DNAT configuration methods, devices, NAT gateways, and storage media
By receiving DNAT configuration rules in the NAT gateway and determining whether the port to be configured has SNAT, and deleting the SNAT data before configuration, the problem of DNAT configuration failure caused by the port being used by SNAT in the NAT gateway is solved, ensuring the normal configuration and implementation of DNAT rules.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA UNITED NETWORK COMM GRP CO LTD
- Filing Date
- 2023-09-26
- Publication Date
- 2026-06-30
AI Technical Summary
When configuring destination address translation rules, existing NAT gateways cannot be configured correctly if the port to be configured is already in use by a network source address translation session, thus failing to meet user requirements.
By receiving DNAT configuration rules, it determines whether the port to be configured has SNAT. If so, it deletes the SNAT data and performs the configuration. The main thread and the slave thread work together to avoid thread lock contention and ensure that the DNAT rules are configured correctly.
This allows DNAT rules to be configured even when the port to be configured is already in use by a network source address translation session, ensuring the normal operation of the NAT gateway's forwarding performance and functions.
Smart Images

Figure CN117240706B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computer networks, and more particularly to a DNAT configuration method, apparatus, NAT gateway, and storage medium. Background Technology
[0002] With the rapid increase in the number of computers connected to the Internet, Internet Protocol (IP) address resources are becoming increasingly scarce. Network Address Translation (NAT) technology can effectively solve the problem of insufficient IP address resources.
[0003] However, existing NAT gateways cannot properly configure DNAT rules if the port to be configured is already being used by a Source Network Address Translation (SNAT) session, thus failing to meet user requirements. Summary of the Invention
[0004] This application provides a DNAT configuration method, apparatus, NAT gateway, and storage medium to solve the problem that the port to be configured is used by a network source address translation session, making it impossible to configure DNAT technology normally.
[0005] In a first aspect, this application provides a DNAT configuration method, comprising: receiving a DNAT configuration rule, wherein the configuration rule includes a port to be configured;
[0006] Determine if SNAT is configured in the port to be configured;
[0007] If the port to be configured has SNAT configured, delete the SNAT data in the port to be configured, and configure the port to be configured according to the configuration rules.
[0008] Optionally, as described above, the NAT gateway includes a main thread and multiple slave threads. The main thread is used for managing configuration information, and the slave threads are used for configuring ports. Each slave thread corresponds to a different port, and each slave thread corresponds to multiple ports.
[0009] The configuration rules for receiving DNAT include:
[0010] The main thread receives the configuration rules from DNAT and determines the target slave thread corresponding to the port to be configured from among multiple slave threads.
[0011] Optionally, as described above, if the target end is configured with SNAT, the SNAT data in the port to be configured is deleted, including:
[0012] The target thread receives the configuration rules and the port to be configured sent by the main thread.
[0013] The target thread responds to a port that is configured with SNAT and removes the SNAT data from that port.
[0014] Optionally, the method described above determines the target slave thread corresponding to the port to be configured from among multiple slave threads, including:
[0015] The main thread determines the set of port identifiers for each slave thread;
[0016] The main thread obtains the target port identifier of the port to be configured, and determines the target slave thread from multiple slave threads based on the target port identifier and the set of port identifiers.
[0017] Optionally, the above method further includes:
[0018] Determine if the port to be configured has DNAT configured;
[0019] If the port to be configured is configured with DNAT, the configuration operation on the port to be configured is terminated.
[0020] Optionally, the above method also includes: responding to the port to be configured by configuring SNAT not configured, and configuring the port to be configured according to the configuration rules.
[0021] Optionally, as described above, the port to be configured is set with a bitmap marker, which is used to indicate whether the port to be configured is occupied;
[0022] Configure the port to be configured according to the configuration rules, including:
[0023] Update the bitmap markers of the port to be configured according to the configuration rules.
[0024] Secondly, this application provides a DNAT configuration device, comprising:
[0025] The data receiving module is used to receive DNAT configuration rules, which include the port to be configured.
[0026] The port determination module is used to determine whether SNAT is configured in the port to be configured;
[0027] The port configuration module is used to respond to situations where a port to be configured has SNAT configured, delete the SNAT data in the port to be configured, and configure the port to be configured according to the configuration rules.
