Methods and systems for per-session network address translation (NAT) learning and firewall filtering in media gateway
First Claim
1. A method for per-session network address translation (NAT) learning in a media gateway, the method comprising:
- in a media gateway;
(a) receiving a media session setup request for establishing a media session;
(b) in response to the media session setup request, assigning a local network and transport address combination identifying a media processing resource within the media gateway for processing a media stream associated with the media session;
(c) receiving at least one initial media packet in the media stream, the initial media packet being addressed to the local network and transport address combination and having a source network address and a source transport address, at least one of the source network address and the source transport address being assigned by a network address translator;
(d) learning the source network address from the initial media packet;
(e) processing the initial media packet using the media processing resource assigned to the session;
(f) accepting and processing subsequent media packets having the assigned local network address and local transport address in their destination address fields and the learned source network address in their source address fields; and
(g) repeating steps (a)-(f) for each new incoming session to the media gateway and thereby performing NAT learning on a per-session basis.
14 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for per-session NAT learning and firewall filtering are disclosed. Media packets associated with a call/session are received and processed at a media gateway. For the first few received media packets associated with a session, the media gateway uses various unique methods to learn the actual source IP address and UDP port assigned to the remote communication terminal by its customer-premises Network Address Translators (NATs) to the media flows of the current session. After the remote IP and UDP are learned, the media gateway reconfigures its firewall filtering function to check both the dynamically learned remote IP and UDP and the locally assigned IP and UDP of the current session. The per-session NAT learning function removes reachability issues in VoIP deployment, and the per-session firewall filtering function enhances security protection in VoIP deployment.
79 Citations
50 Claims
-
1. A method for per-session network address translation (NAT) learning in a media gateway, the method comprising:
-
in a media gateway;
(a) receiving a media session setup request for establishing a media session;
(b) in response to the media session setup request, assigning a local network and transport address combination identifying a media processing resource within the media gateway for processing a media stream associated with the media session;
(c) receiving at least one initial media packet in the media stream, the initial media packet being addressed to the local network and transport address combination and having a source network address and a source transport address, at least one of the source network address and the source transport address being assigned by a network address translator;
(d) learning the source network address from the initial media packet;
(e) processing the initial media packet using the media processing resource assigned to the session;
(f) accepting and processing subsequent media packets having the assigned local network address and local transport address in their destination address fields and the learned source network address in their source address fields; and
(g) repeating steps (a)-(f) for each new incoming session to the media gateway and thereby performing NAT learning on a per-session basis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A media gateway with internal network address translation (NAT) learning capabilities, the media gateway comprising:
-
(a) a plurality of network interface cards for receiving media packets, for determining whether the media packets have been assigned to a session, and for forwarding the media packets that have been assigned to a session to a media processing resource;
(b) a plurality of media processing resources for processing the media packets that have been assigned to a session; and
(c) a NAT learning function located within the media gateway and operatively associated with the media processing resources and the network interface cards for learning dynamically assigned source addresses assigned to media packets and for communicating the learned source addresses to the network interface cards. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer program product for per-session network address translation (NAT) learning in a media gateway, the computer program product comprising computer executable instructions embodied in a computer readable medium for performing steps comprising:
-
in a media gateway;
(a) receiving a media session setup request for establishing a media session;
(b) in response to the media session setup request, assigning a local network and transport address combination identifying a media processing resource within the media gateway for processing a media stream associated with the media session;
(c) receiving at least one initial media packet in the media stream, the initial media packet being addressed to the local network and transport address combination, the initial media packet having a source network address and a source transport address, at least one of the source network address and the source transport address being assigned by a network address translator;
(d) learning the source network address;
(e) processing the initial media packet using the media processing resource assigned to the session;
(f) accepting and processing subsequent media packets having the local network address and local transport address in their destination address fields and the learned source network address in their source address fields; and
(g) repeating steps (a)-(f) for each new session to the media gateway and thereby performing NAT learning on a per-session basis. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification