1. Field of the Invention
The present invention relates to network address translation, and more specifically to performing network address translation among different virtual local area networks (VLANs) with potentially overlapping address ranges onto an external network with unique addresses.
2. Description of the Related Art
Conventional network devices, such as routers, switches, hubs, repeaters, etc., are generally not configured to handle network address conflicts, such as two or more computers or servers having the same internet protocol (IP) address within a local area network (LAN) or a common virtual LAN (VLAN). A VLAN is a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. In computer networking, Network Address Translation (NAT), also known as Network Masquerading, Native Address Translation or IP Masquerading, is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port numbers of IP packets (or frames) as they pass through. NAT allows identical IP addresses to be used within each of many different and independent local or private networks while further enabling communication with an external or public network through a router. The router employs NAT to assign a unique external address to be used in the external or public network domain. In conventional configurations, however, the same network address may not be used within the same network or between VLANs in which communications are aggregated through a common router.
The problem of using identical network addresses most often arises when provisioning one or more virtual (or logical) servers using virtualization technology (not to be confused with the “virtual” aspect of a VLAN) to deliver an application within a network. A logical server operates in the same manner as a physical machine configured in the same manner, but is provided as a separate and independent virtual machine and is used much like a physical computer. Virtualization technology transforms the function of a physical computer (virtualization host) to operate as if it were multiple computers in which each virtualized computer or virtual machine (VM) mimics the same basic architecture as that of a generic physical computer. Virtualization technology provides a software layer called abstraction. In one abstraction configuration, virtualization software executes as an application on the operating system (OS) of the underlying physical host computer system and enables multiple virtual machines to be defined within the virtualized environment. Alternatively, the underlying physical host computer executes a hypervisor replacing the host OS, where the hypervisor sits on top of the computer hardware rather than the OS. In either case, the abstraction layer provides virtual isolation so that each virtual machine is operated substantially independent of other virtual machines on the same physical host. Virtualization technology overrides the attributes of the underlying physical server and allows the virtual machines to share the physical resources of the underlying computer host. Virtualized isolation allows each virtual machine to execute its own separate OS even if otherwise inconsistent with the OS of any other virtual machine or with the OS of the underlying physical system. In this manner, virtualization technology enables multiple applications to be executed on the same host even if the applications are otherwise incompatible, which in turn increases the overall utilization of the physical host.
In a virtualization system, an application may be implemented with one or more multiple virtual machines or logical servers having common attributes including identical network addresses. Each virtual machine is stored as an image until activated and provisioned by a management or control server. Multiple copies of a single virtual machine image can be provisioned to execute simultaneously within a network. Without some form of network partitioning or modification to the IP address configuration of each VM instance, however, the multiple identical VMs experience IP address conflict and connectivity disruption. Connecting each instance to a VLAN provides isolation and allows multiple concurrent deployments of the same IP address without conflict, but prevents any external communication of the VLANs through a common gateway. Typically, external or inter-VLAN communication is accomplished via a router with knowledge of each unique subnet per VLAN. If there is an overlap among the per-VLAN subnets, a traditional router cannot uniquely identify the constituent devices for routing traffic resulting a conflict and communication failure.
Although the problem of duplicate addresses is more pervasive in virtualized systems using virtualization technology, the problem also arises in other platforms including physical configurations.
Aggregating communication of multiple devices with potentially duplicate network addresses and providing a unique IP identity could be accomplished by using a dedicated NAT router per VLAN, but the maintenance and resource cost of running and coordinating multiple routers can be high and even prohibitive for a large number of VLANs. Alternatively, each IP device may use a low-level driver to perform NAT itself, but this requires configuration of each constituent device which is disadvantageous.