Deterministic network address and port translation
First Claim
Patent Images
1. A method comprising:
- receiving, with a network device, a packet from a subscriber, wherein the packet includes a private source network address and source port;
selecting a network address translation (NAT) rule for the packet;
deterministically computing, with the network device, a public network address and a range of ports assigned to the private network address of the packet using the selected NAT rule by;
(i) computing an offset within a private address space for the NAT rule as a function of the private source network address,(ii) computing an offset within a public address space for the NAT rule as a function of the offset within the private address space,(iii) computing the public network address as a function of the offset within public network address,(iv) computing a port block offset as a function of both the offset within the private address space and a number of public network addresses within the public address space, and(v) computing the range of ports for the subscriber as a function of the port block offset and a port block size for the NAT rule,dynamically selecting an unused port from the range of ports;
generating a translated packet from the packet, wherein the translated packet includes the computed public network address and the selected unused port from the range of ports in place of the private source address and source port; and
forwarding the translated packet from the network device to a public network.
1 Assignment
0 Petitions
Accused Products
Abstract
A source network address and port translation (NAPT) mechanism is described that reduces or eliminates the need to log any NAT translations. As described herein, a mapping between a subscriber'"'"'s private address to a public address and port range is determined algorithmically. Given a particular mapping rule, as specified by the service provider, a subscriber is repeatedly and deterministically mapped to the same public network address and a specific port range for that network address. Once the public address and port range for a subscriber are computed, the particular ports for each session for that subscriber are allocated dynamically within the computed NAT port range on per session basis.
51 Citations
22 Claims
-
1. A method comprising:
-
receiving, with a network device, a packet from a subscriber, wherein the packet includes a private source network address and source port; selecting a network address translation (NAT) rule for the packet; deterministically computing, with the network device, a public network address and a range of ports assigned to the private network address of the packet using the selected NAT rule by; (i) computing an offset within a private address space for the NAT rule as a function of the private source network address, (ii) computing an offset within a public address space for the NAT rule as a function of the offset within the private address space, (iii) computing the public network address as a function of the offset within public network address, (iv) computing a port block offset as a function of both the offset within the private address space and a number of public network addresses within the public address space, and (v) computing the range of ports for the subscriber as a function of the port block offset and a port block size for the NAT rule, dynamically selecting an unused port from the range of ports; generating a translated packet from the packet, wherein the translated packet includes the computed public network address and the selected unused port from the range of ports in place of the private source address and source port; and forwarding the translated packet from the network device to a public network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network device comprising:
-
a plurality of interfaces configured to send and receive packets for subscribers of a service provider network; a control unit that provides a user interface for configuring at least one network address (NAT) rule; a NAT controller that, upon receiving a packet for a new subscriber session, deterministically computes a public network address and a range of ports assigned to a private network address of a subscriber based on the NAT rule and selects an unused port from the range of ports, wherein the NAT controller deterministically computes the public network address and the range of port for the private network address by computing an offset within a private address space for the NAT rule as a function of the private source network address, computing an offset within a public address space for the NAT rule as a function of the offset within the private address space, and computing the public network address as a function of the offset within public network address, and wherein the NAT controller computes a port block offset as a function of both the offset within the private address space and a number of public network addresses within the public address space, and computes the range of ports for the subscriber as a function of the port block offset and a port block size for the NAT rule; and a forwarding component to output a translated packet that includes the computed public network address and the selected unused port in place of the private source address and a source port of the packet. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A network router comprising:
-
a plurality of interfaces configured to send and receive packets for subscribers of a service provider network; a routing engine comprising a control unit that executes a routing protocol to maintain routing information specifying routes through a network, wherein the control unit provides a user interface for configuring at least one network address (NAT) rule; a forwarding component configured by the routing engine to select next hops for the packets in accordance with the routing information, the forwarding component comprising a switch fabric to forward the packets to the interfaces based on the selected next hops; and a NAT controller of the network router, the NAT controller, upon receiving a packet for a new subscriber session, deterministically computing a public network address and a range of ports assigned to a private network address of a subscriber based on the NAT rule, wherein the NAT controller deterministically computes the public network address and the range of port for the private network address by computing an offset within a private address space for the NAT rule as a function of the private source network address, computing an offset within a public address space for the NAT rule as a function of the offset within the private address space, and computing the public network address as a function of the offset within public network address, wherein the NAT controller computes a port block offset as a function of both the offset within the private address space and a number of public network addresses within the public address space, and computes the range of ports for the subscriber as a function of the port block offset and a port block size for the NAT rule, wherein the NAT controller dynamically selects an unused port from the range of ports and programs the forwarding component with the computed public network address and the unused port selected for the subscriber session; and wherein the forwarding component outputs a translated packet that includes the computed public network address and the selected unused port in place of the private source address and a source port of the packet. - View Dependent Claims (19, 20, 21, 22)
-
Specification