Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
1998-03-05
2002-03-05
Patel, Ajit (Department: 2661)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S401000, C370S474000, C370S475000, C709S238000
Reexamination Certificate
active
06353614
ABSTRACT:
FIELD OF INVENTION
This invention relates to computer networks. More specifically, it relates to a method and system for distributed network address translation on computer networks.
BACKGROUND OF THE INVENTION
The Internet Protocol (“IP”) is an addressing protocol designed to route traffic within a network or between networks. Current versions of IP such as IP version 4 (“Ipv4”) are becoming obsolete because of limited address space. With a 32-bit address-field, it is possible to assign 2
32
different addresses, which is 4,294,967,296, or greater than 4 billion possible addresses. A unique IP number is typically assigned to network devices and a network using IP, whether or not the network is connected to the Internet. Most organizations, such as corporations and universities have multiple networks using IP, with multiple network devices assigned an IP address. With the explosive growth of the Internet and intranets, IP addresses using a 32-bit address-field may soon be exhausted. IP version 6 (“Ipv6) proposes the use of a 128-bit address-field for IP addresses. However, a large number of legacy networks including a large number of Internet nodes will still be using older versions for IP with a 32-bit address space for many years to come.
Network address translation (“NAT”) has been proposed to extend the lifetime of Internet Protocol (“IP”) version 4 (“Ipv4”) and earlier versions of IP by allowing a small home office or small network to exist behind a single IP address. The single IP address is used for communication with external networks such as the Internet. Internally, the small home office or small network uses private addressing. When a device or node using private addressing desires to communicate with the external world, a private address is translated to a common IP address used for communication with an external network by a NAT device.
There are several problems associated with using NAT to extend the life of IP. NAT interferes with the end-to-end routing principal of the Internet that recommends that packets flow end-to-end between network devices without changing the contents of any packet along a transmission route. (see e.g., Routing in the Internet, by C. Huitema, Prentice Hall, 1995) Current version's of NAT replace a private network address in a data packet header with an external network address on outbound traffic, and replace an external address in a data packet header with a private network address on inbound traffic. This type of address translation is computationally expensive, causes security problems by preventing certain types of encryption from being used, or breaks a number of existing applications in a network that cannot do NAT (e.g., File Transfer Protocol (“FTP”)).
Current versions of NAT may not gracefully scale beyond a small network containing a few dozen nodes or devices because of the computational and other resources required. NAT potentially requires support for many different internal network protocols be specifically programmed into a translation mechanism for external protocols in a NAT device such as a NAT router. As is known in the art, a router translates differences between network protocols and routes data packets to an appropriate network node or network device. Computational burdens placed on a NAT router may be significant and degrade network performance, especially if several NAT-enabled stub networks share the same NAT router. In a worst case scenario, a NAT router translates every inbound and outbound data packet.
As is known in the art, Transmission Control Protocol (“TCP”) and User Datagram Protocol (“UDP”) are often used over IP in computer networks. TCP provides a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols that support multi-network applications. UDP provides a transaction oriented datagram protocol, where delivery and duplicate packet protection are not guaranteed. When NAT is used to translate a TCP/IP or UDP/IP data packet, the packet's IP, TCP or UDP checksums are recalculated. When a port in a TCP or UDP header is translated, the packet's TCP or UDP checksum are also recalculated. This further increases the computational cost of translation in a NAT router.
When an IP address or port is translated with NAT, a new length may result for the data packet and a possible change in a TCP sequence number. A running sequence number offset (i.e., a delta) must then be maintained throughout the remainder of the connection. This delta must be applied to a future traffic, including acknowledgment numbers further increasing computational time in a NAT router.
In addition to TCP or UDP, a NAT router must be able to translate addresses, ports, change lengths and maintain sequence numbers for a number of different protocols that may transmit an IP address or port number (e.g., FTP, H.323, H.324, CUSeeME, RealAudio, Internet Relay Chat and others). Thus, it is desirable to provide NAT without large computational burdens in a NAT router.
SUMMARY OF THE INVENTION
In accordance with preferred embodiments of the present invention, some of the problems associated with NAT are overcome. A method and protocol for Distributed Network Address Translation (“DNAT”) is provided. The protocol includes a Port Allocation Protocol (“PAP”) for allocating globally unique port numbers for a network device. A globally unique port is unique on a local network and used with a common external network address to identify multiple devices to a second external network. Thus, one external network address can be used without network address translation to service multiple network devices on an internal network.
The method and protocol distribute network address translation by requesting a network device obtain globally unique port for all external communications. The network device replaces local or default ports with the globally unique ports. The network device uses a combination network address (e.g., common external network address/globally unique port number) for communications with network devices on a second external network. The method and protocol distribute network address translations to individual network devices on a network and remove the computation burden of NAT from a router. A NAT router is no longer required to support multiple individual protocols for the network address translation process.
In addition, DNAT may allow a local network with a common external network address to easily switch from a first network service provider to a second network service provider by replacing the common external network address assigned to the local network. DNAT may also allow an entity to purchase a smaller block of IP addresses, which are becoming very expensive, and use a single or a smaller number of IP addresses as a common external network address.
REFERENCES:
patent: 5159592 (1992-10-01), Perkins
patent: 5227778 (1993-07-01), Vacon et al.
patent: 5526489 (1996-06-01), Nilakantan et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5636216 (1997-06-01), Fox et al.
patent: 5708655 (1998-01-01), Toth et al.
patent: 5793763 (1998-08-01), Mayes et al.
patent: 5812819 (1998-09-01), Rodwin et al.
patent: 5867660 (1999-02-01), Schmidt et al.
patent: 5872847 (1999-02-01), Boyle et al.
patent: 6011782 (2000-01-01), DeSimone et al.
patent: 6055236 (2000-04-01), Nessett et al.
patent: 6157950 (2000-12-01), Krishnan
Tsirtsis, George, O'Neill, Alan, Internet Engineering Task Force, Internet Draft, “NAT Bypass for End 2 End ‘sensitive’applications”, <draft-tsirtsis-nat-bypass-00.txt>, Jan. 1998, pp. 1 to 6.
K. Egevang, and P. Francis, Internet Engineering Task Force, (“IETF”), Request for Comments (“RFC”) RFC-1631, “The IP Network Address Translator (NAT)”, May 1994, pp. 1-10.
W.T. Teo, S.W. Yeeow, R. Singh, Internet Engineering Task Force, Internet Draft, “IP Relocation Through Twice Network Address Translator,” <draft-ietf-nat-rnat-00.txt>, Feb. 1999, pp. 1 to 20.
George Tsirtis, Pyda Srishuresh, Internet Engineering Task Force, Internet Draft, “Network Address Transl
Borella Michael S.
Grabelsky David
Petry Brian D.
Sidhu Ikhlaq
3Com Corporation
Lesavich Steven
McDonnell & Boehnen Hulbert & Berghoff
Patel Ajit
Phunkulh Bob A.
LandOfFree
Method and protocol for distributed network address translation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and protocol for distributed network address translation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and protocol for distributed network address translation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2883807