The present disclosure relates generally to network architectures, and relates more particularly to an apparatus, method, and non-transitory computer readable medium for a lower cost and more scalable carrier grade network address translation (CG-NAT) architecture.
Internet traffic has grown exponentially over time. Various technologies are used to route traffic across the globe. Internet traffic may assign Internet protocol (IP) addresses to route traffic from a source to a destination. An example of a protocol used to assign Internet protocol (IP) addresses is Internet protocol version 4 (IPv4). However, IPv4 addresses are becoming a scarce commodity as the Internet growth exceeds the number of addresses available.
The teachings of the present disclosure can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:
To facilitate understanding, similar reference numerals have been used, where possible, to designate elements that are common to the figures.
The present disclosure broadly discloses an apparatus, method, and non-transitory computer readable medium for a lower cost and more scalable CG-NAT architecture. In one example, an apparatus includes a first network interface to connect to a provider router in a core network, a second network interface to connect to an input/output (I/O) router in a local access network that includes a plurality of different endpoint devices, a routing block to determine a first set of data that is to be passed-through without receiving network address translation and a second set of data that requires network address translation, and a processor, wherein the processor is to generate a plurality of virtual carrier grade network address translation (vCG-NAT) instances, wherein the plurality of vCG-NAT instances is to route a second set of data between the provider router and the I/O router, wherein the routing block is to route the second set of data to a correct vCG-NAT instance of the plurality of vCG-NAT instances based on routing information in the routing block.
In another example, a method performed by a processing system includes receiving a data packet from a provider router in a core network, determining that the data packet requires network address translation, determining a virtual carrier grade network address translation (vCG-NAT) instance associated with the data packet, performing network address translation on the data packet via the vCG-NAT, and transmitting the data packet that has received network address translation to an input/output (I/O) router in a local access network to forward the data packet to an endpoint device.
In another example, a non-transitory computer-readable medium may store instructions which, when executed by a processing system in a communications network, cause the processing system to perform operations. The operations may include receiving a data packet from a provider router in a core network, determining that the data packet requires network address translation, determining a virtual carrier grade network address translation (vCG-NAT) instance associated with the data packet, performing network address translation on the data packet via the vCG-NAT, and transmitting the data packet that has received network address translation to an input/output (I/O) router in a local access network to forward the data packet to an endpoint device.
As discussed above, IPv4 addresses are becoming a scarce commodity as the Internet growth exceeds the number of addresses available. CG-NAT may be used to bridge to the future use of Internet Protocol version 6 (IPv6). Internet service providers (ISPs) may be incentivized to deploy CG-NAT due to the ability to sell IPv4 addresses that are freed from the implementation of the CG-NAT architecture.
However, current CG-NAT network configurations may use a proprietary card in a service node where the network address translation takes place. The proprietary card has a physical limit to the number of ports to perform the network address translation. The physical limit to these proprietary cards may prevent the service node from performing the network address translation of thousands of IP addresses for end users. Currently, to increase capacity, additional proprietary cards must be purchased and installed in the router chassis. The proprietary cards can be expensive. As a result, scaling up the CG-NAT architecture with currently used methods may be expensive and limited by the amount of space available in the router chassis.
Examples of the present disclosure may provide a CG-NAT device that sits between the core network and the local access network. The CG-NAT device may be a combination of a carrier grade network (CGN) leaf, a virtual application, and a management switch. The CG-NAT device may create any number of virtual CG-NAT instances to perform IP address translation.
Thus, the CG-NAT device of the present disclosure may be implemented at a much lower cost as the CG-NAT device of the present disclosure does not require proprietary line cards to be installed. In addition, the CG-NAT device of the present disclosure can be easily scaled to larger network architectures. The CG-NAT device of the present disclosure can be easily deployed between the core network and the local access network with little to no modifications of existing network elements and/or devices. These and other aspects of the present disclosure are discussed in greater detail below in connection with the examples of
To aid in understanding the present disclosure,
In this regard, it should be noted that as referred to herein, “traffic” may comprise all or a portion of a transmission, e.g., a sequence or flow, comprising one or more packets, segments, datagrams, frames, cells, PDUs, service data unit, bursts, and so forth. The particular terminology or types of data units involved may vary depending upon the underlying network technology. Thus, the term “traffic” is intended to refer to any quantity of data to be sent from a source to a destination through one or more networks.
