CA2260561C - An improved method for network address translation - Google Patents
An improved method for network address translation Download PDFInfo
- Publication number
- CA2260561C CA2260561C CA002260561A CA2260561A CA2260561C CA 2260561 C CA2260561 C CA 2260561C CA 002260561 A CA002260561 A CA 002260561A CA 2260561 A CA2260561 A CA 2260561A CA 2260561 C CA2260561 C CA 2260561C
- Authority
- CA
- Canada
- Prior art keywords
- home network
- address
- packet
- router
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2546—Arrangements for avoiding unnecessary translation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2596—Translation of addresses of the same type other than IP, e.g. translation from MAC to MAC addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Abstract
A method for translating non Internet unique addresses of a home network device to an Internet unique address for internet communication through a router.
Every device within a given home network is assigned three addresses:(i) a configured address identical to the network address of the router enabling access to an Internet;
(ii) a logical address visible only to the other devices in the same home network; and (iii) a medium access control ("MAC") address. Every packet originating from a home network source device includes its MAC address, the router MAC address, its configured address and the network destination address, and is forwarded to its destination through the router. The router examines the network destination address to determine whether the communication is intranet or internet. For intranet communications the router replaces the configured address of the home network source device with the logical address of the home network source device, the logical address of the home network destination device with the configured address, its MAC
address with the MAC address of the home network destination device, and forwards the packet to the home network destination device. For Internet communications the router forwards the packet along the Internet without replacing any of the source or destination information in the headers of the packet. Based on the source MAC
address, however, the router records the logical address of the home network source device as well as the DA, SP, DP and PT in order to identify a response to the packet from the Internet destination device.
Every device within a given home network is assigned three addresses:(i) a configured address identical to the network address of the router enabling access to an Internet;
(ii) a logical address visible only to the other devices in the same home network; and (iii) a medium access control ("MAC") address. Every packet originating from a home network source device includes its MAC address, the router MAC address, its configured address and the network destination address, and is forwarded to its destination through the router. The router examines the network destination address to determine whether the communication is intranet or internet. For intranet communications the router replaces the configured address of the home network source device with the logical address of the home network source device, the logical address of the home network destination device with the configured address, its MAC
address with the MAC address of the home network destination device, and forwards the packet to the home network destination device. For Internet communications the router forwards the packet along the Internet without replacing any of the source or destination information in the headers of the packet. Based on the source MAC
address, however, the router records the logical address of the home network source device as well as the DA, SP, DP and PT in order to identify a response to the packet from the Internet destination device.
Description
AN IMPROVED METHOD FOR NETWORK ADDRESS TRANSLATION
Technical Field This invention relates generally to translation of a non Internet-unique network address of a network device to an Internet-unique network address.
Background of the Invention Data packets generally comprise the underlying data to be communicated, surrounded by one or more layers of header and footer information to enable forwarding the packet from end user to end user. Initially, a header identifying the application is appended to the data, I.e. the application layer. Thereafter, a header identifying the ports and communication protocol is appended, I.e. the transport layer.
The network layer identifies the source and destination devices by their network addresses, such as an IP address. Lastly, the immediate link protocol information is included in the data link layer.
For Internet applications the network layer comprises the IP address of the source and destination devices. Proper transmission requires that these addresses be unique. However, their number is limited. For example, there are at most 4 billion IP
addresses. With the proliferation of the Internet this number is clearly insufficient. To reduce the demand on IP addresses, devices connected through a gateway, such as a router, to the Internet are not necessarily given Internet unique IP
addresses. For example, the devices within a local area network ("LAN") with access to the Internet through a router will have IP addresses which are unique as between devices in the LAN, but not unique as between all devices on the Internet.
To facilitate the following discussion we will refer to a network device with a non unique network address as a home network device. The home network device may be part of an intranet, or it may be a stand-alone computer with access to an Internet, such as through an Internet service provider. The key is that the home network device does not have a unique network address vis a vis the Internet to which it has access.
As for intranet communication, each home network device has a unique IP
Technical Field This invention relates generally to translation of a non Internet-unique network address of a network device to an Internet-unique network address.
