Data transmission method, system and storage medium
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINANETCENT TECH
- Filing Date
- 2022-04-26
- Publication Date
- 2026-06-23
Smart Images

Figure CN114884919B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of Internet communication technology, and in particular to a data transmission method, system and storage medium. Background Technology
[0002] With the continuous advancement of communication technology, the requirements for data transmission capabilities and accuracy are gradually increasing. In some specific business scenarios, in order to meet the needs such as cloud integration, data transmission needs to achieve Layer 2 or even Layer 3 interoperability between different network layers such as the physical layer, data link layer, network layer, and transport layer.
[0003] For scenarios with specific needs, such as Software Defined Wide Area Network (SDWAN) projects, Virtual Extensible LAN (VXLAN) tunnels are typically used for data transmission to achieve Layer 2 interconnection between different network layers. However, in actual projects, the VXLAN tunnel endpoints (VTEPs) at both ends are often located in a Customer Premise Equipment (CPE) (private network device) and a Point-of-Presence (POP) device (public network device), respectively, with the VXLAN tunnel endpoints connected by a Network Address Translation (NAT) device. Since the CPE device uses a private IP address while the POP device uses a public IP address, the VXLAN tunnel cannot support NAT traversal. Therefore, the NAT device cannot successfully forward data packets sent by the POP device to the CPE device through the VXLAN tunnel, causing the VXLAN tunnel to malfunction. Summary of the Invention
[0004] The main objective of this application is to propose a data transmission method, system, and storage medium, which aims to enable NAT devices to match the corresponding data flow tracking information and complete the delivery of response messages when forwarding public network device response messages to private network devices through a pre-created VXLAN tunnel, thereby achieving VXLAN message traversal of NAT devices.
[0005] To achieve the above objectives, this application provides a data transmission method applied to a public network device, comprising: receiving a data request forwarded by a network address translation device through a first port; wherein the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SVN) tunnel between a private network device and the public network device, and the destination port and source port of the SVN tunnel have the same port number; converting the source port of the data request to the first port and obtaining data flow tracking information of the data request; converting the destination port of the response message of the data request to a second port according to the reverse source address translation rules and the data flow tracking information of the data request, and transmitting the response message to the network address translation device through the first port, so that the network address translation device can forward the response message to the private network device that initiated the data request; wherein the second port is the port used by the network address translation device to forward the data request to the public network device.
[0006] To achieve the above objectives, this application also proposes a data transmission method, comprising: a private network device sending a data request to a first port of a public network device; wherein the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SVLAN) tunnel between the private network device and the public network device, and the source port and destination port of the SVLAN tunnel have the same port number; a network address translation (NAT) device receiving the data request and generating first data flow tracking information; forwarding the data request to the first port of the public network device through a second port of the NAT device; the public network device receiving the data request, converting the source port of the data request to the first port, and generating second data flow tracking information; converting the destination port of a response message to the second port according to a reverse source address translation (RPC) rule and the second data flow tracking information, and sending the response message to the NAT device through the first port; the NAT device receiving the response message and forwarding the response message to the private network device according to the RPC rule and the first data flow tracking information.
[0007] To achieve the above objectives, this application also proposes a data transmission system, comprising a private network device, a public network device, and a network address translation device located between the private network device and the public network device. The private network device sends a data request to a first port of the public network device; wherein the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SVLAN) tunnel between the private network device and the public network device, and the source and destination ports of the SVLAN tunnel have the same port number; the network address translation device receives the data request and generates first data stream tracking information; and transmits the data request through... The data request is forwarded through the second port of the network address translation device to the first port of the public network device; the public network device receives the data request, converts the source port of the data request to the first port, and generates second data flow tracking information; according to the reverse source address translation rules and the second data flow tracking information, the destination port of the response message is converted to the second port, and the response message is sent to the network address translation device through the first port; the network address translation device receives the response message, and according to the reverse source address translation rules and the first data flow tracking information, forwards the response message to the private network device.
[0008] To achieve the above objectives, embodiments of this application also propose a computer-readable storage medium storing a computer program, which, when executed by a processor, implements the data transmission method described above.
