Patent Grant
10469446
The invention relates to computer networks and, more particularly, to network address translation in computer networks.
A computer network generally includes a number of interconnected network devices. Large networks, such as the Internet, typically include a number of interconnected computer networks, which in this context are often referred to as sub-networks or subnets. These subnets are each assigned a range of network addresses that can be allocated to the individual network devices that reside in the respective subnet. A server in each subnet may be responsible for allocating these network addresses in accordance with a network address allocation protocol, such as a dynamic host configuration protocol (DHCP).
Service provider networks typically assign private network addresses to subscriber equipment (e.g., cable modems, DSL modems, mobile devices) utilized by their customers. For example, a DHCP server or Radius server may dynamically assign a private address to a subscriber equipment upon establishing a network connection for the subscriber equipment. When not in use, the network connection is torn down and the private address is returned to a pool of provider addresses utilized within the service provider network. These private addresses are not routable outside the service provider network. Instead, a network address translation (NAT) device translates the private addresses currently used by each subscriber equipment to public network addresses that are routable within a public network, such as the Internet.
Service providers are sometimes required by law enforcement to be able to identify a particular customer that is associated with particular network traffic at a particular time and day. As a result, service provides are typically required to maintain information such that any given network address that sourced or received certain traffic can be traced back to the particular customer. As a result, service providers typically deploy a Carrier Grade NAT (CGN) archive system that maintains archives of NAT system log files (“syslog”). Each syslog file stores by the CGN archive system potentially a significant amount of information including each subscriber login and, for each login, the private source IP address, the private source port, any VPN information of the subscriber, tunneling information, any NAT rules/terms, public IP address and port assigned to the subscriber. As such, in a typical service provider network, the CGN archive system is tasked with burden of correlating subscriber login and address allocation information from databases of, for example, the AAA server or access gateway with network address translation information from routers or NAT devices forwarding network traffic within the subscriber network. This correlation can present significant challenges and burdens in certain environments, such as large service provider networks where session setup rate is typically very high with tens of millions of sessions being established and torn down each day across the network.
In general, techniques for subscriber-aware network address translation (NAT) are described. In one example, techniques are described in which routers or other NAT-enabled devices deployed within a network are configured to automatically correlate subscriber information with NAT operations performed by the devices when forwarding network traffic. As such, the techniques offload to the routers the task of correlating subscriber login activity with NAT operations as typically performed by offline NAT log archive systems. This may enable improved scalability for service provider networks.
In one example, a method comprises receiving, with a router, a network access request from a subscriber device of a service provider network, wherein the subscriber device is associated with a subscriber of the service provider network. The method further comprises, upon authenticating the subscriber, installing a subscriber identifier within a service unit of a data plane of the router, wherein the subscriber identifier uniquely identifies the specific subscriber from a plurality of subscribers of the service provider network. The method includes responsive to a packet flow associated with the subscriber device, performing one or more network address translation (NAT) operations by a NAT element within one of the service units of the data plane of the router, generating, within the service unit of the data plane of the router, one or more records logging the NAT operations, where in the records correlate the NAT operations with the subscriber by identifying the NAT operations and including the identifier of the subscriber; and outputting the records from the data plane of the router to an archive system.
As another example, a router includes a data plane having packet forwarding hardware configured to forward transit packets and at least one service unit coupled to the packet forwarding hardware. The router includes a control unit configured to receive a network access request from a subscriber device of a service provider network and authenticate a subscriber associated with the subscriber device. Upon authenticating the subscriber, the control unit is configured to install a subscriber identifier within a service unit of a data plane of the router, the subscriber identifier uniquely identifying the specific subscriber from a plurality of subscribers of the service provider network. Responsive to a packet flow associated with the subscriber device, the service unit is configured to perform one or more network address translation (NAT) operations and generate, within the service unit of the data plane of the router, one or more records logging the NAT operations, where in the records correlate the NAT operations with the subscriber by identifying the NAT operations and including the identifier of the subscriber.
