1. Field of the Invention
The present invention relates to gateways used in Internetworking Technologies, and more specifically to a method and apparatus for performing network address translation (NAT) in a gateway.
2. Related Art
Gateways are often used to enable users at remote locations (e.g., at homes) to access different target systems (e.g., a computer system on a local area network). A gateway provides the connectivity between remote systems (e.g., personal computers) at remote locations with the target systems of interest to enable different network applications.
A service selection gateway (SSG) is a type of gateway which facilitates a remote user to use various services provided using the Internetworking technologies. Examples of such services include access to the world-wide-web and a virtual private network (VPN) to a specific target location (e.g., to an employer site). SSGs are often integrated with routers into a single unit as is well known in the relevant arts.
Network address translation (NAT) is often performed within an SSG (or gateway in general). NAT commonly refers to replacing one network layer address in a packet with a second network layer address. In a typical application of NAT in an SSG, a packet is received from a remote location in the upstream direction. The source address field of the packet contains a local address of a system (“remote system”) at a remote location The local address is substituted with an address (“external address”) in the SSG, and the mapping of the local address to the external address may be referred to as a NAT operation.
The external address is usually provided from a service domain (e.g., other end of a VPN) and is unique within the service domain. The packet with the substituted external address is sent to the service domain. A reverse translation is performed from the external address to the local address when packets are received from the service domain. Thus, even if the addresses in the remote location overlap with the addresses in the service domain, remote locations can access the services.
A NAT table is often maintained to map each of the local address to a corresponding external address and vice versa. In a prior system, an SSG may maintain a single global NAT table for all the translations. One problem with such an approach is that a big table may be required to support a large number of services and the related users. The table size may lead to long lookup times and impede the throughput performance of a gateway.
Accordingly, what is required is an efficient method and apparatus to implement NAT operations within a SSG.