Network address translation for application of subscriber-aware services

摘要

In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.

主权项

1. A method for applying a subscriber service to subscriber data traffic, the method comprising:
receiving, by a services node from an Authentication, Authorization, and Accounting (AAA) server, an AAA message that has been extended from an AAA protocol to specify a private network address of a subscriber device authenticated to an access network and assigned the private network address that is not routable external to the access network, wherein the services node is logically located external to the access network on an interface between a packet data network and a network access gateway that performs Network Address Translation (NAT) for the access network; receiving, by the services node, subscriber data traffic that is destined to a public network address that is routable by the packet data network; associating, by the services node, the public network address of the subscriber data traffic with the private network address specified by the AAA message; selecting, by the services node, a policy using the private network address associated with the public network address; applying, by the services node, the subscriber service to the subscriber data traffic associated with the private network address in accordance with the policy; and sending the subscriber data traffic from the services node to the network access gateway.