Domain based routing for managing devices operating behind a network address translator

US 7,706,371 B1
Filed: 07/07/2005
Issued: 04/27/2010
Est. Priority Date: 07/07/2005
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a table to map public Internet Protocol (IP) addresses for Network Address Translator (NAT) devices, private Internet Protocol (IP) addresses for private devices operating behind the NAT devices, and tunnel identifiers for tunnels extending to the NAT devices;

a processor configured to generate management instructions to be executed by a particular one of the private devices;

the processor configured to generate a first packet addressed to a particular one of the private IP addresses and insert the generated management instructions into a payload of the first packet;

the processor configured to generate a second packet addressed to a particular one of the public NAT IP addresses that the table maps to the particular one of the private IP addresses and insert the first addressed packet into a payload of the second addressed packet; and

the processor configured to transmit the second addressed packet over the tunnel corresponding to the particular tunnel identifier that the table maps to the particular addresses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A domain based tunneling scheme allows a Network Management System (NMS) to manage devices in a private network operating behind a NAT boundary. A device in the private network provides the NMS with information including a public NAT IP address, a private device IP address, and a unique device identifier. The NMS uses the public NAT IP address to set up and maintain a tunnel to the private network. The NMS stores the NAT information and a tunnel identifier in a table entry associated with the device. The NMS then uses the tunnel and the contents of the table entry to conduct management operations with the device operating in the private network.

48 Citations

View as Search Results

14 Claims

1. A system, comprising:
- a table to map public Internet Protocol (IP) addresses for Network Address Translator (NAT) devices, private Internet Protocol (IP) addresses for private devices operating behind the NAT devices, and tunnel identifiers for tunnels extending to the NAT devices;
  
  a processor configured to generate management instructions to be executed by a particular one of the private devices;
  
  the processor configured to generate a first packet addressed to a particular one of the private IP addresses and insert the generated management instructions into a payload of the first packet;
  
  the processor configured to generate a second packet addressed to a particular one of the public NAT IP addresses that the table maps to the particular one of the private IP addresses and insert the first addressed packet into a payload of the second addressed packet; and
  
  the processor configured to transmit the second addressed packet over the tunnel corresponding to the particular tunnel identifier that the table maps to the particular addresses.
- View Dependent Claims (2, 3)
- - 2. The system according to claim 1 wherein the processor is configured to receive globally unique device identifies for the private devices and then use the globally unique identifiers to track changes in IP address information associated with the private devices.
  - 3. The system according to claim 1 wherein the processor is configured to establish and maintain the tunnels extending to each of the NAT devices.

4. A gateway, comprising:
- a table configured to map tags to tunnels that originate from the gateway and terminate on a different one of a plurality of Network Address Translator (NAT) devices;
  
  processor configured to extract a tag from a management communication transmitted from a Network Management System (NMS), wherein the management communication includes a first packet addressed to a private Internet Protocol (IP) address;
  
  the processor configured to compare the extracted tag to the table to identify one of the tunnels;
  
  the processor configured to insert the first addressed packet into a payload of a second tunnel packet and transmit the second tunnel packet, wherein the second tunnel packet is addressed to a particular one of the NAT devices that corresponds to the identified tunnel, said transmission over the identified tunnel to route management instructions included in a payload of the first addressed packet to a particular one of a plurality of private domains to cause the NAT device of the particular private domain to transmit the first addressed packet to an intended recipient within the particular private domain.
- View Dependent Claims (5)
- - 5. The gateway according to claim 4 wherein the tag is a Virtual Local Area Network (VLAN) tag.

6. A method for managing a device in a private network comprising:
- receiving a communication including a public Network Address Translator (NAT) Internet Protocol (IP) address and a private device IP address;
  
  storing the public NAT IP address and the private device IP address in a table thereby associating the device with a NAT;
  
  setting up and maintaining a tunnel to the private network corresponding with the public NAT IP address, wherein the tunnel extends to the NAT and terminates on the NAT; and
  
  using both the private device IP address and the NAT IP address to send management communications through the tunnel to the private network, wherein the management communications comprise a tunnel packet with a header addressed to the public NAT IP address and a payload containing a nested packet, wherein the nested packet includes a header addressed to the private device IP address and a payload containing management instructions.
- View Dependent Claims (7, 8)
- - 7. The method according to claim 6 including:
    - updating the table with a new private device IP address or a new public NAT IP address received from the device operating in the private network; and
      
      using the new private device IP address or the new public NAT IP address to access the device in the private network.
  - 8. The method according to claim 6 including deleting a table entry associated with the private device IP address when the management communications to the private device IP address are not successful.

9. A method, comprising:
- receiving a communication including a public Network Address Translator (NAT) Internet Protocol (IP) address and a private device IP address;
  
  setting up and maintaining a tunnel to a private network corresponding with the public NAT IP address;
  
  storing the public NAT IP address, the private device IP address, and an identifier for the tunnel in an entry in a table thereby associating the device therewith, wherein the table contains a plurality of entries each associating a public NAT IP address, a private device IP address, and a tunnel identifier;
  
  responsive to receiving a request to manage a particular device, identifying one of the table entries corresponding to the particular device;
  
  generating an inbound tunnel packet according to said identified table entry, the inbound tunnel packet having a tunnel header and a tunnel payload that includes an entire addressed packet, wherein the tunnel header is addressed to the public NAT IP address in the identified table entry and the addressed packet is addressed to the private device IP address in the identified table entry; and
  
  inserting management instructions into a payload of the addressed packet and sending the tunnel packet having the inserted addressed packet with the management instructions inbound over the tunnel.
- View Dependent Claims (10)
- - 10. The method according to claim 9 including tagging the received communication with a Virtual Local Area Network (VLAN) tag before forwarding the communication to a Network Management System (NMS).

11. A method, comprising:
- mapping identifiers to tunnels that terminate on different Network Address Translator (NAT) devices;
  
  extracting an identifier from a received management communication, wherein the management communication includes a first packet addressed to a private Internet Protocol (IP) address and a payload containing management instructions;
  
  identifying one of the tunnels according to the extracted identifier and generating a second tunnel packet according to the identified tunnel, wherein the second tunnel packet includes a tunnel header addressed to one of the NAT devices and a tunnel payload; and
  
  inserting the first packet into the tunnel payload of the second tunnel packet and forwarding the second tunnel packet over the identified tunnel, said transmission over the identified tunnel to deliver the management instructions to the private IP address.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein once of the management communication is received over the identified tunnel, the management communication can be unambiguously routed to the private IP address.
  - 13. The method of claim 11 wherein the NAT device that terminates the identified tunnel strips the tunnel header prior to delivering the first packet to a recipient.
  - 14. The method of claim 11 wherein the tunnel header operates at a same layer as a header of the first packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Shankar, Shiva J., Satyanarayanan, Ottalingam, Gaskill, William D., Wing, Daniel G.
Primary Examiner(s)
Sefcheck; Gregory B

Application Number

US11/177,160
Time in Patent Office

1,755 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

G06F 15/16   Combinations of two or more...

H04L 12/56   Packet switching systems

H04L 2212/00   Encapsulation of packets

H04L 61/103   across network layers, e.g....

H04L 61/2514   between local and global IP...

H04L 61/2567   for reachability, e.g. inqu...

H04L 61/2592   using tunnelling or encapsu...

Domain based routing for managing devices operating behind a network address translator

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Domain based routing for managing devices operating behind a network address translator

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others