As another example, a system comprises a network configured to provide a plurality of subscriber devices access to a public network. The subscriber devices are associated with respective subscribers. A subscriber management system of the network includes a subscriber database having profiles for each of the subscribers, and each of the subscribers is uniquely identified in the subscriber management system by a corresponding subscriber identifier. An archive system stores records of network address translation (NAT) operations performed on packet flows within the network, wherein the records stored by the archive system are correlated with the subscriber identifiers such that each of NAT operations specified by the records can be associated with a respective one of subscribers. A router deployed within the network is configured to receive a network access request from a subscriber device of a service provider network, wherein the subscriber device is associated with a subscriber of the service provider network. In addition, the router, upon authenticating the subscriber with the subscriber management system, installs the subscriber identifier of the subscriber within a service unit of a data plane of the router. Responsive to a packet flow associated with the subscriber device, the router performs one or more NAT operations by a NAT element within one of the service units of the data plane of the router, generates, within the service unit of the data plane of the router, one or more records logging the NAT operations, wherein the records correlate the NAT operations with the subscriber by identifying the NAT operations and including the identifier of the subscriber. In response to a triggering event, the router outputs the records to the archive system.
The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
In the example of
Service provider network 20 may also include or otherwise connect to radio access network 25 in which one or more base stations communicate via radio signals with mobile devices 19. Radio access network 25 is a transport network that enables base stations to exchange packetized data with core network 31 of the service provider, ultimately for communication with packet data network 21. Radio access network 25 typically comprises communication nodes interconnected by communication links, such as leased land-lines or point-to-point microwave connection. The communication nodes comprise network, aggregation, and switching elements that execute one or more protocols to route packets between base stations and gateway router 32 via metro access network 35.
In general, gateway router 32 provides access, by mobile devices 19 and CPEs 18, to core network 31 of the service provider network and ultimately to public network 21. In similar manner, other gateway routers 32′ may be deployed to provide network access to customer endpoint devices (not shown) coupled to additional access networks 34. Core network 31 may comprise, for instance, a general packet radio service (GPRS) core packet-switched network, a GPRS core circuit-switched network, an IP-based mobile multimedia core network, or another type of transport network. Core network 31 typically includes one or more packet processing nodes to support firewall, load balancing, billing, deep-packet inspection (DPI), and other services for mobile traffic traversing the mobile core network.
In general, service provider network 20 includes a management network 37 having resources for managing the customers of the service provider along with the infrastructure of the service provider network. AAA server 30, for example, represents a subscriber management system for the service provider network and is typically an authentication, authorization and accounting (AAA) server to authenticate the credentials of a subscriber requesting a network connection. In general, AAA server 30 maintains a subscriber database having profiles for each of the subscribers, including login credentials. Each of the subscribers is uniquely identified in the subscriber management system by a corresponding subscriber identifier. Although shown separately, AAA server 30 may be integrated within a router or gateway of broadband network or on a separate network device and may be, for example, a Remote Authentication Dial-In User Service (RADIUS) server. Upon authenticating a network login request from either a CPE 18 or a mobile device 19, AAA server 30 assigns a private layer three (L3) network address (e.g., an IPv4 network address) for receiving data services within service provider network 20. This may be accomplished in a variety of ways. For example, the private network address may be statically configured on the subscriber device or may be dynamically or statically assigned by AAA server 30 (or gateway router 32). Typically, upon authentication of the subscriber, AAA server 30 selects a private IP address from a pool of private network addresses. In some cases, gateway router 32 may send a Radius authentication request to AAA server 30 for authentication and assignment of a private IP address.
As shown in
In general, a respective NAT element 17 within the selected subscriber management unit provides network address translation for private network addresses routable within the service provider network to public network addresses routable within core network 31 and public network 21. As one example, NAT element 17 applies a source network address and port translation (NAPT) mechanism for subscriber data traffic 19 forwarded within data plane 15. For example, when routing outbound packets of subscriber data traffic 19, from metro access network 35 destined for a destination address within public network 21, NAT element 17 applies a binding that maps private source addresses of the outbound packets to public addresses and ports. NAT element 17 performs network address translation to translate the private source network address within the packet to the public network address and port number bound to the particular subscriber communication session. During this process, NAT element 17 may replace all or a portion of a header (e.g., IP or UDP header) of the packet prior to forwarding the packet to public network 12. Upon receiving an inbound packet from public network 21 via core network 31, NAT element 17 identifies a current NAT entry for the communication session and maps the public destination network address and the destination port to the corresponding private network address and port. NAT element 17 may then replace all or a portion of a header (e.g., IP or UDP header) within the packet prior to forwarding the packet to metro access network 31.
