Redundancy support for network address translation (NAT)

US 8,755,267 B2
Filed: 04/13/2010
Issued: 06/17/2014
Est. Priority Date: 10/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

associating, to a first network device, a base address corresponding to a first pool of addresses that are not owned by the first network device;

receiving, by the first network device while the first network device does not own the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic;

translating at least one address in a second pool of addresses from an inside network address to an outside network address; and

detecting, by the first network device, a failure of a second network device; and

asserting ownership, by the first network device, of a plurality of the first pool of addresses corresponding to the base address, in response to detection by the first network device of the failure.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Stateful failover redundancy support is provided for network address translation (NAT). A master NAT device is backed-up with at least one back-up NAT device. Existing sessions are synchronized between the two NAT devices, such as via a dedicated link between them. In the event of a failover where the master NAT device is unable to perform its NAT functions, ownership of Internet protocol (IP) addresses is transferred from the master NAT device to the back-up NAT device. The back-up NAT device, which is now owner of the IP addresses, assumes the NAT functionality associated with these IP addresses and continues the existing sessions, as well as processing new sessions.

Citations

25 Claims

1. A method comprising:
- associating, to a first network device, a base address corresponding to a first pool of addresses that are not owned by the first network device;
  
  receiving, by the first network device while the first network device does not own the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic;
  
  translating at least one address in a second pool of addresses from an inside network address to an outside network address; and
  
  detecting, by the first network device, a failure of a second network device; and
  
  asserting ownership, by the first network device, of a plurality of the first pool of addresses corresponding to the base address, in response to detection by the first network device of the failure.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein asserting ownership of the plurality of the first pool of addresses corresponding to the base address comprises asserting ownership, by the first network device, of all of the first addresses of the first pool of addresses corresponding to the base address.
  - 3. The method of claim 1, further comprising:
    - performing network address translation (NAT) or routing, by the first network device, by translating a plurality of the first pool of addresses from an outside address to an inside address.
  - 4. The method of claim 1, further comprising:
    - performing network address translation (NAT) or routing, by the first network device, by translating a plurality of the second pool of addresses from an outside address to an inside address.
  - 5. The method of claim 1, further comprising:
    - receiving, by the first network device from the second network device, heartbeat messages on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.
  - 6. The method of claim 1, further comprising:
    - sending a notification message, by the first network device to at least one peer device, that the first network device owns the first pool of addresses.
  - 7. The method of claim 1, wherein the first network device comprises a switch or a router.

8. An apparatus, comprising:
- a first network device configurable to be associated with a base address corresponding to a first pool of addresses that are not owned by the first network device, wherein the first network device is further configurable to;
  
  receive, while the first network device does not own the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic;
  
  translate at least one address in a second pool of addresses from an inside network address to an outside network address;
  
  detect a failure of a second network device; and
  
  assert ownership of a plurality of the first pool of addresses corresponding to the base address, in response to detection of the failure.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8, wherein the first network device is configurable to assert ownership of all of the first pool of addresses corresponding to the base address.
  - 10. The apparatus of claim 8, wherein the first network device comprises a switch.
  - 11. The apparatus of claim 8, wherein the first network device is further configured to perform network address translation (NAT) or routing by translating a plurality of the first pool of addresses from an outside address to an inside address.
  - 12. The first network device of claim 8, wherein the first network device is further configured to perform network address translation (NAT) or routing by translating a plurality of the second pool of addresses from an outside address to an inside address.
  - 13. The first network device of claim 8, wherein the first network device is configured to receive, from the second network device, heartbeat messages on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.

14. A system comprising:
- a first network device configurable to be associated with a base address corresponding to a first pool of addresses that are net owned by said first network device, wherein the first network device is further configurable to;
  
  translate at least one address in the first pool of addresses from an inside network address to and an outside network address;
  
  send, to a second network device, while the first network device owns the first pool of addresses, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic; and
  
  relinquish ownership of the first pool of addresses to the second network device upon failure of the first network device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the first and second network devices each comprise a switch.
  - 16. The system of claim 14, wherein the second network device is further configurable to, while the second network device does not own the first pool of addresses, perform network address translation (NAT) or routing for a second pool of addresses.
  - 17. The system of claim 14 wherein the second network device is further configurable to receive, from the second first network device, heartbeat messages while the second network device does not own the first pool of addresses, wherein the heartbeat messages are received on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.
  - 18. The system of claim 14, wherein, the second network device is configurable to send a message to at least one peer network device configured to provide notification that the second network device is a new master device that owns the plurality of the first pool of addresses corresponding to the base address.
  - 19. The system of claim 18, wherein the message notification is a gratuitous address resolution protocol (ARP) message.
  - 20. The system of claim 14, wherein the second network device is configurable to assert ownership of all of the first pool of addresses corresponding to the base address.

21. A first device configured to:
- own a base address corresponding to a first pool of addresses associated to and owned by a second device;
  
  assert ownership of a plurality of the first pool of addresses in response to failure of the second device with respect to translating any of the first pool of addresses; and
  
  translate at least one address in a second pool of addresses from an inside network address to and an outside network address,wherein the first device comprises;
  
  a first port configured to receive traffic; and
  
  a second port configured to receive, from the second device, session synchronization information on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The first device of claim 21, further configured to assert ownership of all of the first pool of addresses.
  - 23. The apparatus first device of claim 21, further comprising a switch or a router.
  - 24. The first device of claim 21, wherein the first device is further configured to perform network address translation (NAT) or routing by translating a plurality of the first pool of addresses from an outside address to an inside address.
  - 25. The first device of claim 21, wherein the first network device is configured to send, to the second network device, heartbeat messages on a separate virtual local area network (VLAN) connection different from a VLAN connection used to carry traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Inventors
Devarapalli, Sridhar J.
Primary Examiner(s)
Nguyen, Brian D
Assistant Examiner(s)
NGUYEN, TOAN D

Application Number

US12/759,438
Publication Number

US 20100254255A1
Time in Patent Office

1,526 Days
Field of Search

370217-221, 370/389, 370/400, 370/225, 713/201, 714/10, 709/238, 709/245
US Class Current

370/218
CPC Class Codes

G06F 15/16   Combinations of two or more...

H04L 45/28   using route fault recovery

H04L 45/586   of virtual routers

H04L 49/354   for supporting virtual loca...

H04L 61/2514   between local and global IP...

H04L 69/40   for recovering from a failu...

Redundancy support for network address translation (NAT)

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Redundancy support for network address translation (NAT)

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links