Dynamic per-session NAT-behavior selection

US 10,412,122 B1
Filed: 01/22/2016
Issued: 09/10/2019
Est. Priority Date: 01/22/2016
Status: Active Grant

First Claim

Patent Images

1. A method for establishing communication sessions based on a Network Address Translation (NAT) device, the method comprising:

configuring the NAT device with a policy to control creation of NAT translation entries to support communications between devices residing behind the NAT device and devices residing outside the NAT device;

concurrently establishing, in accordance with the policy;

a first communication session with a first NAT traversal behavior selected from potential NAT traversal behaviors, the potential NAT traversal behaviors including variations in access to the devices behind the NAT device, anda second communication session with a second NAT traversal behavior selected from the potential NAT traversal behaviors, wherein the second NAT traversal behavior is different from the first NAT traversal behavior; and

configuring the NAT device to maintain a control plane session with an orchestrator device, wherein the NAT device obtains parameters used to establish translation entries for the first communication session and the second communication session, the parameters related to the potential NAT traversal behaviors;

wherein the orchestrator device is configured to use a control plane protocol to prime the NAT device with unique identifiers and unique attributes for specific incoming location sessions to facilitate NAT traversal.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing a communication sessions based on a Network Address Translation (NAT) device is provided. The method comprises configuring the NAT device with policy to control the creation of NAT translation entries to support communications between devices residing behind the NAT device, and devices residing outside the NAT device; wherein said policy allows the NAT device to establish multiple communications sessions, each with a dynamic NAT traversal behavior; and configuring the NAT device to maintain a control plane session with an orchestrator device whereby the NAT device learns parameters required to establish a translation entry for each communications session.

29 Citations

View as Search Results

14 Claims

1. A method for establishing communication sessions based on a Network Address Translation (NAT) device, the method comprising:
- configuring the NAT device with a policy to control creation of NAT translation entries to support communications between devices residing behind the NAT device and devices residing outside the NAT device;
  
  concurrently establishing, in accordance with the policy;
  
  a first communication session with a first NAT traversal behavior selected from potential NAT traversal behaviors, the potential NAT traversal behaviors including variations in access to the devices behind the NAT device, anda second communication session with a second NAT traversal behavior selected from the potential NAT traversal behaviors, wherein the second NAT traversal behavior is different from the first NAT traversal behavior; and
  
  configuring the NAT device to maintain a control plane session with an orchestrator device, wherein the NAT device obtains parameters used to establish translation entries for the first communication session and the second communication session, the parameters related to the potential NAT traversal behaviors;
  
  wherein the orchestrator device is configured to use a control plane protocol to prime the NAT device with unique identifiers and unique attributes for specific incoming location sessions to facilitate NAT traversal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further configuring the NAT device to perform additional operations comprising:
    - receive NAT attributes for a second NAT device behind which a second device is located;
      
      create a pending translation entry for communication between a device residing behind the NAT device and the second device; and
      
      based on a connection being established between the device residing behind the NAT device and the second device, complete the pending translation entry.
  - 3. The method of claim 2, wherein priming the NAT device includes configuring the NAT device to perform further operations comprising:
    - receive a discriminator value from the orchestrator device, the discriminator value associated with the second device; and
      
      receive a message that includes the discriminator value from the second device;
      
      wherein completing the pending translation entry is further based on receiving the message.
  - 4. The method of claim 3, wherein the message is encrypted using the discriminator value as an encryption key.
  - 5. The method of claim 1, wherein the first NAT traversal behavior includes an Endpoint Independent traversal, and the second NAT traversal behavior includes a Symmetric traversal behavior.
  - 6. The method of claim 1, further comprising changing the NAT traversal behavior associated with the first communication session from the first NAT traversal behavior to a third NAT traversal behavior, selected from the potential NAT traversal behaviors, is first communication session.

