Inline network address translation within a mobile gateway router

US 8,891,540 B2
Filed: 05/14/2012
Issued: 11/18/2014
Est. Priority Date: 05/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, with a mobile gateway router, a request to attach a wireless device of a subscriber to a mobile wireless network;

establishing, with a control plane of the mobile gateway router, a packet-based network connection for the wireless device to communicate using the mobile wireless network, wherein establishing the network connection comprises assigning a private network address to the wireless device;

upon establishing the network connection and prior to receiving subscriber data traffic from the wireless device, pre-allocating with the control plane of the mobile gateway router a public network address and a port range for the wireless device;

constructing, with the control plane of the mobile gateway router, a network address translation (NAT) profile specifying the public network address and the port range and installing the NAT profile within a hardware forwarding element of the mobile gateway router, the NAT profile including a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits, wherein each of the bits of the second level corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a respective packet flow associated with the wireless device, and wherein each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port;

upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically selecting a port within the port range of the NAT profile for the subscriber based on the bit mask and creating a NAT binding within the hardware forwarding element that maps the private network address for the wireless device to the public network address and the selected port; and

performing network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.

37 Citations

View as Search Results

12 Claims

1. A method comprising:
- receiving, with a mobile gateway router, a request to attach a wireless device of a subscriber to a mobile wireless network;
  
  establishing, with a control plane of the mobile gateway router, a packet-based network connection for the wireless device to communicate using the mobile wireless network, wherein establishing the network connection comprises assigning a private network address to the wireless device;
  
  upon establishing the network connection and prior to receiving subscriber data traffic from the wireless device, pre-allocating with the control plane of the mobile gateway router a public network address and a port range for the wireless device;
  
  constructing, with the control plane of the mobile gateway router, a network address translation (NAT) profile specifying the public network address and the port range and installing the NAT profile within a hardware forwarding element of the mobile gateway router, the NAT profile including a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits, wherein each of the bits of the second level corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a respective packet flow associated with the wireless device, and wherein each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port;
  
  upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically selecting a port within the port range of the NAT profile for the subscriber based on the bit mask and creating a NAT binding within the hardware forwarding element that maps the private network address for the wireless device to the public network address and the selected port; and
  
  performing network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein performing network address translation comprises:
    - receiving outbound packets for the packet flow with the mobile gateway router, each of the outbound packets having the private network address of the wireless device as a private source network address, andfor each of the outbound packets, generating a translated packet with the hardware forwarding element, wherein the translated packet includes the public network address and the selected port from the range of ports in place of the private source address and a source port of the outbound packet.
  - 3. The method of claim 1, further comprising selecting, in the control plane the NAT profile for the wireless device from a plurality of different types of NAT profiles based on historical data for the subscriber.
  - 4. The method of claim 1, further comprising:
    - storing the NAT binding within an internal cache of NAT bindings within the hardware forwarding element;
      
      upon receiving the packet the new packet flow, accessing the NAT bindings to determine whether a NAT binding exists for the new packet flow; and
      
      creating the NAT binding within the internal cache when a NAT binding does exist for the new packet flow.
  - 5. The method of claim 1,wherein the control plane comprise a plurality of session management cards within the mobile gateway router device and the hardware forwarding element comprises one of a plurality of forwarding units coupled to the plurality of session management cards by a switch fabric, andwherein constructing a NAT profile comprises constructing the NAT profile with an anchoring one of the session management cards that anchors the subscriber session in the control plane;
    - andwherein installing the NAT profile comprises installing the NAT profile from the anchoring one of the session management cards to an anchoring forwarding unit of the mobile gateway router responsible for routing the packet flow of the subscriber data traffic.

6. A mobile gateway router comprising:
- a plurality of interfaces configured to send and receive network packets for wireless devices of subscribers of a mobile access network;
  
  a plurality of session management cards that provide a distributed control plane to establish network connections for the wireless devices in accordance with private network addresses assigned to the wireless devices;
  
  a forwarding integrated circuit having a forwarding information base (FIB) for routing the packets between the plurality of interfaces, the forwarding integrated circuit comprising an internal network address translation (NAT) element,wherein each of the session management cards is programmed to construct for each subscriber a NAT profile upon authenticating the subscriber and prior to receiving subscriber data traffic from the subscriber, wherein the NAT profile specifies a pre-allocated public network address and port range and includes a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits, wherein each of the bits of the second level corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a respective packet flow associated with the wireless device, and wherein each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port, andwherein the session management cards are programmed to install the NAT profiles within the forwarding integrated circuit of the mobile gateway router for inline NAT within the forwarding integrated circuit when routing packets for the subscribers.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The mobile gateway router of claim 6, wherein the forwarding integrated circuit is configured to, upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically select a port within the port range of the NAT profile for the subscriber, create a NAT that maps the private network address for the wireless device to the public network address and the selected port, and perform network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.
  - 8. The mobile gateway router of claim 7,wherein the forwarding integrated circuit receives outbound packets for the packet flow, each of the outbound packets having the private network address of the wireless device as a private source network address, andwherein, for each of the outbound packets, the forwarding integrated circuit generates a translated packet that includes the public network address and the selected port from the range of ports in place of the private source address and a source port of the outbound packet.
  - 9. The mobile gateway router of claim 6, wherein the session management cards are programmed to select the NAT profiles for the subscribers from a plurality of different types of NAT profiles based on historical data for the subscribers collected by the forwarding integrated circuit.
  - 10. The mobile gateway router of claim 6, wherein the forwarding integrated circuit includes an internal cache of NAT bindings.

11. A method comprising:
- receiving, with a mobile gateway router, a request to attach a wireless device of a subscriber to a mobile wireless network;
  
  establishing, with a control plane of the mobile gateway router, a packet-based network connection for the wireless device to communicate using the mobile wireless network, wherein establishing the network connection comprises assigning a private network address to the wireless device;
  
  upon establishing the network connection and prior to receiving subscriber data traffic from the wireless device, pre-allocating with the control plane of the mobile gateway router a public network address range and a port range for the wireless device;
  
  constructing, with the control plane of the mobile gateway router, a network address translation (NAT) profile specifying the public network address range and the port range and installing the NAT profile within a hardware forwarding element of the mobile gateway router, wherein constructing a NAT profile comprises constructing the NAT profile to include a first bit mask for the public network address range and a second bit mask for the port range, wherein each of the bits of the first bit mask corresponds to a public network address within the public network address range and indicating whether the public network address is currently assigned, and wherein each of the bits of the first bit mask corresponds to a port within the port range and indicating whether the port is currently assigned for a respective packet flow for the wireless device over the network connection;
  
  upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically selecting a public network address within the public network address range and a port within the port range of the NAT profile for the subscriber and creating a NAT binding within the hardware forwarding element that maps the private network address for the wireless device to the selected public network address and the selected port; and
  
  performing network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.
- View Dependent Claims (12)
- - 12. The method of claim 11,wherein each of the first bit mask and the second bit mask comprises a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits,wherein each of the bits of the second level for the first bit masks corresponds to a public network address within the public network address range and indicates whether the public network address is currently assigned,wherein each of the bits of the second level for the second bit masks corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a different one of the packet flows for the wireless device, andwherein, for both the first bit mask and the second bit mask, each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Krishna, Gopi, Mehta, Apurva
Primary Examiner(s)
PASIA, REDENTOR M

Application Number

US13/471,252
Publication Number

US 20130301522A1
Time in Patent Office

918 Days
Field of Search

370389-390, 370/392, 370/393, 370/401, 370/472, 370474-476
US Class Current

370/401
CPC Class Codes

H04L 45/566   Routing instructions carrie...

H04L 45/60   Router architectures

H04L 45/745   Address table lookup; Addre...

H04L 61/2514   between local and global IP...

H04L 61/2517   using port numbers

H04L 61/2528   Translation at a proxy

H04W 76/11   Allocation or use of connec...

H04W 76/12   Setup of transport tunnels

Inline network address translation within a mobile gateway router

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Inline network address translation within a mobile gateway router

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others