U.S. patent application number 12/726832 was filed with the patent office on 2010-07-22 for method and apparatus for distributing data packets to multiple network addresses.
This patent application is currently assigned to O2MICRO, INC.. Invention is credited to Zhiming Wang.
Application Number | 20100183019 12/726832 |
Document ID | / |
Family ID | 39416867 |
Filed Date | 2010-07-22 |
United States Patent
Application |
20100183019 |
Kind Code |
A1 |
Wang; Zhiming |
July 22, 2010 |
METHOD AND APPARATUS FOR DISTRIBUTING DATA PACKETS TO MULTIPLE
NETWORK ADDRESSES
Abstract
A network device for transferring a data packet from a source
address to a destination address is provided. The network device
includes a plurality of network addresses for indicating locations
of a plurality of network processing units, and further including a
data packet distributing unit for transferring a data packet to the
network processing units in sequence by replacing a destination
address of the data packet with the network addresses. The data
packet distributing unit performs the actions of determining
whether the data packet has been transferred to each of the network
processing units, transferring the data packet to a network
processing unit after replacing the destination address of the data
packet with a corresponding network address if the data packet has
not been transferred to the network processing unit, and outputting
the data packet if the data packet has been transferred to each of
the processing units.
Inventors: |
Wang; Zhiming; (Langfang,
CN) |
Correspondence
Address: |
Wang Law Firm, Inc.
4989 Peachtree Parkway,, Suite 200
Norcross
GA
30092
US
|
Assignee: |
O2MICRO, INC.
SANTA CLARA
CA
|
Family ID: |
39416867 |
Appl. No.: |
12/726832 |
Filed: |
March 18, 2010 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11602669 |
Nov 21, 2006 |
7688821 |
|
|
12726832 |
|
|
|
|
Current U.S.
Class: |
370/401 |
Current CPC
Class: |
H04L 61/2521 20130101;
H04L 61/2514 20130101; H04L 29/12386 20130101; H04L 29/12367
20130101 |
Class at
Publication: |
370/401 |
International
Class: |
H04L 12/56 20060101
H04L012/56 |
Claims
1-11. (canceled)
12. A network device comprising: a plurality of network addresses
for indicating locations of a plurality of network processing
units; and a data packet distributing unit for transferring a data
packet to said network processing units in sequence by replacing a
destination address of said data packet with said network
addresses, wherein said data packet distributing unit performs the
following actions: determining whether said data packet has been
transferred to each of said network processing units; transferring
said data packet to a network processing unit after replacing said
destination address of said data packet with a corresponding
network address if said data packet has not been transferred to
said network processing unit; and outputting said data packet if
said data packet has been transferred to each of said processing
units.
13. The network device of claim 12, wherein said data packet
distributing unit further selects a set of network processing units
from said network processing units after receiving said data packet
and transfers said data packet to said set of network processing
units in sequence by replacing said destination address of said
data packet with a corresponding set of said network addresses.
14. The network device of claim 12, wherein said data packet
distributing unit receives said data packet from a source
address.
15. The network device of claim 12, wherein said data packet
distributing unit further forwards said data packet to a predefined
address after replacing said destination address of said data
packet with said predefined address if said data packet has been
transferred to each of said network processing units.
16. The network device of claim 12, wherein each network processing
unit executes a predefined procedure on said data packet after
receiving said data packet from said data packet distributing unit
and sends said data packet back to said data packet distributing
unit after completing said execution of said predefined procedure
on said data packet.
17. The network device of claim 12, wherein, when said data packet
distributing unit selectively transfers said data packet to a next
network processing unit which said data packet has not been
transferred to after receiving said data packet from a previous
network processing unit.
18. The network device of claim 12, wherein, when a network
processing unit detects that said data packet is unqualified, said
network processing unit drops said data packet and said data packet
distributing unit stops transferring said data packet to said
network processing units.
19. A network system, comprising: a plurality of network processing
units for executing a plurality of predefined procedures on a data
packet; and a data packet distributor coupled to said network
processing units for transferring said data packet to said network
processing units in sequence by replacing an destination address of
said data packet with a plurality of network addresses for
indicating locations of said network processing units respectively,
wherein said data packet distributor performs the following
actions: determining whether said data packet has been transferred
to each of said network processing units; transferring said data
packet to a network processing unit after replacing said
destination address of said data packet with a corresponding
network address if said data packet has not been transferred to
said processing unit; and outputting said data packet if said data
packet has been transferred to each of said processing units.
