Inline network address translation within a mobile gateway router

US 9,351,324 B2
Filed: 11/13/2014
Issued: 05/24/2016
Est. Priority Date: 05/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, with a mobile gateway, a request to attach a wireless device of a subscriber to a mobile wireless network;

establishing, with a control plane of the mobile gateway, a packet-based network connection for the wireless device to communicate using the mobile wireless network, wherein establishing the network connection comprises assigning a private network address to the wireless device;

upon establishing the network connection and prior to receiving subscriber data traffic from the wireless device, pre-allocating with the control plane of the mobile gateway a public network address and a port range for the wireless device;

constructing, with the control plane of the mobile gateway, a network address translation (NAT) profile specifying the public network address and the port range and installing the NAT profile within a hardware forwarding element of the mobile gateway;

upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically selecting a port within the port range of the NAT profile for the subscriber with the hardware forwarding element and creating a NAT binding within the hardware forwarding element that maps the private network address for the wireless device to the public network address and the selected port; and

performing network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.

Citations

17 Claims

1. A method comprising:
- receiving, with a mobile gateway, a request to attach a wireless device of a subscriber to a mobile wireless network;
  
  establishing, with a control plane of the mobile gateway, a packet-based network connection for the wireless device to communicate using the mobile wireless network, wherein establishing the network connection comprises assigning a private network address to the wireless device;
  
  upon establishing the network connection and prior to receiving subscriber data traffic from the wireless device, pre-allocating with the control plane of the mobile gateway a public network address and a port range for the wireless device;
  
  constructing, with the control plane of the mobile gateway, a network address translation (NAT) profile specifying the public network address and the port range and installing the NAT profile within a hardware forwarding element of the mobile gateway;
  
  upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically selecting a port within the port range of the NAT profile for the subscriber with the hardware forwarding element and creating a NAT binding within the hardware forwarding element that maps the private network address for the wireless device to the public network address and the selected port; and
  
  performing network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein performing network address translation comprises:
    - receiving outbound packets for the packet flow with the mobile gateway, each of the outbound packets having the private network address of the wireless device as a private source network address, andfor each of the outbound packets, generating a translated packet with the forwarding component, wherein the translated packet includes the public network address and the selected port from the range of ports in place of the private source address and a source port of the outbound packet.
  - 3. The method of claim 2, wherein constructing a NAT profile comprises constructing the NAT profile to include a bit mask of a plurality of bits, each of the bits corresponding to a port within the port range and indicating whether the port is currently assigned for performing NAT for a different packet flow for the wireless device over the network connection.
  - 4. The method of claim 3,wherein the bit mask comprises a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits,wherein each of the bits of the second level corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a different one of the packet flows for the wireless device, andwherein each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port.
  - 5. The method of claim 1, further comprising selecting, in the control plane the NAT profile for the wireless device from a plurality of different types of NAT profiles based on historical data for the subscriber.
  - 6. The method of claim 1, further comprising:
    - storing the NAT binding within an internal cache of NAT bindings within the hardware forwarding element;
      
      upon receiving the packet the new packet flow, accessing the NAT bindings to determine whether a NAT binding exists for the new packet flow; and
      
      creating the NAT binding within the internal cache when a NAT binding does exist for the new packet flow.
  - 7. The method of claim 1,wherein the control plane comprise a plurality of session management cards within the mobile gateway device and the hardware forwarding element comprises one of a plurality of forwarding units coupled to the plurality of session management cards by a switch fabric, andwherein constructing a NAT profile comprises constructing the NAT profile with an anchoring one of the session management cards that anchors the subscriber session in the control plane;
    - andwherein installing the NAT profile comprises installing the NAT profile from the anchoring one of the session management cards to an anchoring forwarding unit of the mobile gateway responsible for routing the packet flow of the subscriber data traffic.
  - 8. The method of claim 1, further comprising:
    - performing, with the hardware forwarding element, route lookups to select respective next hops for the packets; and
      
      after performing network address translation on packets within the hardware forwarding element, forwarding, with the hardware forwarding element, the packets to the selected network hops.

9. A mobile gateway comprising:
- a plurality of interfaces configured to send and receive network packets for wireless devices of subscribers of a mobile access network;
  
  a plurality of session management cards that provide a distributed control plane to establish network connections for the wireless devices in accordance with private network addresses assigned to the wireless devices;
  
  a forwarding integrated circuit having a forwarding information base (FIB) for routing the packets between the plurality of interfaces, the forwarding integrated circuit comprising an internal network address translation (NAT) element,wherein each of the session management cards is programmed to construct for each subscriber a NAT profile upon authenticating the subscriber and prior to receiving subscriber data traffic from the subscriber, wherein the NAT profile specifies a pre-allocated public network address and port range, andwherein the session management cards are programmed to install the NAT profiles within the forwarding integrated circuit of the mobile gateway for inline NAT within the forwarding integrated circuit when routing packets for the subscribers.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The mobile gateway of claim 9, wherein the forwarding integrated circuit is configured to, upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically select a port within the port range of the NAT profile for the subscriber, create a NAT that maps the private network address for the wireless device to the public network address and the selected port, and perform network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.
  - 11. The mobile gateway of claim 10,wherein the forwarding integrated circuit receives outbound packets for the packet flow, each of the outbound packets having the private network address of the wireless device as a private source network address, andwherein, for each of the outbound packets, the forwarding integrated circuit generates a translated packet that includes the public network address and the selected port from the range of ports in place of the private source address and a source port of the outbound packet.
  - 12. The mobile gateway of claim 9, wherein a first type of the NAT profiles comprises a bit mask of a plurality of bits, each of the bits corresponding to a port within the port range and indicating whether the port is currently assigned for performing NAT for a different packet flow for the wireless device over the network connection.
  - 13. The mobile gateway of claim 12,wherein the bit mask comprises a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits,wherein each of the bits of the second level corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a different one of the packet flows for the wireless device, andwherein each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port.
  - 14. The mobile gateway of claim 9, wherein the session management cards are programmed to select the NAT profiles for the subscribers from a plurality of different types of NAT profiles based on historical data for the subscribers collected by the forwarding integrated circuit.
  - 15. The mobile gateway of claim 9, wherein the forwarding integrated circuit includes an internal cache of NAT bindings.

16. A method comprising:
- receiving, with a mobile gateway, a request to attach a wireless device of a subscriber to a mobile wireless network;
  
  establishing, with a control plane of the mobile gateway, a packet-based network connection for the wireless device to communicate using the mobile wireless network, wherein establishing the network connection comprises assigning a private network address to the wireless device;
  
  upon establishing the network connection and prior to receiving subscriber data traffic from the wireless device, pre-allocating with the control plane of the mobile gateway a public network address range and a port range for the wireless device;
  
  constructing, with the control plane of the mobile gateway, a network address translation (NAT) profile specifying the public network address range and the port range and installing the NAT profile within a hardware forwarding element of the mobile gateway;
  
  upon receiving a packet of a new packet flow of the subscriber data traffic, dynamically selecting a public network address within the public network address range and a port within the port range of the NAT profile for the subscriber and creating a NAT binding within the hardware forwarding element that maps the private network address for the wireless device to the selected public network address and the selected port; and
  
  performing network address translation on packets for the packet flow within the hardware forwarding element based on the NAT binding.
- View Dependent Claims (17)
- - 17. The method of claim 16,wherein constructing a NAT profile comprises constructing the NAT profile to include a first bit mask for the public network address range and a second bit mask for the port range,wherein each of the bits of the first bit mask corresponds to a public network address within the public network address range and indicating whether the public network address is currently assigned, andwherein each of the bits of the first bit mask corresponds to a port within the port range and indicating whether the port is currently assigned for a different packet flow for the wireless device over the network connection,wherein each of the first bit mask and the second bit mask comprises a multi-level bit mask having a first level and a second level, each of the first level and second level having a plurality of bits,wherein each of the bits of the second level for the first bit masks corresponds to a public network address within the public network address range and indicates whether the public network address is currently assigned,wherein each of the bits of the second level for the second bit masks corresponds to a port within the port range and indicates whether the port is currently assigned for performing NAT for a different one of the packet flows for the wireless device, andwherein, for both the first bit mask and the second bit mask, each of the bits of the first level corresponds to a different group of the bits of the second level and indicates whether at least one of the bits within the group of bits corresponds to an unused port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Krishna, Gopi, Mehta, Apurva
Primary Examiner(s)
PASIA, REDENTOR M

Application Number

US14/540,958
Publication Number

US 20150071225A1
Time in Patent Office

558 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 45/566   Routing instructions carrie...

H04L 45/60   Router architectures

H04L 45/745   Address table lookup; Addre...

H04L 61/2514   between local and global IP...

H04L 61/2517   using port numbers

H04L 61/2528   Translation at a proxy

H04W 76/11   Allocation or use of connec...

H04W 76/12   Setup of transport tunnels

Inline network address translation within a mobile gateway router

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Inline network address translation within a mobile gateway router

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links