Mechanisms for providing stateful NAT support in redundant and asymetric routing environments

US 7,280,557 B1
Filed: 06/28/2002
Issued: 10/09/2007
Est. Priority Date: 06/28/2002
Status: Active Grant

First Claim

Patent Images

1. A method for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the method comprising:

receiving at a first router of the plurality of routers a first packet relating to a first flow between a private network node and a public network node;

associating the first flow with a first NAT entry;

starting a first timeout timer associated with the first NAT entry; and

sending a Delete Query message to at least one second router of the plurality of routers in response to detecting that the first timeout timer has expired so as to query the at least one second router for selected information relating to the first NAT entry.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various techniques are described which may be used for improving traffic flows between private networks and public networks. According to one aspect of the present invention, a technique is described for implementing asymmetric routing in a NAT routing environment. Another aspect of the present invention provides a technique for implementing load balancing and resource allocation assignments among peers in a redundant, multiple NAT router environment.

118 Citations

View as Search Results

37 Claims

1. A method for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the method comprising:
- receiving at a first router of the plurality of routers a first packet relating to a first flow between a private network node and a public network node;
  
  associating the first flow with a first NAT entry;
  
  starting a first timeout timer associated with the first NAT entry; and
  
  sending a Delete Query message to at least one second router of the plurality of routers in response to detecting that the first timeout timer has expired so as to query the at least one second router for selected information relating to the first NAT entry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the first router corresponds to an active router;
    - andwherein the second router corresponds to a standby router.
  - 3. The method of claim 1 wherein at least a portion of said selected information is not stored locally at the first router.
  - 4. The method of claim 1 further comprising starting a delete response timer and restarting the delete response timer only if a response is received for the Delete Query message.
  - 5. The method of claim 4, further comprising deleting the first NAT entry upon expiration of the delete response timer.
  - 6. The method of claim 1 further comprising:
    - receiving a Delete Response message from the second router;
      
      wherein the Delete Response message includes a timer restart value relating to an additional time period for extending a lifetime associated with the first NAT entry.
  - 7. The method of claim 6 further comprising:
    - deleting the first NAT entry if the timer restart value is equal to zero; and
      
      restarting the first timeout timer if the timer restart value is greater than zero.
  - 8. The method of claim 7 wherein the first timeout timer is restarted in a manner such that the first timeout timer will expire after a time period substantially equal to the timer restart value.

9. A method for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the method comprising:
- receiving, at a first router of the plurality of routers, a first packet relating to a first flow between a private network node and a public network node;
  
  the first packet being associated with a first NAT entry at the first router;
  
  the first NAT entry having first local timestamp information associated therewith;
  
  recording a first timestamp value relating to a time when the first packet was received at the first router;
  
  updating the first local timestamp information with the first timestamp value; and
  
  performing, at the first router, network address translation on the first packet.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 wherein the first router corresponds to a standby router which is currently operating in a standby mode of operation, in order to provide failover capability to the at least one active router.
  - 11. The method of claim 10 wherein the first packet corresponds to an egress-to-ingress packet sent from a public network node to a private network node.
  - 12. The method of claim 9 further comprising receiving NAT entry update information from the at least one active router.
  - 13. The method of claim 9 further comprising:
    - receiving a Delete Query message from at least one second router of the plurality of routers;
      
      the Delete Query message being associated with the first NAT entry;
      
      calculating a first timer restart value in response to response to receiving the Delete Query message;
      
      wherein the first timer restart value represents an additional time period which may be used for extending a lifetime associated with the first NAT entry.
  - 14. The method of claim 13 wherein the first router corresponds to a standby router;
    - andwherein the second router corresponds to an active router.
  - 15. The method of claim 13 further comprising sending a Delete Response message from the first router to the second router;
    - wherein the Delete Response includes said timer restart value.