20. The network system of claim 19, wherein said data packet
distributor further selects a set of network processing units from
said network processing units after receiving said data packet and
transfers said data packet to said set of network processing units
in sequence by replacing said destination address of said data
packet with a corresponding set of said network addresses.
21. The network system of claim 19, wherein said data packet
distributor receives said data packet from a source address.
22. The network system of claim 19, wherein said data packet
distributor further forwards said data packet to a predefined
address after replacing said destination address of said data
packet with said predefined address if said data packet has been
transferred to each of said network processing units.
23. The network system of claim 19, wherein each of said network
processing units processes said data packet after receiving said
data packet from said data packet distributor and sends said data
packet back to said data packet distributor after completing said
process on said data packet.
24. The network system of claim 19, wherein said data packet
distributor selectively transfers said data packet to a next
network processing unit which said data packet has not been
transferred to after receiving said data packet from a previous
network processing unit.
25. The network system of claim 19, wherein, when a network
processing unit detects that said data packet is unqualified, said
network processing unit drops said data packet and said data packet
distributor stops transferring said data packet to said network
processing units.
26. A method for distributing a data packet to a plurality of
network processing units in sequence for processing, comprising the
steps of: determining at a data packet distributing unit whether
said data packet has been transferred to each of said network
processing units; if said data packet has not been transferred to a
network processing unit, said data packet distributing unit
operates the steps of: replacing a destination address of said data
packet with a network address indicating a location of said network
processing unit at said data packet distributing unit; and
transferring said data packet from said data packet distributing
unit to said network processing unit according to said destination
address; and if said data packet has been transferred to each of
said processing units, outputting said data packet from said data
packet distributing unit.
27. The method of claim 26, further comprising the steps of:
selecting at said data packet distributing unit a set of network
processing units from said network processing units after receiving
said data packet; and transferring said data packet from said data
packet distributing unit to said set of network processing units in
sequence by replacing said destination address of said data packet
with a corresponding set of said network addresses.
28. The method of claim 26, further comprising the step of:
receiving said data packet at said data packet distributing unit
from a source address.
29. The method of claim 26, wherein, the step of outputting said
data packet from said data packet distributing unit further
comprises the steps of: replacing said destination address of said
data packet with a predefined address at said data packet
distributing unit; and forwarding said data packet from said data
packet distributing unit to said predefined address.
30. The method of claim 26, further comprising the steps of:
processing said data packet at each of said network processing
units after receiving said data packet from said data packet
distributing unit; and sending said data packet back to said data
packet distributing unit after completing said process on said data
packet.
31. The method of claim 26, further comprising the step of:
selectively transferring said data packet from said data packet
distributing unit to a next network processing unit which said data
packet has not been transferred to after receiving said data packet
at said data packet distributing unit from a previous network
processing unit.
32. The method of claim 26, further comprising the step of:
dropping said data packet and stopping transferring said data
packet to said network processing units if a network processing
unit detects said data packet is unqualified.
Description
RELATED UNITED STATES PATENT APPLICATION
[0001] This application is a Continuation Application of the
co-pending, commonly-owned U.S. patent pplication with Attorney
Docket No. O-001.P015/0357, Ser. No. 11/602,669, filed on Nov. 21,
2006, by Zhiming Wang, and entitled "Method and apparatus for
distributing data packets by using multi-network address
translation".
FIELD OF THE INVENTION
[0002] The invention relates to network, and in particular, to a
network device for distributing data packets to multiple network
addresses.
BACKGROUND OF THE INVENTION
[0003] NAT is a process for translation of IP address. It enables a
local-area network (LAN) to use a first set of network addresses
for internal traffic and a second set of network addresses for
external traffic. A network device that is capable of performing
NAT operations is located preferably where a LAN meets a wide area
network (WAN). The most commonly used network address is based on
the Internet Protocol, the IP address. The first set of IP
addresses for internal traffic can be reused in many different LANs
and are not unique. The second set of IP addresses for external
traffic are unique and can not be reused by other networks. Each of
the first set of IP addresses is assigned to a host in the LAN.
Therefore, when a first host in a LAN intends to communicate with a
second host on the Internet, it first transmits packets to a
network device that is capable of performing NAT operations. In the
IP header of each packet, there is a source address and a
destination address. The source address is one of the first set of
addresses that is assigned to the host and cannot be used outside
the LAN. Therefore, in order to transmit the data packet to its
destination address, the network device replaces the source address
with an address from the second set of addresses which can be used
for external communication. The operation of replacing the source
address of the packet with an address from the second set of
addresses is part of the NAT process. After the NAT, the resulting
source address of the packet can be uniquely used for external
traffic, such as Internet communication.