7. One or more non-transitory computer-readable media containing instructions that, when executed by one or more processors, are configured to cause a Network Address Translation (NAT) device to perform operations, the operations comprising:
- obtain a policy to control creation of NAT translation entries to support communications between devices residing behind the NAT device and devices residing outside the NAT device;
  
  concurrently establish, in accordance with the policy;
  
  a first communication session with a first NAT traversal behavior selected from potential NAT traversal behaviors, the potential NAT traversal behaviors include variations in access to the devices behind the NAT device, anda second communication session with a second NAT traversal behavior selected from the potential NAT traversal behaviors, wherein the second NAT traversal behavior is different from the first NAT traversal behavior;
  
  maintain a control plane session with an orchestrator device; and
  
  obtain, via the control plane session, parameters used to establish translation entries for the first communication session and the second communication session, the parameters related to the potential NAT traversal behaviors; and
  
  receive, from the orchestrator device via a control plane protocol, unique identifiers and unique attributes for specific incoming location sessions to prime the NAT device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable media of claim 7, the operations further comprising:
    - receive NAT attributes for a second NAT device behind which a second device is located;
      
      create a pending translation entry for communication between a device residing behind the NAT device and the second device; and
      
      based on a connection being established between the device residing behind the NAT device and the second device, complete the pending translation entry.
  - 9. The computer-readable media of claim 8, wherein priming the NAT device includes further operations comprising:
    - receive a discriminator value from the orchestrator device, the discriminator value associated with the second device; and
      
      receive a message that includes the discriminator value from the second device;
      
      wherein completing the pending translation entry is further based on receiving the message.
  - 10. The computer-readable media of claim 9, wherein the message is encrypted using the discriminator value as an encryption key.
  - 11. The computer-readable media of claim 7, wherein the first NAT traversal behavior includes an Endpoint Independent traversal, and the second NAT traversal behavior includes a Symmetric traversal behavior.
  - 12. The computer-readable media of claim 7, the operations further comprising change the NAT traversal behavior associated with the first communication session from the first NAT traversal behavior to a third NAT traversal behavior, selected from the potential NAT traversal behaviors, during the first communication session.

13. A system comprising:
- an orchestrator device; and
  
  a Network Address Translation (NAT) device in communication with the orchestrator device and comprising;
  
  one or more processors; and
  
  one or more non-transitory computer-readable media containing instructions that, when executed by the one or more processors, are configured to cause the NAT device to perform operations, the operations comprising;
  
  obtain a policy to control creation of NAT translation entries to support communications between devices residing behind the NAT device and devices residing outside the NAT device;
  
  concurrently establish, in accordance with the policy;
  
  a first communication session with a first NAT traversal behavior selected from potential NAT traversal behaviors, the potential NAT traversal behaviors include variations in access to the devices behind the NAT device, anda second communication session with a second NAT traversal behavior selected from the potential NAT traversal behaviors, wherein the second NAT traversal behavior is different from the first NAT traversal behavior;
  
  maintain a control plane session with the orchestrator device;
  
  obtain, via the control plane session, parameters used to establish translation entries for the first communication session and the second communication session, the parameters related to the potential NAT traversal behaviors; and
  
  receive, from the orchestrator device via a control plane protocol, unique identifiers and unique attributes for specific incoming location sessions to prime the NAT device.
- View Dependent Claims (14)
- - 14. The system of claim 13, wherein the operations further comprise changing the NAT traversal behavior associated with the first communication session from the first NAT traversal behavior to a third NAT traversal behavior, selected from the potential NAT traversal behaviors, first communication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Olofsson, Lars Olof Stefan, Raza, Syed Khalid, Attarwala, Murtuza
Primary Examiner(s)
Serrao, Ranodhi
Assistant Examiner(s)
Fiorillo, James N

Application Number

US15/004,882
Time in Patent Office

1,327 Days
Field of Search

709227, 709228, 709230, 709245, 709223, 370252, 370389, 726 1, 726 11
US Class Current
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/256   NAT traversal

H04L 65/1069   Session establishment or de...

H04L 65/1086   session scope modification

Dynamic per-session NAT-behavior selection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic per-session NAT-behavior selection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links