Abstract: A technique for synchronizing NAT information stored on different network devices. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device causing that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.

Abstract: A technique for synchronizing NAT information stored on different network devices. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device causing that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.

Abstract: A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message.

Abstract: Disclosed are methods and apparatus for handling requests for data from a private network. In general terms, a client who wishes access to secure data, such as a secure web page, from a private network establishes a secure connection with a secure server, such as a secure socket layer (SSL) server, of the private network. The secure server then downloads a software program for handling data requests (made by the client for data located within the private network) to the client. This software program is downloaded automatically by the secure server to the client when the client initiates a secure connection with such secure server. The downloaded software program is generally configured to modify data requests (e.g., by performing a URL substitution) sent from the client to an internal server of the private network such that the data requests are redirected to the secure server. The secure server then processes the data request (e.g., by retrieving the data from the appropriate internal server).

Abstract: Disclosed are methods and apparatus for handling data having an embedded address (and port). In general terms, a host of a private network is operable to obtain from its corresponding edge router a global address (GA) and optionally an additional global port range (GPR). When the host then wishes to transmit data out of the private network, the obtained GA (and GPR) may then be used for an embedded address (and port) within data sent by the host to a public network. The obtained GA (and GPR) may also be used by the host to translate its own source address and port in its IP and/or TCP/UDP header if needed.

Abstract: Disclosed are methods and apparatus for handling data containing embedded addresses. In general terms, prior to transmission of data having an embedded address or port, an initiating host sends a NAT Probe to an end-host with which the initiating host wishes to communicate. The NAT Probe includes the embedded address or port and a type indicating that translation of the address and/or port is requested if needed. As the NAT Probe traverses through one or more NAT devices as it is transmitted to the end-host, each NAT device is enabled to recognize the NAT Probe type and translate the embedded address and/or port, depending upon the individual NAT device's configuration. When the NAT Probe reaches the final hop NAT device or end-host, a NAT Probe Reply is sent back to the initiating host. The NAT Probe Reply contains a translated embedded address and/or port which is compatible with the end-host's network. The NAT Probe Reply also contains a type which differs from the type of the NAT Probe.

Abstract: A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message.

Abstract: Method and system for providing improved uniform resource locator (URL) mangling performance using fast re-write including scanning a web page, detecting an absolute URL in the web page, and modifying the detected absolute URL to a corresponding relative URL in the web page, is disclosed.

Abstract: A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message.

Abstract: Disclosed are apparatus and methods for managing session data in a session border controller (SBC), where the session data is sent from a first node, such as a first phone, to a second node, such as a registrar or second phone. In general, embodiments of the present invention support SBC functionality by managing sessions through the SBC without implementing a terminate and regenerate of the sessions, but rather by intercepting packets destined to the second node and efficiently handling such functionality in the forwarding-path. Also in deployments where the endnodes require NAT (network address translation), mechanisms are provided in the SBC to perform NAT on the addresses embedded in the payload of the session data. In other aspects, mechanisms for keeping the sessions or NAT entries alive are facilitated at the SBC, even when an endnode has a expiration time that differs an expiration time of another device, such as a registar device.

Abstract: Disclosed are methods and apparatus for handling data sent from a first public network to a second or same public network via a private network. In general terms, network translation address mechanisms are provided within the edge routers of the private network. When a first processing node sends a request to an edge router to access another processing node which resides in a public network, the edge router forms a binding based on two addresses associated with the first processing node. A first private address is initially associated with the first processing node, and the first processing node uses this private address to communicate with the private network. A second public address is also allocated to the first processing node based on the first processing node's request to communicate with a public node. The first processing node uses the allocated second public address to communicate with the requested public node.

Abstract: Methods and apparatuses for distributing network address translation. By having a gateway inform inside devices of global addresses, the gateway can avoid performing many functions of a traditional NAT box. Specifically, an inside device is informed of a global address shared by all devices on the inside device's network segment. Each device on that segment would be assigned a range of ports to distinguish messages from separate devices that use the same global address.