In this way, NAT element 17 is configured to perform NAT operations as subscriber traffic 19 is forwarded within the data plane 15. As described herein, gateway router 32 may be configured to perform subscriber-aware network address translation (NAT). For example, as described herein, control unit 19 configures NAT element 17 of each of service units 13 to auto-correlate subscriber information with NAT operations when forwarding network traffic within the data plane. For example, upon interacting with AAA server 30 to receive authentication information for a subscriber, including any dynamically allocated private network address or subscriber identifier, control unit 19 programs NAT element 17 with subscriber identification information, such as a customer ID. In turn, when subsequently forwarding subscriber traffic, NAT element 17 generates and, optionally, temporarily caches NAT logs in which NAT operations performed by NAT element 17 when processing transit data packets are correlated with the corresponding subscriber information. That is, when performing NAT operations, NAT elements 17 of service units 13 determine the subscriber identity associated with the packet flow and generates the NAT logs of data plane activity that already include at least some data or identifier that provides the identification of the subscriber associated with the packet flow. NAT element 17 reports the pre-correlated NAT logs to control unit 19 for communication to an external archive, such as Carrier Grade NAT (‘CGNAT’) archive 33 for long term storage. Reporting of the pre-correlated NAT logs by NAT elements 17 of data plane 15 may be based on time (periodic), threshold (cached data size), time of day or other criteria or an external request such as a polling request from CGNAT archive 33.
As such, the techniques described herein offload the burden of correlating subscriber login activity with NAT operations, as typically performed by offline NAT log archive systems, to NAT devices, such as router 32, deployed within service provider network 20. This may provide increased scalability for service provider network 20, and may allow syslog operators to elect not to use deterministic NAT or Port Block Allocation (PBA). This may provide more efficient use of public IP addresses and better security by avoiding predictable ports usage. The techniques may also provide subscriber-level NAT statistics for analytics and integration with other router functions, which may be useful for planning of public addresses for the network operator, deciding optimal port block size, identification of subscribers using maximum NAT resources (ports), and allows the operator to dynamically change parameters (e.g., using dynamic port allocation).
The techniques may be used with any of a variety of NAT algorithms. For example, when selecting NAT bindings for new subscriber sessions, NAT element 17 may apply deterministic NAT in which the address and port binding is precomputed or may use dynamic address and port selection by maintaining and utilizing a pool of public network addresses from which to allocate addresses.
Control plane 11 includes control unit 19, which executes the device management services, subscriber authentication and control plane routing functionality of gateway router 32. For, control unit 19 represents hardware or a combination of hardware and software of control that implements routing plane routing protocols 40A-40N (“routing protocols 40”) by which routing information stored in a routing information base 29 (“RIB 29”) may be determined. RIB 29 may include information defining a topology of a network, such as service provider network 20 of
Data plane 15, in this example, is a decentralized data plane in that data plane functionality and packet forwarding functionality is distributed among a plurality of forwarding units 40A-40N (“forwarding units 40”). In the example of gateway router 32 of
In addition, data plane 15 includes a plurality of service units 13A-13K (“service units 13 that may be, as examples, removable service cards, which are configured to apply network services to packets flowing through data plane 15.
Internal switch fabric 22 couples control unit 19, service units 13, and forwarding units 40 to deliver data units and control messages among the units. Switch fabric 22 may represent an internal switch fabric or cross-bar, bus, or link. Examples of high-speed multi-stage switch fabrics used as a forwarding plane to relay packets between units within a router are described in U.S. Patent Application 2008/0044181, entitled MULTI-CHASSIS ROUTER WITH MULTIPLEXED OPTICAL INTERCONNECTS. The entire contents of U.S. Patent Application 2008/0044181 are incorporated herein by reference.
As shown in the example of
When forwarding packets, control logic within each lookup ASICs 42 traverses FIB 39 and, upon reaching a FIB entry for the packet (e.g., a leaf node), the microcode-implemented control logic automatically selects one or more forwarding next hops (FNHs) for forwarding the packet. Lookup ASIC 42A may be implemented using a forwarding application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs), or any other equivalent integrated or discrete logic circuitry, as well as any combinations of such components. Each of forwarding units 40 may include substantially similar components to perform substantially similar functionality, said components and functionality being described hereinafter with respect to forwarding unit 40A.
