NETWORK ADDRESS TRANSLATION BYPASSING BASED ON NETWORK LAYER PROTOCOL

US 20090245278A1
Filed: 03/31/2008
Published: 10/01/2009
Est. Priority Date: 03/31/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for routing network traffic between a plurality of local devices and a wide area network (WAN), comprising:

receiving an outgoing network layer packet destined for the WAN from one of the plurality of local devices;

determining if the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with a first network layer protocol or a local device that is configured for network communication in accordance with a second network layer protocol;

performing a network address translation function on the outgoing network layer packet prior to transmitting the outgoing network layer packet to the WAN responsive to determining that the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol; and

by passing the network address translation function and transmitting the outgoing network layer packet directly to the WAN responsive to at least determining that the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and apparatus are described herein that allow a mix computers or other devices that are configured for communication in accordance with different network layer protocols, such as Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), to share a single physical connection to a WAN. To achieve this, a networking device such as a router resides between a plurality of local devices and the physical connection to the WAN and routes network layer packets between the local devices and the WAN. The networking device determines whether each local device is IPv4-capable or IPv6-capable. Based on this determination, the networking device selectively applies Network Address Translation (NAT) and optional firewall functionality to network traffic originating from or destined for the IPv4-capable devices, while bypassing such functionality for IPv6 network traffic originating from or destined for the IPv6-capable devices.

65 Citations

View as Search Results

32 Claims

1. A method for routing network traffic between a plurality of local devices and a wide area network (WAN), comprising:
- receiving an outgoing network layer packet destined for the WAN from one of the plurality of local devices;
  
  determining if the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with a first network layer protocol or a local device that is configured for network communication in accordance with a second network layer protocol;
  
  performing a network address translation function on the outgoing network layer packet prior to transmitting the outgoing network layer packet to the WAN responsive to determining that the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol; and
  
  by passing the network address translation function and transmitting the outgoing network layer packet directly to the WAN responsive to at least determining that the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first network layer protocol is Internet Protocol version 4 (IPv4) and the second network layer protocol is Internet Protocol version 6 (IPv6).
  - 3. The method of claim 1, wherein the step of bypassing the network address translation function and transmitting the outgoing network layer packet directly to the WAN is also performed responsive to determining that the outgoing network layer packet is formatted in accordance with the second network layer protocol.
  - 4. The method of claim 1, further comprising:
    - performing a firewall function on the outgoing network layer packet prior to transmitting the outgoing network layer packet to the WAN responsive to determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the first network layer protocol; and
      
      bypassing the firewall function and transmitting the outgoing network layer packet directly to the WAN responsive to at least determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol.
  - 5. The method of claim 1, wherein determining if the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with a first network layer protocol or a local device that is configured for network communication in accordance with a second network layer protocol comprises:
    - obtaining a unique identifier from a header of an Ethernet frame that carries the outgoing network layer packet; and
      
      determining if the obtained unique identifier matches any one of one or more unique identifiers stored in a local memory, wherein the stored unique identifiers are associated with local devices that are configured for network communication in accordance with the second network layer protocol.
  - 6. The method of claim 5, further comprising:
    - receiving a link layer message from one of the plurality of local devices indicating that the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol; and
      
      storing a unique identifier associated with the one of the plurality of local devices in the local memory responsive to receiving the link layer message.
  - 7. The method of claim 5, further comprising:
    - analyzing one or more network layer packets received from one of the plurality of local devices to determine if the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol; and
      
      storing a unique identifier associated with the one of the plurality of local devices in the local memory responsive to determining that the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol.
  - 8. The method of claim 1, further comprising:
    - receiving an incoming network layer packet from the WAN;
      
      determining if the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol or a local device that is configured for network communication in accordance with the second network layer protocol;
      
      performing a network address translation function on the incoming network layer packet prior to transmitting the incoming network layer packet to one of the plurality of local devices responsive to determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol; and
      
      bypassing the network address translation function and transmitting the incoming network layer packet directly to one of the plurality of local devices responsive to at least determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.
  - 9. The method of claim 8, wherein the step of bypassing the network address translation function and transmitting the incoming network layer packet directly to one of the plurality of local devices is also performed responsive to determining that the incoming network layer packet is formatted in accordance with the second network layer protocol.
  - 10. The method of claim 8, further comprising:
    - performing a firewall function on the incoming network layer packet prior to transmitting the incoming network layer packet to one of the plurality of local devices responsive to determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol; and
      
      bypassing the firewall function and transmitting the incoming network layer packet directly to one of the plurality of local devices responsive to at least determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.

11. An apparatus, comprising:
- a first interface configured for communication with a WAN;
  
  a plurality of second interfaces, each of the plurality of second interfaces configured for communication with a corresponding one of a plurality of local devices;
  
  network address translation (NAT) logic; and
  
  first control logic coupled to the first interface, the plurality of second interfaces and the NAT logic, wherein the first control logic is configured to receive an outgoing network layer packet from one of the plurality of local devices via a corresponding second interface and to determine if the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with a first network layer protocol or a local device that is configured for network communication in accordance with a second network layer protocol;
  
  the first control logic being further configured to pass the outgoing network layer packet to the NAT logic prior to transmission of the outgoing network layer packet to the WAN via the first interface responsive to determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the first network layer protocol, and to bypass the NAT logic and transmit the outgoing network layer packet directly to the WAN via the first interface responsive to at least determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, wherein the first network layer protocol is Internet Protocol version 4 (IPv4) and the second network layer protocol is Internet Protocol version 6 (IPv6).
  - 13. The apparatus of claim 11, wherein the first control logic is configured to bypass the NAT logic and transmit the outgoing network layer packet directly to the WAN via the first interface responsive also to determining that the outgoing network layer packet is formatted in accordance with the second network layer protocol.
  - 14. The apparatus of claim 11, further comprising:
    - firewall logic;
      
      wherein the first control logic is further configured to pass the outgoing network layer packet to the firewall logic prior to transmission of the outgoing network layer packet to the WAN via the first interface responsive to determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the first network layer protocol and to bypass the firewall logic and transmit the outgoing network layer packet directly to the WAN via the first interface responsive to at least determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol.
  - 15. The apparatus of claim 11, wherein the first control logic is configured to obtain a unique identifier from a header of an Ethernet frame that carries the outgoing network layer packet and to determine if the obtained unique identifier matches any one of one or more unique identifiers stored in a local memory, wherein the stored unique identifiers are associated with local devices that are configured for network communication in accordance with the second network layer protocol.
  - 16. The apparatus of claim 15, wherein the first control logic is further configured to receive a link layer message from one of the plurality of local devices indicating that the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol and to store a unique identifier associated with the one of the plurality of local devices in the local memory responsive to receiving the link layer message.
  - 17. The apparatus of claim 15, wherein the first control logic is further configured to analyze one or more network layer packets received from one of the plurality of local devices to determine if the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol and to store a unique identifier associated with the one of the plurality of local devices in the local memory responsive to determining that the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol.
  - 18. The apparatus of claim 11, further comprising:
    - second control logic coupled to the first interface, the plurality of second interfaces and the NAT logic;
      
      wherein the second control logic is configured to receive an incoming network layer packet from the WAN via the first interface, to determine if the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol or a local device that is configured for network communication in accordance with the second network layer protocol, to pass the incoming network layer packet to the NAT logic prior to transmission to one of the plurality of local devices via a corresponding second interface responsive to determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol and to bypass the NAT logic and transmit the incoming network layer packet directly to one of the plurality of local devices via a corresponding second interface responsive to at least determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.
  - 19. The apparatus of claim 18, wherein the second control logic is configured to bypass the NAT logic and transmit the incoming network layer packet directly to one of the plurality of local devices via a corresponding second interface responsive also to determining that the incoming network layer packet is formatted in accordance with the second network layer protocol.
  - 20. The apparatus of claim 18, further comprising:
    - firewall logic;
      
      wherein the second control logic is further configured to pass the incoming network layer packet to the firewall logic prior to transmission to one of the plurality of local devices via a corresponding second interface responsive to determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol and to bypass the firewall logic and to transmit the incoming network layer packet directly to one of the plurality of local devices via a corresponding second interface responsive to at least determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.

21. A computer program product comprising a computer-readable medium having computer program logic recorded thereon for enabling a processing unit to route network traffic between a plurality of local devices and a wide area network (WAN), the computer program logic comprising:
- first means for enabling the processing unit to receive an outgoing network layer packet destined for the WAN from one of the plurality of local devices;
  
  second means for enabling the processing unit to determine if the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with a first network layer protocol or a local device that is configured for network communication in accordance with a second network layer protocol;
  
  third means for enabling the processing unit to perform a network address translation function on the outgoing network layer packet prior to transmitting the outgoing network layer packet to the WAN responsive to a determination that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the first network layer protocol; and
  
  fourth means for enabling the processing unit to bypass the network address translation function and transmit the outgoing network layer packet directly to the WAN responsive to at least a determination that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 32)
- - 22. The computer program product of claim 21, wherein the first network layer protocol is Internet Protocol version 4 (IPv4) and the second network layer protocol is Internet Protocol version 6 (IPv6).
  - 23. The computer program product of claim 21, wherein the fourth means comprises means for enabling the processing unit to bypass the network address translation function and transmit the outgoing network layer packet directly to the WAN responsive to a determination that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol and to a determination that that the outgoing network layer packet is formatted in accordance with the second network layer protocol.
  - 24. The computer program product of claim 21, wherein the computer program logic further includes:
    - means for enabling the processing unit to perform a firewall function on the outgoing network layer packet prior to transmitting the outgoing network layer packet to the WAN responsive to a determination that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the first network layer protocol; and
      
