(a). Field of the Invention
The present invention relates in general to the field of network session management, and more particularly to an apparatus and method that can render a specific period of connection time to an NAT/NAPT session based on its properties, thereby disconnecting the session timely to achieve effective and automatic session management.
(b). Description of the Prior Arts
In recent years, the Internet becomes more and more popular, and forms an overwhelming global trend. The Internet transceives data by using TCP/IP protocols that adopt IP addressing system, which renders a unique IP address to each network node on the Internet to facilitate the transmission of the data. The current IP version number is 4 (known as IPv4, cf. RFC 791). According to IPv4, an IP address comprises 32 bits that are grouped into four 8-bit sections. Since each section has 28=256 possible combinations, there are 2564 available IP addresses theoretically (in fact, usable IP addresses are less than that since part of IP addresses are reserved for other purposes).
However, as there are exponentially increasing computers that need to connect to the Internet, IP addresses may not be enough in some situations. A common case is that the number of IP addresses is less than that of network nodes in a local area network (LAN). Since an IP is necessary for each node to access the Internet, insufficient IP addresses would prevent some nodes in the LAN from connecting to the Internet. To solve this problem, Network Address Translation (NAT) and Network Address-Port Translation (NAPT) are developed.
Before making a description for NAT and NAPT, concepts of public IP and private IP are introduced here. A public IP is a normal IP used in various networks which employ TCP/IP protocols, while a private IP is only used in a local area network, such as the internal network of an institution or family. That is, the private IP cannot be used to connect directly to external networks (e.g. the Internet). The Internet Assigned Number Authority (IANA) reserves three sections of IP addresses for internal networks:
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255
The above private IP addresses are only used in internal networks, and there's no need to register them.
If a network node with a private IP wants to access external networks, a NAT/NAPT-enabled equipment, such as a router, is needed, as shown in FIG. 1. The operation of NAT can be described as follows: when a node with a private IP in an internal network is to transmit packets to external networks, the NAT equipment would first translate the source address (i.e. the private IP) of the packets into an available public IP and then transmit the packets. The NAT equipment would keep a record of the correspondence between the private IP and the public IP; when the external networks are to transmit a packet to the internal network, the NAT equipment would look up the record. If the NAT equipment finds that there is a public IP matching the destination address of the packet, then it translates the destination address into a private IP corresponding to the public IP and forwards the packet to a node with this private IP. Because of one-to-one correspondence between public IPs and private IPs, N public IPs can only serve for N private IPs.
Comparing to NAT, NAPT further translates the port, which belongs to Layer 4 of the Open Systems Interconnection (OSI) model, of a packet in addition to IP translation. When a packet is transmitted from an internal network to an external network, NAPT translates the source IP and the source port of the packet; when a packet is transmitted from an external network to an internal network, NAPT translates the destination IP and the destination port of the packet. The “port” can generally refer to the port number field defined in Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), or the identifier field defined in Internet Control Message Protocol (ICMP). In NAPT, correspondence between private IPs and public IPs is not one-to-one, and thus more computers can connect to the Internet simultaneously by using different combinations of public IPs and associated ports.
If NAT/NAPT is implemented by an application-specific integrated circuit (ASIC), then the operation speed is faster. When a node with a private IP in an internal network is to access an external network, it would send out a packet to establish a network session, which refers to a period of time for two nodes maintaining their connection. In the present specification, a NAT/NAPT session is referred to a session in which NAT/NAPT is performed. Besides, since the main topic of the present invention is the NAT/NAPT session, a “session” may be used to represent a “NAT/NAPT session” below in the specification. A NAT/NAPT-enabled switch controller has a built-in translation table for storing information associated with NAT/NAPT sessions, for example the source IP and the source port of packets transmitted from an internal network to external networks. The information is provided for use in performing address (and port) translation for subsequent packets of the NAT/NAPT sessions.
The built-in translation table is typically implemented with a cache memory to achieve higher performance. However, in consideration of efficiency and cost, the size of the cache memory is limited. Therefore, the information stored in the translation table is also limited.
In view of this, the present invention provides an apparatus and method for NAT/NAPT session management that can make good use of the limited translation table in a switch controller, thereby upgrading NAT/NAPT performance of the switch controller.