[0009] The data transmission method provided in this application, when creating an Scalable Virtual Local Area Network (VLAN) tunnel between a private network device and a public network device, binds the source port and destination port of the VLAN tunnel to the same port. When the private network device initiates a data request to the public network device, the public network device receives the data request forwarded by the network address translation (NAT) device through the first port bound to the tunnel, converts the source port of the data request to the first port, and generates data flow tracking information for the data request. When sending a response message, according to the reverse source address translation (ROC) rules and the data flow tracking information, the destination port of the response message is converted to the second port used by the NAT device to forward the data request to the public network device, and the response message is sent to the NAT device so that the NAT device can send the response message to the private network device that initiated the data request. By modifying the source port of the data request to the first port when a data request is received and generating data flow tracking information, when the response packet is sent, the destination port of the response packet can be modified to the port used by the network address translation device to forward the data request (i.e., the second port) according to the reverse source address translation rules and data flow tracking information. This enables the NAT device to match the corresponding data flow tracking information when forwarding the response packet to the private network device, complete the packet delivery, and realize the traversal of VXLAN packets through the NAT device. Attached Figure Description
[0010] One or more embodiments are illustrated by way of example with reference to the accompanying drawings, and these illustrative descriptions do not constitute a limitation on the embodiments.
[0011] Figure 1 This is a flowchart of the data transmission method in the embodiments of this application;
[0012] Figure 2 This is a flowchart of a data transmission method in another embodiment of this application;
[0013] Figure 3 This is a schematic diagram of the data request initiation and response process in an embodiment of this application;
[0014] Figure 4 This is a schematic diagram of the data transmission system in another embodiment of this application. Detailed Implementation
[0015] As the background technology indicates, in Software-Defined Wide Area Network (SDWAN) projects, when implementing Layer 2 interconnection, VXLAN packets cannot traverse NAT devices when connecting public network devices (such as POPs) and private network devices (such as CPEs) via NAT devices. Therefore, VXLAN tunnels cannot be successfully created or may not function properly. Thus, how to achieve simple and efficient VXLAN packet traversal of NAT devices, ensuring the normal creation and use of VXLAN tunnels, is an urgent technical problem that needs to be solved.
[0016] To address the aforementioned issues, certain embodiments of this application provide a data transmission method applied to a public network device, comprising: receiving a data request forwarded by a network address translation device (NAT) through a first port; wherein the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SVLAN) tunnel between the private network device and the public network device, and the destination port and source port of the SVLAN tunnel have the same port number; converting the source port of the data request to the first port and obtaining data flow tracking information of the data request; converting the destination port of the response message of the data request to a second port according to the reverse source address translation rules and the data flow tracking information of the data request, and transmitting the response message to the NAT through the first port, so that the NAT can forward the response message to the private network device that initiated the data request; wherein the second port is the port used by the NAT to forward the data request to the public network device.
[0017] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the various embodiments of this application will be described in detail below with reference to the accompanying drawings. However, those skilled in the art will understand that many technical details have been provided in the various embodiments of this application to help readers better understand this application. However, the technical solutions claimed in this application can be implemented even without these technical details and various changes and modifications based on the following embodiments. The division of the various embodiments below is for the convenience of description and should not constitute any limitation on the specific implementation of this application. The various embodiments can be combined with and referenced by each other without contradiction.
[0018] The implementation details of the data transmission method described in this application will be specifically described below with reference to specific embodiments. The following implementation details are provided for ease of understanding only and are not necessary for implementing this solution.
[0019] A first aspect of the present invention provides a data transmission method applied to public network devices. The flow of the data transmission method is as follows: Figure 1 This includes the following steps:
[0020] Step 101: Receive data requests forwarded by the network address translation device through the first port.
[0021] Specifically, in Software-Defined Wide Area Network (SDWAN) projects, private network devices communicate with public network devices by constructing Scalable Virtual Local Area Network (VXLAN) tunnels between themselves and the public network devices. Data packets between the private and public network devices are forwarded through a Network Address Translation (NAT) device. During the construction of the Scalable Virtual Local Area Network (VXLAN) tunnel, when binding data transmission ports for the VXLAN tunnel, both the source and destination ports are bound to the first port, meaning the source and destination ports have the same port number. Specifically, when a private network device creates a VXLAN tunnel, the destination IP is set to the public IP of the public network device, and the local IP is set to the private IP of the private network device; both the destination and source ports are set to the first port. When a public network device creates a VXLAN tunnel, the destination IP is set to the public IP of the NAT device, and the local IP is set to the public IP of the public network device. When a private network device initiates a data request, it transmits the data request message to the first port of the public network device. The data request is forwarded by the Network Address Translation (NAT) device. The public network device listens for the data packets on the first port and receives the data request forwarded by the NAT device through the first port.