Each subscriber management unit 10 provides a computing environment for executing application of various packet-processing services 36, such as NAT element 17, to packet flows traversing forwarding plane 15. In this example, service card controller 51 of control unit 19 configures service cards 10 to perform packet processing operations within data plane 15. For example, service card controller 51 may configure respective NAT element 17 operable within service cards 10 to perform network address translation for particular flows as transit data packets are forwarded by data plane 15. Service card controller 51 may, for example, configure NAT element with one or more pools of network addresses (NAT pool 61) from which to allocate public network addresses when generating NAT bindings for newly detected packet flows. As packets are received by router 32 for packet flows, such as inbound packet flow 9, forwarding units 40 direct the packet flows to service cards 10, where NAT elements 17 of the service cards performs network address translation prior to outputting the packet flow on an output interface.
Subscriber management module 47 processes control plane packets for managing network sessions of with CPE devices 18 or mobile devices 19. For example, responsive to receiving a network access request, subscriber management module 47 may communicate with AAA server 30 to authenticate the subscriber and, upon authentication, receive from the AAA server any subscriber profile. The subscriber profile may include, for example, an indicator as to whether NAT is to be performed on the packet flows associated with the subscriber, any private network address dynamically allocated for the subscriber and, optionally, any additional subscriber identifier.
As shown in
Upon processing an initial packet for a new communication session (packet flow), NAT element 17 dynamically creates a NAT binding for the new communication session. That is, NAT element 17 maintains an internal cache of NAT bindings for current subscriber communication sessions, where each communication can be uniquely identified, such as by a five tuple comprising a source network address and port, destination network address and port, and protocol. When processing an outbound packet having a destination address within public network 21, NAT element 17 accesses the NAT bindings to determine whether a NAT binding exists for the particular packet flow. Upon detecting an outbound packet from for a new packet flow, NAT element 17 determines the NAT binding based on the configuration information provided by service card controller 51. For example, if configured for dynamic NAT allocation, NAT element allocates a free public network address from NAT pool 61 and dynamically selects a port within an allocated port range for use with this particular communication session for the subscriber.
Upon assigning the public address and specific port, NAT element 17 updates its internal cache to record the NAT binding between the public address/port and the subscriber's private address/port for the packet flow. NAT element 17 similarly creates additional NAT bindings when processing initial packets for additional packet flows originating from or destined for the subscriber.
Upon determining the NAT binding for the new packet flow, NAT element 17 performs network address translation to translate the private source network address and source port within the outbound packet to the allocated public network address and assigned port number. Similarly, when processing outbound packets of subscriber data traffic 19 for an existing packet flow, NAT element 17 applies the corresponding NAT binding from its internal cache to map private source addresses of the outbound packets to public addresses and ports according to the binding. NAT element 17 performs network address translation to translate the private source network address within the packet to the public network address and port number bound to the particular subscriber communication session. During this process NAT element 17 may replace all or a portion of a header (e.g., IP or UDP header) of the packet prior to forwarding the packet to public network 12. When lookup ASIC 17 performs routing operations on an inbound packet from public network 12, NAT element 17 identifies a current NAT entry for the communication session and maps the public destination network address and the destination port to the corresponding private network address and port specified by the NAT binding. NAT element 17 may then replace all or a portion of a header (e.g., IP or UDP header) within the packet prior to forwarding the packet toward core network 31. Once NAT element 17 processes the first packet in a communication flow, NAT bindings for forward and reverse traffic are setup properly within its internal memory, and hence flow lookups for packets in that session will succeed. If the flow lookup succeeds, NAT or de-NAT action is performed using the existing NAT bindings and the packet is forwarded.
Moreover, in accordance with the techniques described herein, NAT element 17 accesses subscriber identification cache 53 when performing NAT operations and utilizes the cached subscriber identification to generate subscriber-aware NAT logs in which the NAT operations are correlated with the corresponding subscriber information. That is, when performing NAT operations, NAT element 17 determines the subscriber identifier associated with the particular packet flow, using subscriber information recognizable to external systems of the service provider such as AAA server 30, and generates the NAT logs to already include data or identifier that provides the identification of the subscriber associated with the packet flow. At this time, NAT element 17 may access subscriber identification cache 53 to determine the subscriber identifier for the subscriber (e.g., customer) associated with the particular packet flow and inserts a record within NAT log cache 63 to record the NAT activity in a subscriber-aware manner, i.e., subscriber correlated record.
