[go: up one dir, main page]

CN109962989B - Method, device and system for traversing network address gateway - Google Patents

Method, device and system for traversing network address gateway Download PDF

Info

Publication number
CN109962989B
CN109962989B CN201711418372.6A CN201711418372A CN109962989B CN 109962989 B CN109962989 B CN 109962989B CN 201711418372 A CN201711418372 A CN 201711418372A CN 109962989 B CN109962989 B CN 109962989B
Authority
CN
China
Prior art keywords
vxlan
port
gateway
relay server
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711418372.6A
Other languages
Chinese (zh)
Other versions
CN109962989A (en
Inventor
董仲平
付博睿
张晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201711418372.6A priority Critical patent/CN109962989B/en
Publication of CN109962989A publication Critical patent/CN109962989A/en
Application granted granted Critical
Publication of CN109962989B publication Critical patent/CN109962989B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2589NAT traversal over a relay server, e.g. traversal using relay for network address translation [TURN]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a method, a device and a system for traversing a network address gateway. The method comprises the following steps: when the client terminal access equipment encapsulates VXLAN data, a source port is modified into a VXLAN default receiving port, so that a network address gateway maps a destination port into the VXLAN default receiving port under the condition of receiving the data; when the client terminal access device is in communication, VXLAN data is transmitted to the relay server through a VXLAN tunnel. The invention modifies the VTEP equipment packaging method of VXLAN and builds a Relay server, thereby ensuring that the equipment after 2 NAT can realize the intercommunication of VXLAN tunnel.

