(a). Field of the Invention
The present invention relates in general to the field of network address-port translation (NAPT), and more particularly to a NAPT apparatus and method that can employ a special recording and restoring way for related indexes, thereby examining validity of backward packets and performing NAPT.
(b). Description of the Prior Arts
In recent years, the Internet becomes more and more popular, and forms an overwhelming global trend. The Internet transceives data by using TCP/IP protocols that adopt IP addressing system, which renders a unique IP address to each network node on the Internet to facilitate the transmission of the data. The current IP version number is 4 (known as IPv4, cf. RFC 791). According to IPv4, an IP address comprises 32 bits that are grouped into four 8-bit sections. Since each section has 28=256 possible combinations, there are 2564 available IP addresses theoretically (in fact, usable IP addresses are less than that since part of IP addresses are reserved for other purposes).
However, as there are exponentially increasing computers that need to connect to the Internet, IP addresses may not be enough in some situations. A common case is that the number of IP addresses is less than that of network nodes in a local area network (LAN). Since an IP is necessary for each node to access the Internet, insufficient IP addresses would prevent some nodes in the LAN from connecting to the Internet. To solve this problem, Network Address Translation (NAT) and Network Address-Port Translation (NAPT) are developed.
Before making a description for NAT and NAPT, concepts of public IP and private IP are introduced here. A public IP is a normal IP used in various networks which employ TCP/IP protocols, while a private IP is only used in a local area network, such as the internal network of an institution or family. That is, the private IP cannot be used to connect directly to external networks (e.g. the Internet). The Internet Assigned Number Authority (IANA) reserves three sections of IP addresses for internal networks:
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255
The above private IP addresses are only used in internal networks, and there's no need to register them.
If a network node with a private IP wants to access external networks, a NAT/NAPT-enabled equipment, such as a router, is needed, as shown in FIG. 1. The operation of NAT can be described as follows: when a node with a private IP in an internal network is to transmit packets to external networks, the NAT equipment would first translate the source address (i.e. the private IP) of the packets into an available public IP and then transmit the packets. The NAT equipment would keep a record of the correspondence between the private IP and the public IP; when the external networks are to transmit a packet to the internal network, the NAT equipment would look up the record. If the NAT equipment finds that there is a public IP matching the destination address of the packet, then it translates the destination address into a private IP corresponding to the public IP and forwards the packet to a node with this private IP. Because of one-to-one correspondence between public IPs and private IPs, N public IPs can only serve for N private IPs.
Compared with NAT, NAPT further translates the port, which belongs to Layer 4 of the Open Systems Interconnection (OSI) model, of a packet in addition to IP translation. When a packet is transmitted from an internal network to an external network, NAPT translates the source IP and the source port of the packet; when a packet is transmitted from an external network to an internal network, NAPT translates the destination IP and the destination port of the packet. The “port” can generally refer to the port number field defined in Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), or the identifier field defined in Internet Control Message Protocol (ICMP). In NAPT, correspondence between private IPs and public IPs is not one-to-one, and thus more computers can connect to the Internet simultaneously by using different combinations of public IPs and associated ports.
However, now NAT/NAPT is mostly implemented by software, and the operation speed is slow. If NAT/NAPT is implemented by an application-specific integrated circuit (ASIC), then the operation speed is much faster. A network switch controller with hardware-implemented NAT/NAPT is just an example of this kind. When a node with a private IP in an internal network is to connect to an external network, it would send out a packet to establish a network connection. A switch controller with NAT/NAPT enabled has a built-in translation table for storing information associated with the network connection, for example the source IP and source port of the packet transmitted from the internal network to the external network. The information is used in performing address (and port) translation for subsequent packets of the network connection. In the present specification, a NAPT connection is referred to a network connection whose packets need performing NAPT.
In sum, NAPT can serve more computers than NAT to connect to the Internet with a fixed number of public IPs. In view of this, the present invention provides an apparatus and method, which is implemented with hardware circuits, for network address-port translation used in a switch controller, thereby serving more computers to connect to the Internet simultaneously and efficiently.