NAT is a process for translation of IP address. It enables a local-area network (LAN) to use a first set of network addresses for internal traffic and a second set of network addresses for external traffic. A network device that is capable of performing NAT operations is located preferably where a LAN meets a wide area network (WAN). The most commonly used network address is based on the Internet Protocol, the IP address. The first set of IP addresses for internal traffic can be reused in many different LANs and are not unique. The second set of IP addresses for external traffic are unique and can not be reused by other networks. Each of the first set of IP addresses is assigned to a host in the LAN. Therefore, when a first host in a LAN intends to communicate with a second host on the Internet, it first transmits packets to a network device that is capable of performing NAT operations. In the IP header of each packet, there is a source address and a destination address. The source address is one of the first set of addresses that is assigned to the host and cannot be used outside the LAN. Therefore, in order to transmit the data packet to its destination address, the network device replaces the source address with an address from the second set of addresses which can be used for external communication. The operation of replacing the source address of the packet with an address from the second set of addresses is part of the NAT process. After the NAT, the resulting source address of the packet can be uniquely used for external traffic, such as Internet communication.
Nowadays, many network devices such as routers, firewalls, and ISDN routers are capable of performing NAT operations. All these devices employ only one NAT operation to transfer a data packet from a source address to a destination address.
With the rapid development of information technology, the functions provided by network devices are becoming more and more powerful and sophisticated. In today's network devices, besides basic functions, such as routing, many other functions or processing procedures, such as content-filtering, anti-virus, encryption, decryption and anti-spam, can be provided. These additional functions can be accomplished either in one processing unit or in many processing units. Performing some of the functions or processing procedures, such as an anti-virus processing procedure, is very complicated and time-consuming. To solve the problem, these additional processing procedures are usually executed by different processing units. A CPU in the network device is used to distribute data packets to different processing units for processing. However, this distribution method results in a huge consumption of the CPU resource. Thus, the above-mentioned method greatly limits the system performance.
To solve this problem many solutions, such as using a more powerful CPU, providing extra hardware, and employing software implementation, have been proposed. However, the use of powerful CPU, extra hardware, or extra software implementation increases the system complexity and cost.
Therefore, it is to an improved solution that is capable of transmitting data packets to various data packets processing units without increasing the cost and system complexity that the present invention primarily directs.