[0004] Nowadays, many network devices such as routers, firewalls,
and ISDN routers are capable of performing NAT operations. All
these devices employ only one NAT operation to transfer a data
packet from a source address to a destination address.
[0005] With the rapid development of information technology, the
functions provided by network devices are becoming more and more
powerful and sophisticated. In today's network devices, besides
basic functions, such as routing, many other functions or
processing procedures, such as content-filtering, anti-virus,
encryption, decryption and anti-spam, can be provided. These
additional functions can be accomplished either in one processing
unit or in many processing units. Performing some of the functions
or processing procedures, such as an anti-virus processing
procedure, is very complicated and time-consuming. To solve the
problem, these additional processing procedures are usually
executed by different processing units. A CPU in the network device
is used to distribute data packets to different processing units
for processing. However, this distribution method results in a huge
consumption of the CPU resource. Thus, the above-mentioned method
greatly limits the system performance.
[0006] To solve this problem many solutions, such as using a more
powerful CPU, providing extra hardware, and employing software
implementation, have been proposed. However, the use of powerful
CPU, extra hardware, or extra software implementation increases the
system complexity and cost.
[0007] Therefore, it is to an improved solution that is capable of
transmitting data packets to various network processing units
without increasing the cost and system complexity that the present
invention primarily directs.
SUMMARY OF THE INVENTION
[0008] The present invention provides a network device that employs
multiple NAT operations to transmit data packets to various network
processing units. Since the NAT is a standard function of many
network devices, the present invention is capable of transferring
data packets to various network processing units according to
system requirement without extra CPU or software operation.
Consequently, system complexity and the cost can be reduced.
[0009] In one embodiment of the invention, there is provided a
network device including a plurality of network addresses for
indicating locations of a plurality of network processing units,
and further including a data packet distributing unit for
transferring a data packet to the network processing units in
sequence by replacing a destination address of the data packet with
the network addresses. The data packet distributing unit performs
the actions of determining whether the data packet has been
transferred to each of the network processing units, transferring
the data packet to a network processing unit after replacing the
destination address of the data packet with a corresponding network
address if the data packet has not been transferred to the network
processing unit, and outputting the data packet if the data packet
has been transferred to each of the processing units.
[0010] In another embodiment of the invention, there is also
provided a network system including a plurality of network
processing units for executing a plurality of predefined procedures
on a data packet, and further including a data packet distributor
coupled to the network processing units for transferring the data
packet to the network processing units in sequence by replacing an
destination address of the data packet with a plurality of network
addresses for indicating locations of the network processing units
respectively. The data packet distributor performs the actions of
determining whether the data packet has been transferred to each of
the network processing units, transferring the data packet to a
network processing unit after replacing the destination address of
the data packet with a corresponding network address if the data
packet has not been transferred to the processing unit, and
outputting the data packet if the data packet has been transferred
to each of the processing units.
[0011] In yet another embodiment of the invention, there is also
provided a method for distributing a data packet to a plurality of
network processing units in sequence for processing. The method
includes determining at a data packet distributing unit whether the
data packet has been transferred to each of the network processing
units. If the data packet has not been transferred to a network
processing unit, the data packet distributing unit operates the
steps of replacing a destination address of the data packet with a
network address indicating a location of the network processing
unit at the data packet distributing unit, and transferring the
data packet from the data packet distributing unit to the network
processing unit according to the destination address. If the data
packet has been transferred to each of the processing units, the
data packet distributing unit outputs the data packet.
BRIEF DESCRIPTION OF THE DRAWINGS
[0012] Features and advantages of embodiments of the invention will
become apparent as the following Detailed Description proceeds, and
upon reference to the Drawings, where like numerals depict like
elements, and in which:
[0013] FIG. 1 illustrates an exemplary topology of a network
distributor for transferring a data packet from a source address to
a destination address according to the invention.
[0014] FIG. 2 illustrates an exemplary flow chart of a method of
using multiple NAT operations to transfer a data packet from a
source address to a destination address.