Description

Method, device and system for traversing network address gateway
Technical Field
The present invention relates to the field of network function virtualization, and in particular, to a method, an apparatus, and a system for traversing a network address gateway.
Background
In an on-demand Network scenario, it is necessary to establish an end-to-end Virtual Private Network (VXLAN tunnel) based overlay VPN between two Private networks, so as to implement NAT traversal. CPE (Customer Premise Equipment) of both endpoints are located behind NAT, and because of overlay networks (virtualized networks overlaid on the traditional network), no modification is made to the traditional network nodes (intermediate routers, gateways). And because the VXLAN tunnel is used to realize the intercommunication of the two layers and the three layers, the NAT traversal under the VXLAN scene needs to be realized.
The traditional NAT traversal method comprises the following steps:
STUN (Simple Traversal of UDP over NATs, UDP Simple Traversal of NAT) method, which can not solve the problem of Symmetric (Symmetric) of Symmetric NAT gateway
TURN (relay Using relay around NAT) method: and forwarding the information of one segment to the other end by using a Relay mode. This approach can address symmetric NAT gateways, but in VXLAN scenarios, TURN servers need to implement VTEP (VXLAN Tunnel End Point, End Point of VXLAN Tunnel) functionality. Even if the VTEP module is installed, the default sending port is VXLAN port (default 4789), and the sending port cannot be matched with the NAT gateway port of the opposite end, so that the traversal cannot be realized.
Disclosure of Invention
In view of the above technical problems, the present invention provides a method, an apparatus and a system for traversing network address gateway, and 2 pieces of equipment after NAT can implement interworking of VXLAN tunnels.
According to an aspect of the present invention, there is provided a method for traversing a network address gateway, including:
when the client terminal access equipment encapsulates VXLAN data, a source port is modified into a VXLAN default receiving port, so that a network address gateway maps a destination port into the VXLAN default receiving port under the condition of receiving the data;
when the client terminal access device is in communication, VXLAN data is transmitted to the relay server through a VXLAN tunnel.
According to another aspect of the present invention, there is provided a method for traversing a network address gateway, including:
the method comprises the steps that a relay server receives data sent by a client terminal access device through a virtual extensible local area network VXLAN tunnel;
the relay server changes a destination port of the VXLAN message into a mapping port of an opposite-end network address equipment gateway;
the relay server encapsulates the message into a VXLAN message and forwards the VXLAN message to a destination gateway;
and when the relay server forwards the VXLAN message, changing the source port of the sent VXLAN message into a VXLAN default receiving port.
In an embodiment of the present invention, the mapping port of the peer network address device gateway is a VXLAN default receiving port.
In an embodiment of the present invention, the method for traversing a network address gateway further includes:
the relay server has a public network IP and maintains the corresponding relation between the host IP and the gateway port.
In an embodiment of the present invention, the method for traversing a network address gateway further includes:
the relay server decapsulates VXLAN data sent by the sending end;
the relay server analyzes the load part of VXLAN data and adds a relay network address gateway table entry;
and inquiring the relay network address gateway table entry, and determining a destination IP and a destination port.
According to another aspect of the present invention, there is provided a client terminal access device comprising:
the port modification module is used for modifying the source port into a VXLAN default receiving port when VXLAN data is packaged, so that the network address gateway maps the destination port into the VXLAN default receiving port under the condition of receiving the data;
and the data sending module is used for sending the VXLAN data to the relay server through the VXLAN tunnel of the virtual expanded local area network under the condition of communicating with the opposite client terminal access equipment.
According to another aspect of the present invention, there is provided a client terminal access device, comprising a memory and a processor, wherein:
a memory to store instructions;
a processor configured to execute the instructions to cause the apparatus to perform operations to implement the method for traversing a network address gateway according to any of the embodiments described above.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions, which when executed by a processor, implement a method for traversing a network address gateway according to any of the above embodiments.
According to another aspect of the present invention, there is provided a relay server including:
the data receiving module is used for receiving data sent by the client terminal access equipment through a virtual extensible local area network VXLAN tunnel;
the port setting module is used for changing a destination port of the VXLAN message into a mapping port of an opposite-end network address equipment gateway; when the VXLAN message is forwarded, changing a source port of the sent VXLAN message into a VXLAN default receiving port;
and the message forwarding module is used for encapsulating the message into a VXLAN message and forwarding the VXLAN message to the destination gateway.
In an embodiment of the present invention, the mapping port of the peer network address device gateway is a VXLAN default receiving port.
In one embodiment of the present invention, the relay server further includes:
and the corresponding relation maintenance module is used for maintaining the corresponding relation between the host IP and the gateway port.
In one embodiment of the present invention, the relay server further includes:
