143 results about "Network address port translation" patented technology

According to one embodiment, when having received first communication data addressed to a machine migrated to a second network address port translation module, a first network address port translation module translates a destination network address in the first communication data into a global address of the second network address port translation module. The first network address port translation module transfers the translated first communication data as second communication data to the second network address port translation module. When having received the second communication data transferred by the first network address port translation module, the second network address port translation module transmits third communication data addressed to the machine corresponding to the second communication data to the machine.

A data compute node executes (i) a set of tenant applications connected to a third party overlay network, (ii) a set of network manager applications, and (iii) a managed forwarding element that includes a pair of overlay and underlay network virtual adapters. A packet that is received from a network manager application and addressed to an underlay network destination is sent to the underlay network destination address through a physical NIC of the host without network address translation or encapsulation. A packet that is received from a tenant application and addressed to an underlay network destination is subject to SNAT and is sent to the underlay network destination address. A packet that is received from a tenant application and is addressed an overlay destination address is encapsulated with the header of the overlay network and is sent to the overlay network destination address through the underlay virtual adapter.

Stateful failover redundancy support is provided for network address translation (NAT). A master NAT device is backed-up with at least one back-up NAT device. Existing sessions are synchronized between the two NAT devices, such as via a dedicated link between them. In the event of a failover where the master NAT device is unable to perform its NAT functions, ownership of Internet protocol (IP) addresses is transferred from the master NAT device to the back-up NAT device. The back-up NAT device, which is now owner of the IP addresses, assumes the NAT functionality associated with these IP addresses and continues the existing sessions, as well as processing new sessions.

A system for IPsec-compliant network address port translation. The system comprises a communication unit, a storage device, and a processor. The communication unit receives an outgoing first Internet Key Exchange (IKE) packet and a first incoming Encapsulating Security Payload (ESP) packet. The IKE packet comprises an IP header specifying a private source IP address and a first destination IP address. The ESP packet comprises a first source IP address and a second destination IP address, wherein the first source IP address equals the first destination IP address. The storage device stores the private source IP address and the first destination IP address in corresponding fields of a first table. The processor, connected to the communication unit and the storage device, retrieves the first source IP address of the first ESP packet, searches the first table for a match of the first source IP address, and substitutes the searched match for the second destination IP address of the ESP packet.

A system and method are disclosed for specifying network address translation for a set of packets. A first set of instructions is sent to a forwarding agent specifying criteria for designated packets that are designated to undergo network address translation. A matching packet is received from the forwarding agent that matches the specified criteria. A network address translation scheme is determined for the matching packet. A second set of instructions are sent specifying the network address translation scheme for packets associated with the matching packet.

The invention discloses a method for forwarding a message about virtual server migration. The method includes: pre-configuring an NAT (network address translation) service strategy containing a redirected destination IP (internet protocol) address on NAT service equipment of a first data center; periodically detecting a private network IP address of a virtual server in the data center by the NAT service equipment of the first data center, when no response of the virtual server is received, confirming the virtual center is migrated from the first data center to a second data center; receiving a WEB request message of a client and with a public network IP address of the virtual server in the first data center by the NAT service equipment of the first data center, and returning a redirect message carrying the redirected destination IP address to the client according to the redirected destination IP address to request the client to send the WEB request message again to the destination IP address. The invention further discloses the NAT service equipment and a data center system, and message forwarding routes can be guaranteed not to circumambulate after the virtual server is migrated.

Disclosed are methods and apparatus for managing a registration state of an endpoint node in a network address port translation environment. A registration message is received from a first endpoint node located within a local network. The registration message is sent from the first endpoint node to a gatekeeper node, and the registration message includes a local source address of the first endpoint node, a local source port of the first endpoint node, and local call signaling information to be used by another endpoint node to initiate a data connection with the first endpoint node. The local source address of the first endpoint node is translated into a first global address. A first binding that associates the local source address with the global source address is created. The local call signaling information is translated into global call signaling information. A registration state of the first endpoint node is maintained, and the first binding is maintained based on the registration state (e.g., by using “registration doors”).

The invention discloses a method and apparatus for network address port conversion. The method includes: receiving a current stream required Network Address Port Translation NAPT processing; allocating designated public network as source IP address of the current stream after NAPT processing; selecting one port from the port queue of the designated public network address as the source IP address of the current stream after NAPT processing; searching a session table according to a quintuple group composed of the source IP address, the source port, the current flow object IP address, the object port of the current stream and the current stream agreement to judge whether the flow with the same stream exists; if not, performing NAPT processing to the current stream according to the source IP address and the source port, storing the quintuple group of the current stream after NAPT processing in the session table, and transmitting the current stream after NAPT processing. The technical scheme of the invention greatly extends the number of a public network address capable of being used for conversion in private network address.

Provided are a method and system for automatic tunneling using Network Address Translation (NAT). The method includes the steps of: determining whether a source address in an external header of a request message received from a host located inside a NAT area is the same as a source address in an internal header of the request message; when the source address in the external header is not the same as the source address in the internal header, translating the source address in the external header into a universal source address using pre-stored NAT translation information; storing, as mapping table entries, the universal source address and a private address extracted and translated from the source address in the internal header in a mapping table and then transmitting the request message to a host located outside the NAT area; and assigning a destination address in an external header of a response message to the request message received from the host located outside the NAT area as the universal address stored in the mapping table, and then transmitting the response message.

The invention discloses a method for implementing P2P communication by penetrating an NAT (network address translator). The method comprises the steps: detecting an NAT heartbeat cycle by a wireless access device; reporting TCP application layer information to a server according to the NAT heartbeat cycle, so that the server updates an association forwarding table of an association terminal according to the TCP application layer information; receiving a response message of the server, wherein the response message carries a public network address of the association terminal; sending a request message to the public network address of the association terminal; and when no response is detected, implementing the P2P communication with the association terminal by virtue of a repeater mode or by requesting the server to notify the association terminal to initiate the heartbeat sniffing packet penetration NAT according to the heartbeat cycle. According to the technical scheme, not only can all types of NATs be penetrated and multiple levels of NAT devices be cascaded, but also no special requirement on the device and a network environment is provided, and the method can be popularized to use in a low-cost manner.

The invention discloses a method for communication between a private network and a public network and network address translation equipment. The method comprises that: the network address translation (NAT) equipment performs layer 2 isolation processing on all local area network (LAN) ports; the NAT equipment receives a dynamic host configuration protocol (DHCP) request message from a private network host, allocates own public network Internet protocol (IP) address to the host, returns an IP address of own uplink router to the host as the IP address of a gateway of the host, and simultaneously allocates a transmission control protocol (TCP) port range and a user datagram protocol (UDP) port range to the host; the NAT equipment receives an address resolution protocol (ARP) request message carrying the IP address of the gateway of the host from the private network host, and returns a virtual interface media access control (MAC) address of the LAN port to the host as an MAC address of the gateway of the host; and the NAT equipment receives a TCP message or a UDP message from the host, and forwards the message according to a destination MAC address of the message, wherein a source IP address of the message is the IP address allocated to the host by the NAT equipment, and the destination MAC address of the message is the MAC address of the gateway of the host. By the method and the network address translation equipment, the communication between the private network and the public network can be realized without performing IP address translation and application layer gateway (ALG) processing by the NAT equipment.

A system and method provides network address translation as an external service for private networks. Give the fact that local office networks (i.e., stub networks) are typically assigned only one globally unique IP address (or a small set of addresses), the invention presents a novel service provider access server (e.g., router) which performs basic network address translation (NAT) and network address port translation (NAPT) for such networks. The system allows NAT and NAPT features to be removed from stub network routers, thereby significantly reducing the cost of Internet infrastructure to individual companies and organizations. NAT features on service provider's access servers provide the ability for multiple hosts in disparate private (unregistered) networks to utilize the services of a service provider, using a single global address for each private network and allow private networks to avoid renumbering with access to each new service provider.

A method of reducing media relay of a network address translation (NAT) apparatus involves detecting a network type of a user agent (such as a network address port translator) to determine whether the user agent is a symmetric network type; if it is, a transmitting server is still required to relay a media stream; if it is not, a SIP standard structure and its communication protocol are utilized for changing a network address and its connecting port of an ‘invite’ packet via a proxy server so that the caller and the callee will send the media stream according to the changed network address and its connecting port.

The invention discloses a method for communication between intranet equipment and internet equipment and NAT (Network Address Transformation) equipment. The method comprises the steps of: classifying an interface connected with first intranet equipment and a public network interface of the NAT equipment per se into a same VLAN (Virtual Local Area Network) by the NAT equipment, classifying an interface connected with second intranet equipment of the NAT equipment per se into the other VLAN by the NAT equipment, issuing a public network IP (Internet Protocol) address and a gateway address, distributed to the first intranet equipment, on a virtual interface enabled by the NAT equipment per se, and setting ARP (Address Resolution Protocol) information of the IP address to be a silent state; forwarding a received message sent by the first intranet equipment to the internet from a public network interface located in the same VLAN with an ingress interface of the message; forwarding a message, which is sent by the second intranet equipment to the internet and transformed by a network address port, from the public network interface; and forwarding a message sent by the internet equipment according to whether the message is matched with a NAT forwarding table. By applying the method and the NAT equipment, provided by the invention, one equipment in a local area network can interact with a public network rapidly by using the public network IP address, and other equipment in the local area network interact with the public network through NAT.

A network address-port translation (NAPT) apparatus and method for IP packets with a same identification is disclosed. The IP packets at least include a first packet with Layer 4 information and a second packet without Layer 4 information. The NAPT apparatus includes: a packet translation unit for performing a NAPT operation for the first packet to generate a translation IP; and a translation table for storing a correspondence between the same identification and the translation IP. The packet translation unit translates one of a source IP and a destination IP of the second packet into the translation IP according to a forwarding direction of the second packet and the translation table.

The embodiment of the invention discloses a method and equipment for NAT (network address translation) processing during distribution of multiple service boards in a distributed system, and the method and the equipment are applied to the technical field of network safety and can be used for guaranteeing a forward message and a reverse message to be distributed to the same service board and solving the problem of conflict between message ports in the service boards. The method comprises the following steps: performing address translation on an IP (internet protocol) address of a message according to an NAT strategy matched with the forward IP message; performing translation on a source port number in an IP message quaternion according to a preset hash constraint condition, wherein the preset hash constraint condition is that a hash value of the message quaternion after address translation and port translation of the IP message is equal to a hash value of the message quaternion before address translation and port translation of the IP message; creating an NAT session table item of the IP message according to the translation process of the IP message.

Gateway and NAT services to a single host or large number of hosts on a local network using a redundancy group having gateway devices. A pool of unique IP addresses are partitioned into address blocks, one of which is assigned to a gateway device. Using the unique IP addresses in its assigned address block, the gateway device translates local IP addresses of hosts on a local network to unique IP addresses from the gateway device's assigned address block for host packets destined for outside networks and creates a mapping of the translation. The gateway device notifies other gateway devices in the redundancy group of the mapping. A master mapping database or a local mapping database is updated whenever one of the gateway devices performs a translation. In the event that one of the gateway devices ceases forwarding of outgoing packets for a host using the gateway device's virtual MAC address, that virtual MAC address is re-assigned to an operating gateway device in the redundancy group to permit continued forwarding of the host's packets destined for outside networks.

The invention discloses a method and a system for achieving network address translation, which relates to the technical field of network communication. The method comprises the steps of: S1, receiving a current datagram requiring network address port translation, achieving translation of an inner network IP (internet protocol) address and a public network IP (internet protocol) address of the current datagram, wherein the public network IP address of the current datagram comprises N port queues, and N is an integer greater than 1; S2, selecting one port sequence in the N port queues according to an outer network IP address of the current datagram, and selecting a port which is not distributed in the selected port queue as a public network port number of the current datagram. According to the invention, judgment of a target IP is increased on a conversion method of PAT (port address translation); the same port number can be adopted as to different resources; multiplexing of the port is achieved; the different resources are expanded for N times relatively to the port resource, and the datagram is prevented from being abandoned due to exhausting of the port resource.

Systems and methods for connecting a network using one network protocol with a network using another network protocol are provided. According to an embodiment, a method is provided for performing network address translation. A data packet is received, by a protocol bridge connecting a first network, using a first protocol, and a second network, using a second protocol, via a first session of the first protocol from a first network appliance of the first network. The first protocol may be either Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) and the second protocol is the other. The data packet is translated into the second protocol. The translation is performed in a kernel space of the protocol bridge. Finally, the data packet is transmitted via a second session of the second protocol to a second network appliance of the second network.