[0028] Thirdly, this application provides a NAT gateway, including: a processor, and a memory, a data receiver, and a data transmitter that are communicatively connected to the processor;
[0029] The memory stores the instructions that the computer executes;
[0030] The processor executes computer-executable instructions stored in memory, and implements the method as described in any of the first aspects through a data receiving end and a data sending end.
[0031] Fourthly, this application provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any of the first aspects.
[0032] The DNAT configuration method provided in this application, after receiving the DNAT configuration rules, determines whether the port to be configured in the configuration rules has SNAT configured. If SNAT is configured on the port to be configured, the SNAT data in the port to be configured is deleted, and the port to be configured is configured according to the configuration rules. This enables DNAT to be configured on the port to be configured even when the port to be configured has been used by a network source address translation session, ensuring that DNAT rules can be configured and function normally. Attached Figure Description
[0033] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0034] Figure 1 This is a schematic diagram of thread distribution in a NAT gateway;
[0035] Figure 2 A flowchart for configuring DNAT in related technologies;
[0036] Figure 3 This is a flowchart illustrating a DNAT configuration method in an exemplary embodiment of this application;
[0037] Figure 4 A flowchart illustrating another DNAT configuration method in an exemplary embodiment of this application;
[0038] Figure 5 A flowchart illustrating yet another DNAT configuration method in an exemplary embodiment of this application;
[0039] Figure 6 This is a schematic diagram illustrating the composition of the DNAT configuration apparatus in an exemplary embodiment of this application;
[0040] Figure 7 This is a schematic diagram of a NAT gateway that can be applied to embodiments of this application.
[0041] The accompanying drawings illustrate specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concept of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation
[0042] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.
[0043] A Network Address Translation (NAT) gateway is a gateway that translates internal IP addresses and public IP addresses within a Virtual Private Cloud (VPC). It's a way to enable cloud resources within a VPC that lack a public IP address to access the internet. NAT gateways operate at the boundary between the internet and the VPC, are suitable for use within a private network, and allow some resources to share a public internet connection, thus saving bandwidth and traffic resources.
[0044] The purpose of a NAT gateway is to enable hosts within a VPC to share one or more public IP addresses to access the external network (i.e., perform Source Network Address Translation (SNAT)), or for the external network to access hosts within the VPC through the NAT gateway (i.e., perform Destination Network Address Translation (DNAT)). In a single-arm NAT gateway, the network interface card (NIC) queue, CPU core, and worker thread are in a one-to-one correspondence. In a dual-arm NAT gateway, the worker thread corresponds to a specific CPU core and processes a specific receive queue of NIC 1 and a specific receive queue of NIC 2, respectively. The NAT gateway in this application is a single-arm NAT gateway.
[0045] When configuring Destination Network Address Translation (DNAT) rules, existing NAT gateways cannot configure DNAT correctly if the port to be configured is already being used by Source Network Address Translation (SNAT).
[0046] Specifically, the process of the NAT gateway translating internal IP addresses and public IP addresses within a Virtual Private Cloud (VPC) is performed by various threads. Figure 1 This is a diagram illustrating the thread distribution in a NAT gateway, such as... Figure 1 As shown, the NAT gateway thread is divided into a main thread and slave threads. The main thread primarily handles administrative tasks such as command-line interface (CLI) configuration and application programming interface (API) configuration messages. Slave threads mainly receive data packets from the network interface card's designated queue, process them, and then send them out from the network interface card. To reduce thread resource contention, most resources are exclusively used by threads unless they are shared globally, reducing the use of thread locks and improving forwarding performance.
[0047] The purpose of thread locks is to lock shared data, ensuring that only one thread can access the shared data at a time. While using thread locks can reduce resource contention, it can also reduce forwarding performance.
[0048] When a NAT gateway is configured to use a public IP address for internal SNAT, the NAT gateway will divide this IP address into different protocols and distribute the number of ports equally among each slave thread. For example, on a 64-bit server, 65535 / 64 unsigned long arrays are used for management. This is because setting a port to be used only requires setting a single bit in the array containing the port. However, when configuring DNAT rules to operate on a port, the main thread needs to retrieve at least one array variable (64 bits), set it, and then write it back. If a slave thread is also operating on this array variable during this period, the security and reliability of the bits in this array variable cannot be guaranteed.
