Stateful network address translation protocol implemented over a data network

US 7,894,427 B2
Filed: 01/09/2006
Issued: 02/22/2011
Est. Priority Date: 09/12/2000
Status: Active Grant

First Claim

Patent Images

1. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:

receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage the updates or modifications regarding the first NAT entry;

determining by the first network device, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and

modifying by the first network device the first NAT entry at the first NAT data structure using the first NAT entry information in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;

wherein the modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.

36 Citations

View as Search Results

30 Claims

1. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
- receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage the updates or modifications regarding the first NAT entry;
  
  determining by the first network device, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and
  
  modifying by the first network device the first NAT entry at the first NAT data structure using the first NAT entry information in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;
  
  wherein the modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 28, 29, 30)
- - 2. The method of claim 1 further comprising:
    - determining a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and
      
      determining, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage updates or modifications regarding the first NAT entry.
  - 3. The method of claim 1 further comprising:
    - permitting the first network device to modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.
  - 4. The method of claim 1 further comprising:
    - preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.
  - 6. The method of claim 1 wherein the first network device is configured as a primary traffic handling device of a primary-backup redundancy group, and wherein the second network device is configured as a backup traffic handling device of the primary-backup redundancy group.
  - 7. The method of claim 1 wherein the first network device is configured as an active traffic handling device of an active-standby redundancy group, and wherein the second is configured as a standby traffic handling device of the active-standby redundancy group.
  - 8. The method of claim 1 wherein the first network device is configured as a first peer traffic handling device of a peer-peer redundancy group, and wherein the second network device is configured as a second peer traffic handling device of the peer-peer redundancy group.
  - 9. The method of claim 1 wherein the first NAT transaction message includes instructions to add a new NAT entry to the first NAT data structure.
  - 10. The method of claim 1 wherein the first NAT transaction message includes instructions to delete a specific NAT entry stored in the first NAT data structure.
  - 11. The method of claim 1 wherein the first NAT transaction message includes instructions to modify an existing NAT entry in the first NAT data structure.
  - 28. The method as recited in claim 1, wherein the first network device and the second network device are routers.
  - 29. The method as recited in claim 1, wherein the first network device includes the first NAT data structure.
  - 30. The method as recited in claim 1, wherein the first NAT transaction message is not a data packet.

5. A method for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the method comprising:
- receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device; and
  
  modifying by the first network device NAT information stored at the first NAT data structure using the updated NAT information from said first NAT transaction message to thereby achieve synchronization of NAT information stored on the first and second network devices, wherein modifying is performed without performing NAT on the first NAT transaction message, wherein modifying is performed if the first network device determines that the second network device that generated the first NAT transaction message is authorized to modify the first NAT data structure;
  
  wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.

12. A network device configured to implement redundancy of stateful network address translation (NAT) information in a data network, the network device comprising:
- at least one processor;
  
  at least one interface configured or designed to provide a communication link to a second network device configured to perform NAT in the data network; and
  
  memory;
  
  said at least one processor being configured to store in said memory a plurality of data structures, including;
  
  a first NAT data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and
  
  a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure;
  
  the network device being configured or designed to;
  
  perform NAT;
  
  receive a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by the second network device, the second network device having associated therewith a second NAT data structure, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry;
  
  determine, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and
  
  modify the first NAT entry at the first NAT data structure to incorporate the first NAT entry information in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry;
  
  wherein the modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second NAT data structures.
- View Dependent Claims (13, 14, 15)
- - 13. The network device of claim 12 being further configured or designed to:
    - determine a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and
      
      determine, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage updates or modifications regarding the first NAT entry.
  - 14. The network device of claim 12 being further configured or designed to:
    - permit the first network device to modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.
  - 15. The network device of claim 12 being further configured or designed to:
    - preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to manage modifications relating to the first NAT entry.

16. A network device for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the network device comprising:
- at least one processor;
  
  at least one interface configured or designed to provide a communication link to a second network device configured to perform NAT in the data network; and
  
  memory;
  
  said at least one processor being configured to store in said memory a plurality of data structures, including;
  
  a first NAT data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and
  
  a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure;
  
  the network device being configured or designed to;
  
  perform NAT;
  
  receive a first NAT transaction message which includes updated NAT information, the first NAT transaction message and the updated NAT information being generated by the second network device, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure; and
  
  modify NAT information at the first NAT data structure using the updated NAT information from said first NAT transaction message upon determining that the second network device is authorized to modify the NAT information at the first NAT data structure of the network device, wherein the modifying of the first NAT entry at the first NAT data structure includes updating NAT information relating to an association between a first local IP address for use in identifying a third network device and a first global IP address for use in identifying the third network device;
  
  wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The network device of claim 16:
    - wherein the second network device has associated therewith a second NAT data structure; and
      
      wherein modification of the NAT information at the first NAT data structure results in synchronization of NAT information at the first and second NAT data structures.
  - 18. The network device of claim 16:
    - wherein the network device is configured as a primary traffic handling device of a primary-backup redundancy group; and
      
      wherein the at least one other network device is configured as a backup traffic handling device of the primary-backup redundancy group.
  - 19. The network device of claim 16:
    - wherein the network device is configured as an active traffic handling device of an active-standby redundancy group; and
      
      wherein the at least one other network device is configured as a standby traffic handling device of the active-standby redundancy group.
  - 20. The network device of claim 16:
    - wherein the network device is configured as a first peer traffic handling device of a peer-peer redundancy group; and
      
      wherein the at least one other network device is configured as a second peer traffic handling device of the peer-peer redundancy group.
  - 21. The network device of claim 16 wherein the NAT transaction message includes instructions to add a new NAT entry to the first NAT data structure.
  - 22. The network device of claim 16 wherein the NAT transaction message includes instructions to delete a specific NAT entry stored in the first NAT data structure.
  - 23. The network device of claim 16 wherein the NAT transaction message includes instructions to modify an existing NAT entry in the first NAT data structure.

