A computer network generally includes a number of interconnected network devices. Large networks, such as the Internet, typically include a number of interconnected computer networks, which in this context are often referred to as sub-networks or subnets. These subnets are each assigned a range of network addresses that can be allocated to the individual network devices that reside in the respective subnet. A server in each subnet may be responsible for allocating these network addresses in accordance with a network address allocation protocol, such as a dynamic host configuration protocol (DHCP).
Service provider networks typically assign private network addresses to the subscriber equipment (e.g., cable modems, DLS modems, mobile devices) utilized by their customers. For example, a DHCP server or Radius server may dynamically assign a private address to a subscriber equipment upon establishing a network connection for the subscriber equipment. When not in use, the network connection is torn down and the private address is returned to a pool of provider addresses utilized within the service provider network. These private addresses are not routable outside the service provider network. Instead, a network address translation (NAT) device translates the private addresses currently used by each subscriber equipment to public network addresses that are routable within a public network, such as the Internet. Large service provider networks, such as mobile service provider networks, may utilize Carrier Grade NAT (CGN) devices that are designed to handle hundreds of thousands or millions of subscriber sessions each day.
In general, NAT devices are often required to operate in a manner that provides endpoint-independent mapping (EIM) and endpoint-independent filtering (EIF) to provide stable reachability to private subscriber equipment from the public network. That is, for EIM, any current mapping between an internal network address/port of a subscriber to a public network address/port for that subscriber is used for subsequent packets associated with that subscriber regardless of the external address with which the subscriber is communicating. For EIF, the NAT device accepts and forwards to an internal subscriber any incoming packet that are destined for public network address/port to which the subscriber's private address/port are currently mapped regardless of the external address from which the packets were sourced. As such, sending an initial packet from the subscriber through the NAT device to any external network address is sufficient to allow back through the NAT device and packets that are destined for the subscriber regardless of the external network address that sourced the packets. Further example details of NAT, including EIM and EIF operations for NAT devices, are described in “Network Address Translation (NAT) Behavioral Requirements for Unicast UDP,” RFC 4787, Internet Engineering Task Force (IETF), January 2007; “NAT Behavioral Requirements for TCP,” RFC5382, IETF, October 2008, and “NAT Behavioral Requirements for ICMP,” RFC 5508, IETF, April 2009, the entire contents of each of which are incorporated herein by reference.