Method, apparatus, and system for network address translation

摘要

A method, an apparatus, and a system for network address translation related to the field of communications technologies. A NAT control apparatus receives a network address migration message after a first data center migrates a NAT mapping entry corresponding to a migrated virtual machine VM to a second data center, verifies the network address migration message, and updates home information of the NAT mapping entry in a network address mapping table from the first data center to the second data center according to the network address migration message. In this way, NAT address resources in each data center can be properly planned, and a release attack problem caused by a fact that applying and using of a VM are not performed in a same data center can be solved.

主权项

1. A method for network address translation (NAT), applied in a scenario where a virtual machine (VM) is migrated from a first data center to a second data center, and performed by a NAT control apparatus, wherein the NAT control apparatus is a device that performs centralized control over the first data center and the second data center, wherein the method comprises:
receiving a network address migration message from a first gateway of the first data center, wherein the network address migration message notifies the NAT control apparatus that a NAT mapping entry corresponding to the VM has been migrated from the first gateway of the first data center to a second gateway of the second data center, wherein the network address migration message carries the NAT mapping entry, and wherein the NAT mapping entry records a mapping between a private network address and a public network address of the VM; sending a verification request message to the second gateway to verify whether the NAT mapping entry has been migrated from the first gateway to the second gateway according to the network address migration message; receiving a verification response message from the second gateway, wherein the verification response message is used to confirm that the NAT mapping entry has been migrated to the second gateway; updating, home information of the NAT mapping entry in a network address mapping table from the first data center to the second data center according to the verification response message, wherein the network address mapping table is used to record the NAT mapping entry and the home information of the NAT mapping entry; receiving a release request message from the second gateway when a first timer corresponding to the NAT mapping entry reaches or exceeds a preset time after updating the home information of the NAT mapping entry in the network address mapping table, wherein the release request message comprises the NAT mapping entry; and sending a release response message to the second gateway, wherein the second gateway deletes the NAT mapping entry when the home information of the NAT mapping entry is the second data center, and wherein the information of the NAT mapping entry is recorded in the network address mapping table.