Forwarding packets in a gateway performing network address translation (NAT)

US 7,586,940 B1
Filed: 07/24/2001
Issued: 09/08/2009
Est. Priority Date: 07/24/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of processing a packet in a gateway device connected to a plurality of communication paths providing connection with corresponding networks, said method comprising:

providing a search utility in said gateway, said search utility enabling the retrieval of both a forwarding information and a network address translation (NAT) information necessary for processing said packet in a single search operation, wherein said NAT information specifies a new address for an original address in said packet, said forwarding information specifying one of said plurality of communication paths to forward said packet, each of said plurality of communication paths being identified by a corresponding physical port;

receiving said packet containing said original address;

determining said forwarding information and said NAT information for said packet in a single search operation by using said search utility;

substituting said new address for said original address in said packet; and

forwarding said packet with said new address on the specified one of said plurality of communication paths in said forwarding information, wherein the providing comprises maintaining a single table for both the forwarding information and the NAT information such that the information can be retrieved in the single search operation, and wherein the table is stored in a content addressable memory (CAM) indexed by a source address and a destination address that are provided as a key in the CAM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A gateway device providing a search utility to determine both NAT information and forwarding information (“both pieces of information”) in a single search operation. The single search operation may be implemented using a single table storing both pieces of information necessary for processing a packet. As a result, both pieces of information can be potentially retrieved in a single memory access. Due to the single (or few) memory access, the throughput performance of a gateway may be enhanced. In an embodiment, the gateway is implemented as a service selection gateway which provides connectivity between multiple remote systems and service domains. The NAT/forwarding information is partitioned according to service domains such that the information needed to process packets from/to the same service domain is contained in the same table.

Citations

20 Claims

1. A method of processing a packet in a gateway device connected to a plurality of communication paths providing connection with corresponding networks, said method comprising:
- providing a search utility in said gateway, said search utility enabling the retrieval of both a forwarding information and a network address translation (NAT) information necessary for processing said packet in a single search operation, wherein said NAT information specifies a new address for an original address in said packet, said forwarding information specifying one of said plurality of communication paths to forward said packet, each of said plurality of communication paths being identified by a corresponding physical port;
  
  receiving said packet containing said original address;
  
  determining said forwarding information and said NAT information for said packet in a single search operation by using said search utility;
  
  substituting said new address for said original address in said packet; and
  
  forwarding said packet with said new address on the specified one of said plurality of communication paths in said forwarding information, wherein the providing comprises maintaining a single table for both the forwarding information and the NAT information such that the information can be retrieved in the single search operation, and wherein the table is stored in a content addressable memory (CAM) indexed by a source address and a destination address that are provided as a key in the CAM.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said CAM comprises a multi-way CAM.
  - 3. The method of claim 1, wherein said gateway device comprises a service selection gateway (SSG) connecting a plurality of remote systems to a plurality of service domains, wherein one of said original address and said new address comprises a local address of a remote system and the other address comprises an external address in a service domain for said remote system, said maintaining further comprises:
    - storing NAT information and forwarding information in a plurality of tables partitioned according to service domains such that forwarding information and NAT information related to the same service domain is stored in the same one of said plurality of tables.
  - 4. The method of claim 3, wherein at least one of said plurality of tables stores NAT information and forwarding information related to at least a first service domain and a second service domain contained in said plurality of service domains, said first service domain and said second service domain respectively containing a first set of addresses and a second set of addresses accessible from said gateway device, wherein said first set of addresses and said second set of addresses do not overlap.
  - 5. The method of claim 1, wherein said forwarding information comprises an interface on said gateway device, wherein said forwarding comprises sending said packet on said interface, wherein said packet is received in the form of an Internet Protocol (IP) packet.
  - 6. The method of claim 1, wherein said determining further comprises providing an input port number also as said key and retrieving a new port number in addition to said forwarding information and said NAT information, wherein said input port number and said new port number identify a session at a transport protocol level.

7. A gateway device for processing a packet, said gateway device comprising:
- interface means coupled to a plurality of communication paths, wherein each communication path provides connection with a corresponding network;
  
  means for searching enabling the retrieval of both a forwarding information and a network address translation (NAT) information necessary for processing said packet in a single search operation, wherein said NAT information specifies a new address for an original address in said packet, and said forwarding information specifying one of said plurality of communication paths to forward said packet;
  
  means for receiving said packet containing said original address;
  
  means for determining said forwarding information and said NAT information for said packet by using said single search;
  
  means for substituting said new address for said original address in said packet; and
  
  means for forwarding said packet with said new address on the communication path specified in said forwarding information, wherein the means for providing comprises maintaining a single table for both the forwarding information and the NAT information such that the information can be retrieved in the single search operation, and wherein the table is stored in a content addressable memory (CAM) indexed by a source address and a destination address that are provided as a key in the CAM.
- View Dependent Claims (8, 9, 10)
- - 8. The gateway device of claim 7, wherein said CAM comprises a multi-way CAM, said packet comprises an IP packet, and said forwarding information comprises an interface on said gateway device, wherein said means for forwarding sends said packet on said interface.
  - 9. The gateway device of claim 7, wherein said gateway device comprises a service selection gateway (SSG) connecting a plurality of remote systems to a plurality of service domains, wherein one of said original address and said new address comprises a local address of a remote system and the other address comprises an external address in a service domain for said remote system, memory means stores NAT information and forwarding information in a plurality of tables partitioned according to service domains such that forwarding information and NAT information related to the same service domain is stored in the same one of said plurality of tables.
  - 10. The gateway device of claim 9, wherein at least one of said plurality of tables stores NAT information and forwarding information related to at least a first service domain and a second service domain contained in said plurality of service domains, said first service domain and said second service domain respectively containing a first set of addresses and a second set of addresses accessible from said gateway device, wherein said first set of addresses and said second set of addresses do not overlap.