Background of the Invention Data packets generally comprise the underlying data to be communicated, surrounded by one or more layers of header and footer information to enable forwarding the packet from end user to end user. Initially, a header identifying the application is appended to the data, I.e. the application layer. Thereafter, a header identifying the ports and communication protocol is appended, I.e. the transport layer.
The network layer identifies the source and destination devices by their network addresses, such as an IP address. Lastly, the immediate link protocol information is included in the data link layer.
For Internet applications the network layer comprises the IP address of the source and destination devices. Proper transmission requires that these addresses be unique. However, their number is limited. For example, there are at most 4 billion IP
addresses. With the proliferation of the Internet this number is clearly insufficient. To reduce the demand on IP addresses, devices connected through a gateway, such as a router, to the Internet are not necessarily given Internet unique IP
addresses. For example, the devices within a local area network ("LAN") with access to the Internet through a router will have IP addresses which are unique as between devices in the LAN, but not unique as between all devices on the Internet.
To facilitate the following discussion we will refer to a network device with a non unique network address as a home network device. The home network device may be part of an intranet, or it may be a stand-alone computer with access to an Internet, such as through an Internet service provider. The key is that the home network device does not have a unique network address vis a vis the Internet to which it has access.
As for intranet communication, each home network device has a unique IP
address. Therefore the home network devices have no difficulty identifying each other and communicating. However, since its network address is not unique with respect to other devices on the Internet its packets cannot be forwarded directly to their respective destinations. Rather, a home network device that wants to forward a packet to a destination device on the Internet initially includes its non-unique address SA in the network layer header and forwards the packet to the router. The router removes the address SA and inserts its own Internet unique address RSA, instead. The muter records the source address SA, the destination address DA, the source port SP, the destination port DP and the protocol type PT from the network and transport layers of the packet and then forwards the packet to its destination over the Internet.
Any response from the destination will include RSA as its DA' and DA, SP, DP
and PT as SA', DP', SP' and PT, respectively. The router will recognize this information as a response from the original destination, now acting as a source, to the original source, now acting as a destination. The router will then replace its IP address RSA from the DA' in the network layer for the non-unique address SA of the original source and forward the response to the appropriate network device.
While the above-mentioned scheme addresses the concern of limited IP
addresses, it remains limited in addressing several applications. First, it does not enable a source to send a packet through the Internet to a home network device, unless it is responding to a packet that originated from that home network device. The source simply has no means for identifying the home network device. The source can only identify the router connecting the home network device to the Internet. Yet, the router has no means for determining which home network device is the intended recipient of the packet.
A second application where the above-mentioned scheme is at best inefficient, is voice communication over the Internet using a protocol such as ITU H.323, well known in the art. In accordance with the ITU H.323 protocol, the source network device inserts its IP address among the data bits of the IP packet, referred to as the payload as opposed to the network layer header. Clearly, where the source device is a home network device the source address that would be inserted into the payload would be a non-unique address which may not appear outside of the home network. Thus the home network device could not engage in voice communications in accordance with ITU H.323. While it is possible to instruct the router to examine the payload, remove the non-unique network address and insert its own unique network address, this would involve many operations that would overload the router. In addition, the router would have to apply the same operations in reverse when it receives a response from the Internet device to the home network device. Moreover, the muter would have to be able to handle similar operations for each of a variety of protocols with similar demands, such as the file transfer protocol ("FTP").
A third application where the above-mentioned scheme is limited in enabling access between home network devices and devices on the Internet is the IP
security protocol. IP security is a scheme for authenticating the communicating devices. In general, a device employing IP security performs a checksum operation on its IP header and the result is appended as a header to the IP header. The destination device performs a similar checksum operation on the IP header of the received packet and compares the result with the IP security header.
This will not work, however, when the IP packet was forwarded from a home network device to an Internet device in accordance with the above-mentioned scheme.
