Unlock instant, AI-driven research and patent intelligence for your innovation.

NAT rule matching method and device, electronic equipment and storage medium

A matching method and rule technology, applied in the field of computer networks, can solve problems such as difficult to solve, and achieve the effect of accelerating NAT rule matching, solving performance bottlenecks, and ensuring efficiency

Active Publication Date: 2020-12-08
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As the number of NAT rules on the device increases, this problem becomes more prominent and difficult to solve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • NAT rule matching method and device, electronic equipment and storage medium
  • NAT rule matching method and device, electronic equipment and storage medium
  • NAT rule matching method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to more clearly understand the above objects, features and advantages of the present disclosure, the solutions of the present disclosure will be further described below. It should be noted that, in the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other.

[0047] In the following description, many specific details are set forth in order to fully understand the present disclosure, but the present disclosure can also be implemented in other ways than described here; obviously, the embodiments in the description are only some of the embodiments of the present disclosure, and Not all examples.

[0048] At present, in the IPv4 environment, NAT rule matching is carried out by constructing the source address prefix tree and the destination address prefix tree; Uniformity leads to a decrease in matching efficiency, so this scheme cannot be applied in an IPv6 environment. In addition, the e...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an NAT rule matching method, which comprises the steps of converting all NAT rules into rule prefix table entries, each rule prefix table entry comprising a source address public prefix, a destination address public prefix, a source port public prefix, a service public prefix and a corresponding NAT rule; constructing an NAT rule prefix tree based on the rule prefix tableentry, the NAT rule prefix tree comprising a source address rule prefix tree, a destination address rule prefix tree, a source port common prefix tree and a service rule prefix tree; mounting each rule prefix table item in the NAT rule prefix tree through a load balancing algorithm; and performing NAT rule matching on the NAT rule prefix tree on which the rule prefix table entry is mounted based on the matching parameters of the received message. According to the method of the invention, the uniform hash of the rule prefix table entries is ensured through the load balancing algorithm, and theNAT rule matching efficiency in the IPv6 environment is improved.

Description

technical field [0001] The present disclosure relates to the technical field of computer networks, and in particular to a NAT rule matching method, device, electronic equipment and storage medium. Background technique [0002] With the rapid development of the Internet, the limited IPv4 address space is gradually exhausted, so more and more countries have adopted IPv6 as a national strategy. With the gradual deployment of the next-generation Internet with the IPv6 protocol as the core, the ordinary IPv4 address NAT (Network Address Translation, Network Address Translation method) can no longer meet the current network security needs. At this time, the NAT technology based on the IPv6 address is gradually mature. . However, when the number of NAT rules deployed on network communication and security gateways is relatively large, the problem of matching efficiency follows. As the number of NAT rules on the device increases, this problem becomes more prominent and difficult to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12
CPCH04L61/2557
Inventor 范鸿雷纪鹏飞
Owner BEIJING TOPSEC NETWORK SECURITY TECH