[0022] Step 102: Convert the source port of the data request to the first port and obtain the data stream tracing information of the data request.
[0023] Specifically, after receiving a data request forwarded by the NAT device through the first port, the public network device obtains the source address and destination address information of the data request. The destination address information includes the public network device's public IP address and the first port on which the public network device receives the data request. Based on preset address translation rules or procedures, the source port of the data packet destined for the first port is translated to the first port. Then, based on the data transmission path information of the data request after source address translation, the data flow tracking information of the data request is obtained.
[0024] In one example, the iptables of the public network device is configured with preset source address translation rules; the preset source address translation rules include: translating the source port of a packet whose destination port is the first port to the first port; translating the source port of a data request to the first port, including: translating the source port of the data request to the first port according to the preset source address translation rules.
[0025] Specifically, before or during the deployment of public network devices, at least one preset source address translation rule for the first port is added and configured in the input address translation chain of the network address translation table in the iptables of the public network device. The configured preset source address translation rule includes at least the following: upon receiving a data packet whose destination port is the first port, the source port of the data packet is translated to the first port. Therefore, when the public network device's protocol stack receives a data request forwarded by the network address translation device through the first port, since the destination port of the data request is the first port, the preset source address translation rule pre-added in the iptables of the public network device is matched. According to the preset source address translation rule, the port used by the NAT device to forward the data request to the public network device is translated to the first port. This facilitates the generation of data flow tracking information for data requests received through the first port based on the data transmission path information after the source port translation.
[0026] It is worth mentioning that multiple preset source address translation rules can be configured on the iptables of public network devices for different ports, so as to enable public network devices to interconnect with multiple private network devices. This embodiment does not limit the specific configuration of the preset source address translation rules.
[0027] In another example, obtaining data stream tracing information for a data request includes: obtaining pre-stored data stream tracing information based on the port number of the first port, or generating data stream tracing information in real time based on the data transmission path of the data request after port conversion.
[0028] Specifically, after the public network device translates the source port of the data request received through the first port into the first port, it also needs to obtain the data flow tracing information corresponding to the data request. The first port is pre-bound to the VXLAN tunnel between the private network device and the public network device. Therefore, when obtaining the data flow tracing information of the data request, it can query the pre-stored data flow tracing data in the database based on the port number of the first port to obtain the data flow tracing information corresponding to the first port, and use the obtained data flow tracing information as the data flow tracing information of the data request. If the data flow tracing information corresponding to the first port cannot be found, or if the data flow tracing information is obtained based on the data transmission path, the public network device directly obtains the data transmission path information of the data request after the source port translation. Then, based on the mapping relationship between the source address, source port, destination address, and destination port of the data flow sent from the network address translation device to the first port of the public network device, and the mapping relationship between the source address, source port, destination address, and destination port of the data flow sent from the public network device to the first port of the network address translation device, i.e., obtaining the mapping relationship between the source address, source port, destination address, and destination port of the data request and response data request, it generates the data flow tracing information of the data request. By setting up multiple methods for acquiring data stream tracing information, we can ensure the accurate acquisition of data stream tracing information. We can directly use the port number to query data stream tracing information, thereby improving the efficiency of data stream tracing information acquisition. We can also generate data stream tracing information based on the data transmission path information after source address translation, thus ensuring the accuracy of data stream tracing information acquisition.
[0029] Furthermore, before obtaining the pre-stored data flow tracing information based on the port number of the first port, the method further includes: obtaining the probe data packets forwarded by the network address translation device through the first port, and converting the port on which the network address translation device forwards the probe data packets to the first port; and generating data flow tracing information based on the data transmission path of the probe data packets after port conversion.