In this scheme the original source address of the packet on which the IP
security header depends is replaced with the router source address. Thus when the destination device receives the packet and performs the checksum operation the IP security header will not match. As with voice communications, to employ the router to replace the IP
security header is too complicated. Indeed, currently IP security is not used with home network devices.
Accordingly, a method for network address translation not constrained by the aforementioned limitations is desirable and described below.
Summary of the Invention In accordance with the present invention every device within a given home network is assigned three addresses:(i) a configured address identical to the network address of the roofer enabling access to an Internet; (ii) a logical address visible only to the other devices in the same home network; and (iii) a medium access control ("MAC") address. To forward a packet, the home network source device includes its MAC address and that of the roofer in the datalink layer, and its configured address and the network destination address in the network layer, of the packet. ~ The roofer examines the network destination address to determine whether the communication is intranet or Internet. For intranet communications the network destination address is the logical address of the home network destination device. In the network layer, the roofer replaces the configured address of the home network source device with the logical address of the home network source device and the logical address of the home network destination device with the configured address. In the datalink layer, the muter replaces its MAC address with the MAC address of the home network destination device. The roofer then forwards the packet to the home network destination device.
Where the roofer determines that the network destination address is an Internet unique address, it forwards the packet along the Internet without replacing any of the source or destination information in the headers of the packet. Based on the source MAC address, however, the roofer records the logical address of the home network source device as well as the DA, SP, DP and PT in order to identify a response to the packet from the Internet destination device.
In accordance with one aspect of the present invention there is provided a data communications system comprising an Internet and at least one home network, each of said home networks comprising a plurality of home network devices and having access to said Internet through a roofer with an Internet-unique network address, said system employing a method for network address translation of a packet having at least a network layer and a datalink layer, originating from one of said home network devices, said method comprising the following steps: including in the network layer of said packet a configured logical address to represent the network layer source address of the source home network device, and a logical destination address, said f II ~I ~~Y~15'~ ' A k4 ~' : ~V ~i ' ~I~ ' I
-4a-configured logical address being common to each home network device with a common home network, and its router; including in the datalink layer of said packet the MAC address of said router as the datalink layer destination address of the packet;
forwarding said packet from said source homec network device to said router;
determining whether said packet is intended for a home network device; if said packet is intended for a home network device, replacing said configured logical address at the network layer of said packet with the logical address of said source home network device, replacing said logical address of the destination home network device with said configured logical address, and replacing said router MAC address with the MAC address of the destination home network device; if said packet is intended for an Internet destination device, recording packet identifying information; and forwarding said packet to its intended destination device.
Brief Description of the Drawinss FIG. 1 is a prior art topology drawing of a plurality of home network devices connected to the Internet through a router.
FIG. 2 is a descriptive flowchart of the process of network address translation of a packet originating from a home network, in accordance with the present invention.
FIG. 3 is an illustrative default profile of a router for directing certain packets to specific predetermined home network devices.
FIG. 4 is a descriptive flowchart of the process of network address translation of a packet originating from an Internet source, in accordance with the present invention.
Detailed Description of the Invention In accordance with the method of the present invention every home network device shares an identical configured address G which is identical to the network address of the router R enabling access to the Internet to each of the home network devices. Each home network device also has a logical address visible only to the other devices in the same home network. Lastly, each home network device includes a medium access control ("MAC") address.
Referring to FIG. 2, in a data communications system in accordance with the present invention packets originating from the home network, include the MAC
address of the home network source device and that of the router in the datalink layer, and the configured address and the network destination address in the network layer (step 210). In accordance with the present invention every packet originating from the home network, whether to another device on the home network, or to an Internet destination, passes through router R as shown in step 211. As shown in step 212, router R examines the network destination address to determine whether the communication is intranet or Internet. For intranet communications the network destination address is the logical address of the home network destination device. As shown in step 215, the router replaces in the network layer the configured address of the home network source device with the logical address of the home network source device and the logical address of the home network destination device with the configured address. In the datalink layer, the muter replaces its MAC address with the MAC address of the home network destination device. The muter then forwards the packet to the home network destination device, as shown in step 216.
