| With the rapid development of the computer network,IPv4protocol has shown more and more insufficient,IPv6protocol instead of IPv4protocol has become a necessity. The conditions of the transition from IPv4network to IPv6network will appear in a long time. The NAT-PT technology brings very important significance to realize the communication between the pure IPv4host and pure IPv6host, both in theory and practice fields.After the study of Netfilter framework, and then based on the study of NAT-PT gateway, As to the problem of the optimization of the address-mapping table lookup algorithm; The address-mapping table low conversion has been given by NAT-PT gateway of performance bottlenecks paper, At the same time the study of NAT-PT gateway’s security is also an urgent need in the field, according to condition of the incompatibility of IPSec and NAT-PT, the problem of NAT-PT-UDP The solutions of the overall design and realization mechanism has been given to the problem of NAT-PT-UDP. This paper studies mainly on the following several aspects:1. Detail analysis and the discussion of the translation technology of the three transition technology:tunnel technology, translation technology, and the three occasions of the characteristics of the technology and application of the transition from typical IPv4to the IPv6, and It discusses mainly on the NAT-PT based on the working principle and its address translation algorithms and protocol conversion algorithm, and also points out its shortcomings of the algorithm of the address translation.2. This paper established the NAT-PT gateway in expanding the flexible Netfilter function frame, and presents the kernel add user defined module of the process in detail, the following chapters focus on NAT-PT module and through NAT-PT IPSec module of all mounted on Netfilter corresponding hook point, to expand the ftransition of the network service.3. To the problem of the environment of the gateway module performance throughout NAT-PT when address mapping the bottleneck in the large data flowing, The fast search algorithm is proposed based on a tree assisted by Hash table of the conversion of the items experiments has shown the efficiency of the algorithm is superior to the traditional algorithm, and also improves the efficiency of the address translation.4. NAT-PT as the main solutions of the transition from IPv4network to the IPv6network, Realizes exchanging between the IPv4network and the IPv6network,It also has potential security hole, but the current IPSec security protocol and NAT-PT can’t work together, This paper studies the two reasons of the incompatibility of this two protocols, combined with its own characteristics, and reference the method of the throughout to NAT,puts forward the NAT-PT-UDP solutions, It uses the form of UDP encapsulates IPSec message, and revised the process of the consultation of IKE protocol, and realized the compatibility of IPSec and NAT-PT gateway.The design of the implementation of compatibility of the IPSec NAT-PT gateway in this paper, can realize the enforcement between IPv4and IPv6gateway effectively, It provides certain reference value for the future research of the translation technology in IPv6network transition period. |
PDF Full Text Request