 Method and a transceiver device for transmitting media data via a network
CN100440886C (en) 2003-09-02 2008-12-03 华为技术有限公司 Method for realizing multimedia protocol passing through network address translation device
CN101262502B (en) * 2003-09-02 2011-09-14 华为技术有限公司 Method for realizing multimedia protocol penetration network address conversion device
CN100344199C (en) * 2003-11-19 2007-10-17 华为技术有限公司 System of radio local network mobility management and its method
JP2005198145A (en) * 2004-01-09 2005-07-21 Matsushita Electric Ind Co Ltd Server, access destination data base server and network system
CN101030919B (en) * 2006-03-02 2010-05-12 中兴通讯股份有限公司 Method for converting duplexing interface board address realtime network address
CN101175096B (en) * 2006-11-01 2010-06-02 中国电信股份有限公司 Implementation of expandable IP network based on source routing
CN101047650B (en) * 2007-04-19 2010-09-15 杭州华三通信技术有限公司 Transmission table association method and equipment
CN101436981B (en) * 2007-11-13 2011-12-07 中国电信股份有限公司 Domain name server system of extended IPv4 network
US8972594B2 (en) 2008-02-11 2015-03-03 Microsoft Corporation Media mix wiring protocol for media control
CN104079684B (en) * 2010-05-05 2017-08-25 华为终端有限公司 Data transmission method and system, address acquiring method, terminal device, server
CN102238243B (en) * 2010-05-05 2014-07-09 华为终端有限公司 Data transmission method and system, address access method, terminal device and server
CN102571587B (en) * 2012-01-13 2014-11-12 大唐移动通信设备有限公司 Method and equipment for forwarding messages
CN103795627B (en) * 2012-10-30 2017-08-18 华为技术有限公司 Three layers of local retransmission method and equipment
CN103391335A (en) * 2013-08-01 2013-11-13 北京市翌晨通信技术研究所 Network communication method for accessing to IP private network directly
CN105991460B (en) * 2015-03-02 2019-09-06 杭州迪普科技股份有限公司 Flow load retransmission method, master control borad, business board and the network equipment
CN106302839B (en) * 2015-05-12 2020-06-26 中兴通讯股份有限公司 Internet protocol IP address allocation method and device
CN106532926A (en) * 2015-09-14 2017-03-22 国网天津市电力公司 Firefighting and remote vision integrated framework method
CN110493134B (en) * 2018-05-15 2022-02-25 视联动力信息技术股份有限公司 Method and device for obtaining public network address
CN116232972A (en) * 2022-12-14 2023-06-06 四川天邑康和通信股份有限公司 Proxy router based on service or content
CN116074368B (en) * 2023-04-06 2023-06-09 南京易科腾信息技术有限公司 Network switching device, method, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN1406026A (en) 2003-03-26

Similar Documents

Publication Publication Date Title
CN1192552C (en) Combined address resolving scheme and combined address route device thereof
CN1266913C (en) Tunneling through access network
CN1750576A (en) Access management apparatus, program and remote start-up method of terminal device
CN1787485A (en) Packet forwarding apparatus and communication network
CN1585376A (en) Addressing converting method and mixed addressing converting router for realizing it
CN101064625A (en) Method for managing user side equipment through network address translation gateway
CN1836400A (en) Controlling data link layer elements with network layer elements
CN1863143A (en) Method, system and apparatus for implementing Web server access
CN1946041A (en) VLAN polymerizing method, converging exchanger and system based on ARP detector intercept
CN1976313A (en) High performance router routing protocol distribution parallel realizing method
CN1744563A (en) Method for realizing strate gic route in Ethernet switch
CN1176532C (en) Automatic building method for realizing specific operation maintenance channel in 3G base station
WO2012106935A1 (en) Data communication network configuration method, gateway element and data communication system
CN1866904A (en) Method and apparatus for astringing two layer MAC address
CN101052004A (en) Multicast transmission method based on virtual distribution net in network
CN1297105C (en) Method for implementing multirole main machine based on virtual local network
CN1753411A (en) Improved method for assigning network identifiers using interface identifiers
CN1181655C (en) Data packet transmission method in mobile IP
CN101075964A (en) Method and system for realizing port re-direction by router interface address
CN101047625A (en) Strategy route device and method
CN1691636A (en) Method of flow state establishment
CN210867778U (en) System capable of converting IPv4 and IPv6 addresses
CN1170397C (en) IPV4 network logon layered switching network method
CN1728661A (en) Method for realizing backup and load shared equally based on proxy of address resolution protocol
CN1617508A (en) Service quality strategy conversion device and method

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
DD01 Delivery of document by public notice

Addressee: Huawei Technologies Co., Ltd.

Document name: Notification to Pay the Fees

DD01 Delivery of document by public notice

Addressee: Huawei Technologies Co., Ltd.

Document name: Notification of Termination of Patent Right

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20050309

Termination date: 20150916

EXPY Termination of patent right or utility model