For example, NAT element 17 may update the local NAT log cache 63 to record allocation of each new NAT binding of private IP/public IP & port for new network sessions. For example, upon receiving an initial packet from private IP 10.10.10.1, NAT element 17 may allocate a new NAT binding of public IP address 20.20.20.1/ports 1024-1380 for performing network address translation of subsequent packets for the sessions, and update the local, subscriber-aware NAT log within NAT log cache to include a record as follows:
NAT element 17 reports the pre-correlated NAT logs to control unit 19 via agent 49 for communication to CGNAT archive 33 for long term storage. Reporting of the pre-correlated NAT logs by NAT element 17 may be based on time (periodic), threshold (cached data size), time of day or other criteria (e.g., on subscriber logout). NAT element 17 may purge the cached NAT logs upon successfully reporting the NAT logs to CGNAT archive 33.
As such, the techniques described herein offload the burden of correlating subscriber login activity with NAT operations, as typically performed by offline NAT log archive systems, to NAT devices, such as router 32, deployed within service provider network 20. The techniques may be used with any of a variety of NAT algorithms. For example, when selecting NAT bindings for new subscriber sessions, NAT element 17 may apply deterministic NAT in which the address and port binding is precomputed or may use dynamic address and port selection by maintaining and utilizing a pool of public network addresses from which to allocate addresses.
Functionality described with respect to service cards 10 and control unit 19 may be embodied or encoded in a computer-readable medium, such as a computer-readable storage medium, containing instructions. Instructions embedded or encoded in a computer-readable medium may cause a programmable processor, or other processor, to perform the method, e.g., when the instructions are executed. Computer readable storage media may include random access memory (RAM), read only memory (ROM), programmable read only memory (PROM), erasable programmable read only memory (EPROM), electronically erasable programmable read only memory (EEPROM), flash memory, a hard disk, a CD-ROM, a floppy disk, a cassette, magnetic media, optical media, or other computer-readable storage media. It should be understood that the term “computer-readable storage media” refers to physical storage media, and not signals or carrier waves, although the term “computer-readable media” may include transient media such as signals, in addition to physical storage media.
Subsequently, gateway router 32 receives a network login request from a device, such as CPE 18A, indicating that the device requires a packet-based network connection (162). Forwarding plane 15 of gateway router 32 forwards the request to subscriber management module 47 executing in control plane 19. In response, subscriber management service unit 10A typically communicates with a centralized subscriber management system for service provider network 10, (e.g., AAA server 30), to authenticate the subscriber and receive a private network address dynamically allocated for the subscriber and subscriber identification information used by the subscriber management system to identify the subscriber/customer (164).
Upon processing a packet for the network connection (170), NAT element 17 determines whether the packet is an outbound packet for a new data session (174). If so, NAT element 17 dynamically creates a NAT binding for the new communication session (176). At this time, NAT element 17 may access subscriber identification cache 53 to determine the subscriber identifier for the subscriber (e.g., customer) associated with the particular packet flow and inserts a record within NAT log cache 63 to record the NAT activity in a subscriber-aware manner, i.e., subscriber correlated record (177). In addition, NAT element 17 may at this time initiate a report timer for periodically sending NAT logs cached in the data plane for the subscriber.
Upon creating the NAT binding, or upon determining that the packet is associated with an existing NAT binding, NAT element 17 performs network address translation to translate the private source network address and source port within any outbound packet to the computed public network address and the assign port number (178). For an inbound packet, NAT element 17 reverse translates the public network address to the private network and port in accordance with the NAT binding. Unsolicited inbound packets destined for legitimate private network addresses having NAT profiles may result in NAT bindings in a similar manner or may be rejected by NAT element 17 in accordance with configuration data provided by subscriber management unit 10A, which may be conveyed by one or more flags within the NAT profile for a given subscriber.
Upon receiving a network logout request or upon inactivity on the data session for a threshold time (179), NAT element 17 frees the NAT binding, determines the subscriber identifier for the subscriber associated with the flow and updates the NAT log cache 63 to insert a record of the activity and subscriber identifier (180). At some point, e.g., based on expiration of a report timer or upon achieving a storage capacity trigger, NAT element 17 reports the pre-correlated NAT logs of NAT log cache 63 from data plane 15 to control unit 19 via agent 49 for communication to CGNAT archive 33 for long term storage (181).