[0049] Figure 2 The flowchart for configuring DNAT in related technologies is referred to. Figure 2 When a user begins configuring DNAT, step S210 is executed first. Based on the configured public IP address, port, and protocol, it checks whether DNAT is already configured for that IP address and port. If it is, the configuration operation for that port ends. If not, step S220 is executed to check whether the public IP address, port, and protocol are used by an SNAT session, i.e., whether SNAT is configured for that port. If yes, the configuration fails. If no, step S230 is executed to complete the DNAT configuration. Therefore, if the port to be configured already has SNAT configured, the DNAT configuration operation will fail, resulting in the inability to meet the user's needs.
[0050] The inventors considered that if SNAT is already configured on the port to be configured when configuring DNAT, the configuration will fail. However, if SNAT is already configured on the port to be configured, the SNAT data on the port to be configured can be deleted directly to complete the DNAT configuration and meet the user's needs.
[0051] In view of this, this application provides a DNAT configuration method to solve the above-mentioned technical problems of the prior art. The execution subject of the DNAT configuration method of this application is a NAT gateway, which can be deployed on a single electronic device or on a cluster of electronic devices. The electronic devices mentioned here can be, for example, servers, computers, etc., and are not specifically limited in this application.
[0052] The technical solution of this application and how the technical solution of this application solves the above-mentioned technical problems are described in detail below with specific embodiments. These specific embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments. The embodiments of this application will now be described with reference to the accompanying drawings.
[0053] The following is combined Figure 3 The configuration method of DNAT in this exemplary embodiment will be described. Figure 3 An exemplary flow of the configuration method for the DNAT is shown, which may include steps S310 to S330.
[0054] In step S310, the configuration rules of DNAT are received, including the port to be configured.
[0055] In this example implementation, the NAT gateway can receive DNAT configuration rules, which may include, for example, a source port, a source IP address, a port to be configured, an IP address to be configured, and one or more protocols. It should be understood that whether the configuration rules include other information is not limited. This application mainly describes the configuration operation for the port to be configured. This can be executed directly by the NAT gateway, or by a thread within the NAT gateway.
[0056] Optionally, the NAT gateway may include a master thread and slave threads, wherein multiple slave threads are assigned different ports, and each slave thread can be assigned multiple ports. Optionally, assuming the total number of ports is 65,535 and the number of slave threads is 5, then each slave thread is assigned 13,107 ports, that is, the ports are evenly distributed among multiple slave threads. In another example implementation, the port allocation method can also be customized according to user needs, which is not specifically limited in this example implementation.
[0057] In this example implementation, the main thread receives the DNAT configuration rules and extracts the port to be configured from them. The main thread also finds the target slave thread corresponding to the port to be configured among multiple slave threads. Specifically, each port can be configured with a port identifier, such as a number from 1 to 65535. Following the allocation method, a set of port identifiers corresponding to each slave thread can be obtained. Then, the target port identifier of the port to be configured is obtained, and the target slave thread is determined from the slave threads based on the target port identifier. The slave thread whose port identifier set includes the target port identifier is selected as the target slave thread.
[0058] It should be noted that the port identifiers for each port do not have to be numbers; they can also be letters, Chinese characters, etc., and can be customized according to user needs. No specific limitations are made in this example implementation.
[0059] In step S320, it is determined whether SNAT is configured in the port to be configured.
[0060] After obtaining the port to be configured, it can be determined whether SNAT is configured on the port. The NAT gateway can directly determine whether SNAT is configured on the port to be configured.
[0061] Alternatively, the target thread can query whether the port to be configured is configured with SNAT. Before that, the main thread can transmit the DNAT configuration rules to the target thread via a message. Specifically, the public IP address, public port, and protocol are transmitted to the target thread, which then queries whether the port to be configured is being used by SNAT.
[0062] The target thread queries whether the port to be configured is in use, and the main thread does not perform read and write operations on the array containing the port to be configured. This avoids the competition between the main thread and the slave thread, and the DNAT configuration of the port to be configured can be completed safely without adding thread locks. This avoids the technical problem of reduced NAT gateway forwarding performance caused by locking.
[0063] The specific meaning and function of thread locks have been explained in detail above, so they will not be repeated here.
[0064] In one example embodiment of this application, the port to be configured may be set with a bitmap marker, which can be used to indicate whether the port to be configured is occupied. The bitmap marker can be 0 or 1, where 0 indicates that the port to be configured is not occupied and 1 indicates that the port to be configured is occupied.
