Stateful network address translation protocol implemented over a data network

US 20060120366A1
Filed: 01/09/2006
Published: 06/08/2006
Est. Priority Date: 09/12/2000
Status: Active Grant

First Claim

Patent Images

1. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:

receiving, at a first network device, a first NAT transaction message which includes updated network address translation information generated by a second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; and

determining, using information in the first NAT ID field, whether modification of the first NAT entry may be performed at the first NAT data structure;

modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;

wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.

59 Citations

View as Search Results

31 Claims

1. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
- receiving, at a first network device, a first NAT transaction message which includes updated network address translation information generated by a second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; and
  
  determining, using information in the first NAT ID field, whether modification of the first NAT entry may be performed at the first NAT data structure;
  
  modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;
  
  wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - determining a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and
      
      determining, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage updates or modifications regarding the first NAT entry.
  - 3. The method of claim 1 further comprising:
    - permitting the first network device to modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.
  - 4. The method of claim 1 further comprising:
    - preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.

5. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
- receiving, at a first network device, a first NAT transaction message which includes updated network address translation information generated by a second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device; and
  
  modifying NAT information stored at the first NAT data structure using information from said first NAT transaction message to thereby achieve synchronization of NAT information stored on the first and second network devices;
  
  wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The method of claim 5 wherein the first network device is configured as a primary traffic handling device of a primary-backup redundancy group, and wherein the at least one other network device is configured as a backup traffic handling device of the primary-backup redundancy group.
  - 7. The method of claim 5 wherein the first network device is configured as an active traffic handling device of an active-standby redundancy group, and wherein the at least one other network device is configured as a standby traffic handling device of the active-standby redundancy group.
  - 8. The method of claim 5 wherein the first network device is configured as an first peer traffic handling device of a peer-peer redundancy group, and wherein the at least one other network device is configured as a second peer traffic handling device of the peer-peer redundancy group.
  - 9. The method of claim 5 wherein the NAT transaction message includes instructions to add a new NAT entry to the first NAT data structure.
  - 10. The method of claim 5 wherein the NAT transaction message includes instructions to delete a specific NAT entry stored in the first NAT data structure.
  - 11. The method of claim 5 wherein the NAT transaction message includes instructions to modify an existing NAT entry in the first NAT data structure.

12. A network device configured to implement redundancy of stateful network address translation information in a data network, the network device comprising:
- at least one processor;
  
  at least one interface configured or designed to provide a communication link to a second network device in the data network; and
  
  memory;
  
  said at least one processor being configured to store in said memory a plurality of data structures, including;
  
  a first network address translation (NAT) data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and
  
  a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure;
  
  the network device being configured or designed to;
  
  receive a first NAT transaction message which includes updated network address translation information generated by a second network device, the second network device having associated therewith a second NAT data structure, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; and
  
  determine, using information in the first NAT ID field, whether modification of the first NAT entry may be performed at the first NAT data structure;
  
  modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;
  
  wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second NAT data structures.
- View Dependent Claims (13, 14, 15)
- - 13. The network device of claim 12 being further configured or designed to:
    - determine a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and
      
      determine, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage updates or modifications regarding the first NAT entry.
  - 14. The network device of claim 12 being further configured or designed to:
    - permit the first network device to modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.
  - 15. The network device of claim 12 being further configured or designed to:
    - preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.

16. A network device for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the network device comprising:
- at least one processor;
  
  at least one interface configured or designed to provide a communication link to a second network device in the data network; and
  
  memory;
  
  said at least one processor being configured to store in said memory a plurality of data structures, including;
  
  a first network address translation (NAT) data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and
  
  a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure;
  
  the network device being configured or designed to;
  
  receive a first NAT transaction message which includes updated network address translation information generated by a second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure; and
  
  modify NAT information at the first NAT data structure using information from said first NAT transaction message;
  
  wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The network device of claim 16:
    - wherein the second network device has associated therewith a second NAT data structure; and
      
      wherein modification of the NAT information at the first NAT data structure results in synchronization of NAT information at the first and second NAT data structures.
  - 18. The network device of claim 16:
    - wherein the network device is configured as a primary traffic handling device of a primary-backup redundancy group; and
      
      wherein the at least one other network device is configured as a backup traffic handling device of the primary-backup redundancy group.
  - 19. The network device of claim 16:
    - wherein the network device is configured as an active traffic handling device of an active-standby redundancy group; and
      
      wherein the at least one other network device is configured as a standby traffic handling device of the active-standby redundancy group.
  - 20. The network device of claim 16:
    - wherein the network device is configured as an first peer traffic handling device of a peer-peer redundancy group; and
      
      wherein the at least one other network device is configured as a second peer traffic handling device of the peer-peer redundancy group.
  - 21. The network device of claim 16 wherein the NAT transaction message includes instructions to add a new NAT entry to the first NAT data structure.
  - 22. The network device of claim 16 wherein the NAT transaction message includes instructions to delete a specific NAT entry stored in the first NAT data structure.
  - 23. The network device of claim 16 wherein the NAT transaction message includes instructions to modify an existing NAT entry in the first NAT data structure.

24. A system for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the system comprising:
- means for receiving, at a first network device, a first NAT transaction message which includes updated network address translation information generated by a second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; and
  
  means for determining, using information in the first NAT ID field, whether modification of the first NAT entry may be performed at the first NAT data structure;
  
  means for modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;
  
  wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices.
- View Dependent Claims (25, 26, 27)
- - 25. The system of claim 24 further comprising:
    - means for determining a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and
      
      means for determining, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage updates or modifications regarding the first NAT entry.
  - 26. The system of claim 24 further comprising:
    - means for permitting the first network device to modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.
  - 27. The system of claim 24 further comprising:
    - means for preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.

28. A system for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the system comprising:
- means for receiving, at a first network device, a first NAT transaction message which includes updated network address translation information generated by a second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device; and
  
  means for modifying NAT information stored at the first NAT data structure using information from said first NAT transaction message to thereby achieve synchronization of NAT information stored on the first and second network devices;
  
  wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.
- View Dependent Claims (29, 30, 31)
- - 29. The system of claim 28 wherein the first network device is configured as a primary traffic handling device of a primary-backup redundancy group, and wherein the at least one other network device is configured as a backup traffic handling device of the primary-backup redundancy group.
  - 30. The system of claim 28 wherein the first network device is configured as an active traffic handling device of an active-standby redundancy group, and wherein the at least one other network device is configured as a standby traffic handling device of the active-standby redundancy group.
  - 31. The system of claim 28 wherein the first network device is configured as an first peer traffic handling device of a peer-peer redundancy group, and wherein the at least one other network device is configured as a second peer traffic handling device of the peer-peer redundancy group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Venkateshaiah, Murali, Jayasenan, Siva S., Sullenberger, Mike, Denny, Mark

Granted Patent

US 7,894,427 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2503   Translation of Internet pro...

H04L 61/2532   Clique of NAT servers

Stateful network address translation protocol implemented over a data network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Stateful network address translation protocol implemented over a data network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links