16. A system for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the system comprising:
- a plurality of routers;
  
  the plurality of routers including a first active router having a memory and a processor, wherein at least one of the memory or processor of the first active router is configured to perform network address translation (NAT) for traffic flowing between the public and private networks;
  
  the plurality of routers further including a first standby router having a memory and a processor, wherein at least one of the memory or processor of the first standby router is configured to provide failover capability for the first active router;
  
  the at least one of the memory or processor of the first active router being further configured to receive a first ingress-to-egress packet from a first node in the private network;
  
  the at least one of the memory or processor of the first active router being further configured to perform network address translation on the first packet, wherein the first packet is associated with a first NAT entry;
  
  the at least one of the memory or processor of the first standby router being further configured to receive a second egress-to-ingress packet from a second node in the public network; and
  
  the at least one of the memory or processor of the first standby router being further configured to perform network address translation on the second packet.
- View Dependent Claims (17, 18)
- - 17. The system of claim 16 wherein the second packet is associated with the first NAT entry.
  - 18. The system of claim 16, the at least one of the memory or processor of the first active router being further configured to forward the first packet from the first active router to the second node in the public network;
    - andthe at least one of the memory or processor of the first standby router being further configured to forward the second packet from the first standby router to the first node in the private network.

19. A system for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the system comprising:
- a plurality of routers each having at least one memory and at least one processor;
  
  the plurality of routers including at least one active router, wherein the at least one of the memory or processor of the at least one active router is configured to perform network address translation (NAT) for traffic flowing between the public and private networks;
  
  the plurality of routers further including at least one standby router, wherein the at least one of the memory or processor of the at least one standby router is configured to provide failover capability for the at least one active router;
  
  the at least one of the memory or processor of the routers being configured to provide asymmetric traffic flow between nodes in the private network and nodes in the public network;
  
  wherein the at least one of the memory or processor of the at least one active router is further configured to process at least a portion of ingress-to-egress traffic flowing out from the private network; and
  
  wherein the at least one of the memory or processor of the at least one standby router is further configured to process at least a portion of egress-to-ingress traffic flowing in to the private network.
- View Dependent Claims (20)
- - 20. The system of claim 19, the at least one of the memory or processor of the routers being further configured to perform load balancing of ingress-to-egress traffic among a first plurality of NAT routers of said plurality of routers.

21. A device for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the device comprising:
- at least one processor;
  
  at least one interface for providing a communication link to at least one other network device in the data network; and
  
  at least one memory;
  
  wherein at least one processor or memory is configured to receive a first packet relating to a first flow between a private network node and a public network node;
  
  wherein at least one processor or memory is configured to associate the first flow with a first NAT entry;
  
  wherein at least one processor or memory is configured to start a first timeout timer associated with the first NAT entry; and
  
  wherein at least one processor or memory is configured to send a Delete Query message to at least one standby router of the plurality of routers in response to detecting that the first timeout timer has expired so as to query the at least one standby router for selected information relating to the first NAT entry.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The device of claim 21 wherein the device corresponds to an active router.
  - 23. The device of claim 21 wherein at least a portion of said selected information is not stored locally at the device.
  - 24. The device of claim 21 wherein the at least one processor or memory is configured to start a delete response timer and restart the delete response timer only if a response is received for the Delete Query message.
  - 25. The device of claim 24, wherein the at least one processor or memory is further configured to delete the first NAT entry upon expiration of the delete response timer.
  - 26. The device of claim 21, wherein the at least one processor or memory is further configured to receive a Delete Response message from the second router;
    - wherein the Delete Response message includes a timer restart value relating to an additional time period for extending a lifetime associated with the first NAT entry.
  - 27. The device of claim 26, wherein the at least one processor or memory is further configured to delete the first NAT entry if the timer restart value is equal to zero-to restart the first timeout timer if the timer restart value is greater than zero.
  - 28. The device of claim 27 wherein the first timeout timer is restarted in a manner such that the first timeout timer will expire after a time period substantially equal to the timer restart value.