[0065] When the target thread determines whether the port to be configured has SNAT configured, it can make a judgment based on the bitmap markers and related data. If the bitmap marker is 0, it means that the port to be configured is not occupied; if the bitmap marker is 1, it means that the port to be configured is occupied. Simultaneously, it can determine whether the port to be configured has created an SNAT session based on the related data. This related data may include the configuration protocol and an identifier to determine whether it is SNAT.
[0066] It should be noted that the bitmap markers mentioned above can also use 0 to indicate that they are occupied and 1 to indicate that they are not occupied. In this application, we will use 0 to indicate that they are not occupied and 1 to indicate that they are occupied as an example. Furthermore, the bitmap markers mentioned above can also be represented in other ways, such as using English letters, Chinese characters, etc. They can also be customized according to user needs. In this example implementation, no specific limitation is made.
[0067] If the aforementioned SNAT is configured in the port to be configured, then proceed to step S330. If the aforementioned SNAT is not configured in the port to be configured, then configure the port to be configured directly according to the configuration rules; specifically, set the bitmap marker of the port to be configured to 1.
[0068] In step S330, the SNAT data in the port to be configured is deleted, and the port to be configured is configured according to the configuration rules.
[0069] After judging the port to be configured, if the port to be configured has already been configured with SNAT, the NAT gateway will delete the SNAT data in the port to be configured. Specifically, the target thread in the NAT gateway can delete the SNAT data of the port to be configured.
[0070] In one example implementation, assuming the bitmap identifier is 0 or 1, after deleting the SNAT data, the target thread can configure the port to be configured according to the configuration rules. Specifically, the SNAT session-related data is deleted, and the bitmap identifier of the port to be configured is set to 1.
[0071] The following section uses the main thread and the target slave thread as examples to illustrate the configuration method of DNAT in this application.
[0072] Specifically, refer to Figure 4When DNAT configuration begins, step S410 is executed first. The main thread obtains the target slave thread corresponding to the port to be configured and generates a DNAT public IP address, port, and protocol message, which is then sent to the target slave thread. Then, step S420 is executed, where the target slave thread receives the DNAT configuration message. Next, step S430 is executed, where the target slave thread checks if the port to be configured has an SNAT session. If so, step S440 is executed, where the target slave thread deletes the SNAT session for the port to be configured and sets the bitmap marker of the port to be configured to 1. If not, step S450 is executed, where the target slave thread directly sets the bitmap marker of the port to be configured to 1.
[0073] In another example implementation of this application, before determining the target slave thread corresponding to the port to be configured, the main thread can first query whether the port to be configured has already been configured with DNAT based on the configured public IP address, port, and protocol. If DNAT has already been configured, the DNAT configuration of the port to be configured is terminated. This avoids resource waste caused by secondary configuration.
[0074] Specifically, refer to Figure 5 First, step S510 is executed. The main thread determines whether the port to be configured has a DNAT configuration. If yes, the configuration operation terminates. If not, step S520 is executed. The main thread obtains the target slave thread corresponding to the port to be configured and generates a DNAT configuration public IP address, port, and protocol message, which is then sent to the target slave thread. Next, step S530 is executed. The target slave thread receives the DNAT configuration message. Then, step S540 is executed. The target slave thread determines whether the port to be configured has an SNAT session. If yes, step S550 is executed. The target slave thread deletes the SNAT session of the port to be configured and sets the bitmap marker of the port to be configured to 1. If not, step S560 is executed. The target slave thread directly sets the bitmap marker of the port to be configured to 1.
[0075] The DNAT configuration method of this application, after receiving the DNAT configuration rules, determines whether the port to be configured in the configuration rules is configured with SNAT. If SNAT is configured on the port, the SNAT data in the port is deleted, and the port is configured according to the configuration rules. This ensures that DNAT can still be configured on the port even if it has been used by a network source address translation session, guaranteeing that DNAT rules can be configured and function normally. Furthermore, the configuration operation and data deletion operation of the port to be configured are both performed by their respective target slave threads. This ensures the security of port management without locking the port. The cleanup of SNAT sessions by the target slave thread ensures the normal configuration and normal function of DNAT.