Various embodiments of the invention have been described. These and other embodiments are within the scope of the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6006269 | Phaal | Dec 1999 | A |
| 6571287 | Knight et al. | May 2003 | B1 |
| 6687245 | Fangman et al. | Feb 2004 | B2 |
| 7058973 | Sultan | Jun 2006 | B1 |
| 7184437 | Cole et al. | Feb 2007 | B1 |
| 7194767 | Boydstun et al. | Mar 2007 | B1 |
| 7246178 | Roberts et al. | Jul 2007 | B2 |
| 7346044 | Chou et al. | Mar 2008 | B1 |
| 7386628 | Hansell et al. | Jun 2008 | B1 |
| 7624195 | Biswas et al. | Nov 2009 | B1 |
| 7649912 | Balasubramanian et al. | Jan 2010 | B2 |
| 7804785 | Roberts et al. | Sep 2010 | B2 |
| 7821958 | Smith et al. | Oct 2010 | B2 |
| 7876790 | Cho et al. | Jan 2011 | B2 |
| 7990909 | Brueckheimer | Aug 2011 | B2 |
| 8018972 | Roberts et al. | Sep 2011 | B2 |
| 8031747 | Barry et al. | Oct 2011 | B2 |
| 8050559 | Sindhu | Nov 2011 | B2 |
| 8259571 | Raphel et al. | Sep 2012 | B1 |
| 8270438 | Barry et al. | Sep 2012 | B2 |
| 8274979 | Bragagnini et al. | Sep 2012 | B2 |
| 8275087 | Hadzic et al. | Sep 2012 | B2 |
| 8300749 | Hadzic et al. | Oct 2012 | B2 |
| 8325616 | Huang et al. | Dec 2012 | B2 |
| 8339959 | Moisand et al. | Dec 2012 | B1 |
| 8391271 | Mo et al. | Mar 2013 | B2 |
| 8416812 | Radulescu | Apr 2013 | B2 |
| 8427963 | Zampetti et al. | Apr 2013 | B2 |
| 8458338 | Karino et al. | Jun 2013 | B2 |
| 8494011 | Barry et al. | Jul 2013 | B2 |
| 8553542 | Szabo et al. | Oct 2013 | B1 |
| 8571008 | Kim et al. | Oct 2013 | B2 |
| 8588258 | Le Pallec et al. | Nov 2013 | B2 |
| 8630315 | Rivaud et al. | Jan 2014 | B2 |
| 8650279 | Mehta et al. | Feb 2014 | B2 |
| 8656052 | Carothers | Feb 2014 | B2 |
| 8670459 | Barry et al. | Mar 2014 | B2 |
| 8701179 | Penno et al. | Apr 2014 | B1 |
| 8730868 | Yamada et al. | May 2014 | B2 |
| 8750356 | Wang | Jun 2014 | B2 |
| 8812739 | Bryant et al. | Aug 2014 | B2 |
| 8819161 | Pannell et al. | Aug 2014 | B1 |
| 8837532 | Miyabe | Sep 2014 | B2 |
| 8891540 | Krishna et al. | Nov 2014 | B2 |
| 8942235 | Vinapamula Venkata | Jan 2015 | B1 |
| 8954609 | Holleman et al. | Feb 2015 | B1 |
| 9178846 | Kamisetty et al. | Nov 2015 | B1 |
| 9258272 | Durand | Feb 2016 | B1 |
| 20010028651 | Murase | Oct 2001 | A1 |
| 20020138622 | Dorenbosch et al. | Sep 2002 | A1 |
| 20030058853 | Gorbatov et al. | Mar 2003 | A1 |
| 20030172145 | Nguyen | Sep 2003 | A1 |
| 20040071149 | Kim et al. | Apr 2004 | A1 |
| 20060029081 | Yan et al. | Feb 2006 | A1 |
| 20060245454 | Balasubramanian et al. | Nov 2006 | A1 |
| 20060248581 | Sundarrajan et al. | Nov 2006 | A1 |
| 20070043876 | Varga et al. | Feb 2007 | A1 |
| 20070162968 | Ferreira et al. | Jul 2007 | A1 |
| 20080013524 | Hwang et al. | Jan 2008 | A1 |
| 20080044181 | Sindhu | Feb 2008 | A1 |
| 20080107112 | Kuo et al. | May 2008 | A1 |
| 20090034672 | Cho et al. | Feb 2009 | A1 |
| 20090109983 | Dixon et al. | Apr 2009 | A1 |
| 20090129301 | Belimpasakis | May 2009 | A1 |
| 20090135837 | Mohaban | May 2009 | A1 |
| 20090168808 | Cho et al. | Jul 2009 | A1 |
| 20090185501 | Huang | Jul 2009 | A1 |
| 20100008260 | Kim et al. | Jan 2010 | A1 |