Abstract: Methods and apparatuses for distributing network address translation. By having a gateway inform inside devices of global addresses, the gateway can avoid performing many functions of a traditional NAT box. Specifically, an inside device is informed of a global address shared by all devices on the inside device's network segment. Each device on that segment would be assigned a range of ports to distinguish messages from separate devices that use the same global address.

Abstract: Communicating packets along a control channel and a media channel includes receiving at a network address translator a first message having a first internal address from a first communication device. The first internal address is translated to a first external control address operable to route a control packet along a control channel. A second message having a first embedded media address is received from the first communication device. The first embedded media address is translated to a first external media address operable to route a media packet along a media channel.

Abstract: According to an approach for assigning network addresses to network devices, an authentication request that requests authentication of identification data that uniquely identifies a network device is generated and sent to an authentication mechanism. An authentication response is received from the authentication mechanism that indicates whether the network device is authorized to access a first network. If the authentication response indicates that the network device is authorized to access the first network, then a first network address on a first network is assigned to the network device. If the authentication response indicates that the network device is not authorized to access the first network, then a second network address on a second network to the network device is assigned. If no authentication response is received from the authentication mechanism, then the second network address on the second network is assigned to the network device.

Abstract: Disclosed are methods and apparatus for performing network address translation (NAT) in a fully connected mesh with NAT virtual interface (NVI). In general terms, mechanisms (e.g., within a combination router/NAT device) are provided for translating network addresses of traffic going between two private domains or realms. These mechanisms may also be used to translate traffic going between a private and public domain. When a particular private address is translated into a public address, a binding is formed between the pre-translation address, the post-translation address, and the interface associated with the private or public address (e.g., an interface of the router/NAT device). Since bindings of different interfaces are tracked, a private address and its associated particular interface may be associated with a particular public address.

Abstract: Various techniques are described which may be used for improving traffic flows between private networks and public networks. According to one aspect of the present invention, a technique is described for implementing asymmetric routing in a NAT routing environment. Another aspect of the present invention provides a technique for implementing load balancing and resource allocation assignments among peers in a redundant, multiple NAT router environment.

Abstract: Disclosed are methods and apparatus for handling data sent from a first public network to a second or same public network via a private network. In general terms, network translation address mechanisms are provided within the edge routers of the private network. When a first processing node sends a request to an edge router to access another processing node which resides in a public network, the edge router forms a binding based on two addresses associated with the first processing node. A first private address is initially associated with the first processing node, and the first processing node uses this private address to communicate with the private network. A second public address is also allocated to the first processing node based on the first processing node's request to communicate with a public node. The first processing node uses the allocated second public address to communicate with the requested public node.

Abstract: Various techniques are described which may be used for improving traffic flows between private networks and public networks. According to one aspect of the present invention, a technique is described for implementing asymmetric routing in a NAT routing environment. Another aspect of the present invention provides a technique for implementing load balancing and resource allocation assignments among peers in a redundant, multiple NAT router environment.

Abstract: Disclosed are methods and apparatus for handling data containing embedded addresses. In general terms, prior to transmission of data having an embedded address or port, an initiating host sends a NAT Probe to an end-host with which the initiating host wishes to communicate. The NAT Probe includes the embedded address or port and a type indicating that translation of the address and/or port is requested if needed. As the NAT Probe traverses through one or more NAT devices as it is transmitted to the end-host, each NAT device is enabled to recognize the NAT Probe type and translate the embedded address and/or port, depending upon the individual NAT device's configuration. When the NAT Probe reaches the final hop NAT device or end-host, a NAT Probe Reply is sent back to the initiating host. The NAT Probe Reply contains a translated embedded address and/or port which is compatible with the end-host's network. The NAT Probe Reply also contains a type which differs from the type of the NAT Probe.