[0076] Figure 6This application provides a DNAT configuration device 600, which includes a data receiving module 610, a port determination module 620, and a port configuration module 630, wherein...
[0077] The data receiving module 610 is used to receive the configuration rules of DNAT, including the port to be configured.
[0078] The port determination module 620 is used to determine whether SNAT is configured in the port to be configured.
[0079] The port configuration module 630 is used to respond to a port to be configured that has SNAT configured, delete the SNAT data in the port to be configured, and configure the port to be configured according to the configuration rules.
[0080] In one example implementation, the NAT gateway includes a main thread and multiple slave threads. The main thread manages configuration information, and the slave threads configure ports. Each slave thread corresponds to a different port, and each slave thread corresponds to multiple ports. The data receiving module 610 can operate on the main thread to receive DNAT configuration rules and determine the target slave thread corresponding to the port to be configured from among the multiple slave threads. Specifically, the port identifier set of each slave thread can be determined first, then the target port identifier of the port to be configured can be obtained, and the target slave thread can be determined from among the multiple slave threads based on the target port identifier and the port identifier set.
[0081] Optionally, the aforementioned slave thread can be set in the aforementioned port configuration module 630. The target slave thread can receive the configuration rules and the port to be configured sent by the main thread. The target slave thread responds that the port to be configured is configured with SNAT and deletes the SNAT data in the port to be configured.
[0082] Optionally, the DNAT configuration device 600 described above can also be used to determine whether the port to be configured is configured with DNAT; and in response that the port to be configured is configured with DNAT, terminate the configuration operation of the port to be configured.
[0083] In one example implementation, the port to be configured is provided with a bitmap marker, which is used to indicate whether the port to be configured is occupied. The port configuration module 630 can also be used to respond to the port to be configured having SNAT configured, delete the SNAT data in the port to be configured, and configure the port to be configured according to the configuration rules.
[0084] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are all optional embodiments, and the actions and modules involved are not necessarily essential to this application.
[0085] It should be further noted that although the steps in the flowchart are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowchart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.
[0086] It should be understood that the above-described device embodiments are merely illustrative, and the device of this application can also be implemented in other ways. For example, the division of units / modules in the above embodiments is only a logical functional division, and there may be other division methods in actual implementation. For example, multiple units, modules, or components may be combined, or integrated into another system, or some features may be ignored or not executed.
[0087] Furthermore, unless otherwise specified, the functional units / modules in the various embodiments of this application can be integrated into one unit / module, or each unit / module can exist physically separately, or two or more units / modules can be integrated together. The integrated units / modules described above can be implemented in hardware or as software program modules.
[0088] When integrated units / modules are implemented in hardware, the hardware can be digital circuits, analog circuits, etc. The physical implementation of the hardware structure includes, but is not limited to, transistors, memristors, etc. Unless otherwise specified, the processor can be any suitable hardware processor, such as a CPU, GPU, FPGA, DSP, and ASIC, etc. Unless otherwise specified, the storage unit can be any suitable magnetic or magneto-optical storage medium, such as Resistive Random Access Memory (RRAM), Dynamic Random Access Memory (DRAM), Static Random Access Memory (SRAM), Enhanced Dynamic Random Access Memory (EDRAM), High-Bandwidth Memory (HBM), Hybrid Memory Cube (HMC), etc.
[0089] If the integrated unit / module is implemented as a software program module and sold or used as an independent product, it can be stored in a computer-readable storage device (CMD). Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a memory and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned memory includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.
[0090] Figure 7 This is a schematic diagram of the structure of a NAT gateway 700 provided in this application. Figure 7 As shown, the electronic device 700 may include at least one processor 710, a memory 720, and a communication interface 730, wherein the communication interface 730 may include a data transmission interface and a data reception interface.
[0091] The memory 720 is used to store programs. Specifically, the program may include program code, which includes computer operation instructions.
[0092] The memory 720 may include high-speed RAM memory, and may also include non-volatile memory, such as at least one disk storage device.
[0093] The processor 710 is used to execute computer execution instructions stored in the memory 720 to implement the monitoring method described in the foregoing method embodiments. The processor 710 may be a central processing unit (CPU), an application-specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of this application.
[0094] The NAT gateway 700 may also include a communication interface 730, through which it can communicate and interact with external devices. In a specific implementation, if the communication interface 730, memory 720, and processor 710 are implemented independently, they can be interconnected via a bus to complete communication. The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc., but this does not imply that there is only one bus or one type of bus.
