CN111064814B - VxLAN NAT traversal method, system and gateway based on PCP - Google Patents
VxLAN NAT traversal method, system and gateway based on PCP Download PDFInfo
- Publication number
- CN111064814B CN111064814B CN201811199412.7A CN201811199412A CN111064814B CN 111064814 B CN111064814 B CN 111064814B CN 201811199412 A CN201811199412 A CN 201811199412A CN 111064814 B CN111064814 B CN 111064814B
- Authority
- CN
- China
- Prior art keywords
- pcp
- gateway
- nat
- address
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013507 mapping Methods 0.000 claims abstract description 104
- 238000006243 chemical reaction Methods 0.000 claims abstract description 67
- 238000013519 translation Methods 0.000 claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 10
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 14
- 238000010586 diagram Methods 0.000 description 20
- 230000008447 perception Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2589—NAT traversal over a relay server, e.g. traversal using relay for network address translation [TURN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The disclosure provides a method, a system and a gateway for VxLAN NAT traversal based on PCP, relating to the field of convergence service. The method comprises the following steps: the first gateway acquires a PCP server address through a PCP controller, and acquires a public network address and a source port number of a designated destination port after NAT conversion; the second gateway receives the address of the PCP server sent by the PCP controller and acquires a source port number of a specified destination port after NAT conversion; the first gateway initiates a VxLAN tunnel establishment request to the PCP server, so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table, and then sends the VxLAN tunnel establishment request to the second gateway, and VxLAN connection between the first gateway and the second gateway is established. The VxLAN connection between VTEPs can be established, and the transmission path has no revolution, so that the data transmission efficiency is higher.
Description
Technical Field
The present disclosure relates to the field of cloud Network convergence services of data networks, and in particular, to a method, a system, and a gateway for VxLAN (Virtual Extensible LAN) NAT (Network Address Translation) traversal based on PCP (peer Protocol).
Background
The VxLAN is a way for users to realize large-layer and two-layer intercommunication between user sites through a Virtual Private Network (VPN). The special cloud access line means that a user realizes the connection business from the user branch to the cloud end through a physical or virtual special line. The VxLAN cross-domain cloud access special line is a mode of two-layer and three-layer connection from a user site to a cloud, and can provide one-point cloud access and rapid service opening for a user. A user of a VxLAN cross-domain cloud access private line usually obtains an IP address at a gateway (VTEP (VxLAN Tunnel End Point, End Point of VxLAN Tunnel)) first, and has a condition of surfing the internet, and a VxLAN Tunnel is constructed on the basis of the IP address, so as to establish a cross-domain cloud access service. Currently, due to the shortage of IPv4 addresses, user access may be public network addresses or private network addresses.
The VxLAN protocol was invented at the beginning of design for a scenario of large two-layer network interconnection between data centers, in which scenario two ports of VTEP usually do not have NAT/CGN (Carrier-Grade NAT) devices, and therefore, the problem of NAT traversal is not considered in the protocol.
In the prior art, the solution for solving the problem of NAT traversal of VxLAN based on IPSec requires to overlap IPSec tunnels to realize NAT traversal, and has low data encapsulation efficiency and complexity. In addition, a relay server needs to be deployed to maintain the mapping relation among a public network address, a private network address and a VxLAN tunnel based on the scheme of solving the NAT traversal problem of the VxLAN, and in addition, the load of the relay server is high, and traffic is revolutionary.
Disclosure of Invention
One technical problem to be solved by the present disclosure is to provide a method, a system and a gateway for PCP-based VxLAN NAT traversal, which can establish VxLAN connections between VTEPs and have no rotation of transmission paths, so that the data transmission efficiency is higher.
According to one aspect of the disclosure, a PCP-based VxLAN NAT traversal method is provided, which includes: the first gateway acquires the address of a PCP server through a port control protocol PCP controller; the method comprises the steps that a first gateway sends a first PCP request to a PCP server to obtain a public network address and a source port number of a specified destination port after NAT (network address translation), wherein the PCP server establishes a first gateway NAT mapping table; the second gateway receives the address of the PCP server sent by the PCP controller, sends a second PCP request to the PCP server and obtains a source port number of a specified destination port after NAT conversion, wherein the PCP server establishes a second gateway NAT mapping table; the first gateway initiates a VxLAN tunnel establishment request to the PCP server, so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table, and then sends the VxLAN tunnel establishment request to the second gateway, and VxLAN connection between the first gateway and the second gateway is established.
