Stateless deterministic network address translation
First Claim
1. A system comprising:
- a plurality of customer premise equipment (CPEs) positioned within respective customer networks, each of the customer networks having subscriber devices coupled to the respective CPE of the customer network; and
a network address translation (NAT) device positioned within a service provider network, wherein the CPEs and the NAT device operate as ingress and egress for network tunnels having network packets that conform to a first network transport protocol that encapsulate network packets from the subscriber devices that conform to a second network transport protocol,wherein the NAT device stores a mapping table that maps, for each of the CPEs, a public network address of the first transport protocol to a public network address and a restricted port range of the second transport protocol,wherein the NAT device outputs a control message to communicate the respective restricted port range to each of the CPEs, andwherein each of the CPEs performs network address translation on the network packets from the subscriber devices within the respective customer network based on the restricted port range received from the NAT device of the service provider network by translating between private network addresses of the subscriber devices and the public network address and ports within the restricted port range communicated to the CPE by the NAT device.
1 Assignment
0 Petitions
Accused Products
Abstract
Stateless deterministic network address translation (NAT) within a service provider network is described. A plurality of customer premise equipment (CPEs) positioned within customer networks and a NAT device positioned within a service provider network operate as ingress and egress for tunnels having network packets of a first network transport protocol that encapsulate inner network packets of a second network transport protocol. The NAT device stores a mapping table that maps, for each of the CPEs, a public network address of the first transport protocol to a public network address and restricted port range of the second transport protocol. The NAT device outputs control messages to communicate the respective restricted port range to each of the CPEs, and the CPEs provide network address translation within the customer networks at the ingress of the tunnels based on the restricted port range received from the NAT device of the service provider network.
57 Citations
19 Claims
-
1. A system comprising:
-
a plurality of customer premise equipment (CPEs) positioned within respective customer networks, each of the customer networks having subscriber devices coupled to the respective CPE of the customer network; and a network address translation (NAT) device positioned within a service provider network, wherein the CPEs and the NAT device operate as ingress and egress for network tunnels having network packets that conform to a first network transport protocol that encapsulate network packets from the subscriber devices that conform to a second network transport protocol, wherein the NAT device stores a mapping table that maps, for each of the CPEs, a public network address of the first transport protocol to a public network address and a restricted port range of the second transport protocol, wherein the NAT device outputs a control message to communicate the respective restricted port range to each of the CPEs, and wherein each of the CPEs performs network address translation on the network packets from the subscriber devices within the respective customer network based on the restricted port range received from the NAT device of the service provider network by translating between private network addresses of the subscriber devices and the public network address and ports within the restricted port range communicated to the CPE by the NAT device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network address translation (NAT) device comprising:
-
a plurality of interfaces to communicate subscriber packets with a plurality of customer premise equipment (CPEs) positioned within respective customer networks, each of the customer networks have subscriber devices coupled to the respective CPE; a computer-readable storage device to store a mapping table that maps, for each of the CPEs, a public network address of a first transport protocol to a public network address and restricted port range of a second transport protocol, and program code to execute on a processor of the NAT device to output control messages to the CPEs to communicate the respective restricted port range to each of the CPEs for locally performing NAT on network packets from the subscriber devices within the customer networks by translating between private network addresses of the subscriber devices and the public network address and ports within the restricted port range communicated to the CPE by the NAT device, wherein the NAT device stores the mapping table without storing any per-session NAT bindings for communication sessions from the CPEs. - View Dependent Claims (10, 11)
-
-
12. A method comprising:
-
operating a network address translation (NAT) device of a service provider network as an ingress and egress for tunneling subscriber data traffic through the service provider network to a plurality of customer premise equipment (CPEs) positioned within respective customer networks, wherein each of the customer networks comprise subscriber devices coupled to the respective CPE of the customer network, and wherein the subscriber data traffic is tunneled as network packets that conform to a first network transport protocol and that encapsulate network packets from the subscriber devices that conform to a second network transport protocol; storing a mapping table within the NAT device, wherein the mapping table maps, for each of the CPEs, a public network address of the first transport protocol to a public network address and restricted port range of the first transport protocol without storing any per-session NAT bindings on the NAT device for communication sessions from the CPEs; and outputting a control message to communicate the respective restricted port range to each of the CPEs for performing local network address translation within the respective customer network based on the restricted port range by translating between private network addresses of the subscriber devices and the public network address and ports within the restricted port range communicated to the CPE by the NAT device. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A residential gateway device comprising:
-
a network interface to communicate subscriber packets with a network address translation (NAT) device positioned within service provider network, wherein the residential gateway device is positioned within a customer network having a plurality of subscriber devices, and wherein the network interface is assigned a public network address of a first transport protocol and a public network address of a second transport protocol for tunneling the subscriber packets through the service provider network to the NAT device; program code executing on a processor of the residential gateway device to receive an error message output by the NAT device in the form of an Internet Control Message Protocol (ICMP) message, wherein the ICMP message encodes a restricted port range for the second transport protocol, and program code executing on the processor to locally perform NAT on the subscriber packets in accordance with the restricted port range prior to tunneling the subscriber packets to the NAT device by translating between private network addresses and ports of the subscriber packets and the public network address of the first transport protocol and the ports within the restricted port range communicated to the residential gateway by the NAT device.
-
Specification