In one example, the network 105 may be in communication with networks 104 and networks 106. Networks 104 and 106 may each comprise a wireless network (e.g., an Institute of Electrical and Electronics Engineers (IEEE) 802.11/Wi-Fi network and the like), a cellular access network (e.g., a Universal Terrestrial Radio Access Network (UTRAN) or an evolved UTRAN (eUTRAN), and the like), a circuit switched network (e.g., a public switched telephone network (PSTN)), a cable network, a digital subscriber line (DSL) network, a metropolitan area network (MAN), an Internet service provider (ISP) network, a peer network, and the like. In one example, the networks 104 and 106 may include different types of networks. In another example, the networks 104 and 106 may be the same type of network. The networks 104 and 106 may be controlled or operated by a same entity as that of network 105 or may be controlled or operated by one or more different entities. In one example, the networks 104 and 106 may comprise separate domains, e.g., separate routing domains as compared to the network 105. In one example, networks 104 and/or networks 106 may represent the Internet in general.
In one embodiment, the network 104 may be a local access network with an Input/Output (I/O) router 108. The I/O router 108 may be communicatively coupled to a plurality of endpoint devices 116 and 118. The endpoint devices 116 and 118 may be any type of endpoint device (e.g., a desktop computer, a laptop computer, a mobile telephone, a tablet computer, a set top box, a smart appliance, an Internet of Things (IoT) device, and the like). The I/O router 108 may be a router that aggregates IP traffic or data from a private side of the network 104 that includes the endpoint devices 116 and 118.
In one embodiment, the I/O router 108 may be assigned an Internet Protocol version 4 (IPv4) address that is shared by the endpoint devices 116 and 118 via private IP address and port assignments. The I/O router 108 may route data to a particular endpoint device 116 or 118 based on port numbers and a private IP address received from a CG-NAT device 102. However, the virtual CG-NAT (vCG-NAT) of the present disclosure may replace the routing function of the I/O router 108 and route directly to the endpoint device 116 and 118 via a mapping of the IP addresses and port numbers, as described in further details below.
In one embodiment, the network 106 may be a public network, e.g., the Internet. The public network 106 may include a server 120 that hosts a website. The endpoint devices 116 and 118 may exchange data with the website hosted by the server 120 via the CG-NAT device 102 of the present disclosure, as described in further details below. Although a single public network 106 and a single server 120 are illustrated in
The CG-NAT device 102 of the present disclosure may be deployed between a provider router 110 of the core network 105 and the I/O router 108 to perform network address translations via the vCG-NAT instances. As noted above, the creation of the vCG-NAT instances via the CG-NAT device 102 of the present disclosure provides a more scalable and lower cost architecture for deploying CG-NAT and freeing up more IPv4 addresses that can be sold by Internet service providers. The CG-NAT device 102 can be deployed with little to no modification to the provider router 110 or the I/O router 108 that were previously directly connected to each other. As noted above, network address translation was previously performed using proprietary line cards that were installed in a router chassis of the I/O router 108.
In one example, network 105 may transport traffic to and from endpoint devices 116 and 118. For instance, the traffic may relate to communications such as voice telephone calls, video and other multimedia, text messaging, emails, and so forth between the endpoint devices 116 and 118 and the server 120 (or potentially other endpoint devices (not shown)).
As further illustrated in
In one example, an application server (AS) 114 that may perform various network control functions within the core network 105 may be controlled and managed by the SDN controller 155. For instance, in one example, SDN controller 155 is responsible for such functions as provisioning and releasing instantiations of virtual network functions (VNFs) to perform the functions of routers, switches, and other devices, provisioning routing tables and other operating parameters for the VNFs, and so forth. In one example, SDN controller 155 may maintain communications with VNFs via a number of control links which may comprise secure tunnels for signaling communications over an underling IP infrastructure of network 105. In other words, the control links may comprise virtual links multiplexed with transmission traffic and other data traversing network 105 and carried over a shared set of physical links. For ease of illustration the control links are omitted from
The functions of SDN controller 155 may include the operation of the CG-NAT device 102. For example, the SDN controller 155 may download computer-executable/computer-readable instructions, code, and/or programs (broadly “configuration code”) for the CG-NAT device 102, which when executed by a processor of the CG-NAT device 102, may cause the CG-NAT device 102 to perform as a PE router, a switch, a network address translation device, and so forth. In one example, SDN controller 155 may download the configuration code to the CG-NAT device 102. In another example, SDN controller 155 may instruct the CG-NAT device 102 to load the configuration code previously stored on the CG-NAT device 102 and/or to retrieve the configuration code from another device in network 105 that may store the configuration code for one or more VNFs.