Optionally, the method further comprises: the first gateway acquires a user access IP address and second gateway information through an access server; the first gateway sends the IP address of the second gateway to the PCP controller.
Optionally, the first gateway or the second gateway receives an address of a designated PCP server sent by the PCP controller, where each PCP server reports its own load condition to the PCP controller, so that the PCP controller selects a corresponding PCP server according to the load condition of the PCP server.
Optionally, the first gateway NAT mapping table includes a mapping relationship after NAT conversion between a source address and a source address of the first gateway, a mapping relationship after NAT conversion between a destination address and a destination address, a mapping relationship after NAT conversion between a source port and a source port, and a mapping relationship after NAT conversion between a destination port and a destination port; the second gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the second gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port.
Optionally, the first gateway NAT mapping table and the second gateway NAT mapping table are established based on the extended PCP.
Optionally, the extended PCP includes an internal destination port field and an allocation destination port field.
According to another aspect of the present disclosure, there is also provided a gateway, including: the PCP server address receiving unit is used for acquiring a PCP server address through a Port Control Protocol (PCP) controller; a port obtaining unit, configured to send a first PCP request to a PCP server, obtain a public network address and a source port number of a specified destination port after NAT conversion by network address translation, or send a second PCP request to the PCP server, obtain a source port number of the specified destination port after NAT conversion, where the PCP server establishes a first gateway NAT mapping table and a second gateway NAT mapping table; and the tunnel establishing unit is used for initiating a VxLAN tunnel establishing request to the PCP server so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table, and then sends the VxLAN tunnel establishing request to the second gateway so as to establish VxLAN connection between the first gateway and the second gateway.
Optionally, the gateway further comprises: the information receiving unit is used for acquiring a user access IP address and second gateway information through the access server; and the IP address sending unit is used for sending the IP address of the second gateway to the PCP controller.
Optionally, the PCP server address receiving unit is configured to receive a designated PCP server address sent by the PCP controller, where each PCP server reports its own load condition to the PCP controller, so that the PCP controller selects a corresponding PCP server according to the load condition of the PCP server.
Optionally, the first gateway NAT mapping table includes a mapping relationship after NAT conversion between a source address and a source address of the first gateway, a mapping relationship after NAT conversion between a destination address and a destination address, a mapping relationship after NAT conversion between a source port and a source port, and a mapping relationship after NAT conversion between a destination port and a destination port; the second gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the second gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port.
Optionally, the first gateway NAT mapping table and the second gateway NAT mapping table are established based on the extended PCP.
Optionally, the extended PCP includes an internal destination port field and an allocation destination port field.
According to another aspect of the present disclosure, there is also provided a gateway, including: a memory; and a processor coupled to the memory, the processor configured to perform the method for PCP-based VxLAN NAT traversal as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, a system for PCP-based VxLAN NAT traversal is also presented, comprising: a gateway; the PCP server is used for sending a public network address and a source port number of a specified destination port after NAT conversion to the gateway; and a PCP controller for transmitting the PCP server address to the gateway.
Optionally, the PCP server is further configured to send a self-load condition to the PCP controller; the PCP controller is also used for collecting the PCP server list and the load condition of each PCP server, and selecting the corresponding PCP server according to the load condition of the PCP server.
According to another aspect of the disclosure, a computer-readable storage medium is also proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of the above-described method for PCP-based VxLAN NAT traversal.
Compared with the prior art, the address and port perception of the NAT equipment is realized by combining the PCP, so that VxLAN connection between VTEPs can be established, and a transmission path has no revolution, so that the data transmission efficiency is higher.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a schematic flow chart diagram illustrating an embodiment of the disclosed PCP-based VxLAN NAT traversal method.