the data decapsulation module is used for decapsulating VXLAN data sent by the sending end;
the load analysis module is used for analyzing the load part of VXLAN data and adding a relay network address gateway table entry;
and the destination port determining module is used for inquiring the relay network address gateway table entry and determining the destination IP and the destination port.
According to another aspect of the present invention, there is provided a relay server comprising a memory and a processor, wherein:
a memory to store instructions;
a processor configured to execute the instructions to cause the apparatus to perform operations to implement the method for traversing a network address gateway according to any of the embodiments described above.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement a method for traversing a network address gateway according to any one of the above embodiments.
According to another aspect of the present invention, there is provided a system for traversing a network address gateway, comprising a client terminal access device as described in any of the above embodiments, and a relay server as described in any of the above embodiments.
The invention modifies the VTEP equipment packaging method of VXLAN and builds a Relay server, thereby ensuring that the equipment after 2 NAT can realize the intercommunication of VXLAN tunnel.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of an embodiment of a system for traversing a network address gateway according to the present invention.
Fig. 2 is a schematic diagram of an embodiment of a method for traversing a network address gateway according to the present invention.
Fig. 3 is a schematic diagram of an embodiment of a client terminal access device of the present invention.
Fig. 4 is a schematic diagram of another embodiment of a client terminal access device according to the present invention.
Fig. 5 is a schematic diagram of another embodiment of a method for traversing a network address gateway according to the present invention.
Fig. 6 is a schematic diagram of an embodiment of a relay server of the present invention.
Fig. 7 is a schematic diagram of another embodiment of the relay server of the present invention.
Fig. 8 is a schematic diagram of another embodiment of a method for traversing a network address gateway according to the present invention.
Fig. 9 is a schematic diagram of another embodiment of a system for traversing a network address gateway according to the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 is a schematic diagram of an embodiment of a system for traversing a network address gateway according to the present invention. As shown in fig. 1, the system for traversing a network address gateway may include a client terminal access device and a Relay (Relay) server 1, wherein:
a relay server 1 having a public network IP is installed.
The client terminal access device comprises a first client terminal access device 21 and a second client terminal access device 22 arranged at both ends of the communication for accessing a first user terminal 31 and a second user terminal 32, respectively.
When the client terminal access devices 21 and 22 at both ends communicate, data is transmitted to the relay server 1 through the VXLAN tunnel and relayed by the relay server 1.
When the first client terminal access device 21 or the second client terminal access device 22 sends, the source port needs to be changed to the default receiving port of VXLAN (4789), so that when the first client terminal access device 21 or the second client terminal access device 22 receives data, the gateway will be mapped to 4789, thereby realizing decapsulation of VXLAN messages.
And the relay server 1 is used for maintaining the corresponding relation between the host IP and the gateway port.
The relay server 1 may also be configured to encapsulate the packet into a VXLAN packet and forward the VXLAN packet to the destination gateway. By modifying VTEP, the destination port of VXLAN message is changed into NAT gateway mapping port (VTEP defaults to VXLAN port), so as to reach the purpose of crossing NAT gateway.
The relay server 1 may also be configured to change a source port of the sent VXLAN message to a VXLAN default receiving end when forwarding the VXLAN message (4789).
In one embodiment of the invention, the relay server 1 may be implemented as a TURN server.
Based on the system for traversing the network address gateway through the VXLAN tunnel provided by the embodiment of the invention, the intercommunication of the VXLAN tunnel can be ensured by the two pieces of equipment after NAT by modifying the VTEP equipment encapsulation method of the VXLAN and erecting the Relay server.
The embodiment of the invention provides that the relay server can realize the erection of overlay VPN without changing the gateway.
The above embodiments of the present invention may implement symmetric gateway traversal by setting up TURN servers.
The embodiment of the invention can realize NAT traversal of VXLAN tunnel scene by changing the source port of the client VXLAN and the output port of the VTEP on the TURN when the VXLAN message is encapsulated.
Fig. 2 is a schematic diagram of an embodiment of a method for traversing a network address gateway according to the present invention. Preferably, this embodiment may be performed by the system for traversing a network address gateway or a client terminal access device of the present invention. The method comprises the following steps:
step 21, when the client terminal access device 21 or 22 encapsulates the VXLAN data, the source port is modified to the default VXLAN receiving port, so that the network address gateway maps the destination port to the default VXLAN receiving port (4789) when the client terminal access device 21 or 22 receives the data, thereby achieving the purpose of traversing the NAT gateway.
In step 22, both the client terminal access devices 21 and 22 transmit VXLAN data to the relay server 1 through the virtual extensible local area network VXLAN tunnel in the case of communication.
Based on the method for traversing the network address gateway through the VXLAN tunnel provided by the embodiment of the invention, the intercommunication of the VXLAN tunnel can be ensured by the equipment after 2 NATs through modifying the VTEP equipment encapsulation method of the VXLAN and erecting the Relay server.
