Forwarding packets in a gateway performing network address translation (NAT)

US 7,986,703 B2
Filed: 07/27/2009
Issued: 07/26/2011
Est. Priority Date: 07/24/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method, comprising:

receiving a packet;

determining forwarding information and network address translation (NAT) information for the packet;

substituting a new address for an original address in the packet based on the NAT information;

forwarding the packet with the new address on a communication path provided in the forwarding information, wherein the forwarding information and the NAT information are provided together in memory such that a single access to the memory can retrieve both the forwarding information and the NAT information; and

accessing a service selection table to determine which NAT table of a plurality of NAT tables to use for additional packets received, wherein the service selection table includes information indicating specific access parameters associated with specific service domains.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A gateway device providing a search utility to determine both NAT information and forwarding information (“both pieces of information”) in a single search operation. The single search operation may be implemented using a single table storing both pieces of information necessary for processing a packet. As a result, both pieces of information can be potentially retrieved in a single memory access. Due to the single (or few) memory access, the throughput performance of a gateway may be enhanced. In an embodiment, the gateway is implemented as a service selection gateway which provides connectivity between multiple remote systems and service domains. The NAT/forwarding information is partitioned according to service domains such that the information needed to process packets from/to the same service domain is contained in the same table.

28 Citations

View as Search Results

17 Claims

1. A method, comprising:
- receiving a packet;
  
  determining forwarding information and network address translation (NAT) information for the packet;
  
  substituting a new address for an original address in the packet based on the NAT information;
  
  forwarding the packet with the new address on a communication path provided in the forwarding information, wherein the forwarding information and the NAT information are provided together in memory such that a single access to the memory can retrieve both the forwarding information and the NAT information; and
  
  accessing a service selection table to determine which NAT table of a plurality of NAT tables to use for additional packets received, wherein the service selection table includes information indicating specific access parameters associated with specific service domains.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - searching the memory in a single search operation in order to retrieve the forwarding information and the NAT information for processing the packet.
  - 3. The method of claim 1, wherein the memory includes a table for storing the forwarding information and the NAT information, and wherein the table is partitioned by service domains.
  - 4. The method of claim 1, wherein a table is stored in a content addressable memory (CAM) indexed by a source address or a destination address that are provided as a key to be input to the CAM.
  - 5. The method of claim 1, further comprising:
    - providing a search key as input for retrieving both the NAT and forwarding information, wherein the key includes a port identification, and a selected one of a source address and a destination address associated with the packet.
  - 6. The method of claim 1, wherein additional NAT information and additional forwarding information are stored in a plurality of tables partitioned according to service domains such that the additional forwarding information and the additional NAT information related to the same service domain are stored in a selected one of the tables.
  - 7. The method of claim 1, further comprising:
    - examining the packet to identify a source Internet Protocol (IP) address to be used in determining which services an end user can access; and
      
      forwarding the packet to a service domain based on access permission granted via the IP address.

8. A gateway, comprising:
- an inbound interface configured to receive a packet;
  
  a network address translation (NAT) and forwarding table, wherein forwarding information and NAT information are determined for the packet, and wherein a new address is substituted for an original address in the packet based on the NAT information;
  
  an outbound interface configured to forward the packet with the new address on a communication path provided in the forwarding information, wherein the forwarding information and the NAT information are provided together in the table such that a single access to the table can retrieve both the forwarding information and the NAT information; and
  
  a service selector configured to examine the packet to identify a source Internet Protocol (IP) address to be used in determining which services an end user can access, wherein the packet is forwarded to a service domain based on access permission granted via the IP address.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The gateway of claim 8, wherein the table is searched in a single search operation in order to retrieve the forwarding information and the NAT information for processing the packet.
  - 10. The gateway of claim 8, wherein the table is stored in a content addressable memory (CAM) indexed by a source address or a destination address that are provided as a key to be input to the CAM.
  - 11. The gateway of claim 8, wherein a search key is provided as input for retrieving both the NAT and forwarding information, wherein the key includes a port identification, and a selected one of a source address and a destination address associated with the packet.
  - 12. The gateway of claim 8, wherein table includes information indicating specific access parameters associated with specific service domains.
  - 13. The gateway of claim 8, wherein additional NAT information and additional forwarding information are stored in a plurality of tables partitioned according to service domains such that the additional forwarding information and the additional NAT information related to the same service domain are stored in a selected one of the tables.

14. Logic encoded in one or more tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
- receiving a packet;
  
  determining forwarding information and network address translation (NAT) information for the packet;
  
  substituting a new address for an original address in the packet based on the NAT information;
  
  forwarding the packet with the new address on a communication path provided in the forwarding information, wherein the forwarding information and the NAT information are provided together in memory such that a single access to the memory can retrieve both the forwarding information and the NAT information;
  
  examining the packet to identify a source Internet Protocol (IP) address to be used in determining which services an end user can access; and
  
  forwarding the packet to a service domain based on access permission granted via the IP address.
- View Dependent Claims (15, 16, 17)
- - 15. The logic of claim 14, the operations further comprising:
    - searching the memory in a single search operation in order to retrieve the forwarding information and the NAT information for processing the packet.
  - 16. The logic of claim 14, wherein a table is stored in a content addressable memory (CAM) indexed by a source address or a destination address that are provided as a key to be input to the CAM.
  - 17. The logic of claim 14, the operations further comprising:
    - providing a search key as input for retrieving both the NAT and forwarding information, wherein the key includes a port identification, and a selected one of a source address and a destination address associated with the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Phadnis, Amit S., Karuppiah, Anuradha, Bachheti, Praneet
Primary Examiner(s)
Nguyen; Brian D

Application Number

US12/510,052
Publication Number

US 20090290590A1
Time in Patent Office

729 Days
Field of Search

370/401, 370/466, 370/389, 370/392, 370/395.31, 370/395.32, 370/471
US Class Current

370/401
CPC Class Codes

H04L 45/7453 using hashing

H04L 61/255 Maintenance or indexing of ...

Forwarding packets in a gateway performing network address translation (NAT)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Forwarding packets in a gateway performing network address translation (NAT)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links