Load balancing deterministic network address translation across session management modules

The invention claimed is: 1. A method comprising: hosting a non-contiguous set of public network addresses on each of a plurality of network address translation (NAT) modules of a network device; allocating a non-contiguous set of private network addresses of a private network to each of the NAT modules; with each of the NAT modules, internally mapping the non-contiguous set of public network addresses to a contiguous sequence of identifiers for the public addresses and mapping the non-contiguous set of private network addresses to a contiguous sequence of identifiers for the private addresses; distributing network packets to the plurality of NAT modules; and with each of the NAT modules, locally performing deterministic NAT on the network packets received by the NAT module based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses mapped by the NAT module. 2. The method of claim 1 , wherein locally performing deterministic NAT with each of the NAT modules comprises: mapping, for each of the packets, the private network address of the packet to one of the identifiers for the private addresses of the NAT module; applying a deterministic NAT algorithm to deterministically compute, with the NAT module, one of the sequential identifiers for the public addresses and a range of ports based on the sequential identifier for the private address; mapping the computed one of the sequential identifiers for the public addresses to one of the non-contiguous public network addresses; dynamically selecting an unused port from the range of ports; generating a translated packet from the packet, wherein the translated packet includes the determined public network address and the selected unused port from the range of ports in place of the private source address and source port; and forwarding the translated packet from the network device to a public network. 3. The method of claim 1 , wherein distributing network packets across the plurality of NAT modules comprises: receiving a packet from a subscriber, wherein the packet includes a private source network address and source port; performing a modulo operation on the private source network address using a number of the NAT modules as an operand to the module operation; selecting one of the plurality of NAT modules based on a result of the modulo operation; and forwarding the packet to the selected one of the plurality of NAT modules. 4. The method of claim 1 , wherein distributing network packets across the plurality of NAT modules comprises: receiving a packet from a subscriber, wherein the packet includes a private source network address and source port; performing a hash operation on the private source network address; selecting one of the plurality of NAT modules based on a result of the hash operation; and forwarding the packet to the selected one of the plurality of NAT modules. 5. The method of claim 1 , wherein allocating a non-contiguous set of private network addresses of a private network to each of the NAT modules comprises: performing a modulo operation on each of the private source network addresses using a number of the NAT modules as on operand to the module operation; and assigning each of the private source network addresses to one of the plurality of NAT modules based on a result of the modulo operation. 6. The method of claim 1 , wherein hosting a non-contiguous set of public network addresses on each of the NAT modules comprises: performing a modulo operation on each of the public network addresses using a number of the NAT modules as on operand to the module operation; and assigning each of the public network addresses to one of the plurality of NAT modules based on a result of the modulo operation. 7. The method of claim 1 , wherein the plurality of NAT modules comprise a plurality of session management cards within the network device, and wherein distributing the network packets across the plurality of NAT modules comprises load balancing the network packets across the session management cards. 8. The method of claim 7 , wherein load balancing the network packets comprises: receiving the network packets with a forwarding component shared by the session management cards, wherein the network packets comprise outbound network packets from subscribers and destined for a public network; for each of the outbound network packets, selecting one of the session management cards based on a private network address within the outbound network packet; and forwarding the outbound network packet from the forwarding component of the network device to the selected session management card for network address translation. 9. The method of claim 7 , wherein load balancing the network packets comprises: installing a plurality of routes within a forwarding component shared by the session management cards, wherein the routes specify corresponding session management cards as destinations for the network packets specifying the public network addresses as destination addresses; receiving the network packets with a forwarding component shared by the session management cards, wherein the network packets comprise inbound network packets from a public network; for each of the inbound network packets, performing a lookup operation with the forwarding component to identify a route for the packet based on a public network address within the inbound packet; with the forwarding component, selecting one of the session management cards based the identified route; and forwarding the inbound network packet from the forwarding component of the network device to the selected session management card for network address translation. 10. The method of claim 7 , wherein the network device comprises a router or a mobile gateway. 11. A network device comprising: a plurality of interfaces configured to send and receive network packets for subscribers of a service provider network; a plurality of session management cards that each host a non-contiguous set of public network addresses; a forwarding component to distribute the network packets to the session management cards; a NAT controller within each of the plurality of session management cards, wherein each of the NAT controllers maps the non-contiguous set of public network addresses to a contiguous sequence of identifiers for the public addresses and maps a non-contiguous set of private network addresses to a contiguous sequence of identifiers for the private addresses, and wherein each of the NAT controllers performs deterministic network address translation on the network packets received by the respective session management card based on the contiguous sequence of identifiers for the public addresses and the contiguous sequence of identifiers for the private addresses mapped by the NAT controller to output a translated packet. 12. The network device of claim 11 , wherein each of the NAT controllers is configured to perform deterministic NAT upon receiving an outbound packet from one of the subscribers and destined for a public network by: (i) mapping a private network address of the packet to one of the identifiers for the private addresses and apply a deterministic NAT algorithm to deterministically compute one of the sequential identifiers for the public addresses and a range of ports based on the sequential identifier for the private address, (ii) mapping the computed one of the sequential identifiers for the public addresses to one of the non-contiguous public network addresses hosted by the respective session management card, and (iii) selecting an unused port from