DETAILED DESCRIPTION OF THE INVENTION
[0015] FIG. 1 illustrates an exemplary topology of a network device
for transferring a data packet from a source address to a
destination address. In general, a network device, e.g., a data
packets distributor 102, is in communication with a first network 1
100 and a second network 2 104. The data packets distributor 102 is
capable of receiving data packets from either network 1 100 or
network 2 104. The data packets distributor 102 also includes a
data packet distributing unit 106 and a plurality of network
addresses. Each network address indicates an address of an external
data packets processing unit, such as P1 108, P2 110 . . . or Pn
112 as shown in FIG. 1. The data packet distributing unit 106 is
further in communication with a plurality of external data packets
processing units P1 108, P2 110 . . . Pn 112. As mentioned above,
each of the plurality of external network processing units P1 108,
P2 110 . . . Pn 112 is assigned a unique network address. The
plurality of network addresses can be either statically or
dynamically mapped to the plurality of processing units P1 108, P2
110 . . . Pn 112. Each of the plurality of processing units P1 108,
P2 110 . . . Pn 112 is capable of performing at least one special
processing procedure, such as content-filtering, anti-virus,
encryption, decryption anti-spam, etc. The data packet distributing
unit 106 is further capable of determining which processing unit
the data packet needs to be transferred to.
[0016] The data packets distributor 102 is capable of receiving
data packets from either the network 1 100 or the network 2 104.
When the network 1 100 transfers a data packet that has a source
address and a destination address to the network 2 104, the data
packet is received at the data packets distributor 102. At the data
packet distributing unit 106 of the data packets distributor 102,
the destination address of the data packet is replaced by a first
network address that indicates a location of a certain network
processing unit (e,g, P1 108) among P1 108, P2 110 . . . Pn 112.
Replacing the destination address with the first network address is
referred to as a first NAT operation herein. According to the first
network address, the data packet is transferred to P1 108. At P1
108, the data packet is processed, according to some of the
procedures that executed by the P1 108, such as content-filtering,
anti-virus, encryption, decryption anti-spam, etc. After
processing, the data packet is transferred back to the data packet
distributing unit 106 from P1 108.
[0017] After the processed data packet is received at data packet
distributing unit 106, the data packet distributing unit 106 checks
whether the data packet needs to be transferred to other processing
units for further processing. If further processing procedure is
required, the data packet distributing unit 106 may replaces the
destination address of the data packet with a second network
address that indicates a second processing unit among the plurality
of processing units P1 108, P2 110 . . . Pn 112 and transmits the
data packet to the second processing unit for further processing.
Replacing the destination address with the second network address
is also a NAT.
[0018] When the data packet distributing unit 106 detects that the
data packet has been transferred to all the processing units it
needs to be transferred to, the data packet distributing unit 106
may replace the current destination address of the data packet with
its original destination address (a predefined address). Finally,
the data packet is transmitted to the network 2 104. Replacing the
second network address with the destination address is referred to
as a second NAT herein.
[0019] It is appreciated by those skilled in the art that the in
the aforementioned embodiment of the invention, the data packets
distributor 102 employs multiple NAT operations that contains at
least two NAT operations to transfer the data packet from its
source address to its destination address. In the course of
distributing the data packet, the concept of NAT is employed and no
CPU or software is involved. Therefore, the goal of a reduced cost
and system complexity can be achieved.
[0020] For some special processing procedures, such as
content-filtering, anti-spam and anti-virus, the associated
processing units that handle the special processing procedures may
check whether the data packet meets security requirements and
transmission requirements. If the associated processing units
detect that a data packet does not comply with the system security
requirement, such as containing some virus, it may drop the data
packet and log the dropping of the data packet. If any processing
unit among P1 108, P2 110 . . . Pn 112, drops the data packet, the
transmission of the data packet stops.
[0021] FIG. 2 illustrates an exemplary flow chart of a method for
using multiple NAT operations to transfer a data packet from a
source address indicative of a first location to a destination
address indicative of a second location. The method includes,
receiving a data packet indicative of the first location at a data
packet distributing unit, step 202, transferring the data packet
from the data packet distributing unit to a processing unit by
employing a first NAT operation, step 204, processing the data
packet at the processing unit, step 206. The method further
includes detecting at the processing unit whether the data packet
has fulfilled system requirements, step 208, forwarding the
processed packet back to the data packet distributing unit if the
data packet has fulfilled the system requirements, step 210,
dropping the processed packet if the data packet has not fulfilled
the system requirements, step 216, receiving the data packet at the
data distributing unit, step 212, and transferring the processed
data packet from the data packet distributing unit to the
destination address indicative of said second location by using a
second NAT operation, step 214.
[0022] The terms and expressions which have been employed herein
are used as terms of description and not of limitation, and there
is no intention, in the use of such terms and expressions, of
excluding any equivalents of the features shown and described (or
portions thereof), and it is recognized that various modifications
are possible within the scope of the claims. Other modifications,
variations, and alternatives are also possible. Accordingly, the
claims are intended to cover all such equivalents.
* * * * *