[go: up one dir, main page]

WO2014063606A1 - Packet forwarding method and corresponding device - Google Patents

Packet forwarding method and corresponding device Download PDF

Info

Publication number
WO2014063606A1
WO2014063606A1 PCT/CN2013/085641 CN2013085641W WO2014063606A1 WO 2014063606 A1 WO2014063606 A1 WO 2014063606A1 CN 2013085641 W CN2013085641 W CN 2013085641W WO 2014063606 A1 WO2014063606 A1 WO 2014063606A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
message
packet
destination
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2013/085641
Other languages
French (fr)
Chinese (zh)
Inventor
叶宇煦
查敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2014063606A1 publication Critical patent/WO2014063606A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2517Translation of Internet protocol [IP] addresses using port numbers

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a packet forwarding method and corresponding device. Background technique
  • IPv4 address resources are becoming more and more tense globally.
  • IPv4 uses private network addresses and Network Address Translation (NAT) technology is inevitable.
  • NAT Network Address Translation
  • the source IP address and the private network port of the user equipment are translated/translated between the private IP address and the private network port of the CE.
  • the private IP address and private network port of the CE are configured on the CGN device.
  • the conversion and translation between the public IP address and the public network port, and the two-layer NAT processing method requires the application layer gateway to be executed on the CE and CGN devices separately for the application layer packet information related to the specific service. (Application Level Gateway, ALG) processing increases the overhead of network devices.
  • ALG Application Level Gateway
  • the technical problem to be solved by the embodiments of the present invention is to provide a packet forwarding method and a corresponding device, which are used to solve the problem in the prior art.
  • the CE and the CGN device need to be respectively configured. NAT processing is performed, and ALG processing is performed on the CE and CGN devices respectively, which increases the problem of network equipment overhead.
  • the first aspect provides a packet forwarding method, including:
  • the user edge device receives the first IP packet sent by the user equipment, where the first IP packet includes the source private network port and the source private network IP address.
  • the CE processes the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP packet with a public network port, and the source private Replace the network IP address with the public IP address.
  • the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration, the public network IP address.
  • the first correspondence is obtained by the CE according to the private network IP address and the first correspondence
  • the second possible implementation manner of the first aspect is further provided, where the CE is in the second IP packet
  • the packet header is encapsulated with a new packet header.
  • the destination IP address of the new packet header is the IP address of the CGN device, and the source IP address is the private IP address of the CE.
  • the CGN device sends the second IP packet encapsulating a new packet header.
  • a third possible implementation manner of the first aspect is further provided, where the CE receiving station a third IP packet sent by the CGN device, where the third IP packet is obtained by the CGN device processing the fourth IP packet received by the network device on the network side, and the fourth IP packet is processed by the CGN device.
  • the destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, where the network device of the network side responds to the second IP packet.
  • the processing of the fourth IP packet by the CGN device includes:
  • the destination IP address of the fourth IP packet is the public network IP address
  • the destination IP address of the fourth IP packet is replaced with the private IP address of the CE according to the first correspondence. address.
  • the CE processing the third IP packet to obtain a fifth IP address includes: when determining that the destination IP address of the third IP packet is the private network IP address of the CE, and the destination port is the public network port And replacing, by the second corresponding relationship, the destination IP address of the third IP packet with the source private network IP address, and replacing the destination port of the third IP packet with the source private network port; The CE sends the fifth IP packet to the user equipment according to the destination IP address of the fifth IP packet.
  • a fifth possible implementation manner of the first aspect is further provided, where the CE receiving a sixth IP packet sent by the CGN device, where the sixth IP packet is obtained by the CGN device processing the fourth IP packet received by the network device on the network side, and the fourth IP packet is processed by the CGN device.
  • the destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, where the network device of the network side responds to the second IP packet.
  • the processing of the fourth IP packet by the device includes:
  • the new packet is encapsulated before the packet header of the fourth IP packet.
  • the destination IP address of the outer packet header of the fourth IP packet is the private IP address of the CE, and the source IP address is the IP address of the CGN device, and the fourth IP packet is external.
  • the destination IP address of the layer header is obtained according to the first correspondence.
  • the CE processing the sixth IP packet to obtain a seventh IP address.
  • the packet processing, the CE processing the sixth IP packet includes: when determining that the sixth IP packet includes a two-layer packet header, stripping the outer packet header, and determining the sixth IP address.
  • the destination IP address of the inner packet header of the packet is the public network IP address, and when the destination port is the public network port, the inner layer packet of the sixth IP packet is sent according to the second correspondence.
  • the destination IP address of the header is replaced with the source private network IP address, and the destination port is replaced with the source private network port; the CE sends the seventh IP packet according to the destination IP address of the seventh IP packet. Send to the user equipment.
  • the second aspect provides a method for packet forwarding, including:
  • the carrier-level network address translation CGN device receives the second IP packet sent by the CE, and the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is the
  • the receiving, by the CE, the first IP packet includes the source private network port and the source private network IP address, and the processing includes: replacing the source private network port of the first IP address with the public network Port, replacing the source private network IP address with a public network IP address;
  • the CGN device forwards the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.
  • the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration, where the public network IP address is obtained.
  • the first correspondence is obtained by the CE according to the private network IP address and the first correspondence, the first The correspondence is sent to the CE in advance by the CGN device.
  • the second possible implementation manner of the second aspect is further provided, where the CGN determines the second IP
  • the packet includes a two-layer packet header, and the outer packet header of the second IP packet is stripped, and is forwarded according to the destination IP address of the inner packet header of the second IP packet, and includes two layers of packets.
  • the second IP packet of the header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the destination IP address of the new header is The IP address of the CGN device, and the source IP address is the private IP address of the CE.
  • a third possible implementation manner of the second aspect is further provided, where the CGN device receives a fourth IP packet, where the fourth IP packet is a response of the network device on the network side to the second IP packet, and the destination IP address of the fourth IP packet is the public IP address. Address, the destination port is the public network port; the CGN device processes the fourth IP packet to obtain a third IP packet, and the CGN device processes the fourth IP packet, including: When the destination IP address of the fourth IP packet is the public network IP address, the destination IP address of the fourth IP packet is replaced with the private IP address of the CE according to the first correspondence. And forwarding the third IP packet to the CE according to the destination IP address of the third IP packet.
  • a fourth possible implementation manner of the second aspect is further provided, where the CGN device receives a fourth IP packet, where the fourth IP packet is a response of the network device on the network side to the second IP packet, and the destination IP address of the fourth IP packet is the public IP address.
  • the destination port is the public network port; the CGN device processes the fourth IP packet to obtain a sixth IP packet, and the CGN device processes the fourth IP packet, including:
  • the destination IP address of the fourth IP address is the public network IP address, and when the destination port is the public network port, a new packet header is encapsulated in front of the packet header of the fourth IP packet.
  • the destination IP address of the new packet header is the private network IP address of the CE determined by the first correspondence, and the source IP address of the new packet header is the IP address of the CGN device. According to the destination IP address of the outer packet header of the sixth IP packet, the first IP packets sent to the CE.
  • a user edge device CE including:
  • a first receiving unit configured to receive a first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network IP address;
  • a first processing unit configured to process the first IP packet to obtain a second IP packet, where The process includes: replacing the source private network port of the first IP packet with a public network port, and replacing the source private network IP address with a public network IP address;
  • a first sending unit configured to send the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP packet
  • the destination IP address forwards the second IP packet to the network device on the network side.
  • the first processing unit includes: an acquiring subunit, configured to acquire the public from the CGN device by means of active acquisition, passive reception, or manual configuration.
  • a storage port unit configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address, where the first correspondence is The determining, by the CGN device, the determining unit, configured to determine the public network IP address according to the private network IP address of the CE and the first correspondence stored by the storage subunit.
  • a second possible implementation manner of the third sending surface is further provided, where the first sending unit includes: a package a unit, configured to encapsulate a new packet header before the packet header of the second IP packet, where the destination IP address of the new header is the IP address of the CGN device, and the source IP address is The private IP address of the CE; the sending subunit, configured to send, to the CGN device, the second IP packet encapsulated by the encapsulating subunit.
  • a third possible implementation manner of the third aspect is further provided, where the CE further includes a second receiving unit, configured to receive a third IP packet sent by the CGN device, where the third IP packet is a fourth IP packet processing received by the CGN device from a network device on the network side
  • the destination IP address of the fourth IP packet is the public network IP address
  • the destination port is the public network port
  • the processing of the fourth IP packet by the CGN device includes: When the destination IP address of the fourth IP packet is the public network IP address, the destination IP address of the fourth IP address is replaced with the private IP address of the CE according to the first correspondence.
  • the fourth possible implementation manner of the third sending surface is further provided, where the CE further includes:
  • a storage unit configured to save the public network port and the source private network IP address of the user equipment a second mapping unit, configured to process the third IP packet to obtain a fifth IP packet, and a second sending unit, configured to perform, according to the fifth Sending, by the destination IP address of the IP packet, the fifth IP address to the user equipment;
  • the second processing unit includes: a determining subunit, configured to determine a destination IP address and a destination port of the third IP packet, where the destination IP address of the third: ⁇ >3 ⁇ 4 text is The private network IP address of the CE, the packet processing sub-unit is triggered when the destination port is the public network port, and the packet processing sub-unit is configured to send the third IP packet according to the second correspondence.
  • the destination IP address is replaced with the source private network IP address
  • the destination port of the third IP packet is replaced with the source private network port.
  • a fifth possible implementation manner of the third Also includes:
  • a third receiving unit configured to receive a sixth IP packet sent by the CGN device, where the sixth IP packet encapsulates a new packet by the CGN device before the packet header of the fourth IP packet
  • the destination IP address of the new packet header is the private IP address of the CE
  • the source IP address is the IP address of the CGN device.
  • the storage unit is configured to save the public network port and the user.
  • the third processing unit is configured to process the sixth IP packet to obtain a seventh IP packet, where the processing includes When the sixth IP packet is included in the packet, the outer packet header is stripped, and the destination IP address of the inner packet header of the sixth IP packet is determined to be a public IP address.
  • the destination IP address of the inner packet header of the sixth IP packet is replaced with the source private IP address of the user equipment according to the second correspondence stored in the storage unit.
  • Replacing the destination port with the source private network of the user equipment is configured to send the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.
  • a carrier-level network address translation CGN device including: a first receiving unit, configured to receive a second IP packet sent by a user edge device CE, where the second IP packet is the CE And processing the first IP packet, the first IP packet is received by the CE from the user equipment, and the first IP packet includes a source private network port and a source private network IP address, and the processing is performed.
  • the method includes: replacing the source private network port of the first IP packet with a public network port. Replace the source private network IP address with a public network IP address.
  • the first sending unit is configured to forward the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.
  • the device further includes: a first pre-processing unit, configured to send the first correspondence to the CE in advance, where the first correspondence includes The CE is configured to obtain the public network IP address according to the private network IP address and the first correspondence relationship, where the private network IP address of the CE is associated with the public network IP address.
  • a first pre-processing unit configured to send the first correspondence to the CE in advance, where the first correspondence includes The CE is configured to obtain the public network IP address according to the private network IP address and the first correspondence relationship, where the private network IP address of the CE is associated with the public network IP address.
  • the second possible implementation manner of the fourth aspect is further provided, where the device further includes:
  • a second pre-processing unit configured to set the public network port for the CE in advance.
  • the first sending unit includes:
  • a first determining sub-unit configured to determine the second IP packet, and when the second IP packet includes a two-layer packet header, triggering the following first packet processing sub-unit, including two layers of packets
  • the second IP packet of the header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the destination IP address of the new packet header is The IP address of the CGN device, the source IP address is the private network IP address of the CE, and the first packet processing subunit is configured to: when the second IP packet includes two layer headers, the second packet The outer packet header of the IP packet is stripped, and is forwarded according to the destination IP address of the inner packet header of the second IP packet.
  • a fourth possible implementation manner of the fourth aspect is further provided, where the device further includes :
  • a second receiving unit configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, where the fourth IP packet is The destination IP address is the public network IP address, and the destination port is the public network port; the processing unit is configured to process the fourth IP packet to obtain a third IP packet; and the second sending unit is configured to The destination IP address of the third IP packet forwards the third IP packet to the CE; where the processing unit includes: a second determining sub-unit, configured to determine the fourth IP packet, and trigger the following second packet processing sub-unit when the destination IP address of the fourth IP packet is the public IP address; The second packet processing sub-unit is configured to replace the destination IP address of the fourth IP packet with the private network IP address of the CE according to the first correspondence.
  • a fifth possible implementation manner of the foregoing fourth aspect is further provided, where the device further includes :
  • a third receiving unit configured to receive the fourth IP packet
  • a packet encapsulating unit configured to process the fourth IP packet to obtain a sixth IP packet, where the processing includes: when determining the The destination IP address of the four IP packets is the public network IP address.
  • a new packet header is encapsulated before the packet header of the fourth IP packet.
  • the destination IP address of the header is the private IP address of the CE
  • the source IP address is the IP address of the CGN device, where the CGN device is based on the destination IP address of the fourth IP packet (that is, the public network)
  • the third sending unit configured to: according to the destination IP address of the outer packet header of the sixth IP packet, The sixth IP packet is forwarded to the CE.
  • the implementation of the embodiment of the present invention has the following beneficial effects:
  • the user edge device CE processes the packet sent by the user equipment, replaces the source private network port of the packet with the public network port, and replaces the source private network IP address.
  • the NAT is implemented on the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for the application layer packet information, the ALG processing can be performed only on the CE, without ALG processing is performed on the CE and CGN devices respectively, which reduces the overhead of network devices.
  • FIG. 1 is a public network IP address used by a user edge device CE and a private network of a CE
  • FIG. 2 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention
  • FIG. 4 is a diagram of a method according to an embodiment of the present invention.
  • FIG. 5A is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention
  • FIG. 5B is a schematic structural diagram of a first processing unit of a user edge device CE according to an embodiment of the present invention;
  • FIG. 5C is a schematic diagram of a first sending unit structure of a user edge device CE according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention
  • FIG. 7 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention
  • FIG. 8A is a CGN device structure according to an embodiment of the present invention
  • FIG. 8B is a schematic structural diagram of a first transmitting unit of a CGN device according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a CGN device according to an embodiment of the present invention. detailed description
  • FIG. 2 is a schematic flowchart of a packet forwarding method according to an embodiment of the present invention. Referring to FIG. 2, the method includes:
  • the user edge device CE receives the first IP packet sent by the user equipment, where the first IP address is The packet contains the source private network port and the source private network IP address.
  • the CE processes the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with a public network port, The source private network IP address is replaced with a public network IP address.
  • the CE sends the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP packet after receiving the second IP packet.
  • the destination IP address forwards the second IP packet to the network device on the network side.
  • the user equipment is a user equipment on the private network side of the CE
  • the source private network port included in the first IP packet is a TCP/IP port, and the private network port can only be connected to the CE.
  • the private network side is valid and cannot be used for the CGN public network side network forwarding.
  • the source port in the first IP address is defined as the private network source port
  • the CGN is the CE source.
  • the assigned port for forwarding on the public network side of the CGN is defined as the public network port.
  • the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration.
  • the CE obtains the public network port from the CGN device by means of active acquisition
  • the dynamic host configuration protocol (DHCP) or the Neighbor Discovery Protocol (NDP) may be adopted.
  • the CE obtains the public network port from the CGN device by means of passive acquisition
  • the BroadBand Forum Technical Report 069 (BBF TR-069) or the single network management protocol can be obtained through the broadband forum technical report No. 069 (Broadband Forum Technical Report 069, BBF TR-069) (Simple Network Management Protocol, SNMP) or Port Control Protocol (PCP).
  • the public network IP address is obtained by the CE according to the private network IP address and the first correspondence, and the first corresponding relationship holds the private network IP address of the CE and the public network.
  • the first correspondence is sent to the CE by the CGN device in advance.
  • the private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address, and the CGN device may send the first correspondence to the CE by using DHCP or NDP or SNMP or PCP protocol. .
  • the CE may replace the source private network port of the first IP packet with a public network port, and replace the source private network IP address with a public network IP address.
  • Performing ALG processing on the IP address includes: converting/translating the address and port information in the payload information of the first IP packet.
  • the payload information of the first packet includes a destination IP address specified by the user on the private network side for the FTP data connection ( That is, the source private network IP address and the destination port (that is, the source private network port), at this time, the CE specifies the load information of the first IP packet according to the first correspondence.
  • the destination IP address and destination port are translated/translated into the public network IP address and the public network port. Because the CE device performs ALG processing on the first IP packet, the CGN device does not need to perform ALG processing on the first IP packet.
  • the CE when the CE has a default route to the CGN device, the CE directly forwards the second IP packet to the CGN according to the default route.
  • the sending, by the CE, the second IP address to the CGN device may further include: the CE encapsulating a new packet header before the packet header of the second IP packet, the new The destination IP address of the header is the IP address of the CGN device, the source IP address is the private IP address of the CE, and the CE sends the encapsulated new header to the CGN device.
  • the second IP packet may further include: the CE encapsulating a new packet header before the packet header of the second IP packet, the new The destination IP address of the header is the IP address of the CGN device, the source IP address is the private IP address of the CE, and the CE sends the encapsulated new header to the CGN device.
  • the second IP packet may further include: the CE encapsulating a new packet header before the packet header of the second IP packet, the new The destination IP address of the header is the IP address of the CGN device, the source IP address is the private IP address of the CE, and the CE sends the encapsulated new header to the CGN device.
  • the packet forwarding method provided in this embodiment may be configured to convert the source private network IP address and the source private network port of the first message transmitted by the user equipment to the public network IP address and the public on the CE.
  • the network port according to the first correspondence and the obtained public network port, only needs to perform ALG processing on the application layer packet information related to the specific service, and does not need to perform ALG processing on the CE and the CGN device respectively.
