Apparatus and method for NAT/NAPT session management

US 7,600,026 B2
Filed: 03/26/2003
Issued: 10/06/2009
Est. Priority Date: 03/29/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus for Network Address Translation (NAT)/Network Address-Port Translation (NAPT) session management used in a switch controller comprising a packet translation module for performing NAT/NAPT of packets, the switch controller being embodied in hardware, the apparatus comprising:

a translation table, which is coupled to the packet translation module, comprising a plurality of storage locations, wherein each storage location is used to store related information of a NAT/NAPT session, and the related information comprises at least an indication, a connection bit, and a connection time; and

a control logic, coupled to the packet translation module and the translation table, accessing the related information, and managing the NAT/NAPT session based on the related information;

wherein the control logic stores the related information into the translation table,wherein the connection time is equal to a predetermined value of T and the indication shows that the related information is valid, then the control logic increases the connection time by a first value every default unit time and changes the indication to show that the related information is invalid if the connection time reaches a first threshold;

wherein an initial value of the connection bit is false, for indicating whether the session is fully established, and in response to a value of the connection bit becoming true, the control logic sets the connection time as a predetermined value of Tlong when the switch controller receives a second packet of the session and SYN, FIN and RST flags of the second packet are not set,a register, which is coupled to and accessed by the control logic, storing the predetermined value T, the unit time, the first value, and the first threshold, and the control logic selecting the predetermined value T, the unit time, the first value and the first threshold based on a protocol which the session uses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides an apparatus and method for NAT/NAPT session management used in a network switch controller. The apparatus comprises a translation table for storing related information of NAT/NAPT sessions, a register for storing setting values required by the apparatus, and a control logic for managing the NAT/NAPT sessions based on the setting values stored in the register and the related information in the translation table. The apparatus offers a connection time to each NAT/NAPT session and decreases it every unit time. When it is reduced to zero, the related information of the session is invalidated and the session is then disconnected. The apparatus stores related information of NAT/NAPT sessions and offers associated connection time and unit time based on the protocols used, thereby invalidating the related information timely to empty part of the translation table for storing related information of other sessions. Thus, efficient and automatic management for NAT/NAPT sessions is achieved to avoid that limited translation table is occupied by time-exceeded or disconnected sessions, thereby upgrading NAT/NAPT performance.

Citations

17 Claims

1. An apparatus for Network Address Translation (NAT)/Network Address-Port Translation (NAPT) session management used in a switch controller comprising a packet translation module for performing NAT/NAPT of packets, the switch controller being embodied in hardware, the apparatus comprising:
- a translation table, which is coupled to the packet translation module, comprising a plurality of storage locations, wherein each storage location is used to store related information of a NAT/NAPT session, and the related information comprises at least an indication, a connection bit, and a connection time; and
  
  a control logic, coupled to the packet translation module and the translation table, accessing the related information, and managing the NAT/NAPT session based on the related information;
  
  wherein the control logic stores the related information into the translation table,wherein the connection time is equal to a predetermined value of T and the indication shows that the related information is valid, then the control logic increases the connection time by a first value every default unit time and changes the indication to show that the related information is invalid if the connection time reaches a first threshold;
  
  wherein an initial value of the connection bit is false, for indicating whether the session is fully established, and in response to a value of the connection bit becoming true, the control logic sets the connection time as a predetermined value of Tlong when the switch controller receives a second packet of the session and SYN, FIN and RST flags of the second packet are not set,a register, which is coupled to and accessed by the control logic, storing the predetermined value T, the unit time, the first value, and the first threshold, and the control logic selecting the predetermined value T, the unit time, the first value and the first threshold based on a protocol which the session uses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus as recited in claim 1, wherein the translation table is implemented with a cache memory.
  - 3. The apparatus as recited in claim 1, wherein if the indication shows that the related information is invalid, then the control logic reuses a first storage location storing the related information previously in the translation table another NAT/NAPT session and informs the packet translation module of stopping NAT/NAPT of packets of the session.
  - 4. The apparatus as recited in claim 1, wherein if the NAT/NAPT session uses UDP, then the control logic sets the connection time to the predetermined value T when the switch controller receives a first packet of the session.
  - 5. The apparatus as recited in claim 1, wherein if the NAT/NAPT session uses ICMP and transceives only Req/Reply packets, then the related information further comprises a count whose initial value is a predetermined value of C.
  - 6. The apparatus as recited in claim 5, wherein if the switch controller transmits a request packet of the ICMP Req Type session, the count is increased by a second value, and wherein if the switch controller receives a reply packet of the ICMP Reply Type session, the count is decreased by a second value.
  - 7. The apparatus as recited in claim 6, wherein the control logic changes the indication to show that the related information is invalid if the count reaches a second threshold.
  - 8. The apparatus as recited in claim 7, wherein C, the second value and the second threshold are stored in the register and accessed via the control logic.
  - 9. The apparatus as recited in claim 1, wherein the NAT/NAPT session uses TCP, and T is equal to a predetermined value of Tfast;
    - if the switch controller receives a RST control packet of the session, then the control logic changes the indication to show that the related information is invalid.
  - 10. The apparatus as recited in claim 9, wherein the related information further comprises a Connection bit, whose initial value is false, for indicating if the session is fully established.

