Electrical computers and digital processing systems: multicomput – Computer-to-computer data routing
Reexamination Certificate
1998-05-06
2001-06-19
Geckil, Mehmet B. (Department: 2152)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data routing
C709S249000
Reexamination Certificate
active
06249820
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates generally to communications networks and more particularly to a method and apparatus for IP work group routing which provides host mobility, conserves on the assignment of IP subnet addresses, and adds security along with ease of use to network configuration.
The original IP addressing scheme assigned a unique 32-bit internet address to each physical network and required gateways to keep routing tables proportional to the number of networks in the internet. This scheme is acceptable for an internet with tens of networks and hundreds of hosts, but can not handle today's connected internet with tens of thousands of small networks of personal computers because: (1) immense administrative overhead is required merely to manage network addresses; (2) the routing tables and gateways are extremely large; and (3) the number of IP addresses available for assignment is dwindling. Thus, the problem was how to minimize the number of assigned network addresses without destroying the original addressing scheme. See C. D. Comer, “Internetworking With TCP/IP, Vol. 1, Principals, Protocols and Architecture,” Prentice Hall, Englewood Cliffs, N.J., 2nd ed., Chap. 16, pp. 265-280 (1991).
A prior art technique for allowing a single network address to span multiple physical networks, and now a required part of IP addressing, is “subnet addressing” or “subnetting.” This is illustrated by example in
FIG. 1A
(taken from Comer, p. 270), wherein a site uses a single class B network address 128.10.0.0 for two physical networks. Except for gateway G, all gateways in the internet route as if there were a single physical net. Once a packet reaches G, it must be sent across the correct physical network to its destination. In this case, the manager of the local site has chosen to use the third octet of the address to distinguish between the two physical networks. Thus, G examines the third octet of the destination address and routes datagrams with value 1 to the network labeled 128.10.1.0 and those with value 2 to the network labeled 128.10.2.0.
Adding subnets only changes the interpretation of IP addresses slightly, as illustrated in FIG.
1
B. Instead of dividing the 32-bit IP address into a network prefix and a host suffix, subnetting divides the address into an internet portion and a local portion, where the internet portion identifies a site, and the local portion identifies a physical network and a host on that physical network.
Another change is that a site using subnet addressing must choose a 32-bit subnet mask for each network. Bits in the subnet mask are set to 1 if the network treats the corresponding bit in the IP address as part of the network address, and 0 if it treats the bit as part of the host identifier. It is recommended that sites use contiguous subnet masks (i.e., setting contiguous bits to 1) and that they use the same mask throughout an entire set of physical networks that share an IP address.
The standard IP routing algorithm is also modified to work with subnet addresses, known as “subnet routing.” The standard algorithm bases its decision on a table of routes, each table entry containing a pair of:
(network address, next hop address)
where the network address field specifies the IP address of the destination network, N, and the next hop address field specifies the address of a gateway to which datagrams destined for N should be sent. The standard routing algorithm compares the network portion of a destination address to the network address field of each entry in the routing table until a match is found. Because the next hop address field is constrained to specify a machine that is reachable over a directly connected network, only one table look-up is needed.
The modified algorithm for subnet routing maintains one additional field in each table entry that specifies the subnet mask for use with that entry:
(subnet mask, network address, next hop address)
When choosing routes, the modified algorithm performs a bit-wise Boolean “AND” of the full 32-bit destination IP address and the subnet mask, and then checks to see if the result equals the value in the network address field. If so, it routes the datagram to the address specified in the next hop address field If the IP address of the destination network (extracted from the datagram) matches a directly connected network address, the destination IP address from the datagram is resolved to a physical address, the datagram is encapsulated, and the frame sent out on the destination network to the destination host.
With ever increasing numbers of subnets, it would be desirable if further methods were available to conserve on subnet addresses. One potential method for doing this would be to put a bridge on a single router interface to bridge multiple LAN segments; however, this involves the added cost of a bridge and loses the protection of router “fire walls”, which administrators set to filter out packets based on destination addresses. Another potential method would be to increase the granularity of subnets by taking more bits from the host portion of the IP address for the subnet mask; however, this approach is very difficult for the network administrator to maintain as the network configuration evolves. Thus, neither of these potential methods offers a satisfactory solution.
It is an object of the present invention to accomplish one or more of: increased host mobility; further conserve on the assignment of network addresses; simplify the configuration of subnets; and provide an enhanced level of security.
SUMMARY OF THE INVENTION
The present invention is a method and apparatus for routing datagrams from a source node to a destination node in an IP communications network, the network including routers having multiple router interfaces connecting multiple physical networks. The method includes the step of assigning multiple router interfaces to a same IP work group address. This enhances host mobility by allowing, in one embodiment, a host to be relocated anywhere in the work group without requiring reconfiguration of the host. The method further includes the option of specifying (i.e., limiting or locking) host address ranges to designated interfaces of the work group. This step enhances security by restricting the allowed host mobility within the work group. The method further includes the optional step of filtering (i.e., dropping) the datagram if at least one of the source and destination hosts does not reside on the designated interface of the IP work group.
In the prior art, each router interface would have a unique IP address; in the present invention, multiple interfaces are assigned the same IP address. The hosts and physical networks connected to the designated multiple interfaces are referred to as a “work group”. There are several advantages to this arrangement.
First, there is the advantage of host mobility within the work group. A designated host may be valid if physically located on any one of the several interfaces in the work group.
Another advantage is a reduced consumption of network and subnet addresses, because now a single address is used for several physical networks. As a result, the administrative burden of servicing-physical networks with several addresses is reduced.
Another advantage is that it enables a network administrator to configure a network such that host addresses are allocated in blocks mirroring the physical structure of the network. For example, the administrator might allocate a contiguous block of addresses to each physical network. By providing a block or range of addresses, room is provided for future growth. In addition, one can secure the operational behavior of the network along the same lines as the configuration.
Security is optionally enhanced by only allowing transmission of datagrams to or from hosts with certain addresses. By locking IP (network layer) and MAC (physical layer) addresses, no one (other than the network administrator) can reconfigure an IP address to another MAC address. As a result, unauthorized computers
Cullerot David L.
Dobbins Kurt A.
Haggerty William T.
Negus Stephen H.
Cabletron Systems Inc.
Geckil Mehmet B.
Wolf Greenfield & Sacks P.C.
LandOfFree
Internet protocol (IP) work group routing does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Internet protocol (IP) work group routing, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Internet protocol (IP) work group routing will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2469725