Fig. 2 is a schematic flow chart diagram illustrating another embodiment of the disclosed PCP-based VxLAN NAT traversal method.
Fig. 3 is a field of the original PCP.
Fig. 4 is a field extended to the original PCP by the present disclosure.
Fig. 5 is a schematic structural diagram of an embodiment of a gateway according to the present disclosure.
Fig. 6 is a schematic structural diagram of another embodiment of the gateway of the present disclosure.
Fig. 7 is a schematic structural diagram of a gateway according to still another embodiment of the present disclosure.
Fig. 8 is a schematic structural diagram of a gateway according to another embodiment of the present disclosure.
Fig. 9 is a schematic structural diagram of an embodiment of the disclosed system for PCP-based VxLAN NAT traversal.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a schematic flow chart diagram illustrating an embodiment of the disclosed PCP-based VxLAN NAT traversal method.
At step 110, the first gateway obtains the PCP server address through the PCP controller. The gateway is, for example, a VTEP, and the PCP server is a NAT device or a CGN device.
In step 120, the first gateway sends a first PCP request to the PCP server to obtain a public network address and a source port number of the designated destination port after being translated by the NAT, wherein the PCP server establishes a first gateway NAT mapping table. The content in the first gateway NAT mapping table includes a mapping relationship after the NAT conversion between the source address and the source address of the first gateway, a mapping relationship after the NAT conversion between the destination address and the destination address, a mapping relationship after the NAT conversion between the source port and the source port, and a mapping relationship after the NAT conversion between the destination port and the destination port.
In step 130, the second gateway receives the PCP server address sent by the PCP controller. The second gateway may be a cloud gateway, i.e. a cloud VTEP.
In step 140, the second gateway sends a second PCP request to the PCP server to obtain the source port number of the specified destination port after NAT translation, wherein the PCP server establishes a second gateway NAT mapping table. The second gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the second gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port.
In step 150, the first gateway initiates a request for establishing a VxLAN tunnel to the PCP server, so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table, and then sends the request for establishing the VxLAN tunnel to the second gateway, thereby establishing VxLAN connection between the first gateway and the second gateway.
In the embodiment, address and port perception of the NAT device is realized by combining PCP, so that VxLAN connection between VTEPs can be established, and a transmission path has no revolution, so that the data transmission efficiency is higher.
Fig. 2 is a schematic flow chart diagram illustrating another embodiment of the disclosed PCP-based VxLAN NAT traversal method.
In step 210, the first VTEP obtains the user access IP address and the second VTEP information through the access server. Wherein, the second VTEP is the opposite VTEP of the first VTEP, and the second VTEP information comprises the IP address of the second VTEP.
In step 220, if the user obtains the private address, the first VTEP obtains the PCP server address accessed by the user through the PCP controller, and sends the IP address of the second VTEP to the PCP controller. For example, a PCP controller interface module is added in the VTEP, and contacts with the PCP controller to obtain the designated PCP server interface address, and a PCP client interface module is added in the PCP controller to inform the PCP client of the PCP server address.
In one embodiment, a PCP controller interface module may be added to the NAT device, and the PCP server reports the NAT load to the PCP controller through the PCP controller interface at a fixed time or when a certain threshold is exceeded. If there are a plurality of PCP servers, the PCP controller selects a corresponding PCP server according to the load condition of each PCP server, and transmits the address of the selected PCP server to the VTEP. The PCP server interface module can be added in the PCP controller, a PCP server side PCP list and load conditions are collected, and a PCP server list module is newly added in the PCP controller and used for maintaining the PCP server list.
In step 230, the first VTEP initiates a PCP request to the PCP server to obtain the NAT-translated public network address and source port number that specify the destination port as 4789. For example, a PCP client module is newly added in the VTEP, and is used for contacting a PCP server to obtain a public network address and a source port number after NAT conversion; and a PCP server module is additionally arranged in the NAT equipment and is used for communicating with the NAT module to obtain the public network address and the port after NAT conversion and informing the PCP client. The PCP message content in the PCP request includes the source address, destination address, source port, destination port information, etc. of the first VTEP.
At step 240, the PCP server establishes a first VTEP NAT mapping table. Wherein, the first vteptnat mapping table is shown in table 1, for example.
| Source address before translation: 10.0.0.1 | Translated source address: 200.0.0.2 |
| Destination address before translation: 205.0.0.1 | The translated destination address: 205.0.0.1 |
| Translation front source port: 2102 | The source port after conversion: 1956 |
| Destination port before conversion: 4789 | The converted destination port: 4789 |
| And session identification: 10 |
TABLE 1
At step 250, the PCP controller sends the PCP server address to the second VTEP. I.e. informs that the second VTEP may initiate a PCP request.
In step 260, the second VTEP initiates a PCP request to the PCP server to obtain the NAT-translated source port number specifying destination port 4789. The PCP message content in the PCP request includes a source address, a destination address, a source port, destination port information, and the like of the second VTEP.
At step 270, the PCP controller establishes a second vteptnat mapping table. Wherein the second vteptnat mapping table is shown in table 2, for example.
| Source address before translation: 205.0.0.1 | Translated source address: 205.0.0.1 |
| Destination address before translation: 200.0.0.2 | The translated destination address: 200.0.0.2 |
| Translation front source port: 2102 | ConversionA back source port: 2456? |
| Destination port before conversion: 1956 | The converted destination port: 4789 |
| And session identification: 10 |
TABLE 2
In one embodiment, a first VTEP NAT mapping table and a second VTEP NAT mapping table are established based on the extended PCP. The extended PCP includes an Internal destination Port (Internal Dest Port) field and an Assigned destination Port (Assigned Dest Port) field. For example, as shown in fig. 3 and 4, field expansion is performed on the basis of the original PCP to support conversion of a destination port, so that the method is suitable for the VxLAN bidirectional tunnel mode.
At step 280, the first VTEP initiates a request to the PCP server to establish a VxLAN tunnel.
In step 290, the PCP server looks up the NAT mapping table for NAT translation.
At step 2100, the PCP server sends a request to establish a VxLAN tunnel to the second VTEP, thereby establishing a VxLAN connection between the first VTEP and the second VTEP.
For a scenario that the NAT device is enabled in the operator network, because the NAT device is usually deployed by the operator, in this embodiment, the PCP is extended to realize the perception of the address and the port of the NAT device, and further solve the problem of NAT traversal of the VxLAN, and there is no need to overlap the IPSec protocol, and there is no need to add a relay server to perform path traversal, so that the transmission path does not have traversal, and thus the data transmission efficiency is improved. In addition, the PCP is a UDP lightweight protocol, so that the realization cost is lower. If the second gateway is a cloud gateway, the embodiment can realize quick opening of the VxLAN special line for entering the cloud.
Fig. 5 is a schematic structural diagram of an embodiment of a gateway according to the present disclosure. The gateway is a VTEP, and includes a PCP server address receiving unit 510, a port obtaining unit 520, and a tunnel establishing unit 530.
The PCP server address receiving unit 510 is configured to obtain a PCP server address through a PCP controller; the PCP server is NAT equipment or CGN equipment.
The port obtaining unit 520 is configured to send a first PCP request to the PCP server to obtain the public network address and the source port number of the specified destination port after being translated by the NAT, or send a second PCP request to the PCP server to obtain the source port number of the specified destination port after being translated by the NAT,
the PCP server establishes a first gateway NAT mapping table and a second gateway NAT mapping table. The content in the first gateway NAT mapping table includes a mapping relationship after the NAT conversion between the source address and the source address of the first gateway, a mapping relationship after the NAT conversion between the destination address and the destination address, a mapping relationship after the NAT conversion between the source port and the source port, and a mapping relationship after the NAT conversion between the destination port and the destination port. The second gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the second gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port. Wherein the first gateway NAT mapping table and the second gateway NAT mapping table may be established based on the extended PCP. The extended PCP includes an internal destination port field and an allocation destination port field.
The tunnel establishing unit 530 is configured to initiate a request for establishing a VxLAN tunnel to the PCP server, so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table, and then sends the request for establishing the VxLAN tunnel to the second gateway, thereby establishing VxLAN connection between the first gateway and the second gateway.
In the embodiment, address and port perception of the NAT device is realized by combining PCP, so that VxLAN connection between VTEPs can be established, and a transmission path has no revolution, so that the data transmission efficiency is higher.
In another embodiment of the present disclosure, as shown in fig. 6, the gateway may further include an information receiving unit 610 and an IP address transmitting unit 620.
The information receiving unit 610 is configured to obtain the user access IP address and the second gateway information through the access server.
The IP address sending unit 620 is configured to send the IP address of the second gateway to the PCP controller.
The PCP server address receiving unit 510 is configured to receive a designated PCP server address sent by the PCP controller. If there are a plurality of PCP servers, the PCP controller selects a corresponding PCP server according to the load status of each PCP server, and transmits the selected PCP server address to the PCP server address receiving unit 510.
In the above embodiment, the PCP is expanded to realize the perception of the address and the port of the NAT device, thereby solving the NAT traversal problem of the VxLAN.
Fig. 7 is a schematic structural diagram of a gateway according to still another embodiment of the present disclosure. The gateway includes a memory 710 and a processor 720. Wherein: the memory 710 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory 710 is used for storing instructions in the embodiments corresponding to fig. 1 and 2. Processor 720, coupled to memory 710, may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 720 is configured to execute instructions stored in the memory.
In one embodiment, as also shown in fig. 8, the gateway 800 includes a memory 810 and a processor 820. The processor 820 is coupled to the memory 810 by a BUS 830. The gateway 800 may also be coupled to an external storage device 850 via a storage interface 840 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 860, which will not be described in detail herein.
In this embodiment, the VxLAN connection between VTEPs can be established by storing data instructions in the memory and processing the instructions by the processor, and the transfer path is free from revolution, so that the data transfer efficiency is higher.
Fig. 9 is a schematic structural diagram of an embodiment of the disclosed system for PCP-based VxLAN NAT traversal. The system includes a gateway 910, a PCP server 920, and a PCP controller 930.
The number of the gateways 910 may be two or more, specifically, may be VTEP, and in one embodiment, a PCP client module and a PCP controller interface module may be added to an original VTEP. The PCP client module contacts the PCP server 920 to obtain the public network address and the source port number after the NAT conversion; the PCP controller interface module, in contact with the PCP controller 930, obtains the designated PCP server interface address.
The PCP server 920 is configured to send the public network address and the source port number of the specified destination port after NAT conversion to the gateway 910, and also send the self load condition to the PCP controller 930. The PCP server may be a NAT device or a CGN device. In one embodiment, a PCP client interface module may be added to the NAT device or the CGN device to inform the PCP client of the PCP server address. A PCP controller interface may be added for reporting the NAT load to the PCP controller 930 at regular time or when a certain threshold is exceeded.
The PCP controller 930 is configured to send the PCP server address to the gateway 910, and is further configured to collect the PCP server 920 list and the load of each PCP server, and select a corresponding PCP server according to the load of the PCP server. In one embodiment, a PCP client interface module is added on the basis of the original PCP controller, and is used for informing the PCP client of the PCP server address; and the newly added PCP server interface module is used for collecting a PCP list and a load condition of the PCP server side, and the newly added PCP server list module is used for maintaining the PCP server list in the PCP controller.
In the embodiment, the problem of NAT traversal of VxLAN can be solved, an IPSec protocol does not need to be superposed, and a relay server does not need to be added for path rotation, so that a transmission path does not rotate, and the data transmission efficiency is improved. In addition, the VxLAN bidirectional tunnel mode can be realized by upgrading the CGN equipment, and network deployment and implementation are facilitated.
In another embodiment, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiments of fig. 1, 2. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (16)
1. A method for virtual extensible local area network VxLAN network address translation NAT traversal based on a port control protocol PCP comprises the following steps:
the first gateway acquires the address of the PCP server through the PCP controller;
the first gateway sends a first PCP request to the PCP server to obtain a public network address and a source port number of a specified destination port after NAT conversion, wherein the PCP server establishes a first gateway NAT mapping table;
the second gateway receives the address of the PCP server sent by the PCP controller, sends a second PCP request to the PCP server and obtains a source port number of a specified destination port after NAT conversion, wherein the PCP server establishes a second gateway NAT mapping table;
and the first gateway initiates a VxLAN tunnel establishment request to the PCP server so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table and then sends the VxLAN tunnel establishment request to the second gateway, thereby establishing VxLAN connection between the first gateway and the second gateway.
2. The PCP-based VxLAN NAT traversal method of claim 1, further comprising:
the first gateway acquires a user access IP address and second gateway information through an access server;
the first gateway sends the IP address of the second gateway to a PCP controller.
3. The PCP-based VxLAN NAT traversal method of claim 1,
and the first gateway or the second gateway receives a designated PCP server address sent by the PCP controller, wherein each PCP server reports the load condition of the PCP server to the PCP controller, so that the PCP controller selects the corresponding PCP server according to the load condition of the PCP server.
4. The PCP-based VxLAN NAT traversal method of claim 1,
the first gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the first gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port;
the second gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the second gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port.
5. The PCP-based VxLAN NAT traversal method of any one of claims 1-4,
and establishing the first gateway NAT mapping table and the second gateway NAT mapping table based on the expanded PCP.
6. The PCP-based VxLAN NAT traversal method of claim 5, wherein,
the extended PCP includes an internal destination port field and an allocation destination port field.
7. A gateway, comprising:
the PCP server address receiving unit is used for acquiring a PCP server address through a Port Control Protocol (PCP) controller;
a port obtaining unit, configured to send a first PCP request to the PCP server, obtain a public network address and a source port number of a specified destination port after NAT conversion, or send a second PCP request to the PCP server, obtain a source port number of a specified destination port after NAT conversion, where the PCP server establishes a first gateway NAT mapping table and a second gateway NAT mapping table;
and the tunnel establishing unit is used for initiating a VxLAN tunnel establishing request to the PCP server so that the PCP server performs destination port NAT address translation through the first gateway NAT mapping table and the second gateway NAT mapping table and then sends the VxLAN tunnel establishing request to the second gateway, thereby establishing VxLAN connection between the first gateway and the second gateway.
8. The gateway of claim 7, further comprising:
the information receiving unit is used for acquiring a user access IP address and second gateway information through the access server;
an IP address sending unit, configured to send the IP address of the second gateway to the PCP controller.
9. The gateway of claim 7, wherein,
the PCP server address receiving unit is configured to receive a designated PCP server address sent by the PCP controller, where each PCP server reports a load condition of itself to the PCP controller, so that the PCP controller selects a corresponding PCP server according to the load condition of the PCP server.
10. The gateway of claim 7, wherein,
the first gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the first gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port;
the second gateway NAT mapping table comprises a mapping relation after the NAT conversion of a source address and a source address of the second gateway, a mapping relation after the NAT conversion of a destination address and a destination address, a mapping relation after the NAT conversion of a source port and a source port, and a mapping relation after the NAT conversion of a destination port and a destination port.
11. The gateway according to any of claims 7-10,
and establishing the first gateway NAT mapping table and the second gateway NAT mapping table based on the expanded PCP.
12. The gateway of claim 11, wherein,
the extended PCP includes an internal destination port field and an allocation destination port field.
13. A gateway, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of PCP-based VxLAN NAT traversal of any of claims 1-6 based on instructions stored in the memory.
14. A system for virtual extensible local area network VxLAN network address translation NAT traversal based on a port control protocol PCP comprises:
the gateway of any of claims 7-13;
the PCP server is used for sending a public network address and a source port number of a specified destination port after NAT conversion to the gateway; and
a PCP controller for sending a PCP server address to the gateway.
15. The system for PCP-based VxLAN NAT traversal of claim 14, wherein,
the PCP server is also used for sending the self load condition to the PCP controller;
the PCP controller is also used for collecting the PCP server list and the load condition of each PCP server, and selecting the corresponding PCP server according to the load condition of the PCP server.
16. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of PCP-based VxLAN NAT traversal of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811199412.7A CN111064814B (en) | 2018-10-16 | 2018-10-16 | VxLAN NAT traversal method, system and gateway based on PCP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811199412.7A CN111064814B (en) | 2018-10-16 | 2018-10-16 | VxLAN NAT traversal method, system and gateway based on PCP |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111064814A CN111064814A (en) | 2020-04-24 |
| CN111064814B true CN111064814B (en) | 2022-01-04 |
Family
ID=70296245
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811199412.7A Active CN111064814B (en) | 2018-10-16 | 2018-10-16 | VxLAN NAT traversal method, system and gateway based on PCP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111064814B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259435B (en) * | 2021-05-13 | 2022-07-12 | 上海巨印科技有限公司 | Data transmission method and system for radiation measuring instrument |
| CN113472625B (en) * | 2021-06-29 | 2022-11-25 | 中国电信股份有限公司 | Transparent bridging method, system, equipment and storage medium based on mobile internet |
| CN120091002B (en) * | 2025-04-28 | 2025-07-25 | 深圳鼎信通达股份有限公司 | Channel negotiation method, device and storage medium based on relay agent |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103167195B (en) * | 2013-04-10 | 2016-01-20 | 烽火通信科技股份有限公司 | A kind of communication system supporting VOIP and the PSTN network integration |
| US9577927B2 (en) * | 2014-06-30 | 2017-02-21 | Nicira, Inc. | Encoding control plane information in transport protocol source port field and applications thereof in network virtualization |
| CN106998347A (en) * | 2016-01-26 | 2017-08-01 | 中兴通讯股份有限公司 | The apparatus and method of server virtualization network share |
| US9948482B2 (en) * | 2016-04-27 | 2018-04-17 | Cavium, Inc. | Apparatus and method for enabling flexible key in a network switch |
| US10419239B2 (en) * | 2016-12-20 | 2019-09-17 | Dell Products, Lp | Switch dependent teaming for high availability of virtual network functions |
-
2018
- 2018-10-16 CN CN201811199412.7A patent/CN111064814B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111064814A (en) | 2020-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107819677B (en) | Message forwarding method and device | |
| JP7023989B2 (en) | Generating transfer entries | |
| CN105281942B (en) | A network device and method for sending BGP information | |
| CN103491053A (en) | UDP load balancing method, UDP load balancing system and UDP load balancing device | |
| US20220345331A1 (en) | Two-layer private line network system, configuration method, and device | |
| CN111064814B (en) | VxLAN NAT traversal method, system and gateway based on PCP | |
| CN107306215B (en) | A data processing method, system and node | |
| CN107547665B (en) | Method, equipment and system for allocating DHCP (dynamic host configuration protocol) address | |
| CN110460641A (en) | Data transmission method, apparatus and system | |
| CN109274588A (en) | IP message processing method and device | |
| CN103986638A (en) | Method and device for binding multiple public network links for ADVPN tunnel | |
| JP2019519146A (en) | Routing establishment, packet transmission | |
| CN106656843A (en) | Load sharing method and related device | |
| CN104780232A (en) | A resource allocating method, controller and system | |
| US9584340B2 (en) | Data center networks | |
| CN106656596B (en) | SNMP network management and device based on Dynamic Host Configuration Protocol server | |
| CN105657078B (en) | A kind of data transmission method, device and multitiered network manager | |
| CN114553707B (en) | Method and device for generating topology information of network and delimiting network faults | |
| US11683275B2 (en) | Device and method for interconnecting two subnetworks | |
| CN107113230B (en) | Method, equipment and system for determining Generic Routing Encapsulation (GRE) tunnel identifier | |
| CN109218459A (en) | Conversion between Internet Protocols | |
| TWI504213B (en) | Method for address translator traversal in 3gpp networks | |
| CN104168132A (en) | Fault diagnosis method, equipment and system | |
| CN110391984B (en) | Message forwarding method and device | |
| CN109218157B (en) | Data processing method, device and system of virtual private network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |