REDUNDANCY SUPPORT FOR NETWORK ADDRESS TRANSLATION (NAT)

US 20100254255A1
Filed: 04/13/2010
Published: 10/07/2010
Est. Priority Date: 10/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method in a first network device, the method comprising:

associating to said first network device a base address corresponding to a first pool of first addresses that are not owned by said first network device;

detecting, by said first network device, a failure of a second network device; and

asserting ownership, by said first network device, of a plurality of said first addresses of said first pool corresponding to said base address, in response to detection by said first network device of said failure.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Stateful failover redundancy support is provided for network address translation (NAT). A master NAT device is backed-up with at least one back-up NAT device. Existing sessions are synchronized between the two NAT devices, such as via a dedicated link between them. In the event of a failover where the master NAT device is unable to perform its NAT functions, ownership of Internet protocol (IP) addresses is transferred from the master NAT device to the back-up NAT device. The back-up NAT device, which is now owner of the IP addresses, assumes the NAT functionality associated with these IP addresses and continues the existing sessions, as well as processing new sessions.

73 Citations

View as Search Results

20 Claims

1. A method in a first network device, the method comprising:
- associating to said first network device a base address corresponding to a first pool of first addresses that are not owned by said first network device;
  
  detecting, by said first network device, a failure of a second network device; and
  
  asserting ownership, by said first network device, of a plurality of said first addresses of said first pool corresponding to said base address, in response to detection by said first network device of said failure.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising while said first network device does not said own said first pool of first addresses, performing network address translation (NAT) or routing, by said first network device, for a second pool of second addresses.
  - 3. The method of claim 1 wherein said asserting ownership of the plurality of said first addresses of said first pool corresponding to said base address includes:
    - asserting ownership, by said first network device, of all of said first addresses of said first pool corresponding to said base address.

4. An apparatus, comprising:
- a first network device configured to be associated with a base address corresponding to a first pool of first addresses that are not owned by said first network device, wherein the first network device is further configured to;
  
  detect a failure of a second network device; and
  
  assert ownership of a plurality of said first addresses of said first pool corresponding to said base address, in response to detection of said failure.
- View Dependent Claims (5, 6, 7)
- - 5. The apparatus of claim 4 wherein the first network device is further configured to, while said first network device does not said own said first pool of first addresses, perform network address translation (NAT) or routing for a second pool of second addresses.
  - 6. The apparatus of claim 4 wherein to said assert ownership of the plurality of said first addresses of said first pool corresponding to said base address, the first network device is configured to assert ownership of all of said first addresses of said first pool corresponding to said base address.
  - 7. The apparatus of claim 4 wherein the first network device includes a switch.

8. A system, comprising:
- a first network device configured to be associated with a base address corresponding to a first pool of first addresses that are not owned by said first network device; and
  
  a second network device to own said first pool of first addresses that are not owned by said first network device, wherein said first network device is further configured to;
  
  detect a failure of said second network device; and
  
  assert ownership of a plurality of said first addresses of said first pool corresponding to said base address, in response to detection of said failure.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8 wherein said first and second network devices each include a switch.
  - 10. The system of claim 8 wherein said first network device is further configured to, while said first network device does not said own said first pool of first addresses, perform network address translation (NAT) or routing for a second pool of second addresses.
  - 11. The system of claim 10, further comprising a peer network device, wherein:
    - said first network device is further configured to share, with said peer network device, a base address corresponding to said second pool of second addresses, which are owned by said first network device;
      
      said first network device is further configured to provide, to said peer network device, heartbeat messages and session synchronization information associated with said NAT or said routing performed by said first network device for said second pool of second addresses; and
      
      if said first network device has a failure, said failure of said first network device is detectable from an absence of said heartbeat messages and wherein said session synchronization information provided by said first device is usable by said peer network device to continue a session that is being carried by said first network device prior to said failure of said first network device.
  - 12. The system of claim 8 wherein said first network device is further configured to receive, from said second network device, heartbeat messages while said first network device does not said own said first pool of first addresses, said first network device being configured to receive said heartbeat messages on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.
  - 13. The system of claim 8 wherein said first network device is further configured to receive, from said second network device, session synchronization information while said first network device does not said own said first pool of first addresses, said first network device being configured to receive said session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.
  - 14. The system of claim 8 wherein to said assert ownership, said first network device is configured to send a message to at least one peer network device that provides notification that said first network device is a new master device that owns said plurality of said first addresses of said first pool corresponding to said base address.
  - 15. The system of claim 14 wherein said message is a gratuitous address resolution protocol (ARP) message.
  - 16. The system of claim 8 wherein to said assert ownership of the plurality of said first addresses of said first pool corresponding to said base address, the first network device is configured to assert ownership of all of said first addresses of said first pool corresponding to said base address.

17. An apparatus, comprising:
- device means for owning a base address corresponding to a first pool of first addresses, said first pool of first addresses being associated to but not owned by another device; and
  
  port means of said device means for receiving traffic,wherein ownership of a plurality of said first addresses of said first pool corresponding to said base address changes from said device means to said another device, in response to a failure of said device means with respect to any individual one of said first addresses in said first pool.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17 wherein said ownership that changes to said another device includes ownership of all of said first addresses of said first pool.
  - 19. The apparatus of claim 17 wherein said device means includes a network address translation (NAT) device.
  - 20. The apparatus of claim 17, further comprising connection means for sending session synchronization information and heartbeat messages from said device means to said another device while said port means receives said traffic, said connection means including a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry said traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Foundry Networks Incorporated (Broadcom, Inc.)
Inventors
Devarapalli, Sridhar J.

Granted Patent

US 8,755,267 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/216
CPC Class Codes

G06F 15/16   Combinations of two or more...

H04L 45/28   using route fault recovery

H04L 45/586   of virtual routers

H04L 49/354   for supporting virtual loca...

H04L 61/2514   between local and global IP...

H04L 69/40   for recovering from a failu...

REDUNDANCY SUPPORT FOR NETWORK ADDRESS TRANSLATION (NAT)

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

REDUNDANCY SUPPORT FOR NETWORK ADDRESS TRANSLATION (NAT)

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links