29. A device for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the device comprising:
- at least one processor;
  
  at least one interface for providing a communication link to at least one other network device in the data network; and
  
  at least one memory;
  
  wherein the at least one processor or memory is configured to receive a first packet relating to a first flow between a private network node and a public network node;
  
  the first packet being associated with a first NAT entry at the device;
  
  the first NAT entry having first local timestamp information associated therewith;
  
  wherein the at least one processor or memory is further configured to record a first timestamp value relating to a time when the first packet was received;
  
  wherein the at least one processor or memory is further configured to update the first local timestamp information with the first timestamp value; and
  
  wherein the at least one processor or memory is further configured to perform network address translation on the first packet.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The device of claim 29 wherein the device corresponds to a standby router which is currently operating in a standby mode of operation.
  - 31. The device of claim 30 wherein the first packet corresponds to an egress-to-ingress packet sent from a public network node to a private network node.
  - 32. The device of claim 29, the at least one processor or memory being further configured to receive NAT entry update information from the at least one active router.
  - 33. The device of claim 29, the at least one processor or memory being further configured to receive a Delete Query message from at least one second router of the plurality of routers;
    - the Delete Query message being associated with the first NAT entry;
      
      the at least one processor or memory being further configured to calculate a first timer restart value in response to response to receive the Delete Query message; and
      
      wherein the first timer restart value represents an additional time period which may be used for extending a lifetime associated with the first NAT entry.
  - 34. The device of claim 33 wherein the device corresponds to a standby router;
    - andwherein the second router corresponds to an active router.
  - 35. The device of claim 33, the at least one processor or memory being further configured to send a Delete Response message from the device to the second router;
    - wherein the Delete Response includes said timer restart value.

36. A system for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the system comprising:
- means for receiving at a first router of the plurality of routers a first packet relating to a first flow between a private network node and a public network node;
  
  means for associating the first flow with a first NAT entry;
  
  means for starting a first timeout timer associated with the first NAT entry;
  
  means for sending a Delete Query message to at least one second router of the plurality of routers in response to detecting that the first timeout timer has expired; and
  
  wherein the Delete Query message is used to query the at least one standby router for selected information relating to the first NAT entry.

37. A system for routing traffic in a data network, the data network including a public network and a private network, the private network including a plurality of routers adapted to provide connectivity between nodes in the private network and nodes in the public network, the plurality of routers including at least one active router adapted to perform network address translation (NAT) for traffic flowing between the public and private networks, the plurality of routers further including at least one standby router adapted to provide failover capability for the at least one active router, the system comprising:
- means for receiving, at a standby router of the plurality of routers, a first packet relating to a first flow between a private network node and a public network node;
  
  the first packet being associated with a first NAT entry at the standby router;
  
  the first NAT entry having first local timestamp information associated therewith;
  
  means for recording a first timestamp value relating to a time when the first packet was received at the standby router;
  
  means for updating the first local timestamp information with the first timestamp value; and
  
  means for performing, at the standby router, network address translation on the first packet;
  
  wherein the standby router which is operating in a standby mode of operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Biswas, Kaushik P., Jayasenan, Siva S., Somasundaram, Mahadev, Denny, Mark A.
Primary Examiner(s)
Pham; Chi
Assistant Examiner(s)
TRAN, PHUC H

Application Number

US10/187,168
Time in Patent Office

1,929 Days
Field of Search

370/395.5, 370/466, 370/467, 370/465
US Class Current

370/465
CPC Class Codes

H04L 45/22   Alternate routing

H04L 45/58   Association of routers

H04L 47/125   by balancing the load, e.g....

H04L 61/2514   between local and global IP...

H04L 61/2532   Clique of NAT servers

H04L 61/2557   Translation policies or rules

H04L 67/1001   for accessing one among a p...

H04L 69/40   for recovering from a failu...

Mechanisms for providing stateful NAT support in redundant and asymetric routing environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

118 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanisms for providing stateful NAT support in redundant and asymetric routing environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links