143 results about "Network address port translation" patented technology

According to one embodiment, when having received first communication data addressed to a machine migrated to a second network address port translation module, a first network address port translation module translates a destination network address in the first communication data into a global address of the second network address port translation module. The first network address port translation module transfers the translated first communication data as second communication data to the second network address port translation module. When having received the second communication data transferred by the first network address port translation module, the second network address port translation module transmits third communication data addressed to the machine corresponding to the second communication data to the machine.

A data compute node executes (i) a set of tenant applications connected to a third party overlay network, (ii) a set of network manager applications, and (iii) a managed forwarding element that includes a pair of overlay and underlay network virtual adapters. A packet that is received from a network manager application and addressed to an underlay network destination is sent to the underlay network destination address through a physical NIC of the host without network address translation or encapsulation. A packet that is received from a tenant application and addressed to an underlay network destination is subject to SNAT and is sent to the underlay network destination address. A packet that is received from a tenant application and is addressed an overlay destination address is encapsulated with the header of the overlay network and is sent to the overlay network destination address through the underlay virtual adapter.

The invention discloses a network address translation (NAT) implementing system which comprises a controller and an openflow switch, wherein the controller issues a flow table and an improved group table, the openflow switch receives the flow table and the improved group table, a data package which needs to conduct address translation is matched according to a matching rule of the address translation recorded by the flow table, translation between a private address and a public internet protocol (IP) address is conducted according to a rule of address translation recorded by the improved group table, and the data package is transmitted out through an address which is translated. The invention further discloses an NAT implementing method and the openflow switch. According to the NAT implementing system, only the flow table and the improved group table are transmitted to the openflow switch once, frequent intersection between the openflow switch and the controller is not required, time delay of transmission of the data package is shortened, and transmission efficiency of a network is improved.

A technique for translating addresses in a communication network having multiple overlapping address domains involves mapping an overlapping local address from a first address domain to a unique global address that is specific to a second address domain. The unique global address is used by any device in the second address domain to reference the device in the first address domain having the overlapping local address. Furthermore, a packet sent from a source host in the first address domain to a destination host in the second address domain requires at least a source address translation in order to translate the source host local address used within the first address domain into a source host global address that is used within the second address domain, and may also require a destination address translation in order to translate the destination host global address used within the first address domain into a destination host local address used within the second address domain.

Stateful failover redundancy support is provided for network address translation (NAT). A master NAT device is backed-up with at least one back-up NAT device. Existing sessions are synchronized between the two NAT devices, such as via a dedicated link between them. In the event of a failover where the master NAT device is unable to perform its NAT functions, ownership of Internet protocol (IP) addresses is transferred from the master NAT device to the back-up NAT device. The back-up NAT device, which is now owner of the IP addresses, assumes the NAT functionality associated with these IP addresses and continues the existing sessions, as well as processing new sessions.

A system for IPsec-compliant network address port translation. The system comprises a communication unit, a storage device, and a processor. The communication unit receives an outgoing first Internet Key Exchange (IKE) packet and a first incoming Encapsulating Security Payload (ESP) packet. The IKE packet comprises an IP header specifying a private source IP address and a first destination IP address. The ESP packet comprises a first source IP address and a second destination IP address, wherein the first source IP address equals the first destination IP address. The storage device stores the private source IP address and the first destination IP address in corresponding fields of a first table. The processor, connected to the communication unit and the storage device, retrieves the first source IP address of the first ESP packet, searches the first table for a match of the first source IP address, and substitutes the searched match for the second destination IP address of the ESP packet.

A system and method are disclosed for specifying network address translation for a set of packets. A first set of instructions is sent to a forwarding agent specifying criteria for designated packets that are designated to undergo network address translation. A matching packet is received from the forwarding agent that matches the specified criteria. A network address translation scheme is determined for the matching packet. A second set of instructions are sent specifying the network address translation scheme for packets associated with the matching packet.

