Load balancing deterministic network address translation across session management modules

US 8,942,235 B1
Filed: 01/13/2012
Issued: 01/27/2015
Est. Priority Date: 11/04/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

hosting a non-contiguous set of public network addresses on each of a plurality of network address translation (NAT) modules of a network device;

allocating a non-contiguous set of private network addresses of a private network to each of the NAT modules;

with each of the NAT modules, internally mapping the non-contiguous set of public network addresses to a contiguous sequence of identifiers for the public addresses and mapping the non-contiguous set of private network addresses to a contiguous sequence of identifiers for the private addresses;

distributing network packets to the plurality of NAT modules; and

with each of the NAT modules, locally performing deterministic NAT on the network packets received by the NAT module based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses mapped by the NAT module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for load-balancing deterministic NAT functions in a mobile gateway or other device in which subscriber sessions are distributed across a plurality of session management cards. Each of the session management cards may host a non-contiguous set of public addresses and a non-contiguous set of private network addresses associated with the subscriber sessions. To facilitate deterministic NAT under such conditions, each of the session management cards locally maps the non-contiguous set of public network addresses to an internal contiguous sequence of identifiers for the public addresses and maps the non-contiguous set of private network addresses to an internal contiguous sequence of identifiers for the private addresses. Each of the session management cards may then perform deterministic NAT on packets based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses internal to the session management card.

57 Citations

View as Search Results

18 Claims

1. A method comprising:
- hosting a non-contiguous set of public network addresses on each of a plurality of network address translation (NAT) modules of a network device;
  
  allocating a non-contiguous set of private network addresses of a private network to each of the NAT modules;
  
  with each of the NAT modules, internally mapping the non-contiguous set of public network addresses to a contiguous sequence of identifiers for the public addresses and mapping the non-contiguous set of private network addresses to a contiguous sequence of identifiers for the private addresses;
  
  distributing network packets to the plurality of NAT modules; and
  
  with each of the NAT modules, locally performing deterministic NAT on the network packets received by the NAT module based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses mapped by the NAT module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein locally performing deterministic NAT with each of the NAT modules comprises:
    - mapping, for each of the packets, the private network address of the packet to one of the identifiers for the private addresses of the NAT module;
      
      applying a deterministic NAT algorithm to deterministically compute, with the NAT module, one of the sequential identifiers for the public addresses and a range of ports based on the sequential identifier for the private address;
      
      mapping the computed one of the sequential identifiers for the public addresses to one of the non-contiguous public network addresses;
      
      dynamically selecting an unused port from the range of ports;
      
      generating a translated packet from the packet, wherein the translated packet includes the determined public network address and the selected unused port from the range of ports in place of the private source address and source port; and
      
      forwarding the translated packet from the network device to a public network.
  - 3. The method of claim 1, wherein distributing network packets across the plurality of NAT modules comprises:
    - receiving a packet from a subscriber, wherein the packet includes a private source network address and source port;
      
      performing a modulo operation on the private source network address using a number of the NAT modules as an operand to the module operation;
      
      selecting one of the plurality of NAT modules based on a result of the modulo operation; and
      
      forwarding the packet to the selected one of the plurality of NAT modules.
  - 4. The method of claim 1, wherein distributing network packets across the plurality of NAT modules comprises:
    - receiving a packet from a subscriber, wherein the packet includes a private source network address and source port;
      
      performing a hash operation on the private source network address;
      
      selecting one of the plurality of NAT modules based on a result of the hash operation; and
      
      forwarding the packet to the selected one of the plurality of NAT modules.
  - 5. The method of claim 1, wherein allocating a non-contiguous set of private network addresses of a private network to each of the NAT modules comprises:
    - performing a modulo operation on each of the private source network addresses using a number of the NAT modules as on operand to the module operation; and
      
      assigning each of the private source network addresses to one of the plurality of NAT modules based on a result of the modulo operation.
  - 6. The method of claim 1, wherein hosting a non-contiguous set of public network addresses on each of the NAT modules comprises:
    - performing a modulo operation on each of the public network addresses using a number of the NAT modules as on operand to the module operation; and
      
      assigning each of the public network addresses to one of the plurality of NAT modules based on a result of the modulo operation.
  - 7. The method of claim 1,wherein the plurality of NAT modules comprise a plurality of session management cards within the network device, andwherein distributing the network packets across the plurality of NAT modules comprises load balancing the network packets across the session management cards.
  - 8. The method of claim 7, wherein load balancing the network packets comprises:
    - receiving the network packets with a forwarding component shared by the session management cards, wherein the network packets comprise outbound network packets from subscribers and destined for a public network;
      
      for each of the outbound network packets, selecting one of the session management cards based on a private network address within the outbound network packet; and
      
      forwarding the outbound network packet from the forwarding component of the network device to the selected session management card for network address translation.
  - 9. The method of claim 7, wherein load balancing the network packets comprises:
    - installing a plurality of routes within a forwarding component shared by the session management cards, wherein the routes specify corresponding session management cards as destinations for the network packets specifying the public network addresses as destination addresses;
      
      receiving the network packets with a forwarding component shared by the session management cards, wherein the network packets comprise inbound network packets from a public network;
      
      for each of the inbound network packets, performing a lookup operation with the forwarding component to identify a route for the packet based on a public network address within the inbound packet;
      
      with the forwarding component, selecting one of the session management cards based the identified route; and
      
      forwarding the inbound network packet from the forwarding component of the network device to the selected session management card for network address translation.
  - 10. The method of claim 7, wherein the network device comprises a router or a mobile gateway.

11. A network device comprising:
- a plurality of interfaces configured to send and receive network packets for subscribers of a service provider network;
  
  a plurality of session management cards that each host a non-contiguous set of public network addresses;
  
  a forwarding component to distribute the network packets to the session management cards;
  
  a NAT controller within each of the plurality of session management cards, wherein each of the NAT controllers maps the non-contiguous set of public network addresses to a contiguous sequence of identifiers for the public addresses and maps a non-contiguous set of private network addresses to a contiguous sequence of identifiers for the private addresses, and wherein each of the NAT controllers performs deterministic network address translation on the network packets received by the respective session management card based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses mapped by the NAT controller to output a translated packet.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The network device of claim 11,wherein each of the NAT controllers is configured to perform deterministic NAT upon receiving an outbound packet from one of the subscribers and destined for a public network by:
    - (i) mapping a private network address of the packet to one of the identifiers for the private addresses and apply a deterministic NAT algorithm to deterministically compute one of the sequential identifiers for the public addresses and a range of ports based on the sequential identifier for the private address,(ii) mapping the computed one of the sequential identifiers for the public addresses to one of the non-contiguous public network addresses hosted by the respective session management card, and(iii) selecting an unused port from the range of ports and generates the translated packet from the packet to include the determined public network address and the selected unused port from the range of ports in place of the private source address and source port.
  - 13. The network device of claim 11,wherein the packets include outbound packets that each include a private source network address and a source port, andwherein, for each of the outbound packets, the forwarding component performs a modulo operation on the private source network address using a number of the session management cards as on operand to the module operation, selects one of the plurality of session management cards based on a result of the modulo operation and distributes the packet to the selected one of the session management cards.
  - 14. The network device of claim 11, further comprising a control unit that allocates the non-contiguous set of private network addresses to each of the session management cards by performing a modulo operation on each of the private source network addresses using a number of the session management cards as on operand to the module operation and assigning each of the private source network addresses to one of the session management cards based on a result of the modulo operation.
  - 15. The network device of claim 14, wherein the control unit allocates the noncontiguous set of public network addresses to each of the session management cards by performing a modulo operation on each of the public network addresses using a number of the session management cards as on operand to the module operation and assigning each of the public network addresses to one of the plurality of session management cards based on a result of the modulo operation.
  - 16. The network device of claim 11,wherein the forwarding component is programmed with a plurality of routes that specify the session management cards as destinations for the public network addresses, andwherein the forwarding component receives inbound network packets from a public network and, for each of the inbound network packets, performs a lookup operation to identify a route for the inbound packet based on a public network address within the inbound packet, select one of the session management cards based the identified route and forward the inbound network packet to the selected session management card for network address translation.

17. A network router comprising:
- a plurality of interfaces configured to send and receive packets for subscribers of a service provider network, wherein each of the subscribers is associated with a private network address;
  
  a plurality of session management cards to manage subscriber communication sessions associated with the subscribers;
  
  a control unit that executes a routing protocol to maintain routing information specifying routes, wherein the control unit allocates to each of the session management cards a non-contiguous set of public network addresses and a non-contiguous set of the private network addresses;
  
  a forwarding component configured by the routing engine to select next hops for the packets in accordance with the routing information, the forwarding component comprising a switch fabric to forward the packets to the between the interfaces and the session management cards;
  
  wherein each of the session management cards locally map the non-contiguous set of public network addresses to an internal contiguous sequence of identifiers for the public addresses and map the non-contiguous set of private network addresses to an internal contiguous sequence of identifiers for the private addresses, andwherein each of the session management cards perform deterministic network address translation (NAT) on the packets based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses internal to the session management card.
- View Dependent Claims (18)
- - 18. The router of claim 17,wherein the forwarding component is programmed by the routing engine to store forwarding information of a plurality of routes that specify the session management cards as destinations for the public network addresses, andwherein the forwarding component receives inbound network packets from a public network and, for each of the inbound network packets, performs a lookup operation to identify a route for the inbound packet based on a public network address within the inbound packet, select one of the session management cards based the identified route and forward the inbound network packet to the selected session management card for network address translation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Vinapamula Venkata, Suresh Kumar
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
VIDAL CARPIO, MARIELA

Application Number

US13/350,545
Time in Patent Office

1,110 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

H04L 45/60   Router architectures

H04L 45/74   Address processing for routing

H04L 61/10   of different types

H04L 61/2514   between local and global IP...

H04L 61/2517   using port numbers

H04L 61/255   Maintenance or indexing of ...

H04L 61/2553   Binding renewal aspects, e....

H04L 61/2557   Translation policies or rules

H04L 61/256   NAT traversal

H04L 61/503   using an authentication, au...

H04L 63/02   for separating internal fro...

H04L 63/0263   Rule management

Load balancing deterministic network address translation across session management modules

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Load balancing deterministic network address translation across session management modules

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links