[0095] Optionally, in a specific implementation, if the communication interface 730, memory 720 and processor 710 are integrated on a single chip, then the communication interface 730, memory 720 and processor 710 can communicate through an internal interface.
[0096] This application also provides a computer-readable storage medium, which may include various media capable of storing program code, such as a USB flash drive, a portable hard drive, a read-only memory, a random access memory, a disk, or an optical disk. Specifically, the computer-readable storage medium stores program instructions, which are used in the monitoring method described in the above embodiments.
[0097] This application also provides a program product including execution instructions stored in a readable storage medium. At least one processor of the banking system can read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor enables the banking system to implement the monitoring methods provided in the various embodiments described above.
[0098] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are all optional embodiments, and the actions and modules involved are not necessarily essential to this application.
[0099] It should be further noted that although the steps in the flowchart are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowchart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.
[0100] In the above embodiments, the descriptions of each embodiment have their own emphasis. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments. The technical features of the above embodiments can be combined arbitrarily. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as these combinations of technical features do not contradict each other, they should be considered within the scope of this specification.
[0101] Other embodiments of this application will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this application that follow the general principles of this application and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this application are indicated by the following claims.
[0102] It should be understood that this application is not limited to the precise structure described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this application is limited only by the appended claims.
Claims
1. A method of configuring a DNA T, characterized by, Applied to a NAT gateway, the NAT gateway includes a main thread and multiple slave threads. The main thread is used for managing configuration information, and the slave threads are used for configuring ports. Each slave thread corresponds to a different port, and each slave thread corresponds to multiple ports. The method includes: The main thread receives the configuration rules of DNAT and determines the target slave thread corresponding to the port to be configured from among the multiple slave threads. The configuration rules include the port to be configured. The target determines from the thread whether SNAT is configured on the port to be configured; In response to the fact that the port to be configured is configured with SNAT, the SNAT data in the port to be configured is deleted, and the port to be configured is configured according to the configuration rules.
2. The method according to claim 1, characterized in that, The response that the terminal to be configured has SNAT configured, and the deletion of SNAT data in the port to be configured, includes: The target receives the configuration rules and the port to be configured sent by the main thread from the thread; The target thread responds to the port to be configured by having SNAT configured, and deletes the SNAT data in the port to be configured.
3. The method according to claim 1, characterized in that, Determining the target slave thread corresponding to the port to be configured from among the multiple slave threads includes: The main thread determines the set of port identifiers for each of the slave threads; The main thread obtains the target port identifier of the port to be configured, and determines the target slave thread from among the multiple slave threads based on the target port identifier and the set of port identifiers.
4. The method according to claim 1, characterized in that, The method further includes: Determine whether the port to be configured has DNAT configured; If the port to be configured is configured with DNAT, the configuration operation on the port to be configured is terminated.
5. The method according to claim 1, characterized in that, The method further includes: In response that the port to be configured is not configured with SNAT, the port to be configured is configured according to the configuration rules.
6. The method according to any one of claims 1 to 5, characterized in that, The port to be configured is set with a bitmap marker, which is used to indicate whether the port to be configured is occupied. The step of configuring the port to be configured according to the configuration rules includes: Update the bitmap marker of the port to be configured according to the configuration rules.
7. A DNAT preparation device, characterized in that, This is applied to a NAT gateway, which includes a main thread and multiple slave threads. The main thread is used for managing configuration information, and the slave threads are used for configuring ports. Each slave thread corresponds to a different port, and each slave thread corresponds to multiple ports, including: The data receiving module is used for the main thread to receive the configuration rules of DNAT and to determine the target slave thread corresponding to the port to be configured among the multiple slave threads, wherein the configuration rules include the port to be configured; The port determination module is used by the target thread to determine whether SNAT is configured in the port to be configured. The port configuration module is used to respond to the fact that the port to be configured is configured with SNAT, delete the SNAT data in the port to be configured, and configure the port to be configured according to the configuration rules.
8. A NAT gateway, characterized in that, include: A processor, and a memory, a data receiver, and a data transmitter that are communicatively connected to the processor; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory to implement the method as described in any one of claims 1 to 6 via a data receiving end and a data sending end.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1 to 6.