Mechanisms for providing stateful NAT support in redundant and asymetric routing environments
First Claim
1. A method for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the method comprising:
- sending, from a first peer router, a first Elect Master message to at least one other peer router;
the first Elect Master message including information relating to characteristics associated with the first peer router;
receiving, at the first peer router, a second Elect Master message from a second peer router;
the second Elect Master message including information relating to characteristics associated with the second peer router;
populating a local Peer Resource Assignment Table with information obtained from received Elect Master messages; and
determining an identity of a master peer router using information obtained from the local Peer Resource Assignment Table.
0 Assignments
0 Petitions
Accused Products
Abstract
Various techniques are described which may be used for improving traffic flows between private networks and public networks. According to one aspect of the present invention, a technique is described for implementing asymmetric routing in a NAT routing environment. Another aspect of the present invention provides a technique for implementing load balancing and resource allocation assignments among peers in a redundant, multiple NAT router environment.
164 Citations
27 Claims
-
1. A method for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the method comprising:
-
sending, from a first peer router, a first Elect Master message to at least one other peer router; the first Elect Master message including information relating to characteristics associated with the first peer router; receiving, at the first peer router, a second Elect Master message from a second peer router; the second Elect Master message including information relating to characteristics associated with the second peer router; populating a local Peer Resource Assignment Table with information obtained from received Elect Master messages; and determining an identity of a master peer router using information obtained from the local Peer Resource Assignment Table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the method comprising:
-
generating, at a first peer router, a local Peer Resource Assignment Table which includes NAT resource assignment information relating to selected global address assignments and selected global port assignments allocated to selected peer routers; said NAT resource assignment information including first peer router information relating to global address assignments and selected global port assignments allocated to the first peer router; receiving a first packet relating to a first flow between a private network node and a public network node; allocating, using the first peer router information, a selected global address and a selected global port for the first flow; creating a first NAT entry associated with the first flow, the first NAT entry including information relating to the selected global address and the selected global port allocated for the first flow; sending at least one NAT Entry Update message to at least one other peer router; and wherein the at least one NAT Entry Update message includes information relating to the first NAT entry.
-
-
12. A method for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the method comprising:
-
generating, at a first peer router, a local Peer Resource Assignment Table which includes NAT resource assignment information relating to selected global address assignments and selected global port assignments allocated to selected peer routers; said NAT resource assignment information including first peer router information relating to global address assignments and selected global port assignments allocated to the first peer router; receiving a NAT Entry Update message from a second peer router, the NAT Entry Update message including information relating to a selected global address and a selected global port allocated for a first NAT entry; reserving the selected global address and the selected global port associated with the first NAT entry; and updating a local NAT Table with information relating to the first NAT entry.
-
-
13. A network device for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, the network device comprising:
-
at least one processor; at least one interface for providing a communication link to at least one other peer router; and at least one memory; the at least one processor or memory being configured to perform network address translation (NAT) for traffic flowing between the public and private networks; the at least one processor or memory being further configured to provide failover capability for the at least one of the other peer routers; the at least one processor or memory being further configured to send, from a first peer router, a first Elect Master message to at least one other peer router; the first Elect Master message including information relating to characteristics associated with the first peer router, said characteristics including an identity and an address associated with the first peer router; the at least one processor or memory being further configured to receive, at the first peer router, a second Elect Master message from a second peer router; the second Elect Master message including information relating to characteristics associated with the second peer router, said characteristics including an identity and an address associated with the second peer router; the at least one processor or memory being further configured to populate a local Peer Resource Assignment Table with information obtained from received Elect Master messages; and the at least one processor or memory being further configured to determine an identity of a master peer router using information obtained from the local Peer Resource Assignment Table. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A network device for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, the network device comprising:
-
at least one processor; at least one interface for providing a communication link to at least one other peer router; and at least one memory; the at least one processor or memory being configured to perform network address translation (NAT) for traffic flowing between the public and private networks; the at least one processor or memory being configured to provide failover capability for the at least one of the other peer routers; the at least one processor or memory being further configured to generate, at a first peer router, a local Peer Resource Assignment Table which includes NAT resource assignment information relating to selected global address assignments and selected global port assignments allocated to selected peer routers, said NAT resource assignment information including first peer router information relating to global address assignments and selected global port assignments allocated to the first peer router; the at least one processor or memory being further configured to receive a first packet relating to a first flow between a private network node and a public network node; the at least one processor or memory being further configured to allocate, using the first peer router information, a selected global address and a selected global port for the first flow; the at least one processor or memory being further configured to create a first NAT entry associated with the first flow, the first NAT entry including information relating to the selected global address and the selected global port allocated for the first flow; the at least one processor or memory being further configured to send at least one NAT Entry Update message to at least one other peer router; and wherein the at least one NAT Entry Update message includes information relating to the first NAT entry.
