Domain based routing for managing devices operating behind a network address translator
First Claim
Patent Images
1. A system, comprising:
- a table to map public Internet Protocol (IP) addresses for Network Address Translator (NAT) devices, private Internet Protocol (IP) addresses for private devices operating behind the NAT devices, and tunnel identifiers for tunnels extending to the NAT devices;
a processor configured to generate management instructions to be executed by a particular one of the private devices;
the processor configured to generate a first packet addressed to a particular one of the private IP addresses and insert the generated management instructions into a payload of the first packet;
the processor configured to generate a second packet addressed to a particular one of the public NAT IP addresses that the table maps to the particular one of the private IP addresses and insert the first addressed packet into a payload of the second addressed packet; and
the processor configured to transmit the second addressed packet over the tunnel corresponding to the particular tunnel identifier that the table maps to the particular addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
A domain based tunneling scheme allows a Network Management System (NMS) to manage devices in a private network operating behind a NAT boundary. A device in the private network provides the NMS with information including a public NAT IP address, a private device IP address, and a unique device identifier. The NMS uses the public NAT IP address to set up and maintain a tunnel to the private network. The NMS stores the NAT information and a tunnel identifier in a table entry associated with the device. The NMS then uses the tunnel and the contents of the table entry to conduct management operations with the device operating in the private network.
48 Citations
14 Claims
-
1. A system, comprising:
-
a table to map public Internet Protocol (IP) addresses for Network Address Translator (NAT) devices, private Internet Protocol (IP) addresses for private devices operating behind the NAT devices, and tunnel identifiers for tunnels extending to the NAT devices; a processor configured to generate management instructions to be executed by a particular one of the private devices; the processor configured to generate a first packet addressed to a particular one of the private IP addresses and insert the generated management instructions into a payload of the first packet; the processor configured to generate a second packet addressed to a particular one of the public NAT IP addresses that the table maps to the particular one of the private IP addresses and insert the first addressed packet into a payload of the second addressed packet; and the processor configured to transmit the second addressed packet over the tunnel corresponding to the particular tunnel identifier that the table maps to the particular addresses. - View Dependent Claims (2, 3)
-
-
4. A gateway, comprising:
-
a table configured to map tags to tunnels that originate from the gateway and terminate on a different one of a plurality of Network Address Translator (NAT) devices; processor configured to extract a tag from a management communication transmitted from a Network Management System (NMS), wherein the management communication includes a first packet addressed to a private Internet Protocol (IP) address; the processor configured to compare the extracted tag to the table to identify one of the tunnels; the processor configured to insert the first addressed packet into a payload of a second tunnel packet and transmit the second tunnel packet, wherein the second tunnel packet is addressed to a particular one of the NAT devices that corresponds to the identified tunnel, said transmission over the identified tunnel to route management instructions included in a payload of the first addressed packet to a particular one of a plurality of private domains to cause the NAT device of the particular private domain to transmit the first addressed packet to an intended recipient within the particular private domain. - View Dependent Claims (5)
-
-
6. A method for managing a device in a private network comprising:
-
receiving a communication including a public Network Address Translator (NAT) Internet Protocol (IP) address and a private device IP address; storing the public NAT IP address and the private device IP address in a table thereby associating the device with a NAT; setting up and maintaining a tunnel to the private network corresponding with the public NAT IP address, wherein the tunnel extends to the NAT and terminates on the NAT; and using both the private device IP address and the NAT IP address to send management communications through the tunnel to the private network, wherein the management communications comprise a tunnel packet with a header addressed to the public NAT IP address and a payload containing a nested packet, wherein the nested packet includes a header addressed to the private device IP address and a payload containing management instructions. - View Dependent Claims (7, 8)
-
-
9. A method, comprising:
-
receiving a communication including a public Network Address Translator (NAT) Internet Protocol (IP) address and a private device IP address; setting up and maintaining a tunnel to a private network corresponding with the public NAT IP address; storing the public NAT IP address, the private device IP address, and an identifier for the tunnel in an entry in a table thereby associating the device therewith, wherein the table contains a plurality of entries each associating a public NAT IP address, a private device IP address, and a tunnel identifier; responsive to receiving a request to manage a particular device, identifying one of the table entries corresponding to the particular device; generating an inbound tunnel packet according to said identified table entry, the inbound tunnel packet having a tunnel header and a tunnel payload that includes an entire addressed packet, wherein the tunnel header is addressed to the public NAT IP address in the identified table entry and the addressed packet is addressed to the private device IP address in the identified table entry; and inserting management instructions into a payload of the addressed packet and sending the tunnel packet having the inserted addressed packet with the management instructions inbound over the tunnel. - View Dependent Claims (10)
-
-
11. A method, comprising:
-
mapping identifiers to tunnels that terminate on different Network Address Translator (NAT) devices; extracting an identifier from a received management communication, wherein the management communication includes a first packet addressed to a private Internet Protocol (IP) address and a payload containing management instructions; identifying one of the tunnels according to the extracted identifier and generating a second tunnel packet according to the identified tunnel, wherein the second tunnel packet includes a tunnel header addressed to one of the NAT devices and a tunnel payload; and inserting the first packet into the tunnel payload of the second tunnel packet and forwarding the second tunnel packet over the identified tunnel, said transmission over the identified tunnel to deliver the management instructions to the private IP address. - View Dependent Claims (12, 13, 14)
-
Specification