The embodiment of the invention provides that the relay server can realize the erection of overlay VPN without changing the gateway; the embodiment of the invention can realize the crossing of the symmetrical gateway by erecting the TURN server; the embodiment of the invention can realize NAT traversal of VXLAN tunnel scene by changing the VXLAN source port of the client.
Fig. 3 is a schematic diagram of an embodiment of a client terminal access device of the present invention. As shown in fig. 3, the client terminal access device in the embodiment of fig. 1 may include a data sending module 201 and a port modification module 202, where:
the port modification module 202 is configured to modify the source port to a default VXLAN receiving port when VXLAN data is encapsulated, so that the network address gateway maps the destination port to the default VXLAN receiving port (4789) when receiving the data, thereby achieving the purpose of traversing the NAT gateway.
In one embodiment of the invention, the port modification module 202 may be implemented as a VETP module.
And a data sending module 201, configured to send VXLAN data to the relay server 1 through a VXLAN tunnel in the virtual extensible local area network when communicating with the peer client terminal access device.
Based on the client terminal access device provided by the above embodiment of the present invention, the VTEP device encapsulation method of VXLAN is modified and a Relay server is built through the VETP module, thereby ensuring that the devices after 2 NATs can realize the intercommunication of VXLAN tunnels.
Fig. 4 is a schematic diagram of another embodiment of a client terminal access device according to the present invention. As shown in fig. 4, the client terminal access device in the fig. 1 embodiment may include a memory 208 and a processor 109, wherein:
a memory 208 for storing instructions.
A processor 209 configured to execute the instructions to cause the apparatus to perform operations to implement the method for traversing a network address gateway according to any of the embodiments described above (e.g., the embodiment of fig. 2).
According to another aspect of the present invention, a computer-readable storage medium is provided, which stores computer instructions, and when the instructions are executed by a processor, the method for traversing a network address gateway is implemented as described in any one of the above embodiments (for example, the embodiment of fig. 2).
Fig. 5 is a schematic diagram of another embodiment of a method for traversing a network address gateway according to the present invention. Preferably, this embodiment can be performed by the system for traversing a network address gateway or the relay server of the present invention. The method comprises the following steps:
step 51, the relay server 1 receives the data sent by the client terminal access device through the VXLAN tunnel.
Step 52, the relay server 1 changes the destination port of the VXLAN message into the mapping port of the opposite-end network address equipment gateway.
In an embodiment of the present invention, the mapping port of the peer network address device gateway is a VXLAN default receiving port.
Step 53, the relay server 1 encapsulates the message into a VXLAN message, and forwards the VXLAN message to the destination gateway.
In step 54, when forwarding the VXLAN message, the relay server 1 changes the source port of the sent VXLAN message to the default VXLAN receiving port (4789).
Based on the method for traversing the network address gateway through the VXLAN tunnel provided by the embodiment of the invention, the intercommunication of the VXLAN tunnel can be ensured by the two pieces of equipment after NAT by modifying the VTEP equipment encapsulation method of the VXLAN and erecting the Relay server.
The embodiment of the invention provides that the relay server can realize the erection of overlay VPN without changing the gateway.
The above embodiments of the present invention may implement symmetric gateway traversal by setting up TURN servers.
The above embodiment of the present invention can realize NAT traversal in the VXLAN tunnel scene by changing the egress port of the VTEP on TURN when encapsulating the VXLAN message.
Fig. 6 is a schematic diagram of an embodiment of a relay server of the present invention. As shown in fig. 6, the relay server 1 in the embodiment of fig. 1 may include a data receiving module 101, a port setting module 102, and a packet forwarding module 103, where:
and the data receiving module 101 is configured to receive data sent by the client terminal access device through the VXLAN tunnel.
A port setting module 102, configured to change a destination port of the VXLAN packet to a mapping port of an opposite-end network address device gateway; and changing the source port of the sent VXLAN message to a VXLAN default receiving port (4789) when the VXLAN message is forwarded.
In one embodiment of the invention, the mapping port of the correspondent network address device gateway is a VXLAN default receiving port (4789).
The message forwarding module 103 is configured to encapsulate the message into a VXLAN message, and forward the VXLAN message to the destination gateway.
Based on the Relay server provided by the above embodiment of the present invention, the Relay server is modified and built by the VTEP device encapsulation method of the VXLAN, thereby ensuring that the two devices after NAT can realize the intercommunication of VXLAN tunnels.
In an embodiment of the present invention, as shown in fig. 5, the relay server 1 may further include a correspondence maintenance module 104, where:
a correspondence maintaining module 104, configured to maintain a correspondence between the host IP and the gateway port.
In an embodiment of the present invention, as shown in fig. 5, the relay server 1 may further include a data decapsulating module 105, a load analyzing module 106, and a destination port determining module 107, where:
and the data decapsulation module 105 is configured to decapsulate the VXLAN data sent by the sending end.
And a load analysis module 106, configured to analyze a load part of the VXLAN data and add a relay network address gateway entry.
And a destination port determining module 107, configured to query the relay network address gateway table entry, and determine a destination IP and a destination port.
The embodiment of the invention provides that the relay server can realize the erection of overlay VPN without changing the gateway. The above embodiments of the present invention may implement symmetric gateway traversal by setting up TURN servers. The above embodiment of the present invention can realize NAT traversal in the VXLAN tunnel scene by changing the egress port of the VTEP on TURN when encapsulating the VXLAN message.
Fig. 7 is a schematic diagram of another embodiment of the relay server of the present invention. As shown in fig. 7, the relay server 1 in the embodiment of fig. 1 may include a memory 108 and a processor 109, wherein:
a memory 108 for storing instructions.
A processor 109 configured to execute the instructions to cause the apparatus to perform operations to implement the method for traversing a network address gateway according to any of the embodiments described above (e.g., the embodiment of fig. 5).
According to another aspect of the present invention, a computer-readable storage medium is provided, which stores computer instructions, which when executed by a processor, implement a method for traversing a network address gateway according to any of the embodiments (for example, the embodiment of fig. 5) described above.
Fig. 8 is a schematic diagram of another embodiment of a method for traversing a network address gateway according to the present invention. Preferably, this embodiment can be performed by the system traversing a network address gateway of the present invention. The above-described embodiment of the present invention is performed by the system for traversing a network address gateway of the embodiment of fig. 1.
Fig. 9 is a schematic diagram of another embodiment of a system for traversing a network address gateway according to the invention. The embodiment of fig. 9 is a specific implementation of the embodiment of fig. 1.
Meanwhile, in the embodiment of fig. 1 or fig. 9, the IP address of the first user terminal 31 is IP-11, and the IP address of the second user terminal 32 is IP-21; the first client terminal access device 21 is a private network and has an IP address of IP-1; the second client terminal access device 22 is a private network with an IP address of IP-2; the first network address gateway 41 is a public network, and the IP address is IP-a; the second network address gateway 42 is a public network, and the IP address is IP-c; the relay server 1 is a public network, the IP address is IP-b, and the corresponding relation between the host IP and the gateway port is maintained.
As shown in fig. 9, the data is IP-b routed from the first network address gateway 41 to the relay server 1 through the internet; the data is IP-b routed from the relay server 1 to the second network address gateway 42 via the internet.
The method of the embodiment of fig. 8 may include the steps of:
step 81, when the client terminal access device 21 encapsulates the VXLAN data, the source port is modified to the default VXLAN receiving port, so that the network address gateway maps the destination port to the default VXLAN receiving port (4789) when the client terminal access device 21 receives the data, thereby achieving the purpose of traversing the NAT gateway.
In step 82, the client terminal access device 21 transmits VXLAN data to the relay server 1 through the virtual extensible local area network VXLAN tunnel in the case of communication.
Step 83, the relay server 1 receives the data sent by the client terminal access device through the VXLAN tunnel; the relay server 1 decapsulates VXLAN data transmitted by the transmitting end.
Step 84, the relay server 1 analyzes the payload portion of the VXLAN data and adds the relay network address gateway entry.
For example: IP-11 | IP-a first client terminal access device corresponding port
Step 85, the relay server 1 queries the relay network address gateway table entry to find out the route of the IP-21.
For example: IP-21 | IP-c corresponding port of second client terminal access equipment
Therefore, the destination IP is determined to be IP-c, and the UDP destination port is the port corresponding to the second client terminal access equipment.
Step 86, the relay server 1 changes the destination port of the VXLAN message into the mapping port of the opposite-end network address equipment gateway.
In one embodiment of the invention, the mapping port of the correspondent network address device gateway is a VXLAN default receiving port (4789).
Step 87, the relay server 1 encapsulates the message into a VXLAN message, and forwards the VXLAN message to the destination gateway.
In step 88, when forwarding the VXLAN message, the relay server 1 changes the source port of the sent VXLAN message to the default VXLAN receiving port (4789).
The embodiment of the invention can modify and erect the Relay server by the VTEP equipment encapsulation method of VXLAN, thereby ensuring that the two pieces of equipment after NAT can realize the intercommunication of VXLAN tunnel.
The embodiment of the invention provides that the relay server can realize the erection of overlay VPN without changing the gateway. The above embodiments of the present invention may implement symmetric gateway traversal by setting up TURN servers.
The embodiment of the invention can realize NAT traversal of VXLAN tunnel scene by changing the source port of the client VXLAN and the output port of the VTEP on the TURN when the VXLAN message is encapsulated.
The client terminal access devices and relay servers described above may be implemented as a general purpose processor, a Programmable Logic Controller (PLC), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any suitable combination thereof, for performing the functions described herein.
Thus far, the present invention has been described in detail. Some details well known in the art have not been described in order to avoid obscuring the concepts of the present invention. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (11)

1. A method for traversing a network address gateway, comprising:
when the client terminal access equipment encapsulates VXLAN data, a source port is modified into a VXLAN default receiving port, so that a network address gateway maps a destination port into the VXLAN default receiving port under the condition of receiving the data;
the method comprises the steps that when a client terminal access device is in communication, VXLAN data are sent to a relay server through a VXLAN tunnel, so that the relay server changes a target port of a VXLAN message into a mapping port of an opposite-end network address device gateway, the relay server encapsulates the message into the VXLAN message and forwards the VXLAN message to the target gateway, when the relay server forwards the VXLAN message, a source port of the sent VXLAN message is changed into a VXLAN default receiving port, the relay server decapsulates the VXLAN data sent by a sending end, the relay server analyzes a load part of the VXLAN data and adds a relay network address gateway table item, the relay server has a public network IP, the corresponding relation between a host IP and the gateway port is maintained, and the relay server inquires the relay network address gateway table item and determines the target IP and the target port.
2. A method for traversing a network address gateway, comprising:
the method comprises the steps that a relay server receives data sent by a client terminal access device through a virtual extensible local area network VXLAN tunnel;
the relay server changes a destination port of the VXLAN message into a mapping port of an opposite-end network address equipment gateway;
the relay server encapsulates the message into a VXLAN message and forwards the VXLAN message to a destination gateway;
when the relay server forwards the VXLAN message, a source port of the sent VXLAN message is changed into a VXLAN default receiving port;
the relay server decapsulates VXLAN data sent by the sending end;
the relay server analyzes the load part of VXLAN data and adds a relay network address gateway table entry;
the relay server is provided with a public network IP and maintains the corresponding relation between the host IP and the gateway port;
the relay server inquires the relay network address gateway table entry and determines a destination IP and a destination port.
3. The method for traversing a network address gateway of claim 2,
and the mapping port of the opposite-end network address equipment gateway is a VXLAN default receiving port.
4. A client terminal access device, comprising:
the port modification module is used for modifying the source port into a VXLAN default receiving port when VXLAN data is packaged, so that the network address gateway maps the destination port into the VXLAN default receiving port under the condition of receiving the data;
the data sending module is used for sending VXLAN data to a relay server through a virtual extensible local area network VXLAN tunnel under the condition of communicating with an opposite-end client terminal access device, so that the relay server changes a target port of the VXLAN message into a mapping port of an opposite-end network address device gateway, the relay server encapsulates the message into the VXLAN message and forwards the VXLAN message to the target gateway, when the relay server forwards the VXLAN message, a source port of the sent VXLAN message is changed into a VXLAN default receiving port, the relay server decapsulates VXLAN data sent by a sending end, the relay server analyzes a load part of the VXLAN data and adds a relay network address gateway table item, the relay server has a public network IP, maintains the corresponding relation between a host IP and the gateway port, inquires the relay network address gateway table item, and determines the target IP and the target port.
5. A client terminal access device comprising a memory and a processor, wherein:
a memory to store instructions;
a processor configured to execute the instructions to cause the relay server to perform operations to implement the method of traversing a network address gateway of claim 1.
6. A computer-readable storage medium storing computer instructions which, when executed by a processor, implement the method for traversing a network address gateway of claim 1.
7. A relay server, comprising:
the data receiving module is used for receiving data sent by the client terminal access equipment through a virtual extensible local area network VXLAN tunnel;
the port setting module is used for changing a destination port of the VXLAN message into a mapping port of an opposite-end network address equipment gateway; when the VXLAN message is forwarded, changing a source port of the sent VXLAN message into a VXLAN default receiving port;
the message forwarding module is used for packaging the message into a VXLAN message and forwarding the VXLAN message to a destination gateway;
the data decapsulation module is used for decapsulating VXLAN data sent by the sending end;
the load analysis module is used for analyzing the load part of VXLAN data and adding a relay network address gateway table entry;
the corresponding relation maintenance module is used for maintaining the corresponding relation between the host IP and the gateway port;
and the destination port determining module is used for inquiring the relay network address gateway table entry and determining the destination IP and the destination port.
8. The relay server of claim 7,
and the mapping port of the opposite-end network address equipment gateway is a VXLAN default receiving port.
9. A relay server, comprising a memory and a processor, wherein:
a memory to store instructions;
a processor configured to execute the instructions to cause the relay server to perform operations to implement the method of traversing a network address gateway of claim 2 or 3.
10. A computer-readable storage medium storing computer instructions which, when executed by a processor, implement the method for traversing a network address gateway of claim 2 or 3.
11. A system for traversing a network address gateway, comprising a client terminal access device according to claim 4 or 5 and a relay server according to any of claims 7-9.
CN201711418372.6A 2017-12-25 2017-12-25 Method, device and system for traversing network address gateway Active CN109962989B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711418372.6A CN109962989B (en) 2017-12-25 2017-12-25 Method, device and system for traversing network address gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711418372.6A CN109962989B (en) 2017-12-25 2017-12-25 Method, device and system for traversing network address gateway

Publications (2)

Publication Number Publication Date
CN109962989A CN109962989A (en) 2019-07-02
CN109962989B true CN109962989B (en) 2022-03-01

Family

ID=67020788

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711418372.6A Active CN109962989B (en) 2017-12-25 2017-12-25 Method, device and system for traversing network address gateway

Country Status (1)

Country Link
CN (1) CN109962989B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547316A (en) * 2018-12-29 2019-03-29 瑞斯康达科技发展股份有限公司 Method, the system, storage medium of VXLAN message cross-over NAT equipment
CN116760795B (en) * 2023-08-15 2023-12-08 中移(苏州)软件技术有限公司 Network address translation NAT gateway equipment, message processing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468306A (en) * 2013-09-25 2015-03-25 杭州华三通信技术有限公司 Message transmission method and device in VXLAN network
CN104486227A (en) * 2014-12-11 2015-04-01 武汉绿色网络信息服务有限责任公司 System and method for achieving IPv6 flexible arrangement through VxLAN technique
CN104601432A (en) * 2014-12-31 2015-05-06 杭州华三通信技术有限公司 Method and device for transmitting message
CN105072213A (en) * 2015-08-28 2015-11-18 迈普通信技术股份有限公司 IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009116945A1 (en) * 2008-03-20 2009-09-24 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for communication of data packets between local networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468306A (en) * 2013-09-25 2015-03-25 杭州华三通信技术有限公司 Message transmission method and device in VXLAN network
CN104486227A (en) * 2014-12-11 2015-04-01 武汉绿色网络信息服务有限责任公司 System and method for achieving IPv6 flexible arrangement through VxLAN technique
CN104601432A (en) * 2014-12-31 2015-05-06 杭州华三通信技术有限公司 Method and device for transmitting message
CN105072213A (en) * 2015-08-28 2015-11-18 迈普通信技术股份有限公司 IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway

Also Published As

Publication number Publication date
CN109962989A (en) 2019-07-02

Similar Documents

Publication Publication Date Title
CN109257265B (en) Flooding suppression method, VXLAN bridge, gateway and system
CN112671628B (en) Business service provision method and system
US9860079B2 (en) Redirecting packets for egress from an autonomous system using tenant specific routing and forwarding tables
CN104871495B (en) Virtual superposition gateway for stacking network
US6829238B2 (en) IP router device having a TCP termination function and a medium thereof
CN104350714B (en) A kind of message forwarding method and VxLAN gateways
CN104579954B (en) The cross-domain retransmission method of message, device and communication equipment
CN103346900B (en) Method for configuring route after live migration of virtual machine and gateway in big double layer network
US12238063B2 (en) Business service providing method and system, and remote acceleration gateway
CN107342941B (en) A kind of optimization method and device of VXLAN control plane
US12028311B2 (en) Methods and systems for efficient virtualization of inline transparent computer networking devices
CN112511431B (en) A Routing Traffic Fusion Method for Virtualized Network Emulation
CN110999265A (en) Managing network connectivity between cloud computing service endpoints and virtual machines
CN112511432B (en) Method and system for configuring and transmitting virtualization SFC (Small form factor) route of Overlay network
CN104426737B (en) A kind of method and apparatus for realizing Dynamic VPN network link layer communications
CN113259497B (en) Method, device, storage medium and system for transmitting message
CN114567616B (en) Method, system and equipment for traversing VxLAN NAT
CN109962989B (en) Method, device and system for traversing network address gateway
US12160491B2 (en) Managing layer two network extension communications using maximum segment size (MSS) modifications
CN112187584B (en) Path fault detection method, system, server and storage medium
Steinert et al. P4-lisp: A p4-based high-performance router for the locator/identifier separation protocol
JP6256110B2 (en) Packet processing system and packet processing method
CN116366591A (en) Universal routing encapsulation message port address conversion transmission method, device and equipment
CN104639418A (en) Method and system for information transmission by constructing local area network
HK40037361A (en) Path fault detection method, system, server, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant