×

Deterministic network address and port translation

  • US 9,614,761 B1
  • Filed: 11/02/2015
  • Issued: 04/04/2017
  • Est. Priority Date: 11/04/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • storing, with a network device, a network address translation (NAT) rule that specifies a contiguous range of private network addresses and a contiguous range of public network addresses, wherein the range of public network addresses specified by the NAT rule has a total number of public network addresses that is less than a total number of private network addresses of the range of private network addresses specified by the NAT rule;

    receiving, with the network device, an initial packet for a new packet flow from a subscriber, wherein the initial packet includes a private source network address and a source port;

    responsive to the initial packet for the new packet flow, deterministically computing, with the network device and using the NAT rule, a public network address and a range of ports for network address translation of packets of the packet flow, wherein deterministically computing the public network address and the range of ports comprises applying operations that repeatably and deterministically compute a corresponding public network address within the contiguous range of public network addresses and a corresponding range of ports for any one of the private network addresses in the contiguous range of private network address specified by the NAT rule by;

    (i) computing, based on the private source network address of the initial packet, a first offset representing a position of the private source network address within the private address space specified by the NAT rule, (ii) computing, based the computed position within the private network address space for the private network address of the packet and based on a total number of public network addresses within the public address space specified by the NAT rule, a second offset representing a position within the public address space specified by the NAT rule, and (iii) computing, based on the second offset representing the position within the public network address space, the public network address for performing NAT of the packet;

    dynamically selecting, for network address translation of the initial packet of the new packet flow, an unused port from the range of ports;

    generating a translated packet from the initial packet, wherein the translated packet includes the computed public network address and the selected unused port from the range of ports in place of the private source address and the source port; and

    forwarding the translated packet from the network device to a public network.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×