In addition, in one example, SDN controller 155 may represent a processing system comprising a plurality of controllers, e.g., a multi-layer SDN controller, one or more federated layer 0/physical layer SDN controllers, and so forth. For instance, a multi-layer SDN controller may be responsible for instantiating, tearing down, configuring, reconfiguring, and/or managing layer 2 and/or layer 3 VNFs (e.g., a network switch, a layer 3 switch and/or a router, etc.), whereas one or more layer 0 SDN controllers may be responsible for activating and deactivating optical networking components, for configuring and reconfiguring the optical networking components (e.g., to provide circuits/wavelength connections between various nodes or to be placed in idle mode), for receiving management and configuration information from such devices, for instructing optical devices at various nodes to engage in testing operations in accordance with the present disclosure, and so forth. In one example, the layer 0 SDN controller(s) may in turn be controlled by the multi-layer SDN controller. For instance, each layer 0 SDN controller may be assigned to nodes/optical components within a portion of the network 105. In addition, these various components may be co-located or distributed among a plurality of different dedicated computing devices or shared computing devices (e.g., NFVI) as described herein.
It should be noted that the system 100 has been simplified. In other words, the system 100 may be implemented in a different form than that illustrated in
In another example, data that includes a static IPv4 address may identified as data that may be passed-through the CG-NAT device 102. A line 224 represents an example path of data with a static IPv4 address that travels through the pass-through portion 206 of the routing block 204.
In one embodiment, processor 202 may be an x86 processor. The processor 202 may execute instructions that may generate and maintain operation of a plurality of vCG-NAT instances 2141 to 214n (hereinafter also referred to individually as a vCG-NAT instance 214 or collectively as vCG-NAT instances 214). In one embodiment, “virtualized” may be defined as execution of a computing system function or functions of a hardware system in a layer abstracted from the processor 202. In other words, each of the vCG-NAT instances 214 may appear to data or data packets as a physical hardware device that performs network address translation. However, the vCG-NAT instances 214 are executed in software under the control and assistance of the processor 202.
The vCG-NAT instances 214 may perform network address translation on the IP address of data packets. Each vCG-NAT instance 214 may be assigned to a particular IP address or a group of IP addresses. For example, public IP addresses with associated port numbers may be translated into a private IP address and associated port number, and vice versa. In one example, vCG-NAT instance 2141 may be assigned to subscribers with a private IP address of 10.0.1.0/24, vCG-NAT instance 2142 may be assigned to subscribers with a private IP address of 10.0.2.0/24, and so forth.
Within each vCG-NAT 214, the vCG-NAT 214 may provide address translation. For example, if a subscriber has a private IP address 10.0.0.1 with a source port range of 1-65000, then it may assign a public IP address of 12.12.12.1 and source-port range of 1024-2000. If a subscriber has a private IP address 10.0.0.2 with a source port-range of 1-65000, then it may assign a public IP address of 12.12.12.1 and source port range of 2001-3000, and so forth. As such, data packets transmitted (to and from) for these subscribers can be properly routed using the pertinent IP addresses and port numbers. These are only illustrated examples.
In one embodiment, the routing instructions 208 may include tables that direct data packets to a particular vCG-NAT instance 214 that is assigned to translate a range of IP addresses that includes the IP address of the data packet. The routing instructions 208 may include a global routing table (GRT) 210 and a virtual routing and forwarding (VRF) table 212. The GRT 210 may include a table of public IP addresses or Internet prefixes and the assigned vCG-NAT instance 214. In addition to the table of public IP addresses or Internet prefixes, the GRT 210 may include port number ranges associated with each of the public IP addresses. The GRT 210 may be used to direct data coming from the provider router 110 towards the I/O router 108. The VRF 212 may include a table of private IP addresses provided by the I/O router 108 and the assigned vCG-NAT instance 214. The VRF 212 may direct data coming from the I/O router 108 towards the provider router 110.
As noted above, the CG-NAT device 102 may be deployed between the provider router 110 and the I/O router 108. The CG-NAT device 102 may include a communication interface 216 and 218. The communication interface 216 may receive a physical connection 220 to the provider router 110. The communication interface 218 may receive a physical connection 222 to the I/O router 108.
The configuration of the provider router 110 and the I/O router 108 may have little to no changes. In other words, the CG-NAT device 102 may be a “plug-and-play” device. For example, the provider edge router 110 may continue to forward data believing that the data is being forwarded to the I/O router 108. The I/O router 108 may continue to forward data believing the data is being forwarded to the provider router 110. However, the data may be intercepted by the CG-NAT device 102. The CG-NAT device 102 may allow the data to pass-through or perform network address translation via the vCG-NAT instances 214.
In one embodiment, the CG-NAT device 102 may route the data to the assigned vCG-NAT instances 214 based on the source IP address of the data using the GRT 210 or the VRF 212, as described above.
The GRT 210 may direct the data to the correct vCG-NAT instance 214 based on the IP address and the assigned vCG-NAT instance 214 listed in the GRT 210. The assigned vCG-NAT instances 214 may perform network address translation. For example, the public IP address of the I/O router 108 and associated port number associated with the packet may be translated into a private IP address and port number from the information contained in the data. The CG-NAT device 102 may then transmit the data that has received the network address translation to the I/O router 108, which may then forward the data to the appropriate endpoint device 116 or 118 illustrated in
The VRF 212 may direct the data to the correct vCG-NAT instance 214 based on the IP address and the assigned vCG-NAT instance 214 listed in the VRF 212. The assigned vCG-NAT instances 214 may perform network address translation. For example, the private IP address of a destination may be translated into a public IP address associated with a website hosted by the server 120. The CG-NAT device 102 may then transmit the data that has received the network address translation to the provider router 110, which may then forward the data to the appropriate server 120 illustrated in
In one embodiment, as more capacity for network address translation is needed, the processor 202 may generate additional vCG-NAT instances 214. For example, if a new IP address is assigned for network address translation and the existing vCG-NAT instances 214 have no remaining capacity, the processor 202 may generate a new vCG-NAT instance 214 to handle the network address translation of the new IP address. The GRT 210 or the VRF 212 may be updated with a corresponding entry for the new IP address and the new vCG-NAT instance 214 that is assigned to the new IP address.
The only limit to the number of vCG-NAT instances 214 that can be created by the processor 202 is the processing power of the processor 202 and an amount of memory in the CG-NAT device 102. As a result, the CG-NAT architecture can be easily scaled at a much lower cost using the CG-NAT device 102 of the present disclosure. It should be noted that in one embodiment the CG-NAT device 102 can be deployed external to the networks 104 and 105. Alternatively, in one embodiment the CG-NAT device 102 can be deployed internal to either network 104 or network 105.
In one embodiment, the SDN controller 155 may provide the processor 202 information on an initial start-up of the CG-NAT device 102 after the CG-NAT device 102 is deployed. For example, the SDN controller 155 may provide the CG-NAT device 102 with the assigned IP addresses and port assignments for data that is transmitted between the provider router 110 and the I/O router 108. The processor 202 may take the information to generate a desired number of vCG-NAT instances 214 to perform the network address translation. The GRT 210 and the VRF 212 may be generated with the IP address ranges and port assignments and the vCG-NAT instances 214 that are assigned to each one of the IP address ranges and port assignments.
The method 300 begins in step 302 and proceeds to step 304. In step 304, the processing system may receive a data packet from a provider router in a core network. The data packet may have a public IP address that is associated with an I/O router that services a plurality of different endpoint devices in a local access network. The public IP address may be an assigned IPv4 address. It should be noted that the data packet may also be associated with a port number in addition to the public IP address that is associated with the I/O router.
At step 306, the processing system may determine that the data packet requires network address translation. For example, as noted in the step 304, the IP address of the data packet may be an assigned IPv4 address. However, if the IP address was a static IP address, then the data packet may not require network address translation. Thus, data packets with static IP addresses may be passed-through without receiving any network address translation.
At step 308, the processing system may determine that a virtual carrier grade network address translation (vCG-NAT) instance is associated with the data packet. For example, a GRT table may be used to look up the public IP address of the data packet and find the assigned vCG-NAT instance from a plurality of different vCG-NAT instances generated by the processing system. The data packet may then be forwarded to the assigned vCG-NAT instance.
At step 310, the processing system may perform network address translation on the data packet via the identified vCG-NAT. For example, the public IP address and a port number associated with the packet may be translated into a private IP address and port number associated with the destination endpoint device.
At step 312, the processing system may transmit the data packet that has received network address translation to an input/output (I/O) router in a local access network to forward the data packet to an endpoint device. The data packet may then be transmitted to the I/O router. The I/O router may forward the data packet to the appropriate endpoint device based on the private IP address and the port number.
In one embodiment, the method 300 may also be performed in the opposite direction. For example, the method 300 may receive a second data packet from the I/O router. The processing system may determine that the data packet requires network address translation. For example, the data packet may have an assigned IP address rather than a static IP address that can be passed through the CG-NAT device of the processing system.
The processing system may determine the pertinent vCG-NAT instance associated with the second data packet. The vCG-NAT instance that is assigned to the second data packet may be determined using a VRF table.
The assigned vCG-NAT may perform the network address translation on the second data packet. For example, the private IP address of the second data packet may be converted into a public IP address associated with a destination (e.g., a website hosted by a public server in the Internet). The second data packet may then be transmitted to the provider router in the core network, which may then forward the second data packet to the destination server that hosts the web site that is intended to receive the second data packet.
In one embodiment, the method 300 may also generate new vCG-NAT instances if a new IP address is received and the existing vCG-NATs do not have capacity to accept another IP address. When no capacity is available, the CG-NAT device of the processing system may generate a new vCG-NAT instance. The new vCG-NAT instance may be assigned to the new IP address. The GRT and/or the VRF table may be updated accordingly. The method 300 may end in step 314.
It should be noted that the method 300 may be expanded to include additional steps or may be modified to include additional operations with respect to the steps outlined above. In addition, although not specifically specified, one or more steps, functions, or operations of the method 300 may include a storing, displaying, and/or outputting step as required for a particular application. In other words, any data, records, fields, and/or intermediate results discussed in the method can be stored, displayed, and/or outputted either on the device executing the method or to another device, as required for a particular application. Furthermore, steps, blocks, functions or operations in
Furthermore, one or more hardware processors can be utilized in supporting a virtualized or shared computing environment. The virtualized computing environment may support one or more virtual machines representing computers, servers, or other computing devices. In such virtualized virtual machines, hardware components such as hardware processors and computer-readable storage devices may be virtualized or logically represented. The hardware processor 402 can also be configured or programmed to cause other devices to perform one or more operations as discussed above. In other words, the hardware processor 402 may serve the function of a central controller directing other devices to perform the one or more operations as discussed above.
It should be noted that the present disclosure can be implemented in software and/or in a combination of software and hardware, e.g., using application specific integrated circuits (ASIC), a programmable gate array (PGA) including a Field PGA, or a state machine deployed on a hardware device, a computing device or any other hardware equivalents, e.g., computer readable instructions pertaining to the method discussed above can be used to configure a hardware processor to perform the steps, functions and/or operations of the above disclosed method 300. In one example, instructions and data for the present module or process 405 for routing data through a CG-NAT device (e.g., a software program comprising computer-executable instructions) can be loaded into memory 404 and executed by hardware processor element 402 to implement the steps, functions, or operations as discussed above in connection with the illustrative method 300. Furthermore, when a hardware processor executes instructions to perform “operations,” this could include the hardware processor performing the operations directly and/or facilitating, directing, or cooperating with another hardware device or component (e.g., a co-processor and the like) to perform the operations.
The processor executing the computer readable or software instructions relating to the above described method can be perceived as a programmed processor or a specialized processor. As such, the present module 405 for routing data through a CG-NAT device (including associated data structures) of the present disclosure can be stored on a tangible or physical (broadly non-transitory) computer-readable storage device or medium, e.g., volatile memory, non-volatile memory, ROM memory, RAM memory, magnetic or optical drive, device or diskette, and the like. Furthermore, a “tangible” computer-readable storage device or medium comprises a physical device, a hardware device, or a device that is discernible by the touch. More specifically, the computer-readable storage device may comprise any physical devices that provide the ability to store information such as data and/or instructions to be accessed by a processor or a computing device such as a computer or an application server.
While various examples have been described above, it should be understood that they have been presented by way of illustration only, and not a limitation. Thus, the breadth and scope of any aspect of the present disclosure should not be limited by any of the above-described examples, but should be defined only in accordance with the following claims and their equivalents.