Stateful network address translation protocol implemented over a data network
First Claim
1. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
- receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage the updates or modifications regarding the first NAT entry;
determining by the first network device, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and
modifying by the first network device the first NAT entry at the first NAT data structure using the first NAT entry information in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;
wherein the modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices.
0 Assignments
0 Petitions
Accused Products
Abstract
A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.
36 Citations
30 Claims
-
1. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
-
receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage the updates or modifications regarding the first NAT entry; determining by the first network device, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and modifying by the first network device the first NAT entry at the first NAT data structure using the first NAT entry information in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry; wherein the modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 28, 29, 30)
-
-
5. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
-
receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device; and modifying by the first network device NAT information stored at the first NAT data structure using the updated NAT information from said first NAT transaction message to thereby achieve synchronization of NAT information stored on the first and second network devices, wherein modifying is performed without performing NAT on the first NAT transaction message, wherein modifying is performed if the first network device determines that the second network device that generated the first NAT transaction message is authorized to modify the first NAT data structure; wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.
-
-
12. A network device configured to implement redundancy of stateful network address translation (NAT) information in a data network, the network device comprising:
-
at least one processor; at least one interface configured or designed to provide a communication link to a second network device configured to perform NAT in the data network; and memory; said at least one processor being configured to store in said memory a plurality of data structures, including; a first NAT data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure; the network device being configured or designed to; perform NAT; receive a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by the second network device, the second network device having associated therewith a second NAT data structure, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; determine, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and modify the first NAT entry at the first NAT data structure to incorporate the first NAT entry information in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry; wherein the modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second NAT data structures. - View Dependent Claims (13, 14, 15)
-
-
16. A network device for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the network device comprising:
-
at least one processor; at least one interface configured or designed to provide a communication link to a second network device configured to perform NAT in the data network; and memory; said at least one processor being configured to store in said memory a plurality of data structures, including; a first NAT data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure; the network device being configured or designed to; perform NAT; receive a first NAT transaction message which includes updated NAT information, the first NAT transaction message and the updated NAT information being generated by the second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure; and modify NAT information at the first NAT data structure using the updated NAT information from said first NAT transaction message upon determining that the second network device is authorized to modify the NAT information at the first NAT data structure of the network device, wherein the modifying of the first NAT entry at the first NAT data structure includes updating NAT information relating to an association between a first local IP address for use in identifying a third network device and a first global IP address for use in identifying the third network device; wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the system comprising:
-
means for receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; means for determining, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and means for modifying the first NAT entry at the first NAT data structure using the first NAT entry information in response to a determination that the second network device is authorized to manage the updates or modifications relating to the first NAT entry, wherein the modifying of the first NAT entry at the first NAT data structure includes updating NAT information relating to an association between a first local IP address for use in identifying a third network device and a first global IP address for use in identifying the third network device; wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices; means for determining a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and means for determining, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage the updates or modifications regarding the first NAT entry; and means for preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is not authorized to manage the updates or modifications relating to the first NAT entry; wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.
-
-
25. A system for implementing redundancy of stateful network address translation (NAT) information in a data network, the system comprising:
-
a first NAT device comprising a first processor, a first memory, and a first NAT data structure configured to store information relating to address translations associated with selected network nodes in the network, the first NAT data structure being managed by the first NAT device, the first NAT device operable to; identify a first network device; associate a local IP address with the first network device and a global IP address with the first network device; update a first NAT entry at the first NAT data structure using first network device network address association information; generate and send a first NAT transaction message by the first NAT device, wherein the first NAT transaction message includes updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a second NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a second NAT entry associated with the second NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of the first NAT device as a specific network device authorized to manage updates or modifications regarding the second NAT entry, the first NAT transaction message including the network address association information; a second NAT device comprising a second processor, a second memory, and the second NAT data structure configured to store information relating to address translations associated with selected network nodes in the network, the second NAT data structure being managed by the second NAT device, the second NAT device operable to; receive by the second NAT device the first NAT transaction message generated by the first NAT device; determine by the second NAT device, using information in the first NAT ID field, whether the first network device is authorized to manage the updates or modifications to the second NAT entry at the second NAT data structure; modify by the second NAT device the second NAT entry at the second NAT data structure using the first NAT entry information relating to at least one modification of the second NAT entry in response to a determination that the first network device is authorized to manage the updates or modifications relating to the second NAT entry, wherein modification of the second NAT entry at the second NAT data structure results in synchronization of NAT information relating to the first and second NAT entries at the first and second NAT data structures.
-
-
26. A NAT device configured to implement redundancy of stateful network address translation (NAT) information in a data network, the NAT device comprising:
-
at least one processor; at least one interface configured or designed to provide a communication link to a second network device configured to perform NAT in the data network; and memory; said at least one processor being configured to store in said memory a plurality of data structures, including; a first NAT data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure; the NAT device being configured or designed to; perform NAT; receive a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by the second network device, the second network device having associated therewith a second NAT data structure, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry; determine, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and modify the first NAT entry at the first NAT data structure using the first NAT entry information from the first NAT transaction message in accordance with the determination of whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure, wherein the modifying of the first NAT entry at the first NAT data structure includes updating NAT information relating to an association between a first local IP address for use in identifying a third network device and a first global IP address for use in identifying the third network device; wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second NAT data structures. - View Dependent Claims (27)
-
Specification