24. A system for implementing redundancy of stateful network address translation (NAT) information in at least one network device of a data network, the system comprising:
- means for receiving, at a first network device configured to perform NAT, a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by a second network device configured to perform NAT, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a first NAT data structure, the first NAT data structure being managed by the first network device, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry;
  
  means for determining, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and
  
  means for modifying the first NAT entry at the first NAT data structure using the first NAT entry information in response to a determination that the second network device is authorized to manage the updates or modifications relating to the first NAT entry, wherein the modifying of the first NAT entry at the first NAT data structure includes updating NAT information relating to an association between a first local IP address for use in identifying a third network device and a first global IP address for use in identifying the third network device;
  
  wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second network devices;
  
  means for determining a first portion of information relating to an identity of the second network device which generated the first NAT transaction message; and
  
  means for determining, using a second portion of information in the first NAT ID field, whether the identified second network device is authorized to manage the updates or modifications regarding the first NAT entry; and
  
  means for preventing the first network device from modifying the first NAT entry at the first NAT data structure in response to a determination that the second network device is not authorized to manage the updates or modifications relating to the first NAT entry;
  
  wherein the first network device and the second network device are each configured as traffic handling devices that are members of a first redundancy group.

25. A system for implementing redundancy of stateful network address translation (NAT) information in a data network, the system comprising:
- a first NAT device comprising a first processor, a first memory, and a first NAT data structure configured to store information relating to address translations associated with selected network nodes in the network, the first NAT data structure being managed by the first NAT device, the first NAT device operable to;
  
  identify a first network device;
  
  associate a local IP address with the first network device and a global IP address with the first network device;
  
  update a first NAT entry at the first NAT data structure using first network device network address association information;
  
  generate and send a first NAT transaction message by the first NAT device, wherein the first NAT transaction message includes updated NAT information including information relating to updates or modifications to be performed on NAT information stored at a second NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a second NAT entry associated with the second NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of the first NAT device as a specific network device authorized to manage updates or modifications regarding the second NAT entry, the first NAT transaction message including the network address association information;
  
  a second NAT device comprising a second processor, a second memory, and the second NAT data structure configured to store information relating to address translations associated with selected network nodes in the network, the second NAT data structure being managed by the second NAT device, the second NAT device operable to;
  
  receive by the second NAT device the first NAT transaction message generated by the first NAT device;
  
  determine by the second NAT device, using information in the first NAT ID field, whether the first network device is authorized to manage the updates or modifications to the second NAT entry at the second NAT data structure;
  
  modify by the second NAT device the second NAT entry at the second NAT data structure using the first NAT entry information relating to at least one modification of the second NAT entry in response to a determination that the first network device is authorized to manage the updates or modifications relating to the second NAT entry,wherein modification of the second NAT entry at the second NAT data structure results in synchronization of NAT information relating to the first and second NAT entries at the first and second NAT data structures.

26. A NAT device configured to implement redundancy of stateful network address translation (NAT) information in a data network, the NAT device comprising:
- at least one processor;
  
  at least one interface configured or designed to provide a communication link to a second network device configured to perform NAT in the data network; and
  
  memory;
  
  said at least one processor being configured to store in said memory a plurality of data structures, including;
  
  a first NAT data structure configured to store information relating to address translations corresponding to selected network nodes in the network, the first NAT data structure being managed by the first network device; and
  
  a NAT transaction data structure configured to store transactional information relating to updates or modifications performed on the first NAT data structure;
  
  the NAT device being configured or designed to;
  
  perform NAT;
  
  receive a first NAT transaction message which includes updated NAT information, the first NAT transaction message being generated by the second network device, the second network device having associated therewith a second NAT data structure, the updated NAT information including information relating to updates or modifications to be performed on NAT information stored at the first NAT data structure, the first NAT transaction message including first NAT entry information relating to at least one modification of a first NAT entry associated with the first NAT data structure, the first NAT transaction message further including a first NAT ID field relating to an identity of a specific network device authorized to manage updates or modifications regarding the first NAT entry;
  
  determine, using information in the first NAT ID field, whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure; and
  
  modify the first NAT entry at the first NAT data structure using the first NAT entry information from the first NAT transaction message in accordance with the determination of whether the second network device is authorized to manage the updates or modifications to the first NAT entry at the first NAT data structure, wherein the modifying of the first NAT entry at the first NAT data structure includes updating NAT information relating to an association between a first local IP address for use in identifying a third network device and a first global IP address for use in identifying the third network device;
  
  wherein modification of the first NAT entry at the first NAT data structure results in synchronization of NAT information relating to the first NAT entry at the first and second NAT data structures.
- View Dependent Claims (27)
- - 27. The NAT device of claim 26 wherein the NAT device is operable to modify the first NAT entry at the first NAT data structure in response to a determination that the second network device is authorized to initiate modifications relating to the first NAT entry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Venkateshaiah, Murali, Jayasenan, Siva S., Sullenberger, Mike, Denny, Mark
Primary Examiner(s)
Ton; Dang T
Assistant Examiner(s)
Zhao; Wei

Application Number

US11/328,804
Publication Number

US 20060120366A1
Time in Patent Office

1,870 Days
Field of Search

370/353, 370/401, 370/469, 370/389, 709/223
US Class Current

370/389
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2503   Translation of Internet pro...

H04L 61/2532   Clique of NAT servers

Stateful network address translation protocol implemented over a data network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Stateful network address translation protocol implemented over a data network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links