Distributed network address translation in computer networks
First Claim
1. A method of allocating network resources for use in network address translation (NAT), the method comprising:
- storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number;
receiving, with the one of the plurality of NAT modules, a packet that includes a source address;
determining, with the one of the plurality of NAT modules, whether any of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address;
in response to the determination that none of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address, requesting, with the one of the plurality of NAT modules, one or more additional NAT resources for use in obscuring the source address;
performing, with the one of the plurality of NAT modules, network address translation to obscure the source address of the packet using one of the one or more additional NAT resources to generate a modified packet; and
forwarding, with the network device, the modified packet to a destination identified by a destination address specified within the modified packet.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, techniques are described for performing distributed network address translation (NAT) with a network device. The network device includes an interface card and a control unit. The interface card receives a packet including a source address. The control unit includes NAT modules. each of which stores a local pool of unallocated NAT resources that have not yet been allocated for use in performing network address translation. The NAT resources each include a network address and a network port number. One of the NAT modules receives the packet, determines whether any of the NAT resources from the local pool of NAT resources are available, in response to the determination that none of the NAT resources from the local pool of NAT resources are available, requests additional NAT resources, and performs NAT to obscure the source address of the packet using one of the additional NAT resources to generate a modified packet. The interface card forwards the modified packet.
47 Citations
27 Claims
-
1. A method of allocating network resources for use in network address translation (NAT), the method comprising:
-
storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number; receiving, with the one of the plurality of NAT modules, a packet that includes a source address; determining, with the one of the plurality of NAT modules, whether any of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address; in response to the determination that none of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address, requesting, with the one of the plurality of NAT modules, one or more additional NAT resources for use in obscuring the source address; performing, with the one of the plurality of NAT modules, network address translation to obscure the source address of the packet using one of the one or more additional NAT resources to generate a modified packet; and forwarding, with the network device, the modified packet to a destination identified by a destination address specified within the modified packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network device comprising:
-
at least one interface card that receives a packet including a source address; and a control unit that includes a plurality of NAT modules, wherein each of the plurality of NAT modules stores data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pools of NAT resources includes a network address and a network port number; wherein one of the plurality of NAT modules receives the packet, determines whether any of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address of the packet, in response to the determination that none of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address, requests one or more additional NAT resources for use in obscuring the source address, and performs network address translation to obscure the source address of the packet using one of the one or more additional NAT resources to generate a modified packet, wherein the at least one interface card forwards the modified packet to a destination identified by a destination address specified within the modified packet. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable storage medium comprising instructions that cause a processor of a network device to:
-
store data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number; receive a packet that includes a source address; determine whether any of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address; in response to the determination that none of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address, request one or more additional NAT resources for use in obscuring the source address; perform network address translation to obscure the source address of the packet using one of the one or more additional NAT resources to generate a modified packet; and forward the modified packet to a destination identified by a destination address specified within the modified packet. - View Dependent Claims (24, 25)
-
-
26. A network system comprising:
-
a public network; and a private network that includes; a plurality of end-user devices; and a router positioned intermediate to the plurality of end-user devices and the public network, wherein the router receives all network traffic originated by the plurality of end-user devices that is destined for the public network, and wherein the router includes; at least one interface card that receives a packet including a source address; and a control unit that includes a plurality of NAT modules, wherein each of the plurality of NAT modules stores data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein one of the plurality of NAT modules receives the packet, determines whether any of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address of the packet, in response to the determination that none of the NAT resources from the local pool of NAT resources are available for use in obscuring the source address, requests one or more additional NAT resources for use in obscuring the source address, and performs network address translation to obscure the source address of the packet using one of the one or more additional NAT resources to generate a modified packet, and wherein the at least one interface card forwards the modified packet to a destination identified by a destination address specified within the modified packet.
-
-
27. A method of allocation network resources for use in network address translation (NAT), the method comprising:
-
storing, with the one of the plurality of NAT modules, data statically defining an initial local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation; receiving, with the one of the plurality of NAT modules, a packet that includes a source address; determining, with the one of the plurality of NAT modules, whether any of the NAT resources from the initial local pool of NAT resources are available for use in obscuring the source address; in response to the determination that none of the NAT resources from the initial local pool of NAT resources are available for use in obscuring the source address, requesting, with the one of the plurality of NAT modules, that one of the remaining ones of the plurality of NAT modules allocate an additional NAT resource from a local pool of NAT resources stored by the one of the remaining ones of the plurality of NAT modules; updating the initial local pool of NAT resources with the one additional NAT resource allocated by the one of the remaining ones of NAT modules to increase a number of NAT resources available to be allocated for use in obscuring the source address within the local pool; performing, with the one of the plurality of NAT modules, network address translation to obscure the source address of the packet using the additional NAT resources added to the updated initial local pool of NAT resources to generate the modified packet; and forwarding, with the network device, the modified packet to a destination identified by a destination address specified within the modified packet.
-
Specification