Network address translation based on recorded application state

摘要

A method and system for improved NAT operation enable efficient translation for packets destined for communication systems within a domain utilizing network addresses that are incompatible with source and destination addresses indicated in packets delivered from the global Internet. Since the addresses are not compatible with global Internet addresses, delivery cannot be accomplished except by some method of address translation. Traditional systems have not been constructed to enable such inbound translations, providing, instead, only communication outbound from the incompatibly addressed domain towards the global Internet. Embodiments may employ application-specific knowledge for peer-to-peer based applications, associated over time with specific destinations. Embodiments may further employ an application-specific state machine in the NAT function to trace the development of the application protocol so that the resource identifier can be observed.

主权项

1. A method of performing network address translation, the method comprising:
maintaining a record of operation information used by outbound application traffic packets in a flow of a traffic channel for which translation in a network address translation (NAT) device has been initiated, the record including a resource identifier associated with the outbound application traffic packets; disambiguating, using information in the record, whether a resource identifier of a subsequent outbound application traffic packet is associated with the flow of the traffic channel; using information in the record for delivering inbound application traffic packets in the flow of the traffic channel to a particular next destination; and employing an application-specific state machine in the NAT device, the application-specific state machine configured to trace development of an application protocol used by applications to exchange data through the NAT device, in order to observe, record, and use the resource identifier associated with the outbound application traffic packets to determine the particular next destination.