| 20100153560 | Capone et al. | Jun 2010 | A1 |
| 20100158051 | Hadzic et al. | Jun 2010 | A1 |
| 20100158181 | Hadzic | Jun 2010 | A1 |
| 20100158183 | Hadzic et al. | Jun 2010 | A1 |
| 20100175123 | Karina et al. | Jul 2010 | A1 |
| 20100214959 | Kuehnel et al. | Aug 2010 | A1 |
| 20100284405 | Lim | Nov 2010 | A1 |
| 20100329125 | Roberts et al. | Dec 2010 | A1 |
| 20110047256 | Babu | Feb 2011 | A1 |
| 20110122775 | Zampetti et al. | May 2011 | A1 |
| 20110150008 | Le Pallec et al. | Jun 2011 | A1 |
| 20110153869 | Bryant et al. | Jun 2011 | A1 |
| 20110196945 | Alkhatib et al. | Aug 2011 | A1 |
| 20110200051 | Rivaud et al. | Aug 2011 | A1 |
| 20110219123 | Yang et al. | Sep 2011 | A1 |
| 20110249682 | Kean et al. | Oct 2011 | A1 |
| 20120023257 | Vos et al. | Jan 2012 | A1 |
| 20120110194 | Kikkawa et al. | May 2012 | A1 |
| 20120170631 | Liu | Jul 2012 | A1 |
| 20120218999 | McDonald | Aug 2012 | A1 |
| 20120250704 | Yamada et al. | Oct 2012 | A1 |
| 20120287948 | Ruffini et al. | Nov 2012 | A1 |
| 20120297089 | Carothers | Nov 2012 | A1 |
| 20120300859 | Chapman et al. | Nov 2012 | A1 |
| 20130039220 | Ruffini et al. | Feb 2013 | A1 |
| 20130054762 | Asveren | Feb 2013 | A1 |
| 20130067110 | Sarawat et al. | Mar 2013 | A1 |
| 20130080817 | Mihelic | Mar 2013 | A1 |
| 20130091303 | Mitra et al. | Apr 2013 | A1 |
| 20130103904 | Pangbom et al. | Apr 2013 | A1 |
| 20130121351 | Miyabe | May 2013 | A1 |
| 20130155945 | Chen | Jun 2013 | A1 |
| 20130166763 | Forsback | Jun 2013 | A1 |
| 20130208735 | Mizrahi et al. | Aug 2013 | A1 |
| 20130227008 | Yang | Aug 2013 | A1 |
| 20130259049 | Mizrahi | Oct 2013 | A1 |
| 20130283174 | Faridian et al. | Oct 2013 | A1 |
| 20130283175 | Faridian et al. | Oct 2013 | A1 |
| 20130301255 | Kim | Nov 2013 | A1 |
| 20140136690 | Jain | May 2014 | A1 |
| 20140161143 | Mizrahi et al. | Jun 2014 | A1 |
| 20140211714 | Li et al. | Jul 2014 | A1 |
| 20140211780 | Kang et al. | Jul 2014 | A1 |
| 20140226984 | Roberts et al. | Aug 2014 | A1 |
| 20140304765 | Nakamoto | Oct 2014 | A1 |
| 20150040238 | Sarsa Sarsa | Feb 2015 | A1 |
| 20150067171 | Yum | Mar 2015 | A1 |
| 20150071225 | Krishna | Mar 2015 | A1 |
| 20160080316 | Gonzalez Pizarro | Mar 2016 | A1 |
| 20160164699 | Ma | Jun 2016 | A1 |
| 20160164831 | Kim | Jun 2016 | A1 |
| Number | Date | Country |
|---|---|---|
| 101742633 | Jun 2010 | CN |
| 102148767 | Aug 2011 | CN |
| 4705656 | Jun 2011 | JP |
| 02076042 | Sep 2002 | WO |
| 2003096206 | Nov 2003 | WO |
| Entry |
|---|
| “Junos OS—Security Configuration Guide,” Juniper Networks, Inc., Mar. 9, 2012, 1804 pages. |
| Audet et al., “Network Address Translation (NAT) Behavioral Requirements for Unicast UDP,” RFC 4787, Network Working Group, IETF Trust, Jan. 2007, 30 pp. |
| Deering et al., “Internet Protocol, Version 6 (1Pv6) Specification,” RFC 2460, Network Working Group, The Internet Society, Dec. 1998, 39 pp. |
| Diel et al., “Characterizing TCP Resets in Established Connections,” Technical Report CS-08-102, Computer Science Department, Colorado State University, Sep. 10, 2008, 10 pp. |
