Method and system for dynamically adjusting network address translation strategy

Abstract

The invention discloses a method and a system for dynamically adjusting network address translation strategies. Wherein, the method includes: setting a first threshold value and a second threshold value for defining the busyness of the central processing unit; during the network address translation process, automatically detecting the utilization rate of the central processing unit at a specific time; And when the utilization rate of the central processing unit is higher than the first threshold value, notify the microcode or the soft forwarding process to close the most packets that need to be directly processed by the protocol process within a specific time by the protocol process, when the central When the utilization rate of the processing unit is lower than the second threshold value, the microcode or the soft forwarding process is notified to resume processing the packets requiring the protocol process to directly perform NAT processing. The present invention can timely close the NAT processing of some special messages that may have attacks when the CPU is busy, thereby reducing the utilization rate of the CPU, thereby ensuring the realization of basic NAT services and other normal services.

Description

technical field [0001] The present invention relates to the field of communications, and more particularly to a method and system for dynamically adjusting network address translation strategies. Background technique [0002] Currently, with the rapid development of the network, IPv4 addresses are facing the problem of address depletion, and the application of Network Address Translation (NAT for short) technology can delay the depletion of IPv4 addresses. NAT technology is an address mapping technology, usually used in internal private networks. When a host with a private IPv4 address accesses a host on the external public network, the private IPv4 address of the host is mapped to an external uniquely identifiable public IPv4 address; at the same time, the public IPv4 address returned by the external host to the internal host is converted into The internal flag is used to identify the private IPv4 address of the host, so that the returned data packet can reach the internal...

AI Technical Summary

Problems solved by technology

Among them, many attacks use the flooding mechanism to attack the intermediate equipment for message processing and forwarding, with the purpose of affecting the network bandwidth and consuming the use of the central processing unit (CPU), which seriously affects the normal message processing of the equipment, and even May lead to paralysis of local network operation

The router with NAT function also has this threat

An attacker existing in an internal private network or an external public network sends a large number of special packets. These packets are special for NAT processing. Microcode or soft forwarding processes cannot directly process them, and need to be sent to the protocol process for processing. It will cause the protocol process to be very busy, and the CPU utilization rate will be high, which will affect the normal processing of messages that need to be sent to the protocol process.

Images