[0030] Specifically, before obtaining pre-stored data flow tracing information based on the port number of the first port, the public network device can obtain the data flow tracing information corresponding to the first port based on the data transmission path of the probe data packets sent by the private network device. That is, after the VXLAN tunnel between the public and private network devices is created, and the devices go online or are accurately put into use, the private network device will actively send probe data packets to the public network device. This allows the NAT device and the public network device to generate data flow tracing information for communication between the private and public network devices through the VXLAN tunnel. The private network device sends probe data packets to the first port of the public network device. After receiving the probe data packets from the private network device, the NAT device determines the port used to forward the probe data packets according to the source address translation rules, and then forwards the probe data packets to the first port of the public network device. After receiving the probe data packets forwarded by the NAT device through the first port, the public network device translates the source port of the probe data packets, converting the port forwarded by the NAT device to the first port. Then, based on the data transmission path information after the source port translation, it generates the data flow tracing information corresponding to the probe data packets and associates and stores the data flow tracing information with the first port. By pre-utilizing the transmission and reception of probe packets, and based on the data transmission path information after the source port of the probe packets is converted, data flow tracking information is generated and associated with and stored with the first port. This facilitates the acquisition of data flow tracking information when private network devices and public network devices communicate through a VXLAN tunnel based on the port number of the first port, thereby improving the response efficiency of public network devices to data requests from private network devices.
[0031] It is worth mentioning that the detection of data flow tracking information using probe packets can be implemented directly based on the probe mechanism in the link-state routing protocol (Open Shortest Path First, OSPF) on the private network device, or it can be implemented through the probe script uploaded by the technician. This embodiment does not restrict the specific implementation of the probe mechanism by sending probe packets.
[0032] Furthermore, the probe data packets forwarded by the network address translation device are obtained through the first port, including: periodically obtaining probe data packets forwarded by the network address translation device through the first port.
[0033] Specifically, due to the data transmission mechanism of public network devices and VXLAN tunnels, the data flow tracking information corresponding to the first port stored in the public network device has a certain time sensitivity. Therefore, to prevent the data flow tracking information corresponding to the first port from becoming invalid, the private network device periodically sends probe packets to the public network device. The public network device periodically obtains the probe packets forwarded by the network address translation device through the first port. Based on the received probe packets, the NAT device and the public network device keep the stored data flow tracking information alive, ensuring that the data flow tracking information stored in the address translation table can normally serve business request messages such as data requests. By periodically receiving probe packets, the data flow tracking information stored on the public network device is prevented from expiring. At the same time, the periodic sending of probe packets by the private network device ensures that the data flow tracking information stored on the NAT device can also be used normally.
[0034] In another example, the public network device's data filtering table is configured with preset data output rules; among these, the preset data output rules include: discarding data packets to be sent by the public network device if the public network device does not receive a data request.
[0035] Specifically, preset data output rules are added and configured in advance in the data output chain of the public network device's data filtering table. After the public network device is put into use, it will monitor the data output according to the preset data output rules. After the public network device generates a data packet to be sent on the first port, it will check whether a data request has been received through the first port before sending the data packet. If a data request has been received through the first port, the data packet to be sent will be sent normally; if no data request has been received through the first port, the data packet to be sent will be discarded according to the preset data output rules. By adding preset data output rules to the data filtering table, the public network device is prevented from sending data packets on its own without receiving a data request, which would lead to incorrect data flow tracking information. This ensures that after receiving a data request, the corresponding response message for the data request can be successfully sent to the private network device, ensuring the normal operation of the business.
[0036] Step 103: Based on the reverse source address translation rules and the data flow tracking information of the data request, the destination port of the response message of the data request is converted to the second port, and the response message is transmitted to the network address translation device through the first port, so that the network address translation device can forward the response message to the private network device that initiated the data request.
[0037] Specifically, after the public network device performs source port translation on the data request received through the first port and obtains the data flow tracking information of the data request, it parses the data request, queries the database based on the parsing results, and generates a response message for the data request based on the query results. Then, it sends the response message according to the destination port bound to the VXLAN tunnel. During the sending of the response message, since the destination port is the first port and the destination address is the IP address of the NAT device, the reverse source address translation rule will be hit. Based on the reverse source address translation rule and the obtained data flow tracking information of the data request, the public network device translates the destination port of the response message to the second port. The second port is the port used by the NAT device when forwarding the data request to the first port of the public network device. Then, the public network device sends the response message for the data request to the second port of the NAT device through the first port. After receiving a response packet from the public network device via port 1 through port 2, the NAT device, due to the destination address being the NAT device's IP address and the destination port being port 2, will match the reverse source address translation (RSP) rules. Based on the RSP rules and local data flow tracking information, the NAT device modifies the destination port of the response packet to the private network device's port 1 and the destination address to the private network device's IP address. It also obtains the data transmission port bound to the VXLAN tunnel between the public and private network devices (i.e., port 1) and sends the response packet to port 1 of the private network device using port 1 as the source port. During the response process, the public network device, by modifying the destination port of its response packet to the port used by the NAT device when uploading data, ensures that the NAT device can successfully match the corresponding data flow tracking information when sending response packets to the private network device. This allows the NAT device to complete the delivery of the response packet based on the RSP rules and the matched data flow tracking information, thus enabling VXLAN packets to traverse the NAT device.
[0038] Furthermore, it should be understood that the step divisions of the various methods described above are only for clarity. In practice, they can be combined into one step or some steps can be split into multiple steps. As long as they include the same logical relationship, they are all within the scope of protection of this patent. Adding insignificant modifications or introducing insignificant designs to the algorithm or process, but without changing the core design of the algorithm and process, are also within the scope of protection of this patent.
[0039] This application also relates to a data transmission method, the flow of which can be referred to... Figure 2 ,include:
[0040] Step 201: The private network device sends a data request to the first port of the public network device; wherein, the first port is the data transmission port bound to the pre-created Scalable Virtual Local Area Network Tunnel between the private network device and the public network device, and the source port and destination port of the Scalable Virtual Local Area Network Tunnel have the same port number.
[0041] Specifically, a scalable virtual local area network (VLAN) tunnel is pre-created between the private network device and the public network device. The source port and destination port of the scalable VLAN tunnel have the same port number. The data transmission port bound to the scalable VLAN tunnel is the first port. When the private network device initiates a data request, it uses the private network device's IP address and source port (which has the same port number as the first port) as the source address, and the public network device's public IP address and the first port as the destination address to send a data request to the public network device.
[0042] Step 202: The network address translation device receives the data request and generates the first data stream tracking information; the data request is forwarded to the first port of the public network device through the second port of the network address translation device.
[0043] Specifically, public network devices and private network devices are connected through a network address translation (NAT) device. Data request packets initiated by a private network device to a public network device are first transmitted to the NAT device. The NAT device translates the source address of the data request packet according to the source address translation rules and the mapping relationship between addresses. Using the IP address and second port of the NAT device as the source address, the data request is forwarded to the first port of the public network device, and the first data stream tracking information is generated according to the transmission path of the data request.
[0044] In one example, after receiving a data request, the network address translation device further includes: converting the source address and source port of the data request into the IP address and second port of the network address translation device, respectively; after receiving a response message, the network address translation device further includes: converting the destination address and destination port of the response message into the IP address of the private network device and the data transmission port bound to the corresponding Scalable Virtual Local Area Network tunnel of the private network device, respectively.
[0045] Specifically, when forwarding data requests, the network address translation device (NAT) first needs to translate the source address and source port of the data request into the IP address and second port of the NAT that can directly communicate with public network devices. When sending response messages, the destination address and destination port of the response message need to be translated into the IP address of the private network device and the data transmission port (same as the first port number) bound to the corresponding Scalable Virtual Local Area Network (VLAN) tunnel of the private network device, so as to accurately transmit the response message to the private network device that initiated the data request.
[0046] In another example, the first data stream tracking information includes the source address, source port and destination address, and destination port mapping relationship of the data stream sent from the private network device to the first port of the public network device, and the source address, source port and destination address, and destination port mapping relationship of the data stream sent from the public network device to the second port of the network address translation device.
[0047] Specifically, when generating the first data flow tracking information, the NAT device uses the IP address and port of the device sending the data packet as the source address and the IP address and port of the device receiving the data packet as the destination address. Combining the request and response processes, it stores the source address, source port, destination address, and destination port in an associated manner. That is, the first data flow tracking information includes the mapping relationship between the source address, source port, and destination address and destination port of the data flow in which the private network device initiates a data request to the public network device during the data request process; and the mapping relationship between the source address, source port, and destination address and destination port of the data flow in which the public network device sends a response message to the network address translation device during the data request response process.
[0048] Step 203: The public network device receives the data request, converts the source port of the data request to the first port, and generates the second data flow tracing information; according to the reverse source address translation rule and the second data flow tracing information, it converts the destination port of the response message to the second port, and sends the response message to the network address translation device through the first port.
[0049] Specifically, the public network device receives a data request initiated by the private network device and forwarded by the network address translation (NAT) device through the first port bound to the VXLAN tunnel. It then translates the source port of the data request to the first port, keeping the source address unchanged (i.e., the source address remains the IP address of the NAT device). Based on the transmission path of the data request after the source port translation, it generates second data flow tracking information. Next, it parses the data request, generates a response message, and sends the response message to the NAT device with the first port as the destination port. Since the destination port is the first port and the destination address is the IP address of the NAT device, the reverse source address translation (RSP) rule is triggered. Based on the RSP rule and the second data flow tracking information, the destination port is modified to the second port used by the NAT device to forward the data request, and the response message is sent to the NAT device through the first port.
[0050] In one example, the iptables of the public network device is configured with preset source address translation rules; among them, the preset source address translation rules include: translating the source port of a packet whose destination port is the first port to the first port.
[0051] Specifically, before or during the use of public network devices, a preset source address translation rule for the first port is added and configured in the input address translation chain of the network address translation table of the public network device's iptables. The preset source address translation rule includes at least the following: after receiving a data packet whose destination port is the first port, the source port of the data packet is translated to the first port, so that after the public network device receives a data request through the first port, the source port of the data request is modified to the first port.
[0052] In another example, the second data stream tracking information includes the source address, source port and destination address, and destination port mapping relationship of the data stream sent from the network address translation device to the first port of the public network device, as well as the source address, source port and destination address, and destination port mapping relationship of the data stream sent from the public network device to the first port of the network address translation device.
[0053] Specifically, when a public network device generates second data stream tracing information, it uses the IP address and port of the device sending the data packet as the source address and the IP address and port of the device receiving the data packet as the destination address. Combining the request and response processes, it stores the source address, source port, destination address, and destination port in an associated manner. That is, the second data stream tracing information includes the mapping relationship between the source address, source port, destination address, and destination port of the data stream forwarded by the network address translation device to the public network device during the data request process; and the mapping relationship between the source address, source port, destination address, and destination port of the data stream sent by the public network device to the network address translation device during the data request response process.
[0054] Step 204: The network address translation device receives the response message and forwards it to the private network device according to the reverse source address translation rules and the first data stream tracking information.
[0055] Specifically, after receiving the response message from the public network device, the network address translation device triggers the reverse source address translation rule because the destination port of the response message sent by the public network device is the second port. Based on the reverse source address translation rule and the first data flow tracking information, the destination port is modified to the first port used by the private network device to initiate the data request, and the response message is sent to the private network device through the first port.
[0056] To facilitate understanding, the data transmission process will be explained below with reference to a diagram illustrating the data request initiation and response flow. This diagram can be found here. Figure 3 .
[0057] The private network device uses the destination port 4789 bound to the VXLAN tunnel established between the private network device and the public network device as the source and destination ports for data requests. It initiates a data request with the private network device's IP address as the source address and the public network device's IP address as the destination address. The source address, source port, destination address, and destination port information for data transmission is (192.168.0.1:4789-->10.8.0.1:4789), where 192.168.0.1 is the IP address of the private network device, 10.8.0.1 is the IP address of the public network device, and 4789 is the data transmission port bound to the VXLAN tunnel, which is also the port that the VXLAN tunnel listens on. The source port and destination port of the VXLAN tunnel are the same port number.
[0058] After receiving a data request, the network address translation device (NAT) translates the source address and source port of the data request into the NAT's IP address and port 4790. Then, using the NAT's IP address as the source address and 4790 as the source port, it forwards the data request to port 4789 of the public network device. The source address, source port, destination address, and destination port information of the data transmission is (10.8.0.2:4790-->10.8.0.1:4789), where 10.8.0.2 is the NAT's IP address, 4790 is the source port of the NAT that forwards the data request, and 10.8.0.1:4789 is the public network device's IP address and port. And generate the first data stream tracking information according to the transmission path of the data request: send (192.168.0.1:4789-->10.8.0.1:4789); return (10.8.0.1:4789-->10.8.0.2:4790).
[0059] After receiving a data request, the protocol stack of the public network device translates the source port 4790 of the data request to port 4789. The source address remains the IP address of the network address translation device (NAT), 10.8.0.2. Based on the transmission path of the data request and response messages, it generates second data flow tracing information: send (10.8.0.1:4790 --> 10.8.0.1:4789); return (10.8.0.1:4789 --> 10.8.0.2:4789). The protocol stack then parses the data request, queries and generates a response message, and sends the response message to the NAT. Since the destination address is the NAT device's IP address and the destination port is 4789, the reverse source address translation rule is matched. Based on the reverse source address translation rule and the second data flow tracing information, the destination port of the response message is modified to 4790. The public network device then sends the response message to the NAT device's port 4790 via port 4789.
[0060] After receiving the response packet through port 4790, the NAT device, due to the source address, source port, and destination address, destination port information of the data transmission being (10.8.0.1:4789 --> 10.8.0.2:4790), will hit the reverse source address translation rule. Based on the reverse source address translation rule and the first data flow tracing information, the destination address of the response packet is modified to the IP address of the private network device, and the destination port is modified to the first port. Then, the NAT device sends the response packet to port 4789 of the private network device through the data transmission port bound to the VXLAN tunnel, completing the distribution of the response packet.
[0061] Another aspect of this application embodiment also provides a data transmission system, the structural schematic diagram of which can be referred to... Figure 4 This includes: private network device 401, network address translation device 402, and public network device 403;
[0062] Private network device 401 sends a data request to the first port of public network device 403; wherein, the first port is the data transmission port bound to the pre-created Scalable Virtual Local Area Network Tunnel between private network device 401 and public network device 403, and the source port and destination port of the Scalable Virtual Local Area Network Tunnel have the same port number.
[0063] Network address translation device 402 receives a data request and generates first data stream tracking information; it forwards the data request through the second port of network address translation device 402 to the first port of public network device 403.
[0064] The public network device 403 receives a data request, converts the source port of the data request to the first port, and generates second data stream tracing information. Based on the reverse source address translation rule and the second data stream tracing information, it converts the destination port of the response message to the second port and sends the response message to the network address translation device 402 through the first port.
[0065] Network address translation device 402 receives the response message and forwards it to private network device 401 according to the reverse source address translation rules and the first data stream tracking information.
[0066] It is not difficult to see that this embodiment is a system embodiment corresponding to the above method embodiment. In order to avoid repetition in expression, some implementation details will not be repeated here. The details in the above method embodiment are also applicable to this embodiment. At the same time, the details in this embodiment are also applicable to the above method embodiment.
[0067] Another aspect of this application provides a computer-readable storage medium storing a computer program. When the computer program is executed by a processor, it implements the above-described method embodiments.
[0068] That is, those skilled in the art will understand that all or part of the steps in the methods of the above embodiments can be implemented by a program instructing related hardware. This program is stored in a storage medium and includes several instructions to cause a device (which may be a microcontroller, chip, etc.) or processor to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as a USB flash drive, a portable hard drive, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
[0069] Those skilled in the art will understand that the above embodiments are specific embodiments for implementing this application, and in practical applications, various changes can be made to them in form and detail without departing from the spirit and scope of this application.
Claims
1. A data transmission method, characterized in that, When creating a VXLAN tunnel for public network devices and private network devices, the destination IP is set to the public IP of the public network device, the local IP is set to the private IP of the private network device, and both the destination port and the source port are set to the first port. When a public network device creates a VXLAN tunnel, the destination IP is set to the public IP address of the NAT device, and the local IP address is set to the public IP address of the public network device, including: The system receives data requests forwarded by a network address translation device through a first port; wherein, the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SVN) tunnel between the private network device and the public network device, and the destination port and source port of the SVN tunnel have the same port number; The source port of the data request is converted to the first port, and the data flow tracking information of the data request is obtained, wherein the data flow tracking information is used to record the mapping relationship when the data request passes through the network address translation device; According to the reverse source address translation rules and the data flow tracking information of the data request, the destination port of the response message of the data request is converted to a second port, and the response message is transmitted to the network address translation device through the first port, so that the network address translation device can forward the response message to the private network device that initiated the data request; The second port is the port used by the network address translation device to forward the data request to the public network device.
2. The data transmission method according to claim 1, characterized in that, The public network device has preset source address translation rules configured on its iptables; The preset source address translation rule includes: converting the source port of a packet whose destination port is the first port to the first port; The step of converting the source port of the data request to the first port includes: According to the preset source address translation rule, the source port of the data request is translated into the first port.
3. The data transmission method according to claim 1, characterized in that, The process of obtaining the data stream tracing information for the data request includes: Based on the port number of the first port, obtain the pre-stored data stream tracing information, or generate the data stream tracing information in real time based on the data transmission path after the data request has undergone port conversion.