The invention discloses a method for forwarding a message about virtual server migration. The method includes: pre-configuring an NAT (network address translation) service strategy containing a redirected destination IP (internet protocol) address on NAT service equipment of a first data center; periodically detecting a private network IP address of a virtual server in the data center by the NAT service equipment of the first data center, when no response of the virtual server is received, confirming the virtual center is migrated from the first data center to a second data center; receiving a WEB request message of a client and with a public network IP address of the virtual server in the first data center by the NAT service equipment of the first data center, and returning a redirect message carrying the redirected destination IP address to the client according to the redirected destination IP address to request the client to send the WEB request message again to the destination IP address. The invention further discloses the NAT service equipment and a data center system, and message forwarding routes can be guaranteed not to circumambulate after the virtual server is migrated.

The invention discloses a network address translation (NAT)-based data routing method and an NAT data routing device, which are applied to an NAT multi-export networking system. The method comprises that: after receiving an Internet protocol (IP) request message transmitted from a public network client to a private network server, an NAT gateway performs address translation processing, adds an address of the NAT gateway into the IP request message subjected to the address translation processing to indicate the IP request message is forwarded by the NAT gateway, and forwards the IP request message to the private network server; and after receiving an IP response message from the private network server, the NAT gateway performs the address translation processing, and forwards the IP response message subjected to the address translation processing to the public network client. After receiving the IP request message forwarded by the NAT gateway, the private network server adds the address of the NAT gateway into the IP response message to indicate that the IP response message is forwarded to the NAT gateway. By the method and the device, a traffic path from the public network client to the private network server can be ensured to be consistent with a backward traffic path.

Disclosed are methods and apparatus for managing a registration state of an endpoint node in a network address port translation environment. A registration message is received from a first endpoint node located within a local network. The registration message is sent from the first endpoint node to a gatekeeper node, and the registration message includes a local source address of the first endpoint node, a local source port of the first endpoint node, and local call signaling information to be used by another endpoint node to initiate a data connection with the first endpoint node. The local source address of the first endpoint node is translated into a first global address. A first binding that associates the local source address with the global source address is created. The local call signaling information is translated into global call signaling information. A registration state of the first endpoint node is maintained, and the first binding is maintained based on the registration state (e.g., by using “registration doors”).

The present invention provides a method and apparatus for network port and network address translation. Several problems with limited addressability may occur when transmitting data packets between a terminal in a first network and a terminal in a second network that is outside the first network. Data forwarding rules are used to define if and how identifiers of data packets to be forwarded between the two networks correlate with each other. According to embodiments, a data forwarding rule includes a first identifier associated with the first network and a second identifier associated with the second network, wherein each identifier has two parts: a source address and source port number corresponding to a source network node, and a destination address and destination port number corresponding to a destination network node.

The invention discloses a method and apparatus for network address port conversion. The method includes: receiving a current stream required Network Address Port Translation NAPT processing; allocating designated public network as source IP address of the current stream after NAPT processing; selecting one port from the port queue of the designated public network address as the source IP address of the current stream after NAPT processing; searching a session table according to a quintuple group composed of the source IP address, the source port, the current flow object IP address, the object port of the current stream and the current stream agreement to judge whether the flow with the same stream exists; if not, performing NAPT processing to the current stream according to the source IP address and the source port, storing the quintuple group of the current stream after NAPT processing in the session table, and transmitting the current stream after NAPT processing. The technical scheme of the invention greatly extends the number of a public network address capable of being used for conversion in private network address.

Provided are a method and system for automatic tunneling using Network Address Translation (NAT). The method includes the steps of: determining whether a source address in an external header of a request message received from a host located inside a NAT area is the same as a source address in an internal header of the request message; when the source address in the external header is not the same as the source address in the internal header, translating the source address in the external header into a universal source address using pre-stored NAT translation information; storing, as mapping table entries, the universal source address and a private address extracted and translated from the source address in the internal header in a mapping table and then transmitting the request message to a host located outside the NAT area; and assigning a destination address in an external header of a response message to the request message received from the host located outside the NAT area as the universal address stored in the mapping table, and then transmitting the response message.

A communication method and device for preventing the media stream circuitry. The method includes the following steps: a signaling layer control function entity at the calling party side obtains the called party side information; the signaling layer control function entity routes the session signaling and controls the establishment of the media stream path, and when the signaling layer control function entity determines that the network where it is located can be inter-connected directly with the network where the called party is located according to the called party side information, the signaling layer control function entity gives up the interaction with the media layer gateway function entity for the network address port translation. A network device for guaranteeing that the communication between media layers of the calling and called party communication entities can be performed in the shortest path is also provided.

The invention discloses a method for implementing P2P communication by penetrating an NAT (network address translator). The method comprises the steps: detecting an NAT heartbeat cycle by a wireless access device; reporting TCP application layer information to a server according to the NAT heartbeat cycle, so that the server updates an association forwarding table of an association terminal according to the TCP application layer information; receiving a response message of the server, wherein the response message carries a public network address of the association terminal; sending a request message to the public network address of the association terminal; and when no response is detected, implementing the P2P communication with the association terminal by virtue of a repeater mode or by requesting the server to notify the association terminal to initiate the heartbeat sniffing packet penetration NAT according to the heartbeat cycle. According to the technical scheme, not only can all types of NATs be penetrated and multiple levels of NAT devices be cascaded, but also no special requirement on the device and a network environment is provided, and the method can be popularized to use in a low-cost manner.

The invention discloses a method for communication between a private network and a public network and network address translation equipment. The method comprises that: the network address translation (NAT) equipment performs layer 2 isolation processing on all local area network (LAN) ports; the NAT equipment receives a dynamic host configuration protocol (DHCP) request message from a private network host, allocates own public network Internet protocol (IP) address to the host, returns an IP address of own uplink router to the host as the IP address of a gateway of the host, and simultaneously allocates a transmission control protocol (TCP) port range and a user datagram protocol (UDP) port range to the host; the NAT equipment receives an address resolution protocol (ARP) request message carrying the IP address of the gateway of the host from the private network host, and returns a virtual interface media access control (MAC) address of the LAN port to the host as an MAC address of the gateway of the host; and the NAT equipment receives a TCP message or a UDP message from the host, and forwards the message according to a destination MAC address of the message, wherein a source IP address of the message is the IP address allocated to the host by the NAT equipment, and the destination MAC address of the message is the MAC address of the gateway of the host. By the method and the network address translation equipment, the communication between the private network and the public network can be realized without performing IP address translation and application layer gateway (ALG) processing by the NAT equipment.

Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify source applications that are served by a NAPT. If an arriving packet encapsulates an encrypted packet and has passed through an NAPT en route to the destination host, the encapsulated packet is decrypted to obtain an original source port number and original packet protocol from the decrypted packet. A source port mapping table (SPMT) is searched for an association between the NAPT source address, the original source port, and the original packet protocol associated with the NAPT source address and port number. If an incorrect association is found, the packet is rejected as representing an illegal duplicate source; that is, a second packet from a different host served by a NAPT that is USING the same SOURCE port and protocol.

A method of reducing media relay of a network address translation (NAT) apparatus involves detecting a network type of a user agent (such as a network address port translator) to determine whether the user agent is a symmetric network type; if it is, a transmitting server is still required to relay a media stream; if it is not, a SIP standard structure and its communication protocol are utilized for changing a network address and its connecting port of an ‘invite’ packet via a proxy server so that the caller and the callee will send the media stream according to the changed network address and its connecting port.

The invention discloses a method for communication between intranet equipment and internet equipment and NAT (Network Address Transformation) equipment. The method comprises the steps of: classifying an interface connected with first intranet equipment and a public network interface of the NAT equipment per se into a same VLAN (Virtual Local Area Network) by the NAT equipment, classifying an interface connected with second intranet equipment of the NAT equipment per se into the other VLAN by the NAT equipment, issuing a public network IP (Internet Protocol) address and a gateway address, distributed to the first intranet equipment, on a virtual interface enabled by the NAT equipment per se, and setting ARP (Address Resolution Protocol) information of the IP address to be a silent state; forwarding a received message sent by the first intranet equipment to the internet from a public network interface located in the same VLAN with an ingress interface of the message; forwarding a message, which is sent by the second intranet equipment to the internet and transformed by a network address port, from the public network interface; and forwarding a message sent by the internet equipment according to whether the message is matched with a NAT forwarding table. By applying the method and the NAT equipment, provided by the invention, one equipment in a local area network can interact with a public network rapidly by using the public network IP address, and other equipment in the local area network interact with the public network through NAT.

Disclosed is a method for forwarding a message, comprising: if a suited network address port group translation entry is found according to a source Internet protocol (IP) address and a source port number or a target IP address and a target port number of a received message, then conducting translation on the message according to the network address port group translation entry and sending the message out. Further disclosed is a device for forwarding a message. By adopting the present invention, a memory resource occupied by static configuration network address port translation (NAPT) rules and entries can be reduced, and configurations can be effectively reduced, thereby facilitating maintenance.

A network address-port translation (NAPT) apparatus and method for IP packets with a same identification is disclosed. The IP packets at least include a first packet with Layer 4 information and a second packet without Layer 4 information. The NAPT apparatus includes: a packet translation unit for performing a NAPT operation for the first packet to generate a translation IP; and a translation table for storing a correspondence between the same identification and the translation IP. The packet translation unit translates one of a source IP and a destination IP of the second packet into the translation IP according to a forwarding direction of the second packet and the translation table.

The embodiment of the invention discloses a method and equipment for NAT (network address translation) processing during distribution of multiple service boards in a distributed system, and the method and the equipment are applied to the technical field of network safety and can be used for guaranteeing a forward message and a reverse message to be distributed to the same service board and solving the problem of conflict between message ports in the service boards. The method comprises the following steps: performing address translation on an IP (internet protocol) address of a message according to an NAT strategy matched with the forward IP message; performing translation on a source port number in an IP message quaternion according to a preset hash constraint condition, wherein the preset hash constraint condition is that a hash value of the message quaternion after address translation and port translation of the IP message is equal to a hash value of the message quaternion before address translation and port translation of the IP message; creating an NAT session table item of the IP message according to the translation process of the IP message.

Gateway and NAT services to a single host or large number of hosts on a local network using a redundancy group having gateway devices. A pool of unique IP addresses are partitioned into address blocks, one of which is assigned to a gateway device. Using the unique IP addresses in its assigned address block, the gateway device translates local IP addresses of hosts on a local network to unique IP addresses from the gateway device's assigned address block for host packets destined for outside networks and creates a mapping of the translation. The gateway device notifies other gateway devices in the redundancy group of the mapping. A master mapping database or a local mapping database is updated whenever one of the gateway devices performs a translation. In the event that one of the gateway devices ceases forwarding of outgoing packets for a host using the gateway device's virtual MAC address, that virtual MAC address is re-assigned to an operating gateway device in the redundancy group to permit continued forwarding of the host's packets destined for outside networks.

The invention discloses a method and a system for achieving network address translation, which relates to the technical field of network communication. The method comprises the steps of: S1, receiving a current datagram requiring network address port translation, achieving translation of an inner network IP (internet protocol) address and a public network IP (internet protocol) address of the current datagram, wherein the public network IP address of the current datagram comprises N port queues, and N is an integer greater than 1; S2, selecting one port sequence in the N port queues according to an outer network IP address of the current datagram, and selecting a port which is not distributed in the selected port queue as a public network port number of the current datagram. According to the invention, judgment of a target IP is increased on a conversion method of PAT (port address translation); the same port number can be adopted as to different resources; multiplexing of the port is achieved; the different resources are expanded for N times relatively to the port resource, and the datagram is prevented from being abandoned due to exhausting of the port resource.

Systems and methods for connecting a network using one network protocol with a network using another network protocol are provided. According to an embodiment, a method is provided for performing network address translation. A data packet is received, by a protocol bridge connecting a first network, using a first protocol, and a second network, using a second protocol, via a first session of the first protocol from a first network appliance of the first network. The first protocol may be either Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) and the second protocol is the other. The data packet is translated into the second protocol. The translation is performed in a kernel space of the protocol bridge. Finally, the data packet is transmitted via a second session of the second protocol to a second network appliance of the second network.

Disclosed are methods and apparatus for handling data having an embedded address (and port). In general terms, a host of a private network is operable to obtain from its corresponding edge router a global address (GA) and optionally an additional global port range (GPR). When the host then wishes to transmit data out of the private network, the obtained GA (and GPR) may then be used for an embedded address (and port) within data sent by the host to a public network. The obtained GA (and GPR) may also be used by the host to translate its own source address and port in its IP and / or TCP / UDP header if needed.