Method and device for achieving packet forwarding

Abstract

The invention provides a method and a device for achieving packet forwarding. The method is applied to a distributed firewall device which is at least composed of a plurality of interface boards, a plurality of business boards and a main control board. The method at least includes that each interface board receives a forward message in a private network and sends the forward message to a corresponding business board, each business board receives the forward message, a source internet protocol (IP) address of the forward message is modified to a preset public network IP address of the local business board, a source port of the forward message is modified to any network address translation port of a network address translation port section distributed by the main control board, a network address translation session is established, the converted forward message is sent to a corresponding interface board, and the interface boards send the converted forward message in a public network. According to the method and the device, the main control board of a distributed firewall distributes ports used for network address translation (NAT) based on a request of each business board, and thereby the NAT is performed for the forward message, a corresponding NAT is established, and the new establishing and concurrence of the NAT session can increase with the increasing of the business boards.

Description

technical field [0001] The invention relates to network communication technology, in particular to a method and equipment for realizing message forwarding. Background technique [0002] The distributed firewall processes services in parallel through distributed multi-service boards, which can meet the needs of users with high concurrency, high new construction and high throughput. [0003] A distributed firewall device generally consists of an interface board, a service board, and a main control board. In the device, the interface board is used to receive and send messages, and sends the messages to the service board to process services; the service board is used to establish sessions, Qos processing, forwarding, and network address modification (NAT, Network Address Translation), etc. Most of the business; the main control board is used to handle configuration and routing, etc., and does not participate in forwarding. [0004] Since there are multiple service boards in th...

AI Technical Summary

Problems solved by technology

[0005] At present, there are two main ways for a distributed firewall device to use the interface board to send packets to each service board: Method 1. The interface board sends packets to each service board through a load balancing algorithm, but the interface board needs to keep all session information, The overall performance of the distributed firewall device may not be effectively improved; the second method is that the interface board uses the equivalent routing method to send packets to each service board, but each service board needs to be configured with a different NAT address pool. NAT processing is performed in forward packets and reverse packets, resulting in fewer IPv4 addresses available for configurable distributed firewall devices

Images