  • the network equipment overhead is fixed.
  • FIG. 3 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention. Referring to FIG. 3, the method includes:
  • the CGN device receives the second IP packet sent by the CE, where the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is the CE slave user equipment. Receiving, the first IP packet includes a source private network port and a source private network IP address, and the processing includes: replacing the source private network port of the first IP packet with a public network port, and the source Replace the private network IP address with the public IP address.
  • 302: The CGN device forwards the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.
  • the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration.
  • the CE obtains the public network port through the DHCP, NDP, SNMP, or PCP protocol, or the BBF TR-069 technology.
  • the public network IP address is obtained by the CE according to the private network IP address and the first correspondence, and the first corresponding relationship holds the private network IP address of the CE and the public network.
  • the first correspondence is sent to the CE by the CGN device in advance.
  • the private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address, and the CGN device may send the first correspondence to the CE by using DHCP or NDP or SNMP or PCP protocol. .
  • the CGN device forwards the second IP packet to the network device on the network side by:
  • the CGN device determines that the second IP packet includes a two-layer packet header, and the outer packet header of the second IP packet is stripped by 10,000, according to the inner packet header of the second IP packet.
  • the destination IP address is forwarded, and the second IP packet that includes the two-layer packet header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet.
  • the destination IP address of the new packet header is the IP address of the CGN device, and the source IP address is the private IP address of the CE.
  • the CGN device decapsulates and sends the packet, does not perform port translation, and does not need to perform ALG processing on the application layer packet information, thereby reducing device overhead.
  • FIG. 4 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention. Referring to FIG. 4, the method includes:
  • the CE receives the first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network ip address.
  • the CE processes the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with a public network port, The source private Replace the network IP address with the public IP address.
  • the CE sends the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP packet after receiving the second IP packet.
  • the destination IP address forwards the second IP packet to the network device on the network side.
  • the CGN device receives the sent second IP packet.
  • the CGN device forwards the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.
  • the CGN device receives a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, and the destination of the fourth IP packet is The IP address is the public network IP address, and the destination port is the public network port.
  • the CGN device processes the fourth IP packet to obtain a third IP packet, and forwards the third IP packet to the CE according to the destination IP address of the third IP packet.
  • the processing of the fourth IP packet by the CGN device includes: when determining that the destination IP address of the fourth IP packet is the public network IP address, the fourth IP according to the first correspondence The destination IP address of the packet is replaced with the private IP address of the CE.
  • the third IP packet is forwarded to the CE according to the destination IP address of the third IP address.
  • the private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address.
  • the CE receives a third IP packet sent by the CGN device.
  • the CE processes the third IP packet to obtain a fifth IP packet, and the processing, by the CE, the third IP packet includes: determining a destination IP address of the third IP packet If the destination port is the public network port, the destination IP address of the third IP packet is replaced with the destination private IP address by using the second corresponding relationship. The destination port of the third IP address is replaced with the source private network port.
  • the CE stores the source network IP address of the public network port and the user equipment, and the second corresponding relationship of the source private network port.
  • the second correspondence is established when the CE obtains the public network port by using a DHCP, NDP, SNMP, or PCP protocol, or by using the BBF TR-069 technology.
  • the CE sends the fifth IP packet to the user equipment according to the destination IP address of the fifth IP packet.
  • An embodiment of the present invention further provides a method for packet forwarding, the method comprising 400 to 405 in the embodiment shown in FIG. 4, and the following steps:
  • the CGN device processes the fourth IP packet to obtain a sixth IP packet
  • the processing, by the CGN device, the fourth IP packet includes: determining a destination of the fourth IP packet
  • the IP address is the public network IP address
  • the destination port is the public network port
  • a new packet header is encapsulated in front of the packet header of the fourth IP packet
  • the destination IP address of the new packet header is
  • the source IP address of the new IP address is the IP address of the CGN device according to the private network IP address of the CE determined according to the first correspondence
  • the outer layer of the sixth IP packet is The destination IP address of the packet header is sent to the CE by the sixth IP packet.
  • the private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address.
  • the CGN device sends the sixth IP packet to the CE according to the destination IP address of the outer packet header of the sixth IP packet.
  • the CE receives the sixth IP packet sent by the CGN device, and processes the sixth IP packet to obtain a seventh IP packet, where the CE processes the sixth IP packet, including When it is determined that the sixth IP packet includes two layer headers, the outer packet header is stripped, and the destination IP address of the inner layer 4 header of the sixth IP address is determined to be
  • the public network IP address when the destination port is the public network port, the destination IP address of the inner packet header of the sixth IP packet is replaced with the source private network IP address according to the second correspondence. The destination port is replaced with the source private network port; the CE sends the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.
  • the CE stores the source network IP address of the public network port and the user equipment, and the second corresponding relationship of the source private network port.
  • the second correspondence is established when the CE obtains the public network port by using a DHCP, NDP, SNMP, or PCP protocol, or by using the BBF TR-069 technology.
  • the CE may further perform an ALG process, for example, converting/translating address and port information in the payload information of the sixth IP packet according to the first correspondence.
  • the CE sends the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.
  • the conversion between the source private network IP address, the source private network port, the corresponding public network IP address, and the public network port is implemented on the CE, and the CGN device performs tunnel encapsulation and decapsulation. Text processing and sending.
  • ALG processing can be performed on the CE without performing on the CGN device.
  • FIG. 5A is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention.
  • the CE50 includes:
  • the first receiving unit 52 is configured to receive a first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network IP address.
  • the first processing unit 54 is configured to process the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with the public network Port, replace the source private network IP address with the public network IP address.
  • the first sending unit 56 is configured to send the second IP packet to the CGN device, so that the CGN device receives the second IP packet according to the destination IP address of the second IP packet. Forwarding the second IP packet to a network device on the network side.
  • the first processing unit 54 includes: an obtaining subunit 542, configured to acquire the public network from the CGN device by means of active acquisition, passive reception, or manual configuration.
  • the port obtains the public network port by, for example, receiving information sent by the DHCP server.
  • the storage sub-unit 544 is configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE50 and the public network IP address (the first in the embodiment shown in FIG. 6)
  • the first correspondence includes the correspondence between the private network IP address of the CE60 and the public network IP address, and the change of the implicit device number is in the embodiment shown in the other figures.
  • a similar situation in the unit/subunit is also applicable, and is not specifically described.
  • the first correspondence is that the CGN device is previously sent to the CE 50.
  • the determining subunit 546 is configured to determine the public network IP address according to the private network IP address of the CE50 and the first correspondence stored by the storage subunit 544.
  • the first sending unit 56 includes: a packaging sub-unit 562, configured to encapsulate a new packet header before the packet header of the second IP packet.
  • the destination IP address of the new header is the IP address of the CGN device, and the source IP address is the private IP address of the CE50.
  • the sending subunit 564 is configured to send, to the CGN device, the second IP packet encapsulated by the encapsulating subunit 562 into a new packet header.
  • the CE50 provided in this embodiment can implement the conversion of the source private network IP address of the user equipment, the source private network port to the public network IP address, and the public network port, and only needs to execute the ALG once for the application layer packet information.
  • FIG. 6 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention.
  • the CE 60 includes, in addition to the first receiving unit 52, the first processing unit 54, and the first sending unit 56, the following:
  • the second receiving unit 62 is configured to receive a third IP packet that is sent by the CGN device, where the third IP packet is a fourth IP packet that is received by the CGN device from the network device on the network side.
  • the destination IP address of the fourth IP address is the public network IP address, and the destination port is the public network port, and the processing of the fourth IP packet by the CGN device includes:
  • the destination IP address of the fourth IP packet is the public network IP address
  • the destination IP address of the fourth IP packet is replaced with the private network IP address of the CE60 according to the first correspondence.
  • the storage unit 64 is configured to save a second correspondence between the public network port and the source private network IP address of the user equipment and the source private network port.
  • the second processing unit 66 is configured to process the third IP packet to obtain a fifth IP packet.
  • the second sending unit 68 is configured to: according to the destination IP address of the fifth IP packet, the first Five IP packets are sent to the user equipment.
  • the second processing unit 62 may include:
  • a determining subunit configured to determine a destination IP address and a destination port of the third IP packet, where the destination IP address of the third IP address is a private network IP address of the CE60, and the destination port is the The following packet processing subunit is triggered when the public network port is used;
  • a message processing subunit configured to replace the destination IP address of the third IP packet with the source private network IP address according to the second correspondence, and replace the destination port of the third IP packet with The source private network port.
  • FIG. 7 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention.
  • the CE 70 includes, in addition to the first receiving unit 52, the first processing unit 54, and the first sending unit 56, the following:
  • the third receiving unit 72 is configured to receive a sixth IP packet that is sent by the CGN device, where the sixth IP packet is encapsulated by the CGN device before the packet header of the fourth IP packet.
  • the destination IP address of the new packet header is the private IP address of the CE70, and the source IP address is the IP address of the CGN device.
  • the saving unit 74 is configured to save a second correspondence between the public network port and the source private network IP address and the source private network port of the user equipment.
  • the third processing unit 76 is configured to process the sixth IP packet to obtain a seventh IP packet. Specifically, when it is determined that the sixth IP packet includes a two-layer packet header, the outer packet header is stripped; the destination IP address of the inner header is determined as the public network IP address, and the destination port is the public port. And replacing the destination IP address of the inner packet header of the sixth IP packet with the source private IP address of the user equipment according to the second correspondence stored by the storage unit 74, The destination port of the inner packet header of the sixth IP packet is replaced with the source private network port of the user equipment.
  • the third sending unit 78 is configured to send the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.
  • FIG. 8A is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • the CGN device 80 includes:
  • the first receiving unit 82 is configured to receive a second IP packet sent by the user edge device CE.
  • the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is received by the CE from the user equipment, and the first IP packet includes the source private network.
  • the port and the source private network IP address, the process includes: replacing the source private network port of the first IP packet with a public network port, and replacing the source private network IP address with a public network IP address.
  • the first sending unit 84 is configured to forward the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.
  • the CGN device 80 may further include: a first pre-processing unit 86, configured to send the first correspondence to the CE in advance, so that the CE is configured according to the CE
  • the private network IP address and the first corresponding relationship are corresponding to the public network IP address, and the first correspondence relationship includes a correspondence between the private network IP address of the CE and the public network IP address.
  • the second pre-processing unit 88 is configured to set the public network port for the CE in advance.
  • the CGN device 80 In the packet forwarding system composed of the CE and the CGN device, the CGN device 80 provided in this embodiment does not need to perform the ALG function, and can also perform network translation without port translation.
  • the first sending unit 84 includes: a first determining subunit 842, configured to determine, by the second IP packet, the second IP packet.
  • the first message processing sub-unit 844 is triggered when the two-layer header is included.
  • the second IP packet that includes the two-layer packet header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the new header is
  • the destination IP address is the IP address of the CGN device 80, and the source IP address is the private IP address of the CE.
  • the first packet processing sub-unit 844 is configured to: when the second IP packet includes a two-layer packet header, strip the outer packet header of the second IP packet, according to the second IP packet The destination IP address of the inner packet header is forwarded.
  • FIG. 9 is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • the CGN device 90 includes, in addition to the first receiving unit 82 and the first sending unit 84, the following:
  • the second receiving unit 92 is configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, and the fourth IP packet is The destination IP address is the public network IP address, and the destination port is the public network port.
  • the processing unit 94 is configured to process the fourth IP packet to obtain a third IP packet.
  • the second sending unit 96 is configured to forward the third IP packet to the CE according to the destination IP address of the third IP packet.
  • the processing unit 94 includes:
  • a second determining sub-unit configured to determine the fourth IP packet, and triggering the following second packet processing sub-unit when the destination IP address of the fourth IP packet is the public IP address;
  • the second packet processing sub-unit is configured to replace the destination IP address of the fourth IP packet with the private network IP address of the CE according to the first correspondence.
  • FIG. 10 is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • the CGN device 100 includes: a first receiving unit 82 and a first sending unit 84, and a third receiving unit 102, configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, and the destination IP address of the fourth IP packet is the public network IP address, the destination port is the public network port.
  • the packet encapsulating unit 104 is configured to process the fourth IP packet to obtain a sixth IP packet. Specifically, when it is determined that the destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, the packet is encapsulated before the packet header of the fourth IP packet.
  • the destination IP address of the new packet header is the private IP address of the CE, and the source IP address is the IP address of the CGN device 100.
  • the CGN device 100 may determine the destination of the new packet header of the fourth IP packet according to the destination IP address of the fourth IP packet, that is, the public network IP address, and the first correspondence. IP address.
  • the third sending unit 106 is configured to forward the sixth IP packet to the CE according to the destination IP address of the outer packet header of the sixth IP packet.
  • the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE, without performing ALG processing on the CE and the CGN device, respectively, reducing network equipment Overhead.
  • FIG. 11 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention.
  • the CE 110 includes: a transceiver 111 and a processor 112. among them:
  • the transceiver 111 is configured to receive a first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network IP address.
  • the processor 112 is configured to process the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with a public network port, The source private network IP address is replaced with a public network IP address.
  • the transceiver 111 is further configured to send the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP after receiving the second IP packet.
  • the destination IP address of the packet forwards the second IP packet to the network device on the network side.
  • the transceiver 111 is further configured to obtain the public network port from the CGN device by means of active acquisition, passive reception, or manual configuration, where the CE 100 further includes:
  • the storage unit 113 is configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address, where the first correspondence is sent in advance by the CGN device.
  • the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address, where the first correspondence is sent in advance by the CGN device.
  • the processor 112 is further configured to determine the public network IP address according to the private network IP address of the CE and the first correspondence stored by the memory 113.
  • the processor 112 is further configured to encapsulate a new packet header before the packet header of the second IP packet, where a destination IP address of the new packet header is an IP address of the CGN device. Address, source IP address is the private network IP address of the CE110;
  • the transceiver 111 is further configured to send, to the CGN device, the second IP packet encapsulated by the processor 112 into a new packet header.
  • the transceiver 111 is further configured to receive a third IP packet sent by the CGN device, where the third IP packet is received by the CGN device from a network device on the network side.
  • the destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, and the CGN device processes the fourth IP packet, including the four IP packets.
  • the first correspondence replaces the destination IP address of the fourth IP packet with the private network IP address of the CE.
  • the processor 112 is further configured to save the source private network IP address of the public network port and the user equipment, and the second corresponding relationship of the source private network port;
  • the processor 112 is further configured to process the third IP packet to obtain a fifth IP packet, where the processing, by the CE, the third IP packet includes:
  • the third IP packet is used according to the second correspondence.
  • the destination IP address is replaced with the source private network IP address
  • the destination port of the third IP packet is replaced with the source private network port.
  • the transceiver 111 is configured to send the fifth IP packet to the user equipment according to the destination IP address of the fifth IP packet.
  • the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE without performing ALG processing on the CE and the CGN device separately, which reduces the overhead of the network device.
  • FIG. 12 is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • the CGN device 120 includes:
  • the transceiver 121 is configured to receive a second IP packet sent by the user edge device CE, where the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is The receiving, by the user equipment, the first IP packet includes the source private network port and the source private network IP address, and the processing includes: replacing the source private network port of the first IP address with the public IP address The network port replaces the source private network IP address with a public network IP address.
  • the transceiver 121 is further configured to forward the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.
  • the CGN device 120 further includes:
  • the storage unit 122 is configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address.
  • the transceiver 121 is further configured to send the first correspondence to the CE in advance.
  • the CGN device 120 further includes a processor 123, configured to preset the public network port for the CE.
  • the processor 123 is further configured to: determine, by the second IP packet, the second IP packet, where the second IP packet includes a two-layer packet header, and the outer layer of the second IP packet is reported.
  • the header is stripped, and the second IP packet that includes the two-layer packet header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the new packet is obtained.
  • the destination IP address of the header is the IP address of the CGN device 120, and the source IP address is the private IP address of the CE.
  • the transceiver 121 is further configured to forward according to a destination IP address of an inner packet header of the second IP packet.
  • the transceiver 121 is further configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, where the The destination IP address of the four IP packets is the public network IP address, and the destination port is the public network port.
  • the processor 123 is further configured to process the fourth IP packet to obtain a third IP packet, where the processing includes: determining that the destination IP address of the fourth IP address is the public IP address In the address, the destination IP address of the fourth IP packet is replaced with the private IP address of the CE according to the first correspondence.
  • the transceiver 121 is further configured to forward the third IP packet to the CE according to the destination IP address of the third IP packet.
  • the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE without performing ALG processing on the CE and the CGN device separately, which reduces the overhead of the network device.
  • a person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. In execution, the flow of an embodiment of the methods as described above may be included.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed is a packet forwarding method, and also disclosed are a CE and a CGN device. The method comprises: a CE receiving a first IP packet sent by a user equipment, the first IP packet comprising a source private port and a source private IP address; the CE processing the first IP packet to obtain a second IP packet, the processing comprising: replacing the source private port in the first IP packet with a public port, and replacing the source private IP address with a public IP address; the CE sending the second IP packet to a CGN device so that after receiving the second IP packet, the CGN device forwards the second IP packet to a network device on a network side according to a destination IP address of the second IP packet. According to the present invention, conversion between a source private IP address and a public IP address and between a source private port and a public port can be performed on a CE, and for application level packet information, an ALG may be executed once on the CE, and the ALG does not need to be executed on both the CE and the CGN, thereby reducing network device overheads.