      means for enabling the processing unit to bypass the firewall function and transmit the outgoing network layer packet directly to the WAN responsive to at least a determination that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol.
  - 25. The computer program product of claim 21, wherein the second means comprises:
    - means for enabling the processing unit to obtain a unique identifier from a header of an Ethernet frame that carries the outgoing network layer packet; and
      
      means for enabling the processing unit to determine if the obtained unique identifier matches any one of one or more unique identifiers stored in local memory, wherein the stored unique identifiers are associated with local devices that are configured for network communication in accordance with the second network layer protocol.
  - 26. The computer program product of claim 25, wherein the computer program logic further comprises:
    - means for enabling the processing unit to receive a link layer message from one of the plurality of local devices indicating that the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol; and
      
      means for enabling the processing unit to store a unique identifier associated with the one of the plurality of local devices in the local memory responsive to receiving the link layer message.
  - 27. The computer program product of claim 25, wherein the computer program logic further comprises:
    - means for enabling the processing unit to analyze one or more network layer packets received from one of the plurality of local devices to determine if the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol; and
      
      means for enabling the processing unit to store a unique identifier associated with the one of the plurality of local devices in the local memory responsive to determining that the one of the plurality of local devices is configured for network communication in accordance with the second network layer protocol.
  - 28. The computer program product of claim 21, wherein the computer program logic further comprises:
    - fifth means for enabling the processing unit to receive an incoming network layer packet from the WAN;
      
      sixth means for enabling the processing unit to determine if the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol or a local device that is configured for network communication in accordance with the second network layer protocol;
      
      seventh means for enabling the processing unit to perform a network address translation function on the incoming network layer packet prior to transmitting the incoming network layer packet to one of the plurality of local devices responsive to a determination that that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol; and
      
      eighth means for enabling the processing unit to bypass the network address translation function and transmit the incoming network layer packet directly to one of the plurality of local devices responsive to at least a determination that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.
  - 29. The computer program product of claim 28, wherein the eighth means comprises means for enabling the processing unit to bypass the network address translation function and transmit the incoming network layer packet directly to one of the plurality of local devices responsive to a determination that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol and to a determination that that the outgoing network layer packet is formatted in accordance with the second network layer protocol.
  - 30. The computer program product of claim 28, wherein the computer program logic further comprises:
    - means for enabling the processing unit to perform a firewall function on the incoming network layer packet prior to transmitting the incoming network layer packet to one of the plurality of local devices responsive to a determination that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol; and
      
      means for enabling the processing unit to bypass the firewall function and transmit the incoming network layer packet directly to one of the plurality of local devices responsive to at least a determination that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.
  - 32. The apparatus of claim 25, further comprising:
    - second control logic coupled to the wired interface, the wireless interface and the NAT logic, the second control logic configured to receive an incoming network layer packet from the WAN via the wired interface, to determine if the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol or a local device that is configured for network communication in accordance with the second network layer protocol, to pass the incoming network layer packet to the NAT logic prior to transmission to one of the plurality of local devices via the wireless interface responsive to determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the first network layer protocol and to bypass the NAT logic and transmit the incoming network layer packet directly to one of the plurality of local devices via the wireless interface responsive to at least determining that the incoming network layer packet is associated with a local device that is configured for network communication in accordance with the second network layer protocol.

31. An apparatus, comprising:
- a wired interface configured for communication with a WAN;
  
  a wireless interface configured for communication with a plurality of local devices;
  
  network address translation (NAT) logic; and
  
  first control logic coupled to the wired interface, the wireless interface and the NAT logic, wherein the first control logic is configured to receive an outgoing network layer packet from one of the plurality of local devices via the wireless interface and to determine if the outgoing network layer packet is associated with a local device that is configured for network communication in accordance with a first network layer protocol or a local device that is configured for network communication in accordance with a second network layer protocol;
  
  the first control logic being further configured to pass the outgoing network layer packet to the NAT logic prior to transmission of the outgoing network layer packet to the WAN via the wired interface responsive to determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the first network layer protocol, and to bypass the NAT logic and transmit the outgoing network layer packet directly to the WAN via the wired interface responsive to at least determining that the outgoing network layer packet is associated with a local device that is configured for communication in accordance with the second network layer protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Kee, Tommy Wing Chau

Application Number

US12/059,062
Publication Number

US 20090245278A1
Time in Patent Office

Days
Field of Search
US Class Current

370/467
CPC Class Codes

H04L 61/251 between different IP versions

H04L 61/2546 Arrangements for avoiding u...

NETWORK ADDRESS TRANSLATION BYPASSING BASED ON NETWORK LAYER PROTOCOL

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK ADDRESS TRANSLATION BYPASSING BASED ON NETWORK LAYER PROTOCOL

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links