Summary of the invention
The purpose of this invention is to provide a kind of IPV9/IPV4NAT router.
IPV9/IPV4NAT router domain name gateway, file transfer gateway, route be attempted by use with transport layer interface on after be connected in series with transport layer, agreement, address translation manager successively, the dynamically mapping of IPV9 protocol stack, static state, protocol translator, IPV4 protocol stack are attempted by on the address translation manager, static dynamically mapping, protocol translator are attempted by on the address pool, IPV9 protocol stack, IPV4 protocol stack are attempted by network interface, network interface, protocol translator and IPV9 protocol stack join, and subscriber administration interface and route and address pool are joined.
Advantage of the present invention is:
1) the NAT router is positioned at inner private network and outside worker nternet adjoining position, between the two ends of communication, realizes the protocol address translation pellucidly, has realized the proper communication of in-house network IPv9, IPv4 main frame and exterior I nternet;
2) introducing of NAT router, make IPv9 experimental network and IPv4 private network be that basic Internet backbone network interconnects with the IPv4 agreement at present, solved IPv9, IPV4 private network and Internet communication issue, and the communication issue between the transition stage different agreement.To play a role in promoting to successfully carrying out the transition to next generation network;
3) realize IPV9/IPV4 mixing private network agreement, address, the port bi-directional conversion of (or claiming private network).Realize realization border, limit route;
4) realize that the IPV4 private network connects conversion to the address of public network.Make the IPV4 net obtain safeguard protection.Visit wall with flues as the IP address filtering.
Embodiment
IPV9/IPV4NAT router domain name gateway 1, file transfer gateway 2, route 14 be attempted by use with transport layer interface 3 on after successively with transport layer 4, agreement, address translation manager 5 serial connections, IPV9 protocol stack 6, static dynamically mapping 7, protocol translator 8, IPV4 protocol stack 9 is attempted by on the address translation manager 5, static dynamically mapping 7, protocol translator 8 is attempted by on the address pool 10, IPV9 protocol stack 6, IPV4 protocol stack 9 is attempted by network interface 12, network interface 13, protocol translator 8 is joined with IPV9 protocol stack 6, and subscriber administration interface 11 joins with route 14 and address pool 10.
As shown in Figure 1, among the figure
1) domain name gateway (DNS-ALG): finish inquiry of the domain name, address, protocol conversion etc.
2) file transfer gateway (FTP-ALG): finish address, protocol conversion of file transfer etc.
3) use and transport layer interface (SOCKET layer): the interface of realizing application layer and TCP/UDP layer;
4) transport layer (TCP/UDP layer): finish transport layer association translation function,
5) agreement, address translation manager (Ipv9/IPv4 Translation Manager): the Task Distribution of management 21 and 22 modules etc.;
6) IPV9 protocol stack: realize IP version 9 protocol functions;
7) dynamically mapping:, carry out the dynamic mapping function in address by NA (P) T-PT Ipv9/IPv4 mapping table;
8) protocol translator: realize ICMP4 and ICMP9 between IPv4 and Ipv9 agreement, IP4 and IP9 address and packet header translation function;
9) IPV4 protocol stack; Realize IP version 4 protocol functions;
10) address pool: IPV4, ground, IPV9 address, dynamic, static address conversion is realized in maintenance system IPv4, IPV9 address;
11) subscriber administration interface: static state, dynamic address and port are configured, route is configured.
12), 13) network interface layer (data link and physical layer).
14) route: realize the border routing function.
As shown in Figure 2, the present invention uses realization network is divided into three zones: 1) .15,16 forms the public network zones; 2) .21,22,23,24 forms private network zone private.com; 3) .17,18,19,20 forms outer web area external.com.
Public network 15,16 regions are global I PV4 address space, and 15 is the root dns server, and 16 is the IPV4 public network.
The address space of private network (21,22,23,24) adopts Ipv9, and so the privately owned address of IPV4 is the still not directly visit concerning public network (outer net) of the address of this private network.22,23 is the IPV9 main frame.Main frame 22 addresses are to use IPV9 address 1015[6] 100/32, domain name is 22.private.com, 24 is the dns server in private.com territory, can explain the IPV9 or the IPV4 domain host address in this territory.
17,18,19,20 is external.com. domain addresses space, is made as the IPV4 main frame and constitutes, and 18,19 is the IPV4 main frame.The public network address that use main frame 18 addresses is 171.68.10.1, and domain name is 18.external.com..20 is the dns server in external.com. territory, can explain the IPV4 domain host address in this territory.
17,21 is the IPV9NAT router, integrated encapsulation/deblocking, two-way NAT and DNS_ALG, FTP_ALOG function.IPV9, IPV4 address pool are provided.20, the 24th, the dns server in privately owned territory is realized the static address mapping by IPV9 NAT_ router and IPV4 public network zone 15,16.
Communication operation principle procedure declaration:
Next coming in order illustrate between each territory main frame how to realize communication, relate to technology such as encapsulation/deblocking, NAT, DNS_ALG therebetween.
A.IPV9 main frame 22 is initiated the course of work of communication to IPV4 main frame 18: IPV9 host's machine 22 visit outer net IPV4 main frames 18
1) main frame 22 sends the inquiry of the domain name message based on UDP, to the IP address of 24 nslookup 18.External.com correspondences.
2) local domain name server 24 is inquired about to root name server 15 by 21, and the source address of query message is 171.68.2.1 (this address is the IP of local domain name server 24), and destination address is 11.1.1.1.21NAT changes the address of IP and UDP heading.Source address becomes 131.108.1.8, and destination address is constant.DNS_ALG does not revise message load.
3) 15 indications 24 of root dns server are to 20 inquiries.Provided 20 public network address 171.68.1.1 in the response message.When this message passed through 21,21NAT changed the destination address in IP and the UDP header: become 171.68.2.1 by 131.108.1.8, address 11.1.1.1 is constant in the source.
In addition, the NDS_ALG on 21 will replace 20 the IP public network address 171.68.1.1 that provides in the response message.It is that 171.68.1.1 distributes a privately owned address that DNS_ALG at first requires NAT, is assumed to be 10.10.1.1.DNS_ALG replaces with 10.10.1.1 to the 171.68.1.1 in the DNS message load then.
4) sample, 24 20 the addresses of knowing are 10.10.1.1.24 IP addresses to 20 inquiry 18.External.com.The worker P source address of request message is 171.68.2.1, destination address 10.10.1.1.After message was through 21 NAT conversion, source address became 131.108.1.8, and destination address becomes 171.68.1.1.
DNS_ALG does not revise the DNS message load.
5) 0 pair of inquiry is made and being replied, and provides the IP address 171.68.10.1 of 18.External.com.When replying through 21 the time, NAT makes corresponding conversion to IP and UDP header: source address becomes 10.10.1.1 by 171.68.1.1, and destination address becomes 171.68.2.1 by 131.108.1.8.
It is home address of 171.68.10.1 mapping that DNS_ALG then asks NAT, is assumed to be 10.11.1.2.DNS_ALG replaces with 10.11.1.2 with the address of 18.External.com in the response message.
6) 24 pairs of main frames 22 are made and being replied.The address that provides 18.External.com is 10.11.1.2.
7) session of main frame 22 initiations and main frame 18.The source address of message is 1015[6] 100/32, destination address 10.11.1.2.When through 21 the time, NAT is home address 1015[6] public network address of 100/32 mapping, be assumed to be 131.108.1.17.
And the address of conversion header: source address becomes 131.108.1.17, and destination address becomes 171.68.10.1.At this moment, NAT is that main frame 22 and main frame 18 have been set up map addresses respectively.22,18 in main frame is set up communication.
Address mapping table during table 1. once connects
Main frame | Home address | Public network address |
22 | ?1015[6]100/32 | (131.108.1.17 pooled NAT) |
18 | (10.11.1.2 pooled NAT) | 171.68.10.1 |
24 | ?171.68.2.1 | (131.108.1.8 static NAT) |
20 | (10.10.1.1 pooled NAT) | 171.68.1.1 |
B. main frame 18 is initiated the step of communication process to main frame 22: outer net 18 host access intranet hosts 22
1) 18 IP addresses to name server 20 inquiry 22.Private.com correspondences.
2) 20 turn to root name server 15 inquiries.15 reply, and indication 20 is to 24 inquiries.Provide 24 public network address 131.108.1.8 in the response message.
3) 0 IP address to 24 inquiry 22.Private.com.Destination address in the IP head of request message is 24 public network address 131.108.1.8, and the address, source is 20 public network address 171.68.10.1.During through NAT router two 1, NAT is according to being 24 static mappings that are provided with, and destination address replaces with 171.68.2.1; Simultaneously NAT is the home address of a mapping of public network address 171.68.1.1 application of 20, is assumed to be 10.10.1.1, and the address, source of replacing heading then is 10.10.1.1.
4) 4 pairs of inquiries are made and being replied, and provide 22 IP address 1015[6] 100/32.When replying through 21 the time, NAT does conversion to IP header address: source address becomes 131.108.1.8 by .171.68.2.1, and destination address becomes 171.68.1.1 by 10.10.1.1.DNS_ALG request NAT is inner IPV9 address 1015[6] public network address of 100/32 mapping, be assumed to be 131.108.1.17, DNS_ALG is with the address 1015[6 of 22 in the response message] 100/32 replace with 131.108.1.17.
5) 20 pairs of main frames 18 are made and being replied.Providing 22 IP reference address is 131.108.1.17.
6) main frame 18 is initiated communication to main frame 22.The source address of IP message is 171.68.10.1, and destination address is 131.108.1.17.When message through 21 the time, NAT is assumed to be 10.10.1.1 for external address 171.68.10.1 applies for inner mapping address.Address transition then: the address, source becomes 10.10.1.1, and destination address becomes 1015[6] 100/32.
So far, set up map addresses respectively for main frame 22 and 18 on 21.