| Donley et al. Deterministic Address Mapping to Reduce Logging in Carrier Grade NATs, draft-donley-behave-delerministic-cgn-00, Network Working Group, Internet-Draft, IETF Trust, Sep. 26, 2011, 10 pgs. |
| Durand et al., “Dual-Stack Lite Broadband Deployments Following 1Pv4 Exhaustion,” RFC 6333, Internet Engineering Task Force, IETF Trust, Aug. 2011, 32 pp. |
| Gaderer et al., “Improving Fault Tolerance in High-Precision Clock Synchronization,” IEEE Transactions on Industrial Informatics, vol. 6, No. 2, May 2010, pp. 206-215. |
| Gont, “TCP's Reaction to Soft Errors,” RFC 5461, Network Working Group, IETF Trust, Feb. 2009, 14 pp. |
| Guha et al., “NAT Behavioral Requirements for TCP,” RFC 5382, Network Working Group, IETF Trust, Oct. 2008, 21 pp. |
| Harrington et al., “An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks,” RFC 3411, Network Working Group, The Internet Society, Dec. 2002, 60 pp. |
| IEEE-SA Standards Board, “Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems,” IEEE Std 1588TM-2008, IEEE Instrumentation and Measurement Society, Jul. 24, 2008, 289 pp. |
| Lentz et al., “Precision Timing in the Neptune Canada Network,” OCEANS 2009-EUROPE, IEEE, May 11-14, 2009, 5 pp. |
| Lenzen et al., “Optimal Clock Synchronization in Networks,” Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, ACM, Nov. 4, 2009, pp. 225-238. |
| Li, et al., “Global Clock Synchronization in Sensor Networks,” IEEE Transactions on Computers, vol. 55, No. 2, Feb. 2006, pp. 214-269. |
| Nilsson et al., “Fast Address Lookup for Internet Routers,” Proceedings of Algorithms and Experiments, Feb. 9-11, D 1998, pp. 9-18. |
| Penno et al., “Network Address Translation (NAT) Behavioral Requirements Updates,” Internet Engineering Task Force Internet Draft, draft-penno-behave-rfc4787-5382-5508-bis-01, IETF Trust, Nov. 16, 2011, 11 pp. |
| Penno et al., “Stateless DS-Lite,” Internet Engineering Task Force, draft-penno-softwire-sdnat-02, Mar. 11, 2012, 11 pp. |
| Postel et al., “Internet Protocol,” RFC 791, Internet Engineering Task Force, Sep. 1981, 49 pp. |
| Schenato et al., “A Distributed Consensus Protocol for Clock Synchronization in Wireless Sensor Network,” 46th IEEE Conference on Decision and Control, IEEE, Dec. 12-14, 2007, 6 pp. |
| Srisuresh et al., “NAT Behavioral Requirements for ICMP,” RFC 5508, Network Working Group, IETF Trust, Apr. 2009, 30 pp. |
| Sundararaman et al., “Clock Synchronization for Wireless Sensor Networks: a Survey,” Ad Hoc Networks vol. 3, No. 3, Jan. 18, 2005, pp. 281-323. |
| U.S. Appl. No. 14/930,030, by Sarat Kamisetty, filed Nov. 2, 2015. |
| Weibel et al., “High Precision Clock Synchronization according to IEEE 1588 Implementation and Performance Issues,” Zurich University of Applied Sciences, Institute of Embedded Systems (InES), 2005, 9 pp. “Applicant points put, in accordance with MPEP 609.04(a), that the year of publication, 2005, is sufficiently earlier than the effective U.S. Filing date, Nov. 2, 2015, so that the particular month of publication is not in issue.” |
| Yamagata et al., “NAT444.” Internet Engineering Task Force Internet Draft, draft-shirasaki-nat444-05, IETF Trust, Jan. 5, 2012, 10 pp. |