11. A computer readable medium storing one or more sequences of instructions for causing a gateway device to process a packet, said gateway device connected to a plurality of communication paths providing connection with corresponding networks, wherein execution of said one or more sequences of instructions by one or more processors contained in said gateway device causes said gateway device to perform the actions of:
- providing a search utility in said gateway, said search utility enabling the retrieval of both a forwarding information and a network address translation (NAT) information necessary for processing said packet in a single search operation, wherein said NAT information specifies a new address for an original address in said packet and said forwarding information specifies one of said plurality of communication paths to forward said packet;
  
  receiving said packet containing said original address;
  
  determining said forwarding information and said NAT information for said packet in a single search operation by using said search utility;
  
  substituting said new address for said original address in said packet; and
  
  forwarding said packet with said new address on the communication path specified in said forwarding information, wherein the providing comprises maintaining a single table for both the forwarding information and the NAT information such that the information can be retrieved in the single search operation, and wherein the table is stored in a content addressable memory (CAM) indexed by a source address and a destination address that are provided as a key in the CAM.
- View Dependent Claims (12, 13, 14)
- - 12. The computer readable medium of claim 11, wherein said CAM comprises a multi-way CAM and said packet is received in the form of an IP packet.
  - 13. The computer readable medium of claim 11, wherein said gateway device comprises a service selection gateway (SSG) connecting a plurality of remote systems to a plurality of service domains, wherein one of said original address and said new address comprises a local address of a remote system and the other address comprises an external address in a service domain for said remote system, said maintaining further comprises:
    - storing NAT information and forwarding information in a plurality of tables partitioned according to service domains such that forwarding information and NAT information related to the same service domain is stored in the same one of said plurality of tables.
  - 14. The computer readable medium of claim 13, wherein at least one of said plurality of tables stores NAT information and forwarding information related to at least a first service domain and a second service domain contained in said plurality of service domains, said first service domain and said second service domain respectively containing a first set of addresses and a second set of addresses accessible from said gateway device, wherein said first set of addresses and said second set of addresses do not overlap.

15. A gateway device for processing a packet, said gateway device comprising:
- a plurality of ports, each of said plurality of ports being coupled to a corresponding one of a plurality of communication paths providing connection with a corresponding network;
  
  a memory unit storing a forwarding information and a network address translation (NAT) information necessary for processing said packet, wherein said NAT information specifies a new address for an original address in said packet, and said forwarding information specifying one of said plurality of communication paths to forward said packet;
  
  an inbound interface receiving said packet containing said original address;
  
  a forwarding and NAT block determining said forwarding information and said NAT information for said packet using a single search, said forwarding and NAT block substituting said new address for said original address in said packet; and
  
  an outbound interface forwarding said packet with said new address on the communication path specified in said forwarding information, wherein the providing comprises maintaining a single table for both the forwarding information and the NAT information such that the information can be retrieved in the single search operation, and wherein the table is stored in a content addressable memory (CAM) indexed by a source address and a destination address that are provided as a key in the CAM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The gateway device of claim 15, wherein said CAM comprises a multi-way CAM and said packet comprises an IP packet.
  - 17. The gateway device of claim 15, wherein said gateway device comprises a service selection gateway (SSG) connecting a plurality of remote systems to a plurality of service domains, wherein one of said original address and said new address comprises a local address of a remote system and the other address comprises an external address in a service domain for said remote system, wherein said memory unit stores NAT information and forwarding information in a plurality of tables partitioned according to service domains such that forwarding information and NAT information related to the same service domain is stored in the same one of said plurality of tables.
  - 18. The gateway device of claim 17, wherein at least one of said plurality of tables stores NAT information and forwarding information related to at least a first service domain and a second service domain contained in said plurality of service domains, said first service domain and said second service domain respectively containing a first set of addresses and a second set of addresses accessible from said gateway device, wherein said first set of addresses and said second set of addresses do not overlap.
  - 19. The gateway device of claim 18, further comprising a service selection block determining a specific service to which said packet relates to and causes said packet to be processed according to a corresponding one of said plurality of tables.
  - 20. The gateway device of claim 19, further comprising a plurality of forwarding and NAT blocks wherein each of said plurality of forwarding and NAT blocks is coupled to a corresponding one of a plurality of memory units, wherein each of said plurality of memory units stores one of said plurality of tables.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bachheti, Praneet, Phadnis, Amit S., Karuppiah, Anuradha
Primary Examiner(s)
Nguyen; Brian D

Application Number

US09/910,936
Time in Patent Office

2,968 Days
Field of Search

370/466, 370/465, 370/467, 370/469, 370/471, 370/475, 370/395.31, 370/395.32, 370/401, 370/412, 370/428, 370/429, 370/389, 370/392, 370/352
US Class Current

370/466
CPC Class Codes

H04L 45/7453 using hashing

H04L 61/255 Maintenance or indexing of ...

Forwarding packets in a gateway performing network address translation (NAT)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Forwarding packets in a gateway performing network address translation (NAT)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links