A communication apparatus which terminates an L2 tunnel and an L3 tunnel includes a table storage unit which stores an ARP table where a broadcast MAC address is set as a destination MAC address linked to a destination IP address, and a transmission unit which acquires the broadcast MAC address as a destination MAC address corresponding to a destination IP address of an IP packet received via the L3 tunnel by referring to the ARP table and transmits a frame to which the broadcast MAC address is added as a destination MAC address, via the L2 tunnel.

A communication apparatus which terminates an L2 tunnel and an L3 tunnel includes a table storage unit which stores an ARP table where a broadcast MAC address is set as a destination MAC address linked to a destination IP address, and a transmission unit which acquires the broadcast MAC address as a destination MAC address corresponding to a destination IP address of an IP packet received via the L3 tunnel by referring to the ARP table and transmits a frame to which the broadcast MAC address is added as a destination MAC address, via the L2 tunnel.

A carrier-grade network address translation (NAT) gateway system includes a switch having a gateway function configured to receive packets that are communicated via its ingress and egress ports. The switch having the gateway function has a first link to a first NAT processing function and a second link to a second NAT processing function. The first NAT processing function has a first deterministic address/port translation function and a first mapping table for storing first binding entries. The second NAT processing function has a second deterministic address/port translation function and a second mapping table for storing second binding entries. Preferably, the first and the second deterministic address/port translation functions are the same. The switch is configured to communicate each received packet for processing at both the first and the second NAT processing functions (e.g., in either a serial manner or a parallel manner), which provides redundancy in state information.

A network device may be configured to receive one or more packets that are to initiate a communication session. The network device may be configured to process, using a plurality of packet analysis techniques, the one or more packets to determine analysis information associated with the one or more packets. The network device may be configured to determine, based on the analysis information associated with the one or more packets, whether the one or more packets are suspicious. The network device may be configured to cause or prevent inclusion in a NAT table, based on determining whether the one or more packets are suspicious, of at least one entry associated with the one or more packets and the communication session.

A method for converting network packets and a circuit system are provided. The circuit system uses firmware therein to record tables for implementing packet conversion between two types of networks (IPv4 and IPv6). In the method, a process of mapping of address and port using encapsulation (MAP-E) or a process of mapping of address and port using translation (MAP-T) is determined according to IPv4 packets routing requirement to embody an uplink and a downlink packet conversion process. A content table stores an IPv6 packet header after the MAP-E or MAP-T process. A control table is referred to for controlling the fields to be updated when adding the IPv6 packet header. A forwarding mapping rule table is referred to for determining to convert a destination IP address of an uplink IPv6 packet, or both a source IP address and a destination IP address of a downlink IPv4 packet.

A method for converting network packets and a circuit system are provided. The circuit system uses firmware therein to record tables for implementing packet conversion between two types of networks (IPv4 and IPv6). In the method, a process of mapping of address and port using encapsulation (MAP-E) or a process of mapping of address and port using translation (MAP-T) is determined according to IPv4 packets routing requirement to embody an uplink and a downlink packet conversion process. A content table stores an IPv6 packet header after the MAP-E or MAP-T process. A control table is referred to for controlling the fields to be updated when adding the IPv6 packet header. A forwarding mapping rule table is referred to for determining to convert a destination IP address of an uplink IPv6 packet, or both a source IP address and a destination IP address of a downlink IPv4 packet.

One aspect provides a method and system for managing address resolution requests in a network. During operation, a gateway of the network advertises a route for sending address resolution requests and determines whether a cached entry corresponding to an address resolution request received via the route exists in a neighbor table. In response to determining that the cached entry exists, the gateway responds to the address resolution request based on the cached entry; in response to determining that the cached entry does not exist, the gateway replicates the address resolution request to edge devices in the network, thereby facilitating discovery of a target host corresponding to the address resolution request.

One aspect provides a method and system for managing address resolution requests in a network. During operation, a gateway of the network advertises a route for sending address resolution requests and determines whether a cached entry corresponding to an address resolution request received via the route exists in a neighbor table. In response to determining that the cached entry exists, the gateway responds to the address resolution request based on the cached entry; in response to determining that the cached entry does not exist, the gateway replicates the address resolution request to edge devices in the network, thereby facilitating discovery of a target host corresponding to the address resolution request.

In general, embodiments of the invention relate to a method and system for enabling a peer state synchronization mechanism for dynamic network address translation (DNAT). More specifically, at least two network elements may be permitted to mount each other's DNAT tables, thereby providing redundancy for the implementation of DNATs in case of the failover of one of the network elements. The failed network element may then re-initialize while the functional network element continues to process packets, including packets that have been redirected to the functional network element post-failure of the failed network element. Upon completing re-initialization, the once failed network element recovers its DNAT table from the functional network element and proceeds to process packets normally.

A wireless station associates with an access point to join a wireless local area network (WLAN). The access point is part of the WLAN and operates as a switching device between wireless stations of the WLAN. The wireless station forms a TCP session via the access point with an external device which is external to the WLAN. The wireless station exchanges (i.e., transmits and/or receives) a first sequence of packets on the TCP session. The wireless station receives a frame from the access point, the frame indicating that the wireless station has been disassociated after having associated earlier with the access point. The wireless station re-associates with the access point. The access point then communicates with the external device on the TCP session after re-associating, the communicating involving exchanging a second sequence of packets with the external device after the re-association.