1) Field of the Invention
The present invention relates to a packet transfer apparatus which performs an NAT (Network Address Translation) operation, and transfers packets between first and second networks. The present invention also relates to a method for performing an NAT operation. The present invention further relates to a semiconductor device which realizes the above packet transfer apparatus.
2) Description of the Related Art
With the wide spread use of TCP/IP networks, it is becoming difficult to assign a unique IP address to every node in the world based on the current IPv4 system, in which 32-bit addresses are used.
When a function called NAT (Network Address Translation) is used, the above problem can be solved to some extent. That is, a private IP address is assigned in advance to each node belonging to an organization, a global IP address is assigned to each node belonging to the organization only when the node accesses the Internet, and the NAT function is used for assignment of the global IP address and translation from the private IP address into the global IP address and vice versa.
FIG. 17 is a diagram illustrating an example of a system including a conventional packet transfer apparatus having an NAT function.
The system of FIG. 17 comprises a router 10, hubs 11 ad 13, personal computers 12-1 to 12-3, 14-1 to 14-3, 17, and 18, an ISP (Internet Service Provider) 15, and the Internet 16.
When the router 10 receives from one of the personal computers 12-1 to 12-3, 14-1 to 14-3 a request for access to one of the personal computers 17 and 18 connected to the Internet 16, the router 10 assigns a global IP address to the one of the personal computers 12-1 to 12-3, 14-1 to 14-3 by using the NAT function, and accesses the one of the personal computers 17 and 18 based on the global IP address.
The hub 11 interconnects the personal computers 12-1 to 12-3 and the router 10 so as to enable transfer of packets between the personal computers 12-1 to 12-3 and the router 10.
The hub 13 interconnects the personal computers 14-1 to 14-3 and the router 10 so as to enable transfer of packets between the personal computers 14-1 to 14-3 and the router 10.
Thus, the personal computers 12-1 to 12-3, 14-1 to 14-3 constitute a LAN (Local Area Network), and each of the personal computers 12-1 to 12-3, 14-1 to 14-3 has a private address which is effective within only the LAN.
The ISP 15 provides connection to the Internet 16. Specifically, the ISP 15 provides a global IP address to the router 10 so as to enable access to the Internet 16.
The Internet 16 is a global network which is realized by interconnecting computer networks such as LANs and WANs (Wide Area Networks) located at many places with dedicated lines.
The personal computers 17 and 18 behave as, for example, a WEB server, and provide various types of information in response to requests.
FIG. 18 is a diagram illustrating an example of a hardware construction of the router 10. As illustrated in FIG. 18, the router 10 comprises a Central Processing Unit (CPU) 10a, a Read-only Memory (ROM) 10b, a Random Access Memory (RAM) 10c, an Interface (I/F) 10d, and a bus 10e. 
The CPU 10a controls the respective portions of the router 10 in accordance with programs stored in the ROM 10b, and performs processing of packets which are input through the interface 10d. 
The ROM 10b stores programs which are executed by the CPU 10a, data, and the like.
The RAM 10c temporarily stores programs currently executed by the CPU 10a, and data which are currently processed.
The interface 10d transforms signals representing each packet input from the hub 11 or 13 or the ISP 15 so as to match with an internal protocol in the router 10, and also transforms signals representing each packet to be output to hub 11 or 13 or the ISP 15 so as to match an external protocol.
The bus 10e interconnects the CPU 10a, the ROM 10b, the RAM 10c, and the interface 10d, and enables exchange of information between the CPU 10a, the ROM 10b, the RAM 10c, and the interface 10d. 
The operations of the conventional system as above are explained below.
For example, when the personal computer 12-1 sends to the router 10 a packet requesting access to the personal computer 17, the router 10 accesses the ISP 15, and receives a global IP address provided by the ISP 15. Then, the router 10 replaces a source address (the private address of the personal computer 12-1) contained in the packet sent from the personal computer 12-1 with the global IP address provided by the ISP 15, reduces a value in the TTL (Time to Live) field of the packet, recalculates values in the checksum fields of the IP header and TCP or UDP header of the packet, and transmits the packet to the Internet 16.
When the personal computer 17 receives the above packet, the personal computer 17 produces a packet containing information requested by the received packet, and transmits the produced packet to the Internet 16. At this time, the source address contained in the header of the produced packet is an IP address of the personal computer 17, and the destination address contained in the header of the produced packet is the source address of the received packet.
When the router 10 receives a packet transmitted from the personal computer 17, the router 10 replaces the destination address contained in the header of the packet transmitted from the personal computer 17 with the private address of the personal computer 12-1, reduces the value in the TTL field of the packet, recalculates the values in the checksum fields of the IP header and TCP or UDP header of the packet, and transmits the packet to the personal computer 12-1 through the hub 11.
When the personal computer 12-1 receives the packet from the router 10, the personal computer 12-1 refers to the destination address in the header of the received packet in order to determine whether or not the received packet is addressed to the personal computer 12-1. When yes is determined, the router 10 takes the packet in.
Thus, packets can be exchanged between the personal computers 12-1 and 17.
Next, the NAT processing performed in the router 10 is explained with reference to FIG. 19.
In step S10, the CPU 10a refers to a header of a packet received through the interface 10d, and determines whether or not the NAT processing is necessary. When yes is determined in step S10, the operation goes to step S11. When no is determined in step S10, the operation of FIG. 19 is completed.
In step S11, the CPU 10a translates a private address and a TCP or UDP port number which are contained in the header portion of the received packet, into a global IP address and a translated TCP or UDP port number.
In step S12, the value of the TTL field of the header portion of the received packet is reduced.
In step S13, the CPU 10a determines whether or not the reduced value of the TTL field is zero. When yes is determined in step S13, the operation goes to step S14. When no is determined in step S13, the operation goes to step S15.
In step S14, the CPU 10a determines that the lifetime of the received packet expires, and discards the received packet.
In step S15, the CPU 10a recalculates the value in the checksum field of the IP header of the packet.
In step S16, the CPU 10a recalculates the value in the checksum field of the TCP or UDP header of the packet.
In step S17, the CPU 10a replaces a MAC address of a destination in the packet.
In step S18, the CPU 10a recalculates the value of the FCS (Frame Check Sequence) in the Ethernet frame.
Thus, the NAT processing of the received packet is completed.
However, in the conventional router 10, the above processing is performed by software in accordance with programs stored in the ROM 10b. Therefore, it takes a very long time to perform the above processing.