11. An apparatus for Network Address Translation (NAT)/Network Address-Port Translation (NAPT) session management used in a switch controller comprising a packet translation module for performing NAT/NAPT of packets, the switch controller being embodied in hardware, the apparatus comprising:
- a translation table, which is coupled to the packet translation module, comprising a plurality of storage locations, wherein each storage location is used to store related information of a NAT/NAPT session, and the related information comprises at least an indication and a connection time;
  
  a control logic, coupled to the packet translation module and the translation table, accessing the related information, and managing the NAT/NAPT session based on the related information;
  
  wherein the control logic stores the related information into the translation table, wherein the connection time is equal to a predetermined value of T and the indication shows that the related information is valid, then the control logic increases the connection time by a first value every default unit time and changes the indication to show that the related information is invalid if the connection time reaches a first threshold, and the related information further comprises a Connection bit, whose initial value is false, for indicating if the session is fully established, and if the Connection bit is true, the control logic sets the connection time as a predetermined value of Tlong when the switch controller receives a second packet of the session and SYN, FIN and RST flags of the second packet are not set,wherein the NAT/NAPT session uses TCP, and T is equal to a predetermined value of Tfast;
  
  if the switch controller receives a RST control packet of the session, then the control logic changes the indication to show that the related information is invalid, anda register, which is coupled to and accessed by the control logic, storing the predetermined value T, the unit time, the first value, and the first threshold.

12. An apparatus for Network Address Translation (NAT)/Network Address-Port Translation (NAPT) session management used in a switch controller comprising a packet translation module for performing NAT/NAPT of packets, the switch controller being embodied in hardware, the apparatus comprising:
- a translation table, which is coupled to the packet translation module, comprising a plurality of storage locations, wherein each storage location is used to store related information of a NAT/NAPT session, and the related information comprises at least an indication and a connection time;
  
  a control logic, coupled to the packet translation module and the translation table, accessing the related information, and managing the NAT/NAPT session based on the related information;
  
  wherein the control logic stores the related information into the translation table, wherein the connection time is equal to a predetermined value of T and the indication shows that the related information is valid, then the control logic increases the connection time by a first value every default unit time and changes the indication to show that the related information is invalid if the connection time reaches a first threshold, and the related information further comprises a Connection bit, whose initial value is false, for indicating if the session is fully established, and a two-way indication, whose initial value is false, for showing if the switch controller receives one of two-way SYN control packets and two-way FIN control packets;
  
  if the Connection bit is false, then when the switch controller receives the two-way SYN control packets of the session, the control logic sets both of the two-way indication and the Connection bit as true, and changes the connection time as a predetermined value of Tlong,wherein the NAT/NAPT session uses TOP, and T is equal to a predetermined value of Tfast;
  
  if the switch controller receives a RST control packet of the session, then the control logic changes the indication to show that the related information is invalid, anda register, which is coupled to and accessed by the control logic, storing the predetermined value T, the unit time, the first value, and the first threshold.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus as recited in claim 12, wherein if the Connection bit is false, then when the switch controller receives a FIN control packet of the session, the control logic sets the Connection bit and the two-way indication as true and false respectively, and changes the connection time as Tfast.
  - 14. The apparatus as recited in claim 12, wherein if both the Connection bit and the two-way indication are true, then when the switch controller receives a FIN control packet of the session, the control logic sets the two-way indication as false and changes the connection time as a predetermined value of Tmedium.
  - 15. The apparatus as recited in claim 13, wherein if the Connection bit is true and the two-way indication is false, then when the switch controller receives a replied FIN control packet of the session, the control logic sets the two-way indication as true and changes the connection time as Tfast;
    - next, if the switch controller receives a SYN control packet of the session, the control logic sets both the Connection bit and the two-way indication as false and resets the connection time to Tfast.
  - 16. The apparatus as recited in claim 14, wherein if the Connection bit is true and the two-way indication is false, then when the switch controller receives a replied FIN control packet of the session, the control logic sets the two-way indication as true and changes the connection time as Tfast;
    - next, if the switch controller receives a SYN control packet of the session, the control logic sets both the Connection bit and the two-way indication as false and resets the connection time to Tfast.

17. A switch controller for managing Network Address Translation (NAT)/Network Address-Port Translation (NAPT) sessions, the switch controller being embodied in hardware, comprising:
- a translation table having a plurality of storage locations, wherein each storage location is used to store related information of a NAT/NAPT session, and the related information comprises an indication and a connection time;
  
  a packet translation module, coupled to the translation table, performing NAT/NAPT of packets;
  
  a control logic, coupled to the packet translation module and the translation table, accessing the related information, and managing the NAT/NAPT session based on the related information;
  
  wherein the control logic selecting a predetermined value T, the unit time, the first value and the first threshold based on a protocol which the session uses,wherein the control logic stores the related information into the translation table, wherein the connection time is equal to a predetermined value T and the indication shows that the related information is valid, then the control logic increases the connection time by a first value every default unit time and changes the indication to show that the related information is invalid if the connection time reaches a first threshold, and a register, which is coupled to and accessed by the control logic, storing the predetermined value T, the unit time, the first value, and the first threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Realtek Semiconductor Corp.
Original Assignee
Realtek Semiconductor Corp.
Inventors
Chen, Jin-Ru, Liu, Chun-Feng
Primary Examiner(s)
Follansbee; John
Assistant Examiner(s)
Daftuar; Saket K

Application Number

US10/396,776
Publication Number

US 20030200318A1
Time in Patent Office

2,386 Days
Field of Search

709224-227, 709/238, 370/230, 370/392, 370/389, 370/401
US Class Current

709/227
CPC Class Codes

H04L 61/255   Maintenance or indexing of ...

H04L 61/2557   Translation policies or rules

H04L 67/14   Session management for real...

H04L 69/28   Timers or timing mechanisms...

Apparatus and method for NAT/NAPT session management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for NAT/NAPT session management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links