By initially including the configured address as the network source address the network layer leaves the source ready for forwarding both along the Internet and within the home network. The packet is ready for Internet transmission since the configured address is the router address, the only Internet unique address for the home network devices. Since the configured network source address is Internet unique, it can be included in the payload in accordance with H.323 and IP security can be applied as well.
Where muter R determines that the network destination address is an Internet unique address, it forwards the packet along the Internet without replacing any of the source or destination information in the headers of the packet, as shown in step 214.
Based on the source MAC address, however, the muter records the logical address of the home network source device as well as the DA, SP, DP and PT in order to identify a response to the packet from the Internet destination device, as shown in step 213.
The packet is also ready for intranet communications since the logical address of the home network destination device is included in the network layer and it is relatively simple for router R to replace the configured address with the home network source device's logical address. While the present invention adds some complexity to a router for intranet communications, the benefits realized for Internet communications make it worthwhile, especially in systems with relatively heavy Internet traffic.
When receiving a response from a home network device the router handles the packet much the same way as if the responding device is a home network source device as explained above. However, the task is more complicated when the packet originates from the Internet and is destined to a home network device. Referring to FIG.
4, upon receiving a packet from the Internet, as shown in step 410, router R first determines whether the network layer information matches any of the 'network layer information from a packet that had been forwarded from a home network device, as shown in step 415. In other words the router first determines whether the packet is a response to another packet that had originated from the home network.
The network layer information that the router looks to identify includes for example the network address. In other words, does the network destination address of any packets sent from the home network to the Internet match the network source address of the Internet originating packet. Other network layer information includes datalink port and protocol type as explained above.
If the network layer information enables router R to identify the packet as a response, router R will replace the network destination address in the network layer of _7_ the packet with the configured address and add the MAC address of the intended home network destination device in the datalink layer, as shown in step 420.
Thereafter router R will forward the packet to the appropriate home network destination device.
If, however, muter R cannot identify the home network destination device from the network layer information, the router will then refer to a default profile to match the packet with an appropriate home network device, if applicable, as show in steps 430 and 435. An illustrative default profile is shown in FIG. 3. If no default profile is specified router R then determines whether the protocol type of the packet is User Datagram Protocol ("UDP") or Transmission Control Protocol ("TCP") (step 440).
If either one of these protocols are specified then router R will broadcast the packet to all the home network devices as shown in step 445. This is accomplished by adding the broadcast MAC address at the datalink layer. If router R determines in step 450 that less than all home network devices respond to the broadcast packet, it will forward future packets with the same network layer information only to those responding home network devices, as shown in step 465. Otherwise, future packets with the same network layer information will continue to be broadcast, as shown in step 455.
Note, that if the router R cannot identify the home network destination device, and the protocol type is not either TCP or UDP, the router may not be able to forward the packet as shown in step 460.
One skilled in the art will understand that if the Internet originating packet has a multicast network address then the router will simply add the multicast MAC
address and forward the packet on the home network.
One last note is that the address resolution protocol ("ARP") used to translate logical addresses to MAC addresses must be modified in a home network operating in accordance with the present invention. Typically, a home network device sends an ARP request to learn the MAC address of an intended destination device. The request will include the destination device's logical address and the requesting machine will wait for a response from the destination device with the destination device's MAC
address. These requests will however be lost in a network operating in accordance with the present invention since the devices do not recognize their own logical _g_ addresses. Thus ARP must be modified such that the ARP requests are sent to the router. Since the router recognizes each device's logical and MAC addresses, it can respond to the request with the MAC address of the intended destination home network device. Alternatively, the router can respond to the ARP request by forwarding its own MAC address and then upon receipt of the packet, replace its MAC
address with that of the intended destination home network device and forward the packet accordingly.
Likewise, the router should be designed to intercept all gratuitous ARP
transmissions. Otherwise, the device transmitting its own MAC address will announce itself with the configured logical address and confuse all the devices on the home network which identify themselves by the configured address as well.
Lastly, the router can use known techniques for identifying the MAC addresses of the home network devices. These techniques include a Dynamic Host Configuration Protocol ("DHCP") request from a device, a gratuitous ARP transmission from a device and an ARP request from a device.