4. The data transmission method according to claim 3, characterized in that, Before obtaining the pre-stored data stream tracing information based on the port number of the first port, the method further includes: The probe data packets forwarded by the network address translation device are obtained through the first port, and the port through which the network address translation device forwards the probe data packets is changed to the first port; The data stream tracking information is generated based on the data transmission path of the probe data packet after port conversion.
5. The data transmission method according to claim 4, characterized in that, The step of obtaining the probe data packets forwarded by the network address translation device through the first port includes: The probe data packets forwarded by the network address translation device are periodically acquired through the first port.
6. The data transmission method according to any one of claims 1 to 5, characterized in that, The public network device's data filtering table is configured with preset data output rules; wherein, the preset data output rules include: if the public network device does not receive the data request, discard the data packet to be sent by the public network device.
7. A data transmission method, characterized in that, When a private network device creates a VXLAN tunnel, the destination IP is set to the public IP of the public network device, the local IP is set to the private IP of the private network device, and both the destination port and the source port are set to the first port. When a public network device creates a VXLAN tunnel, the destination IP is set to the public IP address of the NAT device, and the local IP address is set to the public IP address of the public network device, including: The private network device sends a data request to the first port of the public network device; wherein, the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SLAN) tunnel between the private network device and the public network device, and the source port and destination port of the SLAN tunnel have the same port number; The network address translation device receives the data request and generates first data stream tracking information; it then forwards the data request to the first port of the public network device through the second port of the network address translation device. The public network device receives the data request, converts the source port of the data request to the first port, and generates second data flow tracing information; according to the reverse source address translation rule and the second data flow tracing information, it converts the destination port of the response message to the second port, and sends the response message to the network address translation device through the first port; The network address translation device receives the response message and forwards the response message to the private network device according to the reverse source address translation rules and the first data stream tracking information; The first data stream tracking information and the second data stream tracking information are used to record the mapping relationship when the data request passes through the network address translation device.
8. The data transmission method according to claim 7, characterized in that, The public network device has a preset source address translation rule configured on its iptables; wherein the preset source address translation rule includes: converting the source port of a packet whose destination port is the first port to the first port.
9. The data transmission method according to claim 7, characterized in that, After receiving the data request, the network address translation device further includes: converting the source address and source port of the data request into the IP address and the second port of the network address translation device, respectively; After receiving the response message, the network address translation device further includes: converting the destination address and destination port of the response message into the IP address of the private network device and the data transmission port of the private network device bound to the Scalable Virtual Local Area Network Tunnel.
10. The data transmission method according to claim 7, characterized in that, The first data stream tracking information includes the source address, source port and destination address and destination port mapping relationship of the data stream sent from the private network device to the first port of the public network device, and the source address, source port and destination address and destination port mapping relationship of the data stream sent from the public network device to the second port of the network address translation device.
11. The data transmission method according to claim 7, characterized in that, The second data stream tracking information includes the source address, source port and destination address and destination port mapping relationship of the data stream sent from the network address translation device to the first port of the public network device, as well as the source address, source port and destination address and destination port mapping relationship of the data stream sent from the public network device to the first port of the network address translation device.
12. A data transmission system, the system comprising a private network device, a public network device, and a network address translation device located between the private network device and the public network device, wherein when the private network device creates a VXLAN tunnel, the destination IP is set to the public IP of the public network device, the local IP is set to the private network IP of the private network device, and both the destination port and the source port are set to the first port; when the public network device creates a VXLAN tunnel, the destination IP is set to the public IP of the NAT device, and the local IP is set to the public IP of the public network device, characterized in that: The private network device sends a data request to the first port of the public network device; wherein, the first port is a data transmission port bound to a pre-created Scalable Virtual Local Area Network (SLAN) tunnel between the private network device and the public network device, and the source port and destination port of the SLAN tunnel have the same port number; The network address translation device receives the data request and generates first data stream tracking information; it then forwards the data request to the first port of the public network device through the second port of the network address translation device. The public network device receives the data request, converts the source port of the data request to the first port, and generates second data flow tracing information; according to the reverse source address translation rule and the second data flow tracing information, it converts the destination port of the response message to the second port, and sends the response message to the network address translation device through the first port; The network address translation device receives the response message and forwards the response message to the private network device according to the reverse source address translation rules and the first data stream tracking information; The first data stream tracking information and the second data stream tracking information are used to record the mapping relationship when the data request passes through the network address translation device.
13. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by a processor, it implements the data transmission method as described in any one of claims 1 to 6, or the data transmission method as described in any one of claims 7 to 11.