Description

4艮文转发的方法和相应设备 本申请要求于 2012 年 10 月 25 日提交中国专利局、 申请号为 201210411849.9、 发明名称为 "报文转发的方法和相应设备" 的中国专利申 请的优先权, 其全部内容通过引用结合在本申请中。 技术领域  Method for forwarding texts and corresponding equipment The present application claims priority to Chinese patent application filed on October 25, 2012 by the Chinese Patent Office, application number 201210411849.9, and the invention titled "message forwarding method and corresponding equipment". The entire contents of this application are incorporated herein by reference. Technical field

本发明涉及通信技术领域, 尤其涉及一种报文转发的方法和相应设备。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a packet forwarding method and corresponding device. Background technique

目前 IPv4地址资源在全球范围内开始紧张, IPv4使用私网地址和网络 地址翻译(Network Address Translation , NAT )技术已不可避免。  At present, IPv4 address resources are becoming more and more tense globally. IPv4 uses private network addresses and Network Address Translation (NAT) technology is inevitable.

在现有技术一 ( IETF工作组文稿名称: draft-penno-softwire-sdnat-01 ; 请参见: http:〃 tools.ietf.org/id/draft-penno-softwire-sdnat-01.txt )提供的一种 无状态网络地址翻译方案中, 不同的用户边缘设备(Customer Edge, CE ) 使用不同的私网地址和私网传输控制协议 /网际协议 ( Transfer Control Protocol/Internet Protocol, TCP/IP )族的传输层端口段。 这种方案对传统 CE 的改变小,但却存在以下缺陷:运营商级网络地址翻译 ( Carrier Grade NAT, CGN )设备必须同时进行地址和端口的翻译; 在网络地址翻译过程中, 需 要在 CE端进行用户设备的源私网 IP地址及源私网端口与 CE的相应私网 IP地址及私网端口之间的转换 /翻译, 在 CGN设备端进行 CE的私网 IP地 址及私网端口与相应的公网 IP地址及公网端口之间的转换 /翻译,并且这种 两层 NAT处理方式导致对于与具体业务相关的应用层报文信息,需要在 CE 和 CGN设备上分别执行一次应用层网关( Application Level Gateway, ALG ) 处理, 增加了网络设备的开销。  Provided in Prior Art 1 (IETF Working Group Document Name: draft-penno-softwire-sdnat-01; see: http:〃 tools.ietf.org/id/draft-penno-softwire-sdnat-01.txt) In a stateless network address translation scheme, different user edge devices (CEs) use different private network addresses and private network transmission control protocol/Internet Protocol (Transmission Control Protocol/Internet Protocol, TCP/IP) family. Transport layer port segment. This kind of scheme has a small change to the traditional CE, but it has the following defects: Carrier Grade NAT (CGN) devices must translate addresses and ports at the same time; In the process of network address translation, it needs to be on the CE side. The source IP address and the private network port of the user equipment are translated/translated between the private IP address and the private network port of the CE. The private IP address and private network port of the CE are configured on the CGN device. The conversion and translation between the public IP address and the public network port, and the two-layer NAT processing method requires the application layer gateway to be executed on the CE and CGN devices separately for the application layer packet information related to the specific service. (Application Level Gateway, ALG) processing increases the overhead of network devices.

在现有技术二(IETF工作组文稿名称: draft-tsou-stateless-nat44-01; 请 参见 http:〃 tools.ietf.org/id/draft-tsou-stateless-nat44-01.txt )提供的一种无状态 网络地址翻译方案中,不同 CE设备分配了不同的私网地址和不同的公网端 口段。 CGN设备采用映射规则建立 CE的私网地址与公网 IP地址之间的映 射关系 (参照图 1 , 其中, Private IPv4_Prefix 为私网地址网段, Public IPv4_Prefix为公网 IP地址网段, Public IPv4_suffix为通过映射规则从 CE 的私网地址获取的其公网 IP地址的后缀), 形成无状态的地址翻译。 由于 CE使用了公网端口段, CGN设备可不进行端口翻译, 但 CGN设备还需要 行用户设备的源私网 IP地址及源私网端口与 CE的相应私网 IP地址及公网 端口之间的转换 /翻译, 并且对于与具体业务相关的应用层报文信息, 需要 分别在 CE和 CGN设备上执行一次 ALG处理, 增加了网络设备的开销。 发明内容 In the prior art 2 (IETF working group manuscript name: draft-tsou-stateless-nat44-01; see http:〃 tools.ietf.org/id/draft-tsou-stateless-nat44-01.txt) In a stateless network address translation scheme, different CE devices are assigned different private network addresses and different public network port segments. The mapping between the private network address of the CE and the IP address of the public network is established by the CGN device. Shooting relationship (refer to Figure 1, where Private IPv4_Prefix is the private network address network segment, Public IPv4_Prefix is the public network IP address network segment, and Public IPv4_suffix is the suffix of the public network IP address obtained from the private network address of the CE through the mapping rule) , forming a stateless address translation. Because the CE uses the public network port segment, the CGN device does not perform port translation. However, the CGN device also needs to use the source private IP address of the user equipment and the source private network port and the corresponding private IP address of the CE and the public network port. The ALG processing is performed on the CE and the CGN device separately, which increases the overhead of the network device for the application layer packet information related to the specific service. Summary of the invention

本发明实施例所要解决的技术问题在于, 提供一种报文转发的方法和 相应设备, 用于解决现有技术中, 当私网用户通过 CE设备访问公网时, 需 要在 CE和 CGN设备分别进行 NAT处理, 并且在 CE和 CGN设备分别进 行 ALG处理, 增加了网络设备开销的问题。  The technical problem to be solved by the embodiments of the present invention is to provide a packet forwarding method and a corresponding device, which are used to solve the problem in the prior art. When a private network user accesses the public network through the CE device, the CE and the CGN device need to be respectively configured. NAT processing is performed, and ALG processing is performed on the CE and CGN devices respectively, which increases the problem of network equipment overhead.

为了解决上述技术问题, 第一方面, 提供了一种报文转发的方法, 包 括:  In order to solve the above technical problem, the first aspect provides a packet forwarding method, including:

用户边缘设备 CE接收用户设备发送的第一 IP报文, 所述第一 IP报文 包含源私网端口和源私网 IP地址;  The user edge device receives the first IP packet sent by the user equipment, where the first IP packet includes the source private network port and the source private network IP address.

所述 CE对所述第一 IP报文进行处理, 得到第二 IP报文, 所述处理包 括: 将所述第一 IP报文的源私网端口替换为公网端口,将所述源私网 IP地 址替换为公网 IP地址;  The CE processes the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP packet with a public network port, and the source private Replace the network IP address with the public IP address.

所述 CE向运营商级网络地址翻译 CGN设备发送所述第二 IP报文,以 便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述第二 IP报文的 目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  Transmitting, by the CE, the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the destination IP address of the second IP packet The address forwards the second IP packet to the network device on the network side.

在所述第一方面的第一种可能的实现方式中, 所述公网端口为所述 CE 通过主动获取、 被动接收或手动配置的方式从所述 CGN设备获得的, 所述 公网 IP地址为所述 CE根据所述私网 IP地址和第一对应关系得到的, 所述 第一对应关系保存有所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的。 在所述第一方面或所述第一方面的第一种可能的实现方式中, 还提供 了所述第一方面的第二种可能的实现方式, 所述 CE在所述第二 IP报文的 报文头之前封装新的报文头, 所述新的报文头的目的 IP地址为所述 CGN 设备的 IP地址,源 IP地址为所述 CE的私网 IP地址,所述 CE向所述 CGN 设备发送封装了新的报文头的所述第二 IP报文。 In a first possible implementation manner of the first aspect, the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration, the public network IP address. Corresponding relationship between the private network IP address of the CE and the public network IP address, where the first correspondence is obtained by the CE according to the private network IP address and the first correspondence, the first The correspondence is sent to the CE in advance by the CGN device. In the first aspect or the first possible implementation manner of the first aspect, the second possible implementation manner of the first aspect is further provided, where the CE is in the second IP packet The packet header is encapsulated with a new packet header. The destination IP address of the new packet header is the IP address of the CGN device, and the source IP address is the private IP address of the CE. The CGN device sends the second IP packet encapsulating a new packet header.

在所述第一方面的第一种可能的或所述第一方面的第二种可能的实现 方式中,还提供了所述第一方面的第三种可能的实现方式, 所述 CE接收所 述 CGN设备发送的第三 IP报文, 所述第三 IP报文为所述 CGN设备对从 所述网络侧的网络设备接收的第四 IP报文处理得到的,所述第四 IP报文为 所述网络侧的网络设备针对所述第二 IP报文的响应报文,所述第四 IP报文 的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口, 所述 CGN 设备对所述第四 IP报文处理包括:  In a first possible implementation of the first aspect or a second possible implementation of the first aspect, a third possible implementation manner of the first aspect is further provided, where the CE receiving station a third IP packet sent by the CGN device, where the third IP packet is obtained by the CGN device processing the fourth IP packet received by the network device on the network side, and the fourth IP packet is processed by the CGN device. The destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, where the network device of the network side responds to the second IP packet. The processing of the fourth IP packet by the CGN device includes:

当判断所述第四 IP报文的目的 IP地址为所述公网 IP地址时, 根据所 述第一对应关系将所述第四 IP报文的目的 IP地址替换为所述 CE的私网 IP 地址。  When the destination IP address of the fourth IP packet is the public network IP address, the destination IP address of the fourth IP packet is replaced with the private IP address of the CE according to the first correspondence. address.

在所述第一方面的第三种可能的实现方式中, 还提供了所述第一方面 的第四种可能的实现方式, 所述 CE对所述第三 IP报文进行处理得到第五 IP报文, 所述 CE对所述第三 IP报文进行处理包括: 当判断所述第三 IP报 文的目的 IP地址为所述 CE的私网 IP地址, 目的端口为所述公网端口时, 根据所述第二对应关系将所述第三 IP报文的目的 IP地址替换为所述源私网 IP地址, 将所述第三 IP报文的目的端口替换为所述源私网端口; 所述 CE 根据所述第五 IP报文的目的 IP地址将所述第五 IP报文向所述用户设备发 送。  In a third possible implementation manner of the first aspect, the fourth possible implementation manner of the foregoing first aspect is further provided, the CE processing the third IP packet to obtain a fifth IP address. The packet processing, the CE processing the third IP packet includes: when determining that the destination IP address of the third IP packet is the private network IP address of the CE, and the destination port is the public network port And replacing, by the second corresponding relationship, the destination IP address of the third IP packet with the source private network IP address, and replacing the destination port of the third IP packet with the source private network port; The CE sends the fifth IP packet to the user equipment according to the destination IP address of the fifth IP packet.

在所述第一方面的第一种可能的或所述第一方面的第二种可能的实现 方式中,还提供了所述第一方面的第五种可能的实现方式, 所述 CE接收所 述 CGN设备发送的第六 IP报文, 所述第六 IP报文为所述 CGN设备对从 所述网络侧的网络设备接收的第四 IP报文处理得到的,所述第四 IP报文为 所述网络侧的网络设备针对所述第二 IP报文的响应报文,所述第四 IP报文 的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口, 所述 CGN 设备对所述第四 IP报文处理包括: In a first possible implementation of the first aspect or a second possible implementation of the first aspect, a fifth possible implementation manner of the first aspect is further provided, where the CE receiving a sixth IP packet sent by the CGN device, where the sixth IP packet is obtained by the CGN device processing the fourth IP packet received by the network device on the network side, and the fourth IP packet is processed by the CGN device. The destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, where the network device of the network side responds to the second IP packet. CGN The processing of the fourth IP packet by the device includes:

当判断所述第四 IP 4艮文的目的 IP地址为所述公网 IP地址, 目的端口 为所述公网端口时, 在所述第四 IP报文的报文头之前封装新的报文头, 所 述第四 IP报文的外层报文头的目的 IP地址是所述 CE的私网 IP地址, 源 IP地址是所述 CGN设备的 IP地址, 所述第四 IP报文的外层报文头的目的 IP地址根据所述第一对应关系获得。  When it is determined that the destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, the new packet is encapsulated before the packet header of the fourth IP packet. The destination IP address of the outer packet header of the fourth IP packet is the private IP address of the CE, and the source IP address is the IP address of the CGN device, and the fourth IP packet is external. The destination IP address of the layer header is obtained according to the first correspondence.

在所述第一方面的第五种可能的实现方式中, 还提供了所述第一方面 的第六种可能的实现方式, 所述 CE对所述第六 IP报文进行处理得到第七 IP报文, 所述 CE对所述第六 IP报文进行处理包括: 当判断所述第六 IP报 文包含两层报文头时, 将其外层报文头剥离, 判断所述第六 IP报文的内层 报文头的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口时,根 据所述第二对应关系将所述第六 IP报文的内层报文头的目的 IP地址替换为 所述源私网 IP地址, 将目的端口替换为所述源私网端口; 所述 CE根据所 述第七 IP报文的目的 IP地址将所述第七 IP报文向所述用户设备发送。  In a fifth possible implementation manner of the first aspect, the sixth possible implementation manner of the foregoing first aspect is further provided, the CE processing the sixth IP packet to obtain a seventh IP address. The packet processing, the CE processing the sixth IP packet includes: when determining that the sixth IP packet includes a two-layer packet header, stripping the outer packet header, and determining the sixth IP address. The destination IP address of the inner packet header of the packet is the public network IP address, and when the destination port is the public network port, the inner layer packet of the sixth IP packet is sent according to the second correspondence. The destination IP address of the header is replaced with the source private network IP address, and the destination port is replaced with the source private network port; the CE sends the seventh IP packet according to the destination IP address of the seventh IP packet. Send to the user equipment.

第二方面, 提供了一种报文转发的方法, 包括:  The second aspect provides a method for packet forwarding, including:

运营商级网络地址翻译 CGN设备接收 CE发送的第二 IP报文,所述第 二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报文为 所述 CE从用户设备接收的, 所述第一 IP报文包含源私网端口和源私网 IP 地址, 所述处理包括: 将所述第一 IP · ^艮文的源私网端口替换为公网端口, 将所述源私网 IP地址替换为公网 IP地址;  The carrier-level network address translation CGN device receives the second IP packet sent by the CE, and the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is the The receiving, by the CE, the first IP packet includes the source private network port and the source private network IP address, and the processing includes: replacing the source private network port of the first IP address with the public network Port, replacing the source private network IP address with a public network IP address;

所述 CGN设备根据所述第二 IP报文的目的 IP地址将所述第二 IP报文 转发到网络侧的网络设备。  The CGN device forwards the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.

在所述第二方面的第一种可能的实现方式中, 所述公网端口为所述 CE 通过主动获取、 被动接收或手动配置的方式从所述 CGN设备获得的, 所述 公网 IP地址为所述 CE根据所述私网 IP地址和第一对应关系得到的, 所述 第一对应关系保存有所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的。  In a first possible implementation manner of the second aspect, the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration, where the public network IP address is obtained. Corresponding relationship between the private network IP address of the CE and the public network IP address, where the first correspondence is obtained by the CE according to the private network IP address and the first correspondence, the first The correspondence is sent to the CE in advance by the CGN device.

在所述第二方面或所述第二方面的第一种可能的实现方式中, 还提供 了所述第二方面的第二种可能的实现方式, 所述 CGN判断所述第二 IP报 文包含两层报文头, 将所述第二 IP报文的外层报文头剥离, 根据所述第二 IP报文的内层报文头的目的 IP地址进行转发, 包含两层报文头的所述第二 IP报文为所述 CE在所述第二 IP报文的原报文头之前封装新的报文头得到 的, 所述新的^艮文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址 为所述 CE的私网 IP地址。 In the second aspect or the first possible implementation manner of the second aspect, the second possible implementation manner of the second aspect is further provided, where the CGN determines the second IP The packet includes a two-layer packet header, and the outer packet header of the second IP packet is stripped, and is forwarded according to the destination IP address of the inner packet header of the second IP packet, and includes two layers of packets. The second IP packet of the header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the destination IP address of the new header is The IP address of the CGN device, and the source IP address is the private IP address of the CE.

在所述第二方面的第一种可能的或所述第二方面的第二种可能的实现 方式中, 还提供了所述第二方面的第三种可能的实现方式, 所述 CGN设备 接收第四 IP报文,所述第四 IP报文为所述网络侧的网络设备针对所述第二 IP 文的响应^艮文, 所述第四 IP 文的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口; 所述 CGN设备对所述第四 IP报文进行处理得 到第三 IP报文, 所述 CGN设备对所述第四 IP报文进行处理包括: 当判断 所述第四 IP报文的目的 IP地址为所述公网 IP地址时, 根据所述第一对应 关系将所述第四 IP报文的目的 IP地址替换为所述 CE的私网 IP地址; 根 据所述第三 IP报文的目的 IP地址将所述第三 IP报文转发到所述 CE。  In a second possible implementation of the second aspect or a second possible implementation of the second aspect, a third possible implementation manner of the second aspect is further provided, where the CGN device receives a fourth IP packet, where the fourth IP packet is a response of the network device on the network side to the second IP packet, and the destination IP address of the fourth IP packet is the public IP address. Address, the destination port is the public network port; the CGN device processes the fourth IP packet to obtain a third IP packet, and the CGN device processes the fourth IP packet, including: When the destination IP address of the fourth IP packet is the public network IP address, the destination IP address of the fourth IP packet is replaced with the private IP address of the CE according to the first correspondence. And forwarding the third IP packet to the CE according to the destination IP address of the third IP packet.

在所述第二方面的第一种可能的或所述第二方面的第二种可能的实现 方式中, 还提供了所述第二方面的第四种可能的实现方式, 所述 CGN设备 接收第四 IP报文,所述第四 IP报文为所述网络侧的网络设备针对所述第二 IP 文的响应^艮文, 所述第四 IP 文的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口; 所述 CGN设备对所述第四 IP报文进行处理得 到第六 IP报文, 所述 CGN设备对所述第四 IP报文进行处理包括: 当判断 所述第四 IP 4艮文的目的 IP地址为所述公网 IP地址, 目的端口为所述公网 端口时, 在所述第四 IP报文的报文头前封装新的报文头, 该新的报文头的 目的 IP地址为才艮据所述第一对应关系确定的所述 CE的私网 IP地址, 该新 的报文头的源 IP地址为所述 CGN设备的 IP地址;根据所述第六 IP报文的 外层报文头的目的 IP地址, 将所述第六 IP报文向所述 CE发送。  In a second possible implementation of the second aspect, or a second possible implementation of the second aspect, a fourth possible implementation manner of the second aspect is further provided, where the CGN device receives a fourth IP packet, where the fourth IP packet is a response of the network device on the network side to the second IP packet, and the destination IP address of the fourth IP packet is the public IP address. The destination port is the public network port; the CGN device processes the fourth IP packet to obtain a sixth IP packet, and the CGN device processes the fourth IP packet, including: The destination IP address of the fourth IP address is the public network IP address, and when the destination port is the public network port, a new packet header is encapsulated in front of the packet header of the fourth IP packet. The destination IP address of the new packet header is the private network IP address of the CE determined by the first correspondence, and the source IP address of the new packet header is the IP address of the CGN device. According to the destination IP address of the outer packet header of the sixth IP packet, the first IP packets sent to the CE.

第三方面, 提供了一种用户边缘设备 CE, 包括:  In a third aspect, a user edge device CE is provided, including:

第一接收单元, 用于接收用户设备发送的第一 IP报文, 所述第一 IP报 文包含源私网端口和源私网 IP地址;  a first receiving unit, configured to receive a first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network IP address;

第一处理单元, 用于对所述第一 IP报文进行处理, 得到第二 IP报文, 所述处理包括: 将所述第一 IP报文的源私网端口替换为公网端口, 将所述 源私网 IP地址替换为公网 IP地址; a first processing unit, configured to process the first IP packet to obtain a second IP packet, where The process includes: replacing the source private network port of the first IP packet with a public network port, and replacing the source private network IP address with a public network IP address;

第一发送单元,用于向运营商级网络地址翻译 CGN设备发送所述第二 IP报文, 以便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述第 二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  a first sending unit, configured to send the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP packet The destination IP address forwards the second IP packet to the network device on the network side.

在所述第三方面的第一种可能的实现方式中, 所述第一处理单元包括: 获取子单元, 用于通过主动获取、 被动接收或手动配置的方式从所述 CGN设备获取所述公网端口; 存储子单元, 用于存储第一对应关系, 所述 第一对应关系包括所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的; 确定子单元, 用于根据所述 CE的私网 IP地址和所述存储子单元存储的所述第一对应关 系确定所述公网 IP地址。  In a first possible implementation manner of the third aspect, the first processing unit includes: an acquiring subunit, configured to acquire the public from the CGN device by means of active acquisition, passive reception, or manual configuration. a storage port unit, configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address, where the first correspondence is The determining, by the CGN device, the determining unit, configured to determine the public network IP address according to the private network IP address of the CE and the first correspondence stored by the storage subunit.

在所述第三方面或所述第三方面的第一种可能的实现方式中, 还提供 了所述第三发面的第二种可能的实现方式, 所述第一发送单元包括: 封装 子单元, 用于在所述第二 IP报文的报文头之前封装新的报文头, 所述新的 4艮文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的 私网 IP地址; 发送子单元, 用于向所述 CGN设备发送由所述封装子单元 封装了新的报文头的所述第二 IP报文。  In the third aspect or the first possible implementation manner of the third aspect, a second possible implementation manner of the third sending surface is further provided, where the first sending unit includes: a package a unit, configured to encapsulate a new packet header before the packet header of the second IP packet, where the destination IP address of the new header is the IP address of the CGN device, and the source IP address is The private IP address of the CE; the sending subunit, configured to send, to the CGN device, the second IP packet encapsulated by the encapsulating subunit.

在所述第三方面的第一种可能的或所述第三方面的第二种可能的实现 方式中,还提供了所述第三方面的第三种可能的实现方式,所述 CE还包括: 第二接收单元, 用于接收所述 CGN设备发送的第三 IP报文, 所述第 三 IP报文为所述 CGN设备对从所述网络侧的网络设备接收的第四 IP报文 处理得到的, 所述第四 IP报文的目的 IP地址为所述公网 IP地址, 目的端 口为所述公网端口, 所述 CGN设备对所述第四 IP报文处理包括: 当判断 所述第四 IP报文的目的 IP地址为所述公网 IP地址时, 根据所述第一对应 关系将所述第四 IP 4艮文的目的 IP地址替换为所述 CE的私网 IP地址。  In a second possible implementation of the third aspect or a second possible implementation of the third aspect, a third possible implementation manner of the third aspect is further provided, where the CE further includes a second receiving unit, configured to receive a third IP packet sent by the CGN device, where the third IP packet is a fourth IP packet processing received by the CGN device from a network device on the network side The destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, and the processing of the fourth IP packet by the CGN device includes: When the destination IP address of the fourth IP packet is the public network IP address, the destination IP address of the fourth IP address is replaced with the private IP address of the CE according to the first correspondence.

在所述第三方面的第三种可能的实现方式中, 还提供了所述第三发面 的第四种可能的实现方式, 所述 CE还包括:  In a third possible implementation manner of the foregoing third aspect, the fourth possible implementation manner of the third sending surface is further provided, where the CE further includes:

存储单元, 用于保存所述公网端口和所述用户设备的所述源私网 IP地 址、 所述源私网端口的第二对应关系; 第二处理单元, 用于对所述第三 IP 报文进行处理得到第五 IP报文; 第二发送单元, 用于根据所述第五 IP报文 的目的 IP地址将所述第五 IP 4艮文向所述用户设备发送; a storage unit, configured to save the public network port and the source private network IP address of the user equipment a second mapping unit, configured to process the third IP packet to obtain a fifth IP packet, and a second sending unit, configured to perform, according to the fifth Sending, by the destination IP address of the IP packet, the fifth IP address to the user equipment;

其中, 所述第二处理单元包括: 判断子单元, 用于对所述第三 IP报文 的目的 IP地址和目的端口进行判断, 当所述第三:^ >¾文的目的 IP地址为 所述 CE的私网 IP地址, 目的端口为所述公网端口时触发下述报文处理子 单元; 报文处理子单元, 用于根据所述第二对应关系将所述第三 IP报文的 目的 IP地址替换为所述源私网 IP地址, 将所述第三 IP报文的目的端口替 换为所述源私网端口。  The second processing unit includes: a determining subunit, configured to determine a destination IP address and a destination port of the third IP packet, where the destination IP address of the third:^>3⁄4 text is The private network IP address of the CE, the packet processing sub-unit is triggered when the destination port is the public network port, and the packet processing sub-unit is configured to send the third IP packet according to the second correspondence. The destination IP address is replaced with the source private network IP address, and the destination port of the third IP packet is replaced with the source private network port.

在所述第三方面的第一种可能的或所述第三方面的第二种可能的实现 方式中, 还提供了所述第三发面的第五种可能的实现方式,, 所述 CE还包 括:  In a second possible implementation of the third aspect, or a second possible implementation manner of the third aspect, a fifth possible implementation manner of the third Also includes:

第三接收单元, 用于接收所述 CGN设备发送的第六 IP报文, 所述第 六 IP报文由所述 CGN设备在所述第四 IP报文的报文头之前封装新的报文 头得到, 该新的报文头的目的 IP地址是所述 CE的私网 IP地址, 源 IP地 址是所述 CGN设备的 IP地址; 保存单元, 用于保存所述公网端口和所述 用户设备的所述源私网 IP地址、 所述源私网端口的第二对应关系; 第三处 理单元,用于对所述第六 IP报文进行处理得到第七 IP报文,所述处理包括: 判断所述第六 IP报文包含两层报文头时, 将外层报文头剥离, 判断所述第 六 IP报文的内层报文头的目的 IP地址为公网 IP地址, 目的端口为公网端 口时, 根据所述保存单元存储的第二对应关系将所述第六 IP报文的内层报 文头的目的 IP地址替换为所述用户设备的所述源私网 IP地址,将目的端口 替换为所述用户设备的所述源私网端口; 第三发送单元, 用于根据所述第 七 IP报文的目的 IP地址将第七 IP报文向用户设备发送。  a third receiving unit, configured to receive a sixth IP packet sent by the CGN device, where the sixth IP packet encapsulates a new packet by the CGN device before the packet header of the fourth IP packet The destination IP address of the new packet header is the private IP address of the CE, and the source IP address is the IP address of the CGN device. The storage unit is configured to save the public network port and the user. The source IP address of the device and the second correspondence of the source private network port; the third processing unit is configured to process the sixth IP packet to obtain a seventh IP packet, where the processing includes When the sixth IP packet is included in the packet, the outer packet header is stripped, and the destination IP address of the inner packet header of the sixth IP packet is determined to be a public IP address. When the port is a public network port, the destination IP address of the inner packet header of the sixth IP packet is replaced with the source private IP address of the user equipment according to the second correspondence stored in the storage unit. Replacing the destination port with the source private network of the user equipment The third sending unit is configured to send the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.

第四方面, 提供了一种运营商级网络地址翻译 CGN设备, 包括: 第一接收单元, 用于接收用户边缘设备 CE发送的第二 IP报文, 所述 第二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报文 为所述 CE从用户设备接收的, 所述第一 IP报文包含源私网端口和源私网 IP地址,所述处理包括:将所述第一 IP报文的源私网端口替换为公网端口, 将所述源私网 IP地址替换为公网 IP地址; In a fourth aspect, a carrier-level network address translation CGN device is provided, including: a first receiving unit, configured to receive a second IP packet sent by a user edge device CE, where the second IP packet is the CE And processing the first IP packet, the first IP packet is received by the CE from the user equipment, and the first IP packet includes a source private network port and a source private network IP address, and the processing is performed. The method includes: replacing the source private network port of the first IP packet with a public network port. Replace the source private network IP address with a public network IP address.

第一发送单元,用于根据所述第二 IP报文的目的 IP地址将所述第二 IP 报文转发到网络侧的网络设备。  The first sending unit is configured to forward the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.

在所述第四方面的第一种可能的实现方式中, 所述设备还包括: 第一预处理单元, 用于将第一对应关系预先发送给所述 CE, 所述第一 对应关系包括所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述 CE根据所述私网 IP地址和所述第一对应关系得到所述公网 IP地址。  In a first possible implementation of the fourth aspect, the device further includes: a first pre-processing unit, configured to send the first correspondence to the CE in advance, where the first correspondence includes The CE is configured to obtain the public network IP address according to the private network IP address and the first correspondence relationship, where the private network IP address of the CE is associated with the public network IP address.

在所述第四方面的第一种可能的实现方式中, 还提供了所述第四方面 的第二种可能的实现方式, 所述设备还包括:  In a first possible implementation manner of the fourth aspect, the second possible implementation manner of the fourth aspect is further provided, where the device further includes:

第二预处理单元, 用于预先为所述 CE设置所述公网端口。  And a second pre-processing unit, configured to set the public network port for the CE in advance.

在所述第四方面或所述第四方面的第一种可能的或所述第四方面的第 二种可能的实现方式中, 还提供了所述第四方面的第三种可能的实现方 式, , 所述第一发送单元包括:  In the fourth aspect or the first possible aspect of the fourth aspect or the second possible implementation of the fourth aspect, a third possible implementation manner of the fourth aspect is also provided , the first sending unit includes:

第一判断子单元,用于对所述第二 IP报文进行判断, 当所述第二 IP报 文包含两层报文头时触发下述第一报文处理子单元, 包含两层报文头的所 述第二 IP报文为所述 CE在所述第二 IP报文的原报文头之前封装新的报文 头得到的, 所述新的报文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的私网 IP地址; 第一报文处理子单元, 用于在所述第二 IP报文包含两层报文头时, 将所述第二 IP报文的外层报文头剥离, 根据所 述第二 IP报文的内层报文头的目的 IP地址进行转发。  a first determining sub-unit, configured to determine the second IP packet, and when the second IP packet includes a two-layer packet header, triggering the following first packet processing sub-unit, including two layers of packets The second IP packet of the header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the destination IP address of the new packet header is The IP address of the CGN device, the source IP address is the private network IP address of the CE, and the first packet processing subunit is configured to: when the second IP packet includes two layer headers, the second packet The outer packet header of the IP packet is stripped, and is forwarded according to the destination IP address of the inner packet header of the second IP packet.

在所述第四方面的第二种可能的或所述第四方面的第三种可能的实现 方式中, 还提供了所述第四方面的第四种可能的实现方式, 所述设备还包 括:  In a second possible implementation of the fourth aspect, or a third possible implementation of the fourth aspect, a fourth possible implementation manner of the fourth aspect is further provided, where the device further includes :

第二接收单元, 用于接收第四 IP报文, 所述第四 IP报文为所述网络侧 的网络设备针对所述第二 IP报文的响应报文, 所述第四 IP报文的目的 IP 地址为所述公网 IP地址, 目的端口为所述公网端口; 处理单元, 用于对所 述第四 IP报文进行处理得到第三 IP报文; 第二发送单元, 用于根据所述第 三 IP报文的目的 IP地址将所述第三 IP报文转发到所述 CE; 其中, 所述处 理单元包括: 第二判断子单元, 用于对所述第四 IP报文进行判断, 当所述第四 IP报 文的目的 IP地址为所述公网 IP地址时触发下述第二报文处理子单元;第二 报文处理子单元, 用于根据所述第一对应关系将所述第四 IP报文的目的 IP 地址替换为所述 CE的私网 IP地址。 a second receiving unit, configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, where the fourth IP packet is The destination IP address is the public network IP address, and the destination port is the public network port; the processing unit is configured to process the fourth IP packet to obtain a third IP packet; and the second sending unit is configured to The destination IP address of the third IP packet forwards the third IP packet to the CE; where the processing unit includes: a second determining sub-unit, configured to determine the fourth IP packet, and trigger the following second packet processing sub-unit when the destination IP address of the fourth IP packet is the public IP address; The second packet processing sub-unit is configured to replace the destination IP address of the fourth IP packet with the private network IP address of the CE according to the first correspondence.

在所述第四方面的第二种可能的或所述第四方面的第三种可能的实现 方式中, 还提供了所述第四方面的第五种可能的实现方式, 所述设备还包 括:  In a second possible implementation of the fourth aspect, or a third possible implementation manner of the fourth aspect, a fifth possible implementation manner of the foregoing fourth aspect is further provided, where the device further includes :

第三接收单元, 用于接收所述第四 IP报文; 报文封装单元, 用于对所 述第四 IP报文进行处理得到第六 IP报文, 所述处理包括: 当判断所述第四 IP报文的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口时, 在所述第四 IP报文的报文头之前封装新的报文头, 该新的报文头的目的 IP 地址是所述 CE的私网 IP地址, 源 IP地址时所述 CGN设备的 IP地址, 其 中, 所述 CGN设备根据所述第四 IP报文的目的 IP地址(即公网 IP地址 ) 和所述第一对应关系确定该新的报文头的目的 IP地址; 第三发送单元, 用 于根据所述第六 IP报文的外层报文头的目的 IP地址将所述第六 IP报文转 发到所述 CE。  a third receiving unit, configured to receive the fourth IP packet, and a packet encapsulating unit, configured to process the fourth IP packet to obtain a sixth IP packet, where the processing includes: when determining the The destination IP address of the four IP packets is the public network IP address. When the destination port is the public network port, a new packet header is encapsulated before the packet header of the fourth IP packet. The destination IP address of the header is the private IP address of the CE, and the source IP address is the IP address of the CGN device, where the CGN device is based on the destination IP address of the fourth IP packet (that is, the public network) And determining, by the first address, the destination IP address of the new packet header; the third sending unit, configured to: according to the destination IP address of the outer packet header of the sixth IP packet, The sixth IP packet is forwarded to the CE.

实施本发明实施例, 具有如下有益效果: 用户边缘设备 CE对其接收到 用户设备发送的报文进行处理, 将该报文的源私网端口替换为公网端口, 将源私网 IP地址替换为公网 IP地址, 在 CE实现 NAT, 使得 CGN设备无 需进行 NAT, 并且, 根据第一对应关系以及获取的公网端口, 对于应用层 报文信息, 可以只在 CE上执行 ALG处理, 而无需在 CE和 CGN设备上分 别执行 ALG处理, 减少了网络设备的开销。 附图说明  The implementation of the embodiment of the present invention has the following beneficial effects: The user edge device CE processes the packet sent by the user equipment, replaces the source private network port of the packet with the public network port, and replaces the source private network IP address. For the public network IP address, the NAT is implemented on the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for the application layer packet information, the ALG processing can be performed only on the CE, without ALG processing is performed on the CE and CGN devices respectively, which reduces the overhead of network devices. DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对 实施例或现有技术描述中所需要使用的附图作筒单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员 来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的 附图。 图 1是现有的一种用户边缘设备 CE使用的公网 IP地址与 CE的私网In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description For some embodiments of the present invention, other drawings may be obtained from those skilled in the art without departing from the drawings. 1 is a public network IP address used by a user edge device CE and a private network of a CE

IP地址的映射关系示意图; Schematic diagram of the mapping relationship of IP addresses;

图 2是根据本发明一种实施例的报文转发的方法流程示意图; 图 3是根据本发明一种实施例的报文转发的方法流程示意图; 图 4是根据本发明一种实施例的报文转发的方法流程示意图; 图 5A是根据本发明一种实施例的用户边缘设备 CE结构示意图; 图 5B是根据本发明一种实施例的用户边缘设备 CE的第一处理单元结 构示意图;  2 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention; FIG. 3 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention; FIG. 4 is a diagram of a method according to an embodiment of the present invention. FIG. 5A is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention; FIG. 5B is a schematic structural diagram of a first processing unit of a user edge device CE according to an embodiment of the present invention;

图 5C是根据本发明一种实施例的用户边缘设备 CE的第一发送单元结 构示意图;  FIG. 5C is a schematic diagram of a first sending unit structure of a user edge device CE according to an embodiment of the present invention; FIG.

图 6是根据本发明一种实施例的用户边缘设备 CE结构示意图; 图 7是根据本发明一种实施例的用户边缘设备 CE结构示意图; 图 8A是根据本发明一种实施例的 CGN设备结构示意图;  FIG. 6 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention; FIG. 7 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention; FIG. 8A is a CGN device structure according to an embodiment of the present invention; Schematic diagram

图 8B是根据本发明一种实施例的 CGN设备的第一发送单元结构示意 图;  FIG. 8B is a schematic structural diagram of a first transmitting unit of a CGN device according to an embodiment of the present invention; FIG.

图 9是根据本发明一种实施例的 CGN设备结构示意图;  9 is a schematic structural diagram of a CGN device according to an embodiment of the present invention;

图 10是根据本发明一种实施例的 CGN设备结构示意图;  FIG. 10 is a schematic structural diagram of a CGN device according to an embodiment of the present invention; FIG.

图 11是根据本发明一种实施例的用户边缘设备 CE结构示意图; 图 12是根据本发明实施例的一种 CGN设备的结构示意图。 具体实施方式  11 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention; and FIG. 12 is a schematic structural diagram of a CGN device according to an embodiment of the present invention. detailed description

下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进 行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没 有作出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的 范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

图 2是根据本发明实施例的一种报文转发方法的流程示意图,参照图 2, 该方法包括:  FIG. 2 is a schematic flowchart of a packet forwarding method according to an embodiment of the present invention. Referring to FIG. 2, the method includes:

200: 用户边缘设备 CE接收用户设备发送的第一 IP报文,所述第一 IP 报文包含源私网端口和源私网 IP地址。 200: The user edge device CE receives the first IP packet sent by the user equipment, where the first IP address is The packet contains the source private network port and the source private network IP address.

202: 所述 CE对所述第一 IP报文进行处理, 得到第二 IP报文, 所述 处理包括: 将所述第一 IP · ^艮文的源私网端口替换为公网端口, 将所述源私 网 IP地址替换为公网 IP地址。  202: The CE processes the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with a public network port, The source private network IP address is replaced with a public network IP address.

204: 所述 CE向运营商级网络地址翻译 CGN设备发送所述第二 IP报 文, 以便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述第二 IP 报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  204: The CE sends the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP packet after receiving the second IP packet. The destination IP address forwards the second IP packet to the network device on the network side.

所述用户设备为所述 CE私网侧的用户设备, 所述第一 IP报文包含的 所述源私网端口是指 TCP/IP端口, 所述私网端口只能在连接所述 CE的私 网侧有效, 不能用于 CGN公网侧网络转发, 为便于说明, 在本发明实施例 中对于第一 IP ^艮文中的源端口定义为所述私网源端口, 对于 CGN为所述 CE分配的用于 CGN公网侧转发的端口定义为所述公网端口。  The user equipment is a user equipment on the private network side of the CE, and the source private network port included in the first IP packet is a TCP/IP port, and the private network port can only be connected to the CE. The private network side is valid and cannot be used for the CGN public network side network forwarding. For convenience of description, in the embodiment of the present invention, the source port in the first IP address is defined as the private network source port, and the CGN is the CE source. The assigned port for forwarding on the public network side of the CGN is defined as the public network port.

可选地, 所述公网端口为所述 CE通过主动获取、被动接收或手动配置 的方式从所述 CGN设备获得的。 举例来说, 如果所述 CE通过主动获取的 方式从所述 CGN设备获取公网端口, 可以通过动态主机配置协议第四版 ( Dynamic Host Configuration Protocol, DHCP )或者邻居发现协议( Neighbor Discovery Protocol, NDP )来实现, 如果所述 CE通过被动获取的方式从所 述 CGN 设备获取公网端口, 可以通过宽带论坛技术报告第 069 号 ( BroadBand Forum Technical Report 069 , BBF TR-069 )或筒单网络管理协 议 ( Simple Network Management Protocol, SNMP )或者端口控制十办议 ( Port Control Protocol, PCP ) 来实现。  Optionally, the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration. For example, if the CE obtains the public network port from the CGN device by means of active acquisition, the dynamic host configuration protocol (DHCP) or the Neighbor Discovery Protocol (NDP) may be adopted. To achieve, if the CE obtains the public network port from the CGN device by means of passive acquisition, the BroadBand Forum Technical Report 069 (BBF TR-069) or the single network management protocol can be obtained through the broadband forum technical report No. 069 (Broadband Forum Technical Report 069, BBF TR-069) (Simple Network Management Protocol, SNMP) or Port Control Protocol (PCP).

可选地, 所述公网 IP地址为所述 CE根据所述私网 IP地址和第一对应 关系得到的, 所述第一对应关系保存有所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的。 所述 CE的私网 IP地址为所述 CGN设备分配的, 在所述 CGN为 所述 CE分配私网 IP地址时, 还分配所述 CE需要使用的所述公网地址, 并且所述 CGN会建立所述 CE的私网 IP地址和所述公网 IP地址的所述第 一对应关系,所述 CGN设备可以通过 DHCP或 NDP或 SNMP或 PCP协议 将所述第一对应关系发送给所述 CE。 可选的, 所述 CE除了将所述第一 IP报文的源私网端口替换为公网端 口, 将所述源私网 IP地址替换为公网 IP地址外, 还可以对所述第一 IP · ^艮 文进行 ALG处理, 具体包括: 对所述第一 IP报文的载荷信息中的地址和 端口信息进行转换 /翻译。 例如, 在私网侧的用户访问文件传输协议 (File Transfer Protocol, FTP )服务器的情况下, 所述第一报文的载荷信息包含私 网侧用户指定的用于 FTP数据连接的目的 IP地址(即所述源私网 IP地址) 和目的端口 (即所述源私网端口), 此时, 所述 CE才艮据所述第一对应关系 将所述第一 IP报文的载荷信息中指定的目的 IP地址和目的端口转换 /翻译 为所述公网 IP地址和公网端口。 由于所述 CE设备对所述第一 IP报文进行 了 ALG处理, 所述 CGN设备无需在对所述第一 IP报文进行 ALG处理。 Optionally, the public network IP address is obtained by the CE according to the private network IP address and the first correspondence, and the first corresponding relationship holds the private network IP address of the CE and the public network. Corresponding relationship of the IP address, the first correspondence is sent to the CE by the CGN device in advance. The private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address, and the CGN device may send the first correspondence to the CE by using DHCP or NDP or SNMP or PCP protocol. . Optionally, the CE may replace the source private network port of the first IP packet with a public network port, and replace the source private network IP address with a public network IP address. Performing ALG processing on the IP address includes: converting/translating the address and port information in the payload information of the first IP packet. For example, in a case where a user on the private network side accesses a File Transfer Protocol (FTP) server, the payload information of the first packet includes a destination IP address specified by the user on the private network side for the FTP data connection ( That is, the source private network IP address and the destination port (that is, the source private network port), at this time, the CE specifies the load information of the first IP packet according to the first correspondence. The destination IP address and destination port are translated/translated into the public network IP address and the public network port. Because the CE device performs ALG processing on the first IP packet, the CGN device does not need to perform ALG processing on the first IP packet.

可选地, 当 CE有到达所述 CGN设备的默认路由时, 所述 CE根据所 述默认路由直接将所述第二 IP报文转发到所述 CGN。  Optionally, when the CE has a default route to the CGN device, the CE directly forwards the second IP packet to the CGN according to the default route.

可选地, 所述 CE向所述 CGN设备发送所述第二 IP 文还可以包括: 所述 CE在所述第二 IP报文的报文头之前封装新的报文头, 所述新的 4艮文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的 私网 IP地址,所述 CE向所述 CGN设备发送封装了新的 ^艮文头的所述第二 IP报文。  Optionally, the sending, by the CE, the second IP address to the CGN device may further include: the CE encapsulating a new packet header before the packet header of the second IP packet, the new The destination IP address of the header is the IP address of the CGN device, the source IP address is the private IP address of the CE, and the CE sends the encapsulated new header to the CGN device. The second IP packet.

本实施例提供的报文转发的方法,可以在所述 CE上将用户设备发送的 所述第一 4艮文的源私网 IP地址和源私网端口转换为所述公网 IP地址和公网 端口, 根据所述第一对应关系以及获取的所述公网端口, 对于与具体业务 相关的应用层报文信息, 仅需执行一次 ALG处理而无需在 CE和 CGN设 备上分别执行 ALG处理, 筒化了网络设备开销。  The packet forwarding method provided in this embodiment may be configured to convert the source private network IP address and the source private network port of the first message transmitted by the user equipment to the public network IP address and the public on the CE. The network port, according to the first correspondence and the obtained public network port, only needs to perform ALG processing on the application layer packet information related to the specific service, and does not need to perform ALG processing on the CE and the CGN device respectively. The network equipment overhead is fixed.

图 3是根据本发明一种实施例的报文转发的方法流程示意图,参照图 3, 该方法包括:  FIG. 3 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention. Referring to FIG. 3, the method includes:

300: CGN设备接收 CE发送的第二 IP报文, 所述第二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报文为所述 CE从用户设 备接收的, 所述第一 IP报文包含源私网端口和源私网 IP地址, 所述处理包 括: 将所述第一 IP报文的源私网端口替换为公网端口,将所述源私网 IP地 址替换为公网 IP地址。 302: 所述 CGN设备根据所述第二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。 300: The CGN device receives the second IP packet sent by the CE, where the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is the CE slave user equipment. Receiving, the first IP packet includes a source private network port and a source private network IP address, and the processing includes: replacing the source private network port of the first IP packet with a public network port, and the source Replace the private network IP address with the public IP address. 302: The CGN device forwards the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.

可选的, 所述公网端口为所述 CE通过主动获取、被动接收或手动配置 的方式从所述 CGN设备获得的。 例如: 所述 CE通过 DHCP、 NDP、 SNMP 或 PCP协议, 或者利用 BBF TR-069技术获取所述公网端口。  Optionally, the public network port is obtained by the CE from the CGN device by means of active acquisition, passive reception, or manual configuration. For example, the CE obtains the public network port through the DHCP, NDP, SNMP, or PCP protocol, or the BBF TR-069 technology.

可选地, 所述公网 IP地址为所述 CE根据所述私网 IP地址和第一对应 关系得到的, 所述第一对应关系保存有所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的。 所述 CE的私网 IP地址为所述 CGN设备分配的, 在所述 CGN为 所述 CE分配私网 IP地址时, 还分配所述 CE需要使用的所述公网地址, 并且所述 CGN会建立所述 CE的私网 IP地址和所述公网 IP地址的所述第 一对应关系,所述 CGN设备可以通过 DHCP或 NDP或 SNMP或 PCP协议 将所述第一对应关系发送给所述 CE。  Optionally, the public network IP address is obtained by the CE according to the private network IP address and the first correspondence, and the first corresponding relationship holds the private network IP address of the CE and the public network. Corresponding relationship of the IP address, the first correspondence is sent to the CE by the CGN device in advance. The private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address, and the CGN device may send the first correspondence to the CE by using DHCP or NDP or SNMP or PCP protocol. .

可选的, 所述 CGN设备通过以下方式将所述第二 IP报文转发到网络 侧的网络设备:  Optionally, the CGN device forwards the second IP packet to the network device on the network side by:

所述 CGN设备判断所述第二 IP报文包含两层报文头, 将所述第二 IP 报文的外层报文头剥萬 ,根据所述第二 IP报文的内层报文头的目的 IP地址 进行转发, 包含两层报文头的所述第二 IP报文为所述 CE在所述第二 IP报 文的原报文头之前封装新的报文头得到的, 所述新的报文头的目的 IP地址 为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的私网 IP地址。  The CGN device determines that the second IP packet includes a two-layer packet header, and the outer packet header of the second IP packet is stripped by 10,000, according to the inner packet header of the second IP packet. The destination IP address is forwarded, and the second IP packet that includes the two-layer packet header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet. The destination IP address of the new packet header is the IP address of the CGN device, and the source IP address is the private IP address of the CE.

本实施例提供的报文转发的方法中,所述 CGN设备对报文进行解封装 和发送, 不进行端口翻译, 也无需针对应用层报文信息执行 ALG处理, 筒 化了设备开销。  In the packet forwarding method provided in this embodiment, the CGN device decapsulates and sends the packet, does not perform port translation, and does not need to perform ALG processing on the application layer packet information, thereby reducing device overhead.

图 4是根据本发明一种实施例的报文转发的方法流程示意图,参照图 4, 该方法包括:  FIG. 4 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention. Referring to FIG. 4, the method includes:

400: CE接收用户设备发送的第一 IP报文, 所述第一 IP报文包含源私 网端口和源私网 ip地址。  400: The CE receives the first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network ip address.

401: 所述 CE对所述第一 IP报文进行处理, 得到第二 IP报文, 所述 处理包括: 将所述第一 IP · ^艮文的源私网端口替换为公网端口, 将所述源私 网 IP地址替换为公网 IP地址。 401: The CE processes the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with a public network port, The source private Replace the network IP address with the public IP address.

402: 所述 CE向运营商级网络地址翻译 CGN设备发送所述第二 IP报 文, 以便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述第二 IP 报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  The CE sends the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP packet after receiving the second IP packet. The destination IP address forwards the second IP packet to the network device on the network side.

403: 所述 CGN设备接收所述发送的第二 IP报文。  403: The CGN device receives the sent second IP packet.

404: 所述 CGN设备根据所述第二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  404: The CGN device forwards the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.

其中, 对于 400至 402的说明, 请参照上文对图 2所示实施例的说明, 对于 403、 404的说明, 请参照上文对图 3所示实施例的说明, 此处不再赘 述。  For the description of 400 to 402, please refer to the description of the embodiment shown in FIG. 2. For the description of 403 and 404, refer to the description of the embodiment shown in FIG. 3, which will not be described herein.

405: 所述 CGN设备接收第四 IP报文,所述第四 IP报文为所述网络侧 的网络设备针对所述第二 IP报文的响应报文, 所述第四 IP报文的目的 IP 地址为所述公网 IP地址, 目的端口为所述公网端口。  405: The CGN device receives a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, and the destination of the fourth IP packet is The IP address is the public network IP address, and the destination port is the public network port.

406: 所述 CGN设备对所述第四 IP报文进行处理得到第三 IP报文,根 据所述第三 IP报文的目的 IP地址将所述第三 IP报文转发到所述 CE,所述 CGN设备对所述第四 IP报文进行处理包括: 当判断所述第四 IP报文的目 的 IP地址为所述公网 IP地址时, 根据所述第一对应关系将所述第四 IP报 文的目的 IP地址替换为所述 CE的私网 IP地址; ^艮据所述第三 IP 文的 目的 IP地址将所述第三 IP报文转发到所述 CE。  406: The CGN device processes the fourth IP packet to obtain a third IP packet, and forwards the third IP packet to the CE according to the destination IP address of the third IP packet. The processing of the fourth IP packet by the CGN device includes: when determining that the destination IP address of the fourth IP packet is the public network IP address, the fourth IP according to the first correspondence The destination IP address of the packet is replaced with the private IP address of the CE. The third IP packet is forwarded to the CE according to the destination IP address of the third IP address.

所述 CE的私网 IP地址为所述 CGN设备分配的, 在所述 CGN为所述 CE分配私网 IP地址时, 还分配所述 CE需要使用的所述公网地址, 并且所 述 CGN会建立所述 CE的私网 IP地址和所述公网 IP地址的所述第一对应 关系。  The private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address.

407: 所述 CE接收所述 CGN设备发送的第三 IP报文。  407: The CE receives a third IP packet sent by the CGN device.

408: 所述 CE对所述第三 IP报文进行处理得到第五 IP报文, 所述 CE 对所述第三 IP报文进行处理包括: 当判断所述第三 IP报文的目的 IP地址 为所述 CE的私网 IP地址, 目的端口为所述公网端口时, 艮据第二对应关 系将所述第三 IP报文的目的 IP地址替换为所述源私网 IP地址, 将所述第 三 IP 4艮文的目的端口替换为所述源私网端口。 其中, 所述 CE保存有所述公网端口和所述用户设备的所述源私网 IP、 所述源私网端口的第二对应关系。 可选的, 当所述 CE通过 DHCP、 NDP、 SNMP或 PCP协议, 或者利用 BBF TR-069技术获取到所述公网端口时, 建立所述第二对应关系。 408: The CE processes the third IP packet to obtain a fifth IP packet, and the processing, by the CE, the third IP packet includes: determining a destination IP address of the third IP packet If the destination port is the public network port, the destination IP address of the third IP packet is replaced with the destination private IP address by using the second corresponding relationship. The destination port of the third IP address is replaced with the source private network port. The CE stores the source network IP address of the public network port and the user equipment, and the second corresponding relationship of the source private network port. Optionally, the second correspondence is established when the CE obtains the public network port by using a DHCP, NDP, SNMP, or PCP protocol, or by using the BBF TR-069 technology.

409: 所述 CE根据所述第五 IP报文的目的 IP地址将所述第五 IP报文 向所述用户设备发送。  409: The CE sends the fifth IP packet to the user equipment according to the destination IP address of the fifth IP packet.

本发明的一种实施例还提供一种报文转发的方法, 该方法包括图 4所 示实施例中的 400至 405 , 以及以下步骤:  An embodiment of the present invention further provides a method for packet forwarding, the method comprising 400 to 405 in the embodiment shown in FIG. 4, and the following steps:

1 )所述 CGN设备对所述第四 IP报文进行处理得到第六 IP报文,所述 CGN设备对所述第四 IP报文进行处理包括: 当判断所述第四 IP报文的目 的 IP地址为所述公网 IP地址, 目的端口为所述公网端口时,在所述第四 IP 报文的报文头前封装新的报文头, 该新的报文头的目的 IP地址为根据所述 第一对应关系确定的所述 CE的私网 IP地址, 该新的 4艮文头的源 IP地址为 所述 CGN设备的 IP地址;根据所述第六 IP报文的外层报文头的目的 IP地 址, 将所述第六 IP报文向所述 CE发送。  1) The CGN device processes the fourth IP packet to obtain a sixth IP packet, and the processing, by the CGN device, the fourth IP packet includes: determining a destination of the fourth IP packet The IP address is the public network IP address, and the destination port is the public network port, and a new packet header is encapsulated in front of the packet header of the fourth IP packet, and the destination IP address of the new packet header is The source IP address of the new IP address is the IP address of the CGN device according to the private network IP address of the CE determined according to the first correspondence, and the outer layer of the sixth IP packet is The destination IP address of the packet header is sent to the CE by the sixth IP packet.

所述 CE的私网 IP地址为所述 CGN设备分配的, 在所述 CGN为所述 CE分配私网 IP地址时, 还分配所述 CE需要使用的所述公网地址, 并且所 述 CGN会建立所述 CE的私网 IP地址和所述公网 IP地址的所述第一对应 关系。  The private network IP address of the CE is allocated by the CGN device, and when the CGN allocates a private network IP address to the CE, the public network address that the CE needs to use is also allocated, and the CGN is Establishing the first correspondence between the private network IP address of the CE and the public network IP address.

2 )所述 CGN设备根据所述第六 IP报文的外层报文头的目的 IP地址, 将所述第六 IP报文向所述 CE发送。  2) The CGN device sends the sixth IP packet to the CE according to the destination IP address of the outer packet header of the sixth IP packet.

3 )所述 CE接收到所述 CGN设备发送的第六 IP报文, 对所述第六 IP 报文进行处理得到第七 IP报文, 所述 CE对所述第六 IP报文进行处理包括: 当判断所述第六 IP报文包含两层报文头时, 将其外层报文头剥离, 判断所 述第六 IP · ^艮文的内层 4艮文头的目的 IP地址为所述公网 IP地址, 目的端口 为所述公网端口时, 根据第二对应关系将所述第六 IP报文的内层报文头的 目的 IP地址替换为所述源私网 IP地址,将目的端口替换为所述源私网端口; 所述 CE根据所述第七 IP报文的目的 IP地址将所述第七 IP报文向所述用 户设备发送。 其中, 所述 CE保存有所述公网端口和所述用户设备的所述源私网 IP、 所述源私网端口的第二对应关系。 可选的, 当所述 CE通过 DHCP、 NDP、 SNMP或 PCP协议, 或者利用 BBF TR-069技术获取到所述公网端口时, 建立所述第二对应关系。 3) The CE receives the sixth IP packet sent by the CGN device, and processes the sixth IP packet to obtain a seventh IP packet, where the CE processes the sixth IP packet, including When it is determined that the sixth IP packet includes two layer headers, the outer packet header is stripped, and the destination IP address of the inner layer 4 header of the sixth IP address is determined to be The public network IP address, when the destination port is the public network port, the destination IP address of the inner packet header of the sixth IP packet is replaced with the source private network IP address according to the second correspondence. The destination port is replaced with the source private network port; the CE sends the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet. The CE stores the source network IP address of the public network port and the user equipment, and the second corresponding relationship of the source private network port. Optionally, the second correspondence is established when the CE obtains the public network port by using a DHCP, NDP, SNMP, or PCP protocol, or by using the BBF TR-069 technology.

可选的, 在本步骤中, 所述 CE还可以执行 ALG处理, 例如, 根据所 述第一对应关系对所述第六 IP报文的载荷信息中的地址和端口信息进行转 换 /翻译。  Optionally, in this step, the CE may further perform an ALG process, for example, converting/translating address and port information in the payload information of the sixth IP packet according to the first correspondence.

4 )所述 CE根据所述第七 IP报文的目的 IP地址将所述第七 IP报文向 所述用户设备发送。  4) The CE sends the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.

本实施例中, 在所述 CE上实现源私网 IP地址、 源私网端口与对应的 公网 IP地址、 公网端口之间的转换, 在所述 CGN设备上通过隧道封装和 解封装进行报文处理和发送。 对于应用层报文信息的处理, 可以集中在 CE 上执行 ALG处理, 而无需在 CGN设备上执行。  In this embodiment, the conversion between the source private network IP address, the source private network port, the corresponding public network IP address, and the public network port is implemented on the CE, and the CGN device performs tunnel encapsulation and decapsulation. Text processing and sending. For the processing of application layer packet information, ALG processing can be performed on the CE without performing on the CGN device.

图 5A是根据本发明一种实施例的用户边缘设备 CE结构示意图, 参照 图 5A, CE50包括:  FIG. 5A is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention. Referring to FIG. 5A, the CE50 includes:

第一接收单元 52, 用于接收用户设备发送的第一 IP报文, 所述第一 IP 报文包含源私网端口和源私网 IP地址。  The first receiving unit 52 is configured to receive a first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network IP address.

第一处理单元 54, 用于对所述第一 IP报文进行处理, 得到第二 IP报 文, 所述处理包括: 将所述第一 IP · ^艮文的源私网端口替换为公网端口, 将 所述源私网 IP地址替换为公网 IP地址。  The first processing unit 54 is configured to process the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with the public network Port, replace the source private network IP address with the public network IP address.

第一发送单元 56, 用于向 CGN设备发送所述第二 IP报文, 以便于所 述 CGN设备在接收到所述第二 IP报文后, 根据所述第二 IP报文的目的 IP 地址将所述第二 IP报文转发到网络侧的网络设备。  The first sending unit 56 is configured to send the second IP packet to the CGN device, so that the CGN device receives the second IP packet according to the destination IP address of the second IP packet. Forwarding the second IP packet to a network device on the network side.

在本实施例的一种实现方式中, 参照图 5B, 第一处理单元 54包括: 获取子单元 542, 用于通过主动获取、被动接收或手动配置的方式从所 述 CGN设备获取所述公网端口,例如通过接受 DHCP服务器下发的信息获 取所述公网端口。  In an implementation manner of this embodiment, referring to FIG. 5B, the first processing unit 54 includes: an obtaining subunit 542, configured to acquire the public network from the CGN device by means of active acquisition, passive reception, or manual configuration. The port obtains the public network port by, for example, receiving information sent by the DHCP server.

存储子单元 544,用于存储第一对应关系,所述第一对应关系包括 CE50 的私网 IP地址和所述公网 IP地址的对应关系(当图 6所示实施例中的第一 处理单元 50包含存储子单元 544时,第一对应关系包括 CE60的私网 IP地 址和所述公网 IP地址的对应关系, 这种隐含的设备编号的变化对其他附图 所示实施例中的单元 /子单元中的类似情况同样适用, 不再特别说明) , 所 述第一对应关系为所述 CGN设备预先发送给 CE50的。 The storage sub-unit 544 is configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE50 and the public network IP address (the first in the embodiment shown in FIG. 6) When the processing unit 50 includes the storage subunit 544, the first correspondence includes the correspondence between the private network IP address of the CE60 and the public network IP address, and the change of the implicit device number is in the embodiment shown in the other figures. A similar situation in the unit/subunit is also applicable, and is not specifically described. The first correspondence is that the CGN device is previously sent to the CE 50.

确定子单元 546, 用于根据 CE50的私网 IP地址和存储子单元 544存 储的所述第一对应关系确定所述公网 IP地址。  The determining subunit 546 is configured to determine the public network IP address according to the private network IP address of the CE50 and the first correspondence stored by the storage subunit 544.

在本实施例的一种实现方式中, 参照图 5C, 第一发送单元 56包括: 封装子单元 562, 用于在所述第二 IP报文的报文头之前封装新的报文 头, 所述新的^艮文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址 为 CE50的私网 IP地址;  In an implementation manner of this embodiment, referring to FIG. 5C, the first sending unit 56 includes: a packaging sub-unit 562, configured to encapsulate a new packet header before the packet header of the second IP packet. The destination IP address of the new header is the IP address of the CGN device, and the source IP address is the private IP address of the CE50.

发送子单元 564, 用于向所述 CGN设备发送由封装子单元 562封装了 新的报文头的所述第二 IP报文。  The sending subunit 564 is configured to send, to the CGN device, the second IP packet encapsulated by the encapsulating subunit 562 into a new packet header.

本实施例提供的 CE50可以实现所述用户设备的源私网 IP地址、 源私 网端口向所述公网 IP地址、 公网端口的转换, 对于应用层报文信息只需执 行一次 ALG。  The CE50 provided in this embodiment can implement the conversion of the source private network IP address of the user equipment, the source private network port to the public network IP address, and the public network port, and only needs to execute the ALG once for the application layer packet information.

图 6是根据本发明一种实施例的用户边缘设备 CE结构示意图,参照图 6, CE60除了包括第一接收单元 52、 第一处理单元 54、 第一发送单元 56 夕卜, 还包括:  FIG. 6 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention. Referring to FIG. 6, the CE 60 includes, in addition to the first receiving unit 52, the first processing unit 54, and the first sending unit 56, the following:

第二接收单元 62, 用于接收所述 CGN设备发送的第三 IP报文, 所述 第三 IP报文为所述 CGN设备对从所述网络侧的网络设备接收的第四 IP报 文处理得到的, 所述第四 IP 文的目的 IP地址为所述公网 IP地址, 目的 端口为所述公网端口, 所述 CGN设备对所述第四 IP报文处理包括:  The second receiving unit 62 is configured to receive a third IP packet that is sent by the CGN device, where the third IP packet is a fourth IP packet that is received by the CGN device from the network device on the network side. The destination IP address of the fourth IP address is the public network IP address, and the destination port is the public network port, and the processing of the fourth IP packet by the CGN device includes:

当判断所述第四 IP报文的目的 IP地址为所述公网 IP地址时, 根据所 述第一对应关系将所述第四 IP报文的目的 IP地址替换为 CE60的私网 IP 地址。  When it is determined that the destination IP address of the fourth IP packet is the public network IP address, the destination IP address of the fourth IP packet is replaced with the private network IP address of the CE60 according to the first correspondence.

存储单元 64,用于保存所述公网端口和所述用户设备的源私网 IP地址、 源私网端口的第二对应关系。  The storage unit 64 is configured to save a second correspondence between the public network port and the source private network IP address of the user equipment and the source private network port.

第二处理单元 66, 用于对所述第三 IP报文进行处理得到第五 IP报文。 第二发送单元 68, 用于根据所述第五 IP报文的目的 IP地址将所述第 五 IP报文向所述用户设备发送。 The second processing unit 66 is configured to process the third IP packet to obtain a fifth IP packet. The second sending unit 68 is configured to: according to the destination IP address of the fifth IP packet, the first Five IP packets are sent to the user equipment.

在本实施例的一种实现方式中, 第二处理单元 62可以包括:  In an implementation manner of this embodiment, the second processing unit 62 may include:

判断子单元,用于对所述第三 IP报文的目的 IP地址和目的端口进行判 断, 当所述第三 IP ^艮文的目的 IP地址为 CE60的私网 IP地址, 目的端口 为所述公网端口时触发下述报文处理子单元;  a determining subunit, configured to determine a destination IP address and a destination port of the third IP packet, where the destination IP address of the third IP address is a private network IP address of the CE60, and the destination port is the The following packet processing subunit is triggered when the public network port is used;

报文处理子单元, 用于根据所述第二对应关系将所述第三 IP报文的目 的 IP地址替换为所述源私网 IP地址, 将所述第三 IP报文的目的端口替换 为所述源私网端口。  a message processing subunit, configured to replace the destination IP address of the third IP packet with the source private network IP address according to the second correspondence, and replace the destination port of the third IP packet with The source private network port.

图 7是根据本发明一种实施例的用户边缘设备 CE结构示意图,参照图 7, CE70除了包括第一接收单元 52、 第一处理单元 54、 第一发送单元 56, 还包括:  FIG. 7 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention. Referring to FIG. 7, the CE 70 includes, in addition to the first receiving unit 52, the first processing unit 54, and the first sending unit 56, the following:

第三接收单元 72, 用于接收所述 CGN设备发送的第六 IP报文, 所述 第六 IP报文由所述 CGN设备在所述第四 IP报文的报文头之前封装新的报 文头得到, 该新的报文头的目的 IP地址是所述 CE70的私网 IP地址, 源 IP 地址是所述 CGN设备的 IP地址。  The third receiving unit 72 is configured to receive a sixth IP packet that is sent by the CGN device, where the sixth IP packet is encapsulated by the CGN device before the packet header of the fourth IP packet. The destination IP address of the new packet header is the private IP address of the CE70, and the source IP address is the IP address of the CGN device.

保存单元 74,用于保存所述公网端口和所述用户设备的源私网 IP地址、 源私网端口的第二对应关系。  The saving unit 74 is configured to save a second correspondence between the public network port and the source private network IP address and the source private network port of the user equipment.

第三处理单元 76, 用于对所述第六 IP报文进行处理得到第七 IP报文。 具体的, 判断所述第六 IP报文包含两层报文头时, 将外层报文头剥离; 判 断内层 文头的目的 IP地址为所述公网 IP地址,目的端口为所述公网端口 时,根据保存单元 74存储的所述第二对应关系将所述第六 IP报文的内层报 文头的目的 IP地址替换为所述用户设备的源私网 IP地址, 将所述第六 IP 报文的内层报文头的目的端口替换为所述用户设备的源私网端口。  The third processing unit 76 is configured to process the sixth IP packet to obtain a seventh IP packet. Specifically, when it is determined that the sixth IP packet includes a two-layer packet header, the outer packet header is stripped; the destination IP address of the inner header is determined as the public network IP address, and the destination port is the public port. And replacing the destination IP address of the inner packet header of the sixth IP packet with the source private IP address of the user equipment according to the second correspondence stored by the storage unit 74, The destination port of the inner packet header of the sixth IP packet is replaced with the source private network port of the user equipment.

第三发送单元 78, 用于根据所述第七 IP报文的目的 IP地址将所述第 七 IP报文向所述用户设备发送。  The third sending unit 78 is configured to send the seventh IP packet to the user equipment according to the destination IP address of the seventh IP packet.

可见, 通过本发明实施例提供的所述 CE, 在所述 CE实现 NAT, 使得 CGN设备无需进行 NAT, 并且, 根据所述第一对应关系以及获取的公网端 口, 对于应用层报文信息, 可以只在所述 CE上执行 ALG处理, 而无需在 所述 CE和所述 CGN设备上分别执行 ALG处理, 减少了网络设备的开销。 图 8A是根据本发明一种实施例的 CGN设备结构示意图, 参照图 8A, CGN设备 80包括: It can be seen that, by using the CE provided by the embodiment of the present invention, the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE without performing ALG processing on the CE and the CGN device separately, which reduces the overhead of the network device. FIG. 8A is a schematic structural diagram of a CGN device according to an embodiment of the present invention. Referring to FIG. 8A, the CGN device 80 includes:

第一接收单元 82, 用于接收用户边缘设备 CE发送的第二 IP报文。 所 述第二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报 文为所述 CE从用户设备接收的, 所述第一 IP报文包含源私网端口和源私 网 IP地址, 所述处理包括: 将所述第一 IP报文的源私网端口替换为公网端 口, 将所述源私网 IP地址替换为公网 IP地址。  The first receiving unit 82 is configured to receive a second IP packet sent by the user edge device CE. The second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is received by the CE from the user equipment, and the first IP packet includes the source private network. The port and the source private network IP address, the process includes: replacing the source private network port of the first IP packet with a public network port, and replacing the source private network IP address with a public network IP address.

第一发送单元 84, 用于根据所述第二 IP报文的目的 IP地址将所述第 二 IP报文转发到网络侧的网络设备。  The first sending unit 84 is configured to forward the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.

可选的, 在本实施例的一种实现方式中, CGN设备 80还可以包括: 第一预处理单元 86, 用于将第一对应关系预先发送给所述 CE, 以便于 所述 CE根据其私网 IP地址和所述第一对应关系得到对应的所述公网 IP地 址, 所述第一对应关系包括所述 CE的私网 IP地址和所述公网 IP地址的对 应关系。  Optionally, in an implementation manner of this embodiment, the CGN device 80 may further include: a first pre-processing unit 86, configured to send the first correspondence to the CE in advance, so that the CE is configured according to the CE The private network IP address and the first corresponding relationship are corresponding to the public network IP address, and the first correspondence relationship includes a correspondence between the private network IP address of the CE and the public network IP address.

第二预处理单元 88, 用于预先为所述 CE设置所述公网端口。  The second pre-processing unit 88 is configured to set the public network port for the CE in advance.

在由 CE和 CGN设备构成的报文转发系统中, 本实施例提供的 CGN 设备 80无需执行 ALG功能, 也可以不进行端口翻译, 筒化了网络设备开 销。  In the packet forwarding system composed of the CE and the CGN device, the CGN device 80 provided in this embodiment does not need to perform the ALG function, and can also perform network translation without port translation.

在本实施例的一种实现方式中, 参照图 8B, 第一发送单元 84包括: 第一判断子单元 842, 用于对所述第二 IP报文进行判断, 当所述第二 IP报文包含两层报文头时触发第一报文处理子单元 844。包含两层报文头的 所述第二 IP报文为所述 CE在所述第二 IP报文的原报文头之前封装新的报 文头得到的,所述新的^艮文头的目的 IP地址为 CGN设备 80的 IP地址, 源 IP地址为所述 CE的私网 IP地址。  In an implementation manner of this embodiment, referring to FIG. 8B, the first sending unit 84 includes: a first determining subunit 842, configured to determine, by the second IP packet, the second IP packet. The first message processing sub-unit 844 is triggered when the two-layer header is included. The second IP packet that includes the two-layer packet header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the new header is The destination IP address is the IP address of the CGN device 80, and the source IP address is the private IP address of the CE.

第一报文处理子单元 844,用于在所述第二 IP报文包含两层报文头时, 将所述第二 IP报文的外层报文头剥离,根据所述第二 IP报文的内层报文头 的目的 IP地址进行转发。  The first packet processing sub-unit 844 is configured to: when the second IP packet includes a two-layer packet header, strip the outer packet header of the second IP packet, according to the second IP packet The destination IP address of the inner packet header is forwarded.

图 9是根据本发明一种实施例的 CGN设备结构示意图,参照图 9, CGN 设备 90除了包括第一接收单元 82、 第一发送单元 84外, 还包括: 第二接收单元 92, 用于接收第四 IP报文, 所述第四 IP报文为所述网 络侧的网络设备针对所述第二 IP报文的响应报文,所述第四 IP报文的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口。 FIG. 9 is a schematic structural diagram of a CGN device according to an embodiment of the present invention. Referring to FIG. 9, the CGN device 90 includes, in addition to the first receiving unit 82 and the first sending unit 84, the following: The second receiving unit 92 is configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, and the fourth IP packet is The destination IP address is the public network IP address, and the destination port is the public network port.

处理单元 94, 用于对所述第四 IP报文进行处理得到第三 IP报文。 第二发送单元 96, 用于根据所述第三 IP报文的目的 IP地址将所述第 三 IP报文转发到所述 CE。  The processing unit 94 is configured to process the fourth IP packet to obtain a third IP packet. The second sending unit 96 is configured to forward the third IP packet to the CE according to the destination IP address of the third IP packet.

在本实施例的一种实现方式中, 处理单元 94包括:  In an implementation manner of this embodiment, the processing unit 94 includes:

第二判断子单元,用于对所述第四 IP报文进行判断, 当所述第四 IP报 文的目的 IP地址为所述公网 IP地址时触发下述第二报文处理子单元;  a second determining sub-unit, configured to determine the fourth IP packet, and triggering the following second packet processing sub-unit when the destination IP address of the fourth IP packet is the public IP address;

第二报文处理子单元, 用于根据所述第一对应关系将所述第四 IP报文 的目的 IP地址替换为所述 CE的私网 IP地址。  The second packet processing sub-unit is configured to replace the destination IP address of the fourth IP packet with the private network IP address of the CE according to the first correspondence.

图 10是根据本发明一种实施例的 CGN设备结构示意图, 参照图 10, CGN设备 100除了包括第一接收单元 82、 第一发送单元 84外, 还包括: 第三接收单元 102, 用于接收第四 IP报文, 所述第四 IP报文为所述网 络侧的网络设备针对所述第二 IP报文的响应报文,所述第四 IP报文的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口。  FIG. 10 is a schematic structural diagram of a CGN device according to an embodiment of the present invention. Referring to FIG. 10, the CGN device 100 includes: a first receiving unit 82 and a first sending unit 84, and a third receiving unit 102, configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, and the destination IP address of the fourth IP packet is the public network IP address, the destination port is the public network port.

报文封装单元 104,用于对所述第四 IP报文进行处理得到第六 IP报文。 具体的, 当判断所述第四 IP 4艮文的目的 IP地址为所述公网 IP地址, 目的 端口为所述公网端口时,在所述第四 IP报文的报文头之前封装新的报文头, 该新的报文头的目的 IP地址是所述 CE的私网 IP地址, 源 IP地址是所述 CGN设备 100的 IP地址。 其中, CGN设备 100可根据所述第四 IP报文的 目的 IP地址(即所述公网 IP地址)和所述第一对应关系确定所述第四 IP 报文的新的报文头的目的 IP地址。  The packet encapsulating unit 104 is configured to process the fourth IP packet to obtain a sixth IP packet. Specifically, when it is determined that the destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, the packet is encapsulated before the packet header of the fourth IP packet. The destination IP address of the new packet header is the private IP address of the CE, and the source IP address is the IP address of the CGN device 100. The CGN device 100 may determine the destination of the new packet header of the fourth IP packet according to the destination IP address of the fourth IP packet, that is, the public network IP address, and the first correspondence. IP address.

第三发送单元 106, 用于根据所述第六 IP报文的外层报文头的目的 IP 地址将所述第六 IP报文转发到所述 CE。  The third sending unit 106 is configured to forward the sixth IP packet to the CE according to the destination IP address of the outer packet header of the sixth IP packet.