The foregoing merely illustrates the principles of the present invention.
Those skilled in the art will be able to devise various modifications, which although not explicitly described or shown herein, embody the principles of the invention and are thus within its spirit and scope.
Any response from the destination will include RSA as its DA' and DA, SP, DP
and PT as SA', DP', SP' and PT, respectively. The router will recognize this information as a response from the original destination, now acting as a source, to the original source, now acting as a destination. The router will then replace its IP address RSA from the DA' in the network layer for the non-unique address SA of the original source and forward the response to the appropriate network device.
While the above-mentioned scheme addresses the concern of limited IP
addresses, it remains limited in addressing several applications. First, it does not enable a source to send a packet through the Internet to a home network device, unless it is responding to a packet that originated from that home network device. The source simply has no means for identifying the home network device. The source can only identify the router connecting the home network device to the Internet. Yet, the router has no means for determining which home network device is the intended recipient of the packet.
A second application where the above-mentioned scheme is at best inefficient, is voice communication over the Internet using a protocol such as ITU H.323, well known in the art. In accordance with the ITU H.323 protocol, the source network device inserts its IP address among the data bits of the IP packet, referred to as the payload as opposed to the network layer header. Clearly, where the source device is a home network device the source address that would be inserted into the payload would be a non-unique address which may not appear outside of the home network. Thus the home network device could not engage in voice communications in accordance with ITU H.323. While it is possible to instruct the router to examine the payload, remove the non-unique network address and insert its own unique network address, this would involve many operations that would overload the router. In addition, the router would have to apply the same operations in reverse when it receives a response from the Internet device to the home network device. Moreover, the muter would have to be able to handle similar operations for each of a variety of protocols with similar demands, such as the file transfer protocol ("FTP").
A third application where the above-mentioned scheme is limited in enabling access between home network devices and devices on the Internet is the IP
security protocol. IP security is a scheme for authenticating the communicating devices. In general, a device employing IP security performs a checksum operation on its IP header and the result is appended as a header to the IP header. The destination device performs a similar checksum operation on the IP header of the received packet and compares the result with the IP security header.
This will not work, however, when the IP packet was forwarded from a home network device to an Internet device in accordance with the above-mentioned scheme.
In this scheme the original source address of the packet on which the IP
security header depends is replaced with the router source address. Thus when the destination device receives the packet and performs the checksum operation the IP security header will not match. As with voice communications, to employ the router to replace the IP
security header is too complicated. Indeed, currently IP security is not used with home network devices.
Accordingly, a method for network address translation not constrained by the aforementioned limitations is desirable and described below.
Summary of the Invention In accordance with the present invention every device within a given home network is assigned three addresses:(i) a configured address identical to the network address of the roofer enabling access to an Internet; (ii) a logical address visible only to the other devices in the same home network; and (iii) a medium access control ("MAC") address. To forward a packet, the home network source device includes its MAC address and that of the roofer in the datalink layer, and its configured address and the network destination address in the network layer, of the packet. ~ The roofer examines the network destination address to determine whether the communication is intranet or Internet. For intranet communications the network destination address is the logical address of the home network destination device. In the network layer, the roofer replaces the configured address of the home network source device with the logical address of the home network source device and the logical address of the home network destination device with the configured address. In the datalink layer, the muter replaces its MAC address with the MAC address of the home network destination device. The roofer then forwards the packet to the home network destination device.
Where the roofer determines that the network destination address is an Internet unique address, it forwards the packet along the Internet without replacing any of the source or destination information in the headers of the packet. Based on the source MAC address, however, the roofer records the logical address of the home network source device as well as the DA, SP, DP and PT in order to identify a response to the packet from the Internet destination device.
In accordance with one aspect of the present invention there is provided a data communications system comprising an Internet and at least one home network, each of said home networks comprising a plurality of home network devices and having access to said Internet through a roofer with an Internet-unique network address, said system employing a method for network address translation of a packet having at least a network layer and a datalink layer