-
-
24. A network device for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, the network device comprising:
-
at least one processor; at least one interface for providing a communication link to at least one other peer router; and at least one memory; the at least one processor or memory being configured to perform network address translation (NAT) for traffic flowing between the public and private networks; the at least one processor or memory being further configured to provide failover capability for the at least one of the other peer routers; the at least one processor or memory being further configured to generate, at a first peer router, a local Peer Resource Assignment Table which includes NAT resource assignment information relating to selected global address assignments and selected global port assignments allocated to selected peer routers, said NAT resource assignment information including first peer router information relating to global address assignments and selected global port assignments allocated to the first peer router; the at least one processor or memory being further configured to receive a NAT Entry Update message from a second peer router, the NAT Entry Update message including information relating to a selected global address and a selected global port allocated for a first NAT entry; the at least one processor or memory being further configured to reserve the selected global address and the selected global port associated with the first NAT entry; and the network device being further configured or designed to update a local NAT Table with information relating to the first NAT entry.
-
-
25. A system for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the system comprising:
-
means for sending, from a first peer router, a first Elect Master message to at least one other peer router; the first Elect Master message including information relating to characteristics associated with the first peer router, said characteristics including an identity and an address associated with the first peer router; means for receiving, at the first peer router, a second Elect Master message from a second peer router; the second Elect Master message including information relating to characteristics associated with the second peer router, said characteristics including an identity and an address associated with the second peer router; means for populating a local Peer Resource Assignment Table with information obtained from received Elect Master messages; and means for determining an identity of a master peer router using information obtained from the local Peer Resource Assignment Table.
-
-
26. A system for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the system comprising:
-
means for generating, at a first peer router, a local Peer Resource Assignment Table which includes NAT resource assignment information relating to selected global address assignments and selected global port assignments allocated to selected peer routers; said NAT resource assignment information including first peer router information relating to global address assignments and selected global port assignments allocated to the first peer router; means for receiving a first packet relating to a first flow between a private network node and a public network node; means for allocating, using the first peer router information, a selected global address and a selected global port for the first flow; means for creating a first NAT entry associated with the first flow, the first NAT entry including information relating to the selected global address and the selected global port allocated for the first flow; means for sending at least one NAT Entry Update message to at least one other peer router; and wherein the at least one NAT Entry Update message includes information relating to the first NAT entry.
-
-
27. A system for performing resource allocation among a plurality of peer routers in a private network, the plurality of peer routers being adapted to provide connectivity between nodes in the private network and nodes in a public network, at least a first portion of the plurality of peer routers being adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, at least a second portion of the plurality of peer routers being adapted to provide failover capability for the at least one of the other peer routers, the system comprising:
-
means for generating, at a first peer router, a local Peer Resource Assignment Table which includes NAT resource assignment information relating to selected global address assignments and selected global port assignments allocated to selected peer routers; said NAT resource assignment information including first peer router information relating to global address assignments and selected global port assignments allocated to the first peer router; means for receiving a NAT Entry Update message from a second peer router, the NAT Entry Update message including information relating to a selected global address and a selected global port allocated for a first NAT entry; means for reserving the selected global address and the selected global port associated with the first NAT entry; and means for updating a local NAT Table with information relating to the first NAT entry.
-
Specification