可见, 通过本发明实施例提供的所述 CGN, 在所述 CE实现 NAT, 使 得 CGN设备无需进行 NAT, 并且, 根据所述第一对应关系以及获取的公 网端口, 对于应用层报文信息, 可以只在所述 CE上执行 ALG处理, 而无 需在所述 CE和所述 CGN设备上分别执行 ALG处理, 减少了网络设备的 开销。 It can be seen that, by using the CGN provided by the embodiment of the present invention, the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE, without performing ALG processing on the CE and the CGN device, respectively, reducing network equipment Overhead.

图 11是根据本发明一种实施例的用户边缘设备 CE结构示意图, 参照 图 11 , 该 CE110包括: 收发器 111和处理器 112。 其中:  FIG. 11 is a schematic structural diagram of a user edge device CE according to an embodiment of the present invention. Referring to FIG. 11, the CE 110 includes: a transceiver 111 and a processor 112. among them:

收发器 111 , 用于接收用户设备发送的第一 IP报文, 所述第一 IP报文 包含源私网端口和源私网 IP地址;  The transceiver 111 is configured to receive a first IP packet sent by the user equipment, where the first IP packet includes a source private network port and a source private network IP address.

处理器 112, 用于对所述第一 IP报文进行处理, 得到第二 IP报文, 所 述处理包括: 将所述第一 IP 4艮文的源私网端口替换为公网端口, 将所述源 私网 IP地址替换为公网 IP地址;  The processor 112 is configured to process the first IP packet to obtain a second IP packet, where the processing includes: replacing the source private network port of the first IP address with a public network port, The source private network IP address is replaced with a public network IP address.

所述收发器 111还用于向运营商级网络地址翻译 CGN设备发送所述第 二 IP报文, 以便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述 第二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  The transceiver 111 is further configured to send the second IP packet to the carrier-level network address translation CGN device, so that the CGN device receives the second IP packet according to the second IP after receiving the second IP packet. The destination IP address of the packet forwards the second IP packet to the network device on the network side.

可选地, 所述收发器 111 还用于通过主动获取、 被动接收或手动配置 的方式从所述 CGN设备获取所述公网端口, 所述 CE100还包括:  Optionally, the transceiver 111 is further configured to obtain the public network port from the CGN device by means of active acquisition, passive reception, or manual configuration, where the CE 100 further includes:

存储器 113, 用于存储第一对应关系, 所述第一对应关系包括所述 CE 的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的;  The storage unit 113 is configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address, where the first correspondence is sent in advance by the CGN device. To the CE;

所述处理器 112还用于根据所述 CE的私网 IP地址和所述存储器 113 存储的所述第一对应关系确定所述公网 IP地址。  The processor 112 is further configured to determine the public network IP address according to the private network IP address of the CE and the first correspondence stored by the memory 113.

可选地, 所述处理器 112还用于在所述第二 IP报文的报文头之前封装 新的报文头, 所述新的报文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址为所述 CE110的私网 IP地址;  Optionally, the processor 112 is further configured to encapsulate a new packet header before the packet header of the second IP packet, where a destination IP address of the new packet header is an IP address of the CGN device. Address, source IP address is the private network IP address of the CE110;

所述收发器 111还用于向所述 CGN设备发送由所述处理器 112封装了 新的报文头的所述第二 IP报文。  The transceiver 111 is further configured to send, to the CGN device, the second IP packet encapsulated by the processor 112 into a new packet header.

可选地, 所述收发器 111 ,还用于接收所述 CGN设备发送的第三 IP报 文, 所述第三 IP报文为所述 CGN设备对从所述网络侧的网络设备接收的 第四 IP报文处理得到的, 所述第四 IP报文的目的 IP地址为所述公网 IP地 址, 目的端口为所述公网端口, 所述 CGN设备对所述第四 IP报文处理包 括:  Optionally, the transceiver 111 is further configured to receive a third IP packet sent by the CGN device, where the third IP packet is received by the CGN device from a network device on the network side. The destination IP address of the fourth IP packet is the public network IP address, and the destination port is the public network port, and the CGN device processes the fourth IP packet, including the four IP packets. :

当判断所述第四 IP 4艮文的目的 IP地址为所述公网 IP地址时,才艮据所述 第一对应关系将所述第四 IP报文的目的 IP地址替换为所述 CE的 私网 IP地址。 When it is determined that the destination IP address of the fourth IP address is the public network IP address, The first correspondence replaces the destination IP address of the fourth IP packet with the private network IP address of the CE.

可选地, 所述处理器 112还用于保存所述公网端口和所述用户设备的 所述源私网 IP地址、 所述源私网端口的第二对应关系;  Optionally, the processor 112 is further configured to save the source private network IP address of the public network port and the user equipment, and the second corresponding relationship of the source private network port;

所述处理器 112,还用于对所述第三 IP报文进行处理得到第五 IP报文, 所述 CE对所述第三 IP报文进行处理包括:  The processor 112 is further configured to process the third IP packet to obtain a fifth IP packet, where the processing, by the CE, the third IP packet includes:

当判断所述第三 IP 4艮文的目的 IP地址为所述 CE的私网 IP地址, 目 的端口为所述公网端口时, 根据所述第二对应关系将所述第三 IP报文的目 的 IP地址替换为所述源私网 IP地址, 将所述第三 IP报文的目的端口替换 为所述源私网端口;  When it is determined that the destination IP address of the third IP address is the private network IP address of the CE, and the destination port is the public network port, the third IP packet is used according to the second correspondence. The destination IP address is replaced with the source private network IP address, and the destination port of the third IP packet is replaced with the source private network port.

所述收发器 111 , 用于根据所述第五 IP报文的目的 IP地址将所述第五 IP报文向所述用户设备发送。  The transceiver 111 is configured to send the fifth IP packet to the user equipment according to the destination IP address of the fifth IP packet.

可见, 通过本发明实施例提供的所述 CE, 在所述 CE实现 NAT, 使得 CGN设备无需进行 NAT, 并且, 根据所述第一对应关系以及获取的公网端 口, 对于应用层报文信息, 可以只在所述 CE上执行 ALG处理, 而无需在 所述 CE和所述 CGN设备上分别执行 ALG处理, 减少了网络设备的开销。  It can be seen that, by using the CE provided by the embodiment of the present invention, the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE without performing ALG processing on the CE and the CGN device separately, which reduces the overhead of the network device.

图 12是根据本发明一种实施例的 CGN设备结构示意图, 参照图 12, 该 CGN设备 120包括:  FIG. 12 is a schematic structural diagram of a CGN device according to an embodiment of the present invention. Referring to FIG. 12, the CGN device 120 includes:

收发器 121 , 用于接收用户边缘设备 CE发送的第二 IP报文, 所述第 二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报文为 所述 CE从用户设备接收的, 所述第一 IP报文包含源私网端口和源私网 IP 地址, 所述处理包括: 将所述第一 IP · ^艮文的源私网端口替换为公网端口, 将所述源私网 IP地址替换为公网 IP地址;  The transceiver 121 is configured to receive a second IP packet sent by the user edge device CE, where the second IP packet is obtained by the CE processing the first IP packet, where the first IP packet is The receiving, by the user equipment, the first IP packet includes the source private network port and the source private network IP address, and the processing includes: replacing the source private network port of the first IP address with the public IP address The network port replaces the source private network IP address with a public network IP address.

所述收发器 121还用于根据所述第二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。  The transceiver 121 is further configured to forward the second IP packet to the network device on the network side according to the destination IP address of the second IP packet.

可选的, 所述 CGN设备 120还包括:  Optionally, the CGN device 120 further includes:

存储器 122, 用于存储第一对应关系, 所述第一对应关系包括所述 CE 的私网 IP地址和所述公网 IP地址的对应关系;  The storage unit 122 is configured to store a first correspondence, where the first correspondence includes a correspondence between a private network IP address of the CE and the public network IP address.

所述收发器 121还用于将所述第一对应关系预先发送给所述 CE。 可选的, 所述 CGN设备 120还包括处理器 123, 用于预先为所述 CE 设置所述公网端口。 The transceiver 121 is further configured to send the first correspondence to the CE in advance. Optionally, the CGN device 120 further includes a processor 123, configured to preset the public network port for the CE.

可选的, 所述处理器 123还用于对所述第二 IP报文进行判断, 判断所 述第二 IP报文包含两层报文头,将所述第二 IP报文的外层报文头剥离, 包 含两层报文头的所述第二 IP报文为所述 CE在所述第二 IP报文的原报文头 之前封装新的报文头得到的, 所述新的报文头的目的 IP地址为 CGN设备 120的 IP地址, 源 IP地址为所述 CE的私网 IP地址;  Optionally, the processor 123 is further configured to: determine, by the second IP packet, the second IP packet, where the second IP packet includes a two-layer packet header, and the outer layer of the second IP packet is reported. The header is stripped, and the second IP packet that includes the two-layer packet header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, where the new packet is obtained. The destination IP address of the header is the IP address of the CGN device 120, and the source IP address is the private IP address of the CE.

所述收发器 121还用于根据所述第二 IP报文的内层报文头的目的 IP地 址进行转发。  The transceiver 121 is further configured to forward according to a destination IP address of an inner packet header of the second IP packet.

可选的, 所述收发器 121还用于接收第四 IP报文, 所述第四 IP报文为 所述网络侧的网络设备针对所述第二 IP报文的响应报文,所述第四 IP报文 的目的 IP地址为所述公网 IP地址, 目的端口为所述公网端口;  Optionally, the transceiver 121 is further configured to receive a fourth IP packet, where the fourth IP packet is a response packet of the network device on the network side to the second IP packet, where the The destination IP address of the four IP packets is the public network IP address, and the destination port is the public network port.

所述处理器 123还用于对所述第四 IP报文进行处理得到第三 IP报文, 所述处理包括: 当判断所述第四 IP 4艮文的目的 IP地址为所述公网 IP地址 时, 根据所述第一对应关系将所述第四 IP报文的目的 IP地址替换为所述 CE的私网 IP地址;  The processor 123 is further configured to process the fourth IP packet to obtain a third IP packet, where the processing includes: determining that the destination IP address of the fourth IP address is the public IP address In the address, the destination IP address of the fourth IP packet is replaced with the private IP address of the CE according to the first correspondence.

所述收发器 121还用于根据所述第三 IP报文的目的 IP地址将所述第三 IP报文转发到所述 CE。  The transceiver 121 is further configured to forward the third IP packet to the CE according to the destination IP address of the third IP packet.

可见, 通过本发明实施例提供的所述 CGN, 在所述 CE实现 NAT, 使 得 CGN设备无需进行 NAT, 并且, 根据所述第一对应关系以及获取的公 网端口, 对于应用层报文信息, 可以只在所述 CE上执行 ALG处理, 而无 需在所述 CE和所述 CGN设备上分别执行 ALG处理, 减少了网络设备的 开销。 本领域普通技术人员可以理解实现上述实施例方法中的全部或部分 流程, 是可以通过计算机程序来指令相关的硬件来完成, 所述的程序可存 储于一计算机可读取存储介质中, 该程序在执行时, 可包括如上述各方法 的实施例的流程。 其中, 所述的存储介质可为磁碟、 光盘、 只读存储记忆 体( Read-Only Memory, ROM )或随机存储记忆体( Random Access Memory, RAM )等。  It can be seen that, by using the CGN provided by the embodiment of the present invention, the CE is implemented in the CE, so that the CGN device does not need to perform NAT, and according to the first correspondence and the obtained public network port, for application layer packet information, ALG processing can be performed only on the CE without performing ALG processing on the CE and the CGN device separately, which reduces the overhead of the network device. A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. In execution, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

以上所揭露的仅为本发明一种较佳实施例而已, 当然不能以此来限定 本发明之权利范围, 因此依本发明权利要求所作的等同变化, 仍属本发明 所涵盖的范围。 What has been disclosed above is only a preferred embodiment of the present invention, and of course, it cannot be limited thereto. The scope of the invention is therefore intended to be embraced within the scope of the invention.

