Redundancy support for network address translation (NAT)

摘要

Stateful failover redundancy support is provided for network address translation (NAT). A master NAT device is backed-up with at least one back-up NAT device. Existing sessions are synchronized between the two NAT devices, such as via a dedicated link between them. In the event of a failover where the master NAT device is unable to perform its NAT functions, ownership of Internet protocol (IP) addresses is transferred from the master NAT device to the back-up NAT device. The back-up NAT device, which is now owner of the IP addresses, assumes the NAT functionality associated with these IP addresses and continues the existing sessions, as well as processing new sessions.

主权项

1. A method performed by a first network device comprising:
receiving session synchronization information, by a first network device and from a second network device, on a virtual local area network (VLAN) connection different from a VLAN connection used to carry network traffic, the session synchronization information being for sessions created on the second network device related to addresses in a second pool of addresses corresponding to a base address, and the session synchronization information includes destination addresses pertaining to the sessions created on the second network device that are useable by the first network device in connection with translating forward and reply traffic pertaining to the sessions created on the second network device; detecting a failure of the second network device that owns the second pool of addresses corresponding to the base address; asserting ownership of the second pool of addresses corresponding to the base address in response to detection by the first network device of the failure; and in response to the asserting ownership, the first network device using information from the received session synchronization information to perform translation for at least one address in the second pool of addresses.