Redundancy support for network address translation (NAT)
First Claim
Patent Images
1. A method comprising:
- associating, to a first network device, a base address corresponding to a first pool of addresses that are not owned by the first network device;
receiving, by the first network device while the first network device does not own the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic;
translating at least one address in a second pool of addresses from an inside network address to an outside network address; and
detecting, by the first network device, a failure of a second network device; and
asserting ownership, by the first network device, of a plurality of the first pool of addresses corresponding to the base address, in response to detection by the first network device of the failure.
5 Assignments
0 Petitions
Accused Products
Abstract
Stateful failover redundancy support is provided for network address translation (NAT). A master NAT device is backed-up with at least one back-up NAT device. Existing sessions are synchronized between the two NAT devices, such as via a dedicated link between them. In the event of a failover where the master NAT device is unable to perform its NAT functions, ownership of Internet protocol (IP) addresses is transferred from the master NAT device to the back-up NAT device. The back-up NAT device, which is now owner of the IP addresses, assumes the NAT functionality associated with these IP addresses and continues the existing sessions, as well as processing new sessions.
-
Citations
25 Claims
-
1. A method comprising:
-
associating, to a first network device, a base address corresponding to a first pool of addresses that are not owned by the first network device; receiving, by the first network device while the first network device does not own the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic; translating at least one address in a second pool of addresses from an inside network address to an outside network address; and detecting, by the first network device, a failure of a second network device; and
asserting ownership, by the first network device, of a plurality of the first pool of addresses corresponding to the base address, in response to detection by the first network device of the failure. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a first network device configurable to be associated with a base address corresponding to a first pool of addresses that are not owned by the first network device, wherein the first network device is further configurable to; receive, while the first network device does not own the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic; translate at least one address in a second pool of addresses from an inside network address to an outside network address; detect a failure of a second network device; and assert ownership of a plurality of the first pool of addresses corresponding to the base address, in response to detection of the failure. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a first network device configurable to be associated with a base address corresponding to a first pool of addresses that are net owned by said first network device, wherein the first network device is further configurable to; translate at least one address in the first pool of addresses from an inside network address to and an outside network address; send, to a second network device, while the first network device owns the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic; and relinquish ownership of the first pool of addresses to the second network device upon failure of the first network device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A first device configured to:
-
own a base address corresponding to a first pool of addresses associated to and owned by a second device; assert ownership of a plurality of the first pool of addresses in response to failure of the second device with respect to translating any of the first pool of addresses; and translate at least one address in a second pool of addresses from an inside network address to and an outside network address, wherein the first device comprises; a first port configured to receive traffic; and a second port configured to receive, from the second device, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic. - View Dependent Claims (22, 23, 24, 25)
-
Specification