NETWORK ADDRESS TRANSLATION (NAT) DEVICES CONFIGURED TO RESOLVE NAT STATE SYNCHRONIZATION ISSUES

20240154929

17/980065

November 03, 2022

A network address translation (NAT) device may receive a network packet having a network address for translation. The NAT device may determine whether a translation for the network address exists on the NAT device. The NAT device may forward the network packet to a peer NAT device based on a criterion.

1. A method of operating a network address translation (NAT) device: receiving, by the NAT device, a network packet having a network address for translation; determining whether a translation for the network address exists on the NAT device; storing a criterion indicative of one or more types of network packets for which network address translations are performed by a peer NAT network device; storing forwarding information for the peer NAT network device and associated with the criterion; and forwarding, by the NAT device, the network packet to the peer NAT device based on the criterion and based on determining whether the translation for the network address exists on the NAT device.

2. The method defined in claim 1, wherein forwarding, by the NAT device, the network packet to the peer NAT device is in response to determining that no translation for the network address exists on the NAT device.

3. The method defined in claim 2, wherein the translation is based on a full-cone NAT scheme, and the criterion is based on a source internet protocol (IP) address of the network address and a L4 source port of the network address.

4. The method defined in claim 3, wherein forwarding, by the NAT device, the network packet to the peer NAT device is based on matching on the criterion, and the criterion is whether a hash value of the source IP address, the L4 source port, and a network protocol matches a matching criterion of a table entry.

5. The method defined in claim 4, wherein the matching criterion is whether the hash value is an even hash value.

6. The method defined in claim 3, wherein the network packet is an outgoing packet from a private network to a public network.

7. The method defined in claim 2 further comprising: selecting from a range of ports assigned to the NAT device when assigning a new address translation, wherein the criterion is based on a L4 source port of the network address being outside of the range of ports.

8. The method defined in claim 7, wherein the network packet is a transmission control protocol (TCP) SYN-ACK packet.

9. The method defined in claim 7, wherein the network packet is a user datagram protocol (UDP) packet.

10. The method defined in claim 7, wherein the network packet is an incoming packet from a public network to a private network.

11. The method defined in claim 2, wherein the network packet is an internet control message protocol (ICMP) packet, and the criterion is based on an indication that the NAT device does not handle ICMP traffic.

12. The method defined in claim 11, wherein the network packet comprises an echo request message from a private network to a public network or an echo reply message from the public network to the private network.

13. A network address translation (NAT) device comprising: a NAT table that includes one or more entries of address translations assigned for different traffic flows; a traffic trap table that includes one or more entries for forwarding at least some of network traffic received at the NAT device to a peer NAT device, wherein the one or more entries identify one or more corresponding types of network traffic for which network address translations are handled by the peer NAT device; and processing circuitry configured to: forward the one or more corresponding types of network traffic in the received network traffic to the peer NAT device based on matching the received network traffic to one or more matching criteria in each of the one or more entries in the traffic trap table, and perform network address translations for a portion of the received network traffic.

14. The NAT device defined in claim 13, wherein the traffic trap table includes an entry for handling full-cone NAT.

15. The NAT device defined in claim 13, wherein the traffic trap table includes an entry for handling a transmission control protocol (TCP) packet for establishing a TCP connection.

16. The NAT device defined in claim 13, wherein the traffic trap table includes an entry for handling ICMP traffic.

17. The NAT device defined in claim 13, wherein the traffic trap table includes an entry that specifies a forwarding interface on the NAT device and a network address of the peer NAT device.

18. A method of operating a network address translation (NAT) device: receiving a NAT profile that specifies a type of packet handled by a peer NAT device; storing, by the NAT device, at least one match and action entry based on the type of packet handled by the peer NAT device as specified by the NAT profile; receiving, by the NAT device, a network packet having a network address for translation; and forwarding, by the NAT device, the network packet to the peer NAT device based on matching between information in the network packet and a match criterion in the at least one match and action entry.

19. The method defined in claim 18 further comprising: determining whether an existing address translation for the network address of the network packet is stored on the NAT device prior to forwarding the network packet to the peer NAT device based on matching between the information in the network packet and the match criterion.

20. The method defined in claim 18 further comprising: receiving, by the NAT device, an additional network packet having a network address for translation from the peer NAT device, the additional network packet being different from the type of packet handled by the peer NAT device as specified by the NAT profile.

04; 04; 04

edspap.20240154929