Claims

权利要求 Rights request 1、 一种报文转发的方法, 其特征在于, 包括: 1. A message forwarding method, characterized by including: 用户边缘设备 CE接收用户设备发送的第一 IP报文, 所述第一 IP报文 包含源私网端口和源私网 IP地址; The user edge device CE receives the first IP message sent by the user device, where the first IP message includes the source private network port and the source private network IP address; 所述 CE对所述第一 IP报文进行处理, 得到第二 IP报文, 所述处理包 括: 将所述第一 IP报文的源私网端口替换为公网端口,将所述源私网 IP地 址替换为公网 IP地址; The CE processes the first IP message to obtain a second IP message. The processing includes: replacing the source private network port of the first IP message with a public network port, and replacing the source private network port with a public network port. Replace the network IP address with the public IP address; 所述 CE向运营商级网络地址翻译 CGN设备发送所述第二 IP报文,以 便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述第二 IP报文的 目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。 The CE sends the second IP message to the carrier-level network address translation CGN device, so that after receiving the second IP message, the CGN device can, according to the destination IP of the second IP message, The address forwards the second IP packet to the network device on the network side. 2、 根据权利要求 1 所述的方法, 其特征在于, 所述公网端口为所述 CE通过主动获取、 被动接收或手动配置的方式从所述 CGN设备获得的, 所述公网 IP地址为所述 CE根据所述私网 IP地址和第一对应关系得到的, 所述第一对应关系保存有所述 CE的私网 IP地址和所述公网 IP地址的对应 关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的。 2. The method according to claim 1, characterized in that, the public network port is obtained by the CE from the CGN device through active acquisition, passive reception or manual configuration, and the public network IP address is The CE is obtained based on the private IP address and the first correspondence. The first correspondence stores the correspondence between the private IP address of the CE and the public IP address. The first correspondence The relationship is sent by the CGN device to the CE in advance. 3、根据权利要求 1或 2所述的方法,其特征在于,所述 CE向所述 CGN 设备发送所述第二 IP报文包括: 3. The method according to claim 1 or 2, wherein the CE sending the second IP message to the CGN device includes: 所述 CE在所述第二 IP报文的报文头之前封装新的报文头, 所述新的 4艮文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的 私网 IP地址,所述 CE向所述 CGN设备发送封装了新的 ^艮文头的所述第二 IP报文。 The CE encapsulates a new message header before the message header of the second IP message, the destination IP address of the new IP message header is the IP address of the CGN device, and the source IP address is the The CE's private network IP address sends the second IP message encapsulated with a new IP header to the CGN device. 4、 根据权利要求 2或 3所述的方法, 其特征在于, 所述方法还包括: 所述 CE接收所述 CGN设备发送的第三 IP报文, 所述第三 IP报文为 所述 CGN设备对从所述网络侧的网络设备接收的第四 IP报文处理得到的, 所述第四 IP报文为所述网络侧的网络设备针对所述第二 IP报文的响应报 文, 所述第四 IP报文的目的 IP地址为所述公网 IP地址, 目的端口为所述 公网端口, 所述 CGN设备对所述第四 IP报文处理包括: 4. The method according to claim 2 or 3, characterized in that, the method further includes: the CE receiving a third IP message sent by the CGN device, the third IP message being the CGN device. The device processes the fourth IP message received from the network device on the network side, and the fourth IP message is the response message of the network device on the network side to the second IP message, so The destination IP address of the fourth IP message is the public network IP address, and the destination port is the Public network port, the CGN device's processing of the fourth IP message includes: 当判断所述第四 IP报文的目的 IP地址为所述公网 IP地址时, 根据所述第一对应关系将所述第四 IP报文的目的 IP地址替换为所 述 CE的私网 IP地址。 When it is determined that the destination IP address of the fourth IP message is the public network IP address, replace the destination IP address of the fourth IP message with the private network IP of the CE according to the first correspondence relationship. address. 5、 根据权利要求 4所述的方法, 其特征在于, 所述 CE保存有所述公 网端口和所述用户设备的所述源私网 IP地址、 所述源私网端口的第二对应 关系, 所述方法还包括: 5. The method according to claim 4, wherein the CE stores a second corresponding relationship between the public network port, the source private network IP address of the user equipment, and the source private network port. , the method also includes: 所述 CE对所述第三 IP报文进行处理得到第五 IP报文, 所述 CE对所 述第三 IP报文进行处理包括: The CE processes the third IP message to obtain a fifth IP message. The CE processes the third IP message including: 当判断所述第三 IP 4艮文的目的 IP地址为所述 CE的私网 IP地址, 目 的端口为所述公网端口时, 根据所述第二对应关系将所述第三 IP报文的目 的 IP地址替换为所述源私网 IP地址, 将所述第三 IP报文的目的端口替换 为所述源私网端口; When it is determined that the destination IP address of the third IP message is the private network IP address of the CE and the destination port is the public network port, the destination IP address of the third IP message is changed according to the second correspondence relationship. Replace the destination IP address with the source private network IP address, and replace the destination port of the third IP message with the source private network port; 所述 CE根据所述第五 IP报文的目的 IP地址将所述第五 IP报文向所 述用户设备发送。 The CE sends the fifth IP message to the user equipment according to the destination IP address of the fifth IP message. 6、 一种报文转发的方法, 其特征在于, 包括: 6. A message forwarding method, characterized by including: 运营商级网络地址翻译 CGN设备接收 CE发送的第二 IP报文,所述第 二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报文为 所述 CE从用户设备接收的, 所述第一 IP报文包含源私网端口和源私网 IP 地址, 所述处理包括: 将所述第一 IP · ^艮文的源私网端口替换为公网端口, 将所述源私网 IP地址替换为公网 IP地址; The carrier-grade network address translation CGN device receives the second IP message sent by the CE. The second IP message is obtained by the CE processing the first IP message. The first IP message is the The first IP packet received by the CE from the user equipment includes a source private network port and a source private network IP address. The processing includes: replacing the source private network port of the first IP packet with a public network. Port, replace the source private network IP address with the public network IP address; 所述 CGN设备根据所述第二 IP报文的目的 IP地址将所述第二 IP报文
Figure imgf000028_0001
 The CGN device converts the second IP message according to the destination IP address of the second IP message.
Figure imgf000028_0001
 7、 根据权利要求 6 所述的方法, 其特征在于, 所述公网端口为所述 CE通过主动获取、 被动接收或手动配置的方式从所述 CGN设备获得的, 所述公网 IP地址为所述 CE根据所述私网 IP地址和第一对应关系得到的, 所述第一对应关系保存有所述 CE的私网 IP地址和所述公网 IP地址的对应 关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的。 7. The method according to claim 6, wherein the public network port is obtained by the CE from the CGN device through active acquisition, passive reception or manual configuration, and the public network IP address is The CE is obtained based on the private network IP address and the first corresponding relationship, The first correspondence relationship stores the correspondence relationship between the private network IP address of the CE and the public network IP address, and the first correspondence relationship is sent to the CE in advance by the CGN device. 8、 根据权利要求 6或 7所述的方法, 其特征在于, 所述 CGN设备根 据所述第二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络 设备包括: 8. The method according to claim 6 or 7, characterized in that, the CGN device forwarding the second IP message to the network device on the network side according to the destination IP address of the second IP message includes: 所述 CGN设备判断所述第二 IP报文包含两层报文头, 将所述第二 IP 报文的外层报文头剥萬 ,根据所述第二 IP报文的内层报文头的目的 IP地址 进行转发, 包含两层报文头的所述第二 IP报文为所述 CE在所述第二 IP报 文的原报文头之前封装新的报文头得到的, 所述新的报文头的目的 IP地址 为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的私网 IP地址。 The CGN device determines that the second IP message contains two layers of headers, peels off the outer header of the second IP message, and based on the inner header of the second IP message The destination IP address is forwarded, and the second IP message containing the two-layer message header is obtained by the CE encapsulating a new message header before the original message header of the second IP message, the The destination IP address of the new message header is the IP address of the CGN device, and the source IP address is the private IP address of the CE. 9、 根据权利要求 7或 8所述的方法, 其特征在于, 所述方法还包括: 所述 CGN设备接收第四 IP报文, 所述第四 IP报文为所述网络侧的网 络设备针对所述第二 IP报文的响应报文, 所述第四 IP报文的目的 IP地址 为所述公网 IP地址, 目的端口为所述公网端口; 9. The method according to claim 7 or 8, characterized in that, the method further includes: the CGN device receives a fourth IP message, the fourth IP message is for the network device on the network side. In the response message of the second IP message, the destination IP address of the fourth IP message is the public network IP address, and the destination port is the public network port; 所述 CGN设备对所述第四 IP报文进行处理得到第三 IP报文,所述 CGN 设备对所述第四 IP报文进行处理包括: The CGN device processes the fourth IP message to obtain a third IP message. The CGN device processes the fourth IP message including: 当判断所述第四 IP报文的目的 IP地址为所述公网 IP地址时, 根据所 述第一对应关系将所述第四 IP报文的目的 IP地址替换为所述 CE的私网 IP 地址; When it is determined that the destination IP address of the fourth IP message is the public network IP address, replace the destination IP address of the fourth IP message with the private network IP of the CE according to the first correspondence relationship. address; 根据所述第三 IP报文的目的 IP地址将所述第三 IP报文转发到所述 CE。 Forward the third IP message to the CE according to the destination IP address of the third IP message. 10、 一种用户边缘设备 CE, 其特征在于, 包括: 10. A user edge device CE, which is characterized by including: 第一接收单元, 用于接收用户设备发送的第一 IP报文, 所述第一 IP报 文包含源私网端口和源私网 IP地址; The first receiving unit is configured to receive the first IP message sent by the user equipment, where the first IP message includes the source private network port and the source private network IP address; 第一处理单元, 用于对所述第一 IP报文进行处理, 得到第二 IP报文, 所述处理包括: 将所述第一 IP报文的源私网端口替换为公网端口, 将所述 源私网 IP地址替换为公网 IP地址; 第一发送单元,用于向运营商级网络地址翻译 CGN设备发送所述第二 IP报文, 以便于所述 CGN设备在接收到所述第二 IP报文后, 根据所述第 二 IP报文的目的 IP地址将所述第二 IP报文转发到网络侧的网络设备。 A first processing unit, configured to process the first IP message to obtain a second IP message. The processing includes: replacing the source private network port of the first IP message with a public network port, The source private network IP address is replaced with a public network IP address; The first sending unit is configured to send the second IP message to the carrier-level network address translation CGN device, so that after receiving the second IP message, the CGN device can send the second IP message according to the second IP message. The second IP message is forwarded to the network device on the network side according to the destination IP address of the message. 11、 根据权利要求 10所述的 CE, 其特征在于, 所述第一处理单元包 括: 11. The CE according to claim 10, wherein the first processing unit includes: 获取子单元, 用于通过主动获取、 被动接收或手动配置的方式从所述 CGN设备获取所述公网端口; An acquisition subunit, configured to acquire the public network port from the CGN device through active acquisition, passive reception or manual configuration; 存储子单元, 用于存储第一对应关系, 所述第一对应关系包括所述 CE 的私网 IP地址和所述公网 IP地址的对应关系, 所述第一对应关系为所述 CGN设备预先发送给所述 CE的; A storage subunit, configured to store a first correspondence relationship. The first correspondence relationship includes the correspondence relationship between the private network IP address of the CE and the public network IP address. The first correspondence relationship is the predetermined relationship between the CGN device and the private network IP address of the CE. Sent to the CE; 确定子单元, 用于根据所述 CE的私网 IP地址和所述存储子单元存储 的所述第一对应关系确定所述公网 IP地址。 The determining subunit is configured to determine the public network IP address according to the private network IP address of the CE and the first correspondence stored by the storage subunit. 12、 根据权利要求 10或 11所述的 CE, 其特征在于, 所述第一发送单 元包括: 12. The CE according to claim 10 or 11, characterized in that the first sending unit includes: 封装子单元, 用于在所述第二 IP报文的报文头之前封装新的报文头, 所述新的^艮文头的目的 IP地址为所述 CGN设备的 IP地址,源 IP地址为所 述 CE的私网 IP地址; An encapsulation subunit, configured to encapsulate a new message header before the message header of the second IP message, where the destination IP address of the new IP message header is the IP address of the CGN device, and the source IP address is the private IP address of the CE; 发送子单元,用于向所述 CGN设备发送由所述封装子单元封装了新的 报文头的所述第二 IP报文。 A sending subunit, configured to send the second IP message in which a new message header is encapsulated by the encapsulation subunit to the CGN device. 13、根据权利要求 11或 12所述的 CE, 其特征在于, 所述 CE还包括: 第二接收单元, 用于接收所述 CGN设备发送的第三 IP报文, 所述第 三 IP报文为所述 CGN设备对从所述网络侧的网络设备接收的第四 IP报文 处理得到的, 所述第四 IP报文的目的 IP地址为所述公网 IP地址, 目的端 口为所述公网端口, 所述 CGN设备对所述第四 IP报文处理包括: 13. The CE according to claim 11 or 12, characterized in that, the CE further includes: a second receiving unit, configured to receive the third IP message sent by the CGN device, the third IP message It is obtained by the CGN device processing the fourth IP message received from the network device on the network side. The destination IP address of the fourth IP message is the public network IP address, and the destination port is the public network IP address. network port, the processing of the fourth IP message by the CGN device includes: 当判断所述第四 IP 4艮文的目的 IP地址为所述公网 IP地址时, 根据所述第一对应关系将所述第四 IP报文的目的 IP地址替换为所 述 CE的私网 IP地址。 When it is determined that the destination IP address of the fourth IP message is the public network IP address, the destination IP address of the fourth IP message is replaced with the destination IP address according to the first correspondence relationship. Specifies the private IP address of the CE. 14、 根据权利要求 13所述的 CE, 其特征在于, 所述 CE还包括: 存储单元, 用于保存所述公网端口和所述用户设备的所述源私网 IP地 址、 所述源私网端口的第二对应关系; 14. The CE according to claim 13, wherein the CE further includes: a storage unit configured to store the public network port and the source private network IP address of the user equipment, and the source private network IP address. The second corresponding relationship of network ports; 第二处理单元, 用于对所述第三 IP报文进行处理得到第五 IP报文; 第二发送单元,用于根据所述第五 IP报文的目的 IP地址将所述第五 IP 报文向所述用户设备发送; The second processing unit is used to process the third IP message to obtain a fifth IP message; the second sending unit is used to send the fifth IP message according to the destination IP address of the fifth IP message. Send the text to the user device; 其中, 所述第二处理单元包括: Wherein, the second processing unit includes: 判断子单元, 用于对所述第三 IP报文的目的 IP地址和目的端 口进行判断, 当所述第三 IP 4艮文的目的 IP地址为所述 CE的私网 IP地址, 目的端口为所述公网端口时触发下述 ^艮文处理子单元; 报文处理子单元, 用于根据所述第二对应关系将所述第三 IP 报文的目的 IP地址替换为所述源私网 IP地址,将所述第三 IP报文 的目的端口替换为所述源私网端口。 The judgment subunit is used to judge the destination IP address and destination port of the third IP message. When the destination IP address of the third IP message is the private network IP address of the CE, the destination port is When the public network port is used, the following message processing subunit is triggered; A message processing subunit is used to replace the destination IP address of the third IP message with the source private network according to the second correspondence relationship. IP address, and replace the destination port of the third IP message with the source private network port. 15、 一种运营商级网络地址翻译 CGN设备, 其特征在于, 包括: 第一接收单元, 用于接收用户边缘设备 CE发送的第二 IP报文, 所述 第二 IP报文为所述 CE对第一 IP报文进行处理得到的, 所述第一 IP报文 为所述 CE从用户设备接收的, 所述第一 IP报文包含源私网端口和源私网 IP地址,所述处理包括:将所述第一 IP报文的源私网端口替换为公网端口, 将所述源私网 IP地址替换为公网 IP地址; 15. A carrier-grade network address translation CGN device, characterized in that it includes: a first receiving unit, configured to receive a second IP message sent by a user edge device CE, where the second IP message is the CE message The first IP message is obtained by processing the first IP message. The first IP message is received by the CE from the user equipment. The first IP message includes the source private network port and the source private network IP address. The processing The method includes: replacing the source private network port of the first IP message with a public network port, and replacing the source private network IP address with a public network IP address; 第一发送单元,用于根据所述第二 IP报文的目的 IP地址将所述第二 IP 报文转发到网络侧的网络设备。 The first sending unit is configured to forward the second IP message to the network device on the network side according to the destination IP address of the second IP message. 16、 根据权利要求 15所述的设备, 其特征在于, 所述设备还包括: 第一预处理单元, 用于将第一对应关系预先发送给所述 CE, 所述第一 对应关系包括所述 CE的私网 IP地址和所述公网 IP地址的对应关系, 所述 CE根据所述私网 IP地址和所述第一对应关系得到所述公网 IP地址。 16. The device according to claim 15, characterized in that the device further includes: a first pre-processing unit, configured to send a first correspondence to the CE in advance, the first correspondence including the There is a corresponding relationship between the private network IP address of the CE and the public network IP address, and the CE obtains the public network IP address based on the private network IP address and the first corresponding relationship. 17、 根据权利要求 16所述的设备, 其特征在于, 所述设备还包括: 第二预处理单元, 用于预先为所述 CE设置所述公网端口。 17. The device according to claim 16, characterized in that the device further includes: a second pre-processing unit, configured to pre-set the public network port for the CE. 18、 根据权利要求 15至 17中任一权利要求所述的设备, 其特征在于, 所述第一发送单元包括: 18. The device according to any one of claims 15 to 17, characterized in that the first sending unit includes: 第一判断子单元,用于对所述第二 IP报文进行判断, 当所述第二 IP报 文包含两层报文头时触发下述第一报文处理子单元, 包含两层报文头的所 述第二 IP报文为所述 CE在所述第二 IP报文的原报文头之前封装新的报文 头得到的, 所述新的报文头的目的 IP地址为所述 CGN设备的 IP地址, 源 IP地址为所述 CE的私网 IP地址; The first judgment sub-unit is used to judge the second IP message. When the second IP message contains a two-layer message header, the following first message processing sub-unit is triggered, including a two-layer message. The second IP packet in the header is obtained by the CE encapsulating a new packet header before the original packet header of the second IP packet, and the destination IP address of the new packet header is the The IP address of the CGN device, and the source IP address is the private IP address of the CE; 第一报文处理子单元, 用于在所述第二 IP报文包含两层报文头时, 将 所述第二 IP报文的外层报文头剥萬 ,根据所述第二 IP报文的内层报文头的 目的 IP地址进行转发。 The first message processing subunit is configured to peel off the outer message header of the second IP message when the second IP message contains two layers of message headers. According to the second IP message The destination IP address of the inner header of the message is forwarded. 19、 根据权利要求 17或 18所述的设备, 其特征在于, 所述设备还包 括: 19. The device according to claim 17 or 18, characterized in that the device further includes: 第二接收单元, 用于接收第四 IP报文, 所述第四 IP报文为所述网络侧 的网络设备针对所述第二 IP报文的响应报文, 所述第四 IP报文的目的 IP 地址为所述公网 IP地址, 目的端口为所述公网端口; The second receiving unit is configured to receive a fourth IP message. The fourth IP message is a response message of the network device on the network side to the second IP message. The fourth IP message The destination IP address is the public network IP address, and the destination port is the public network port; 处理单元, 用于对所述第四 IP报文进行处理得到第三 IP报文; 第二发送单元,用于根据所述第三 IP报文的目的 IP地址将所述第三 IP 报文转发到所述 CE; A processing unit, used to process the fourth IP message to obtain a third IP message; A second sending unit, used to forward the third IP message according to the destination IP address of the third IP message. to the CE; 其中, 所述处理单元包括: Wherein, the processing unit includes: 第二判断子单元, 用于对所述第四 IP报文进行判断, 当所述 第四 IP报文的目的 IP地址为所述公网 IP地址时触发下述第二报 文处理子单元; The second judgment subunit is used to judge the fourth IP message, and trigger the following second message processing subunit when the destination IP address of the fourth IP message is the public network IP address; 第二报文处理子单元, 用于根据所述第一对应关系将所述第 四 IP报文的目的 IP地址替换为所述 CE的私网 IP地址。 The second message processing subunit is configured to replace the destination IP address of the fourth IP message with the private IP address of the CE according to the first corresponding relationship.
PCT/CN2013/085641 2012-10-25 2013-10-22 Packet forwarding method and corresponding device Ceased WO2014063606A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210411849.9A CN103780492B (en) 2012-10-25 2012-10-25 The method and relevant device of message forwarding
CN201210411849.9 2012-10-25

Publications (1)

Publication Number Publication Date
WO2014063606A1 true WO2014063606A1 (en) 2014-05-01

Family

ID=50544014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/085641 Ceased WO2014063606A1 (en) 2012-10-25 2013-10-22 Packet forwarding method and corresponding device

Country Status (2)

Country Link
CN (1) CN103780492B (en)
WO (1) WO2014063606A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302841A (en) * 2015-05-18 2017-01-04 中兴通讯股份有限公司 A kind of method and device of carrier class networks address conversion
CN107306198B (en) * 2016-04-20 2019-12-06 华为技术有限公司 Message forwarding method, device and system
CN106878259B (en) * 2016-12-14 2020-12-11 新华三技术有限公司 Message forwarding method and device
CN106992963B (en) * 2017-02-20 2021-05-18 联想(北京)有限公司 Information processing method and gateway
CN108259645A (en) * 2018-02-05 2018-07-06 深圳市三旺通信技术有限公司 The method for network address translation of vehicle-mounted utilization is handed over based on rail

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143241A (en) * 2010-07-30 2011-08-03 华为技术有限公司 Access method, device and system between hosts
CN102209121A (en) * 2010-03-29 2011-10-05 杭州华三通信技术有限公司 Method and device for intercommunication between Internet protocol version 6 (IPv6) network and Internet protocol version 4 (IPv4) network
CN102480530A (en) * 2010-11-25 2012-05-30 华为技术有限公司 Message sending method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150566B (en) * 2006-09-19 2011-09-21 中兴通讯股份有限公司 Device and method for realizing network address translation protocol under isomerous network system
CN101447935B (en) * 2008-11-20 2011-12-21 华为技术有限公司 Data packet transmitting method, system and equipment thereof
CN101854285A (en) * 2009-04-03 2010-10-06 华为技术有限公司 Carrier-level network address translation device discovery method, device and system
JP5164953B2 (en) * 2009-06-17 2013-03-21 アラクサラネットワークス株式会社 Internetwork equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102209121A (en) * 2010-03-29 2011-10-05 杭州华三通信技术有限公司 Method and device for intercommunication between Internet protocol version 6 (IPv6) network and Internet protocol version 4 (IPv4) network
CN102143241A (en) * 2010-07-30 2011-08-03 华为技术有限公司 Access method, device and system between hosts
CN102480530A (en) * 2010-11-25 2012-05-30 华为技术有限公司 Message sending method and device

Also Published As

Publication number Publication date
CN103780492A (en) 2014-05-07
CN103780492B (en) 2017-09-26

Similar Documents

Publication Publication Date Title
WO2011147353A1 (en) Method and apparatus for message transmission
WO2012013133A1 (en) Method and device for network communications
WO2015024168A1 (en) Method for realizing residential gateway service function and server
WO2010057386A1 (en) Data package forwarding method, system and device
WO2012106935A1 (en) Data communication network configuration method, gateway element and data communication system
WO2010139194A1 (en) Method and device of host with ipv4 application for performing communication
WO2011120424A1 (en) Method and apparatus for processing packets in ipv6 network
WO2010108431A1 (en) Method for realizing ipv6 host visting ipv4 host, method for obtaining ipv6 address prefix and translation device
CN103248720A (en) Method and device for inquiring physical address
WO2014114058A1 (en) Data message forwarding method, customer premises equipment and system
CN104468625A (en) Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel
CN102546362A (en) Message processing method, message processing system and customer premises equipment
WO2014183701A1 (en) Method and device for acquiring port range resources and allocating port range resources
CN104348929B (en) A kind of edge router and cut-in method that IPv4 Internet are accessed for 6LoWPAN
WO2014063606A1 (en) Packet forwarding method and corresponding device
KR101901341B1 (en) Method and apparatus for supporting mobility of user equipment
WO2012013126A1 (en) Inter-host access method, device and system
CN102055642A (en) Data message conversion method
JP6386166B2 (en) Translation method and apparatus between IPv4 and IPv6
CN101257517B (en) Method and device for processing address analysis protocol request message
CN101741824A (en) IPv6 address resolution method, device and neighbor discovery message processing method
CN114385314A (en) Internet of things equipment data migration system, method and device and storage medium
WO2014180213A1 (en) Method and device for establishing a tcp session and host node and satellite node
CN116488958A (en) Gateway processing method, virtual access gateway, virtual service gateway and related equipment
CN102447747A (en) Method, device and system for interacting with private network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13849919

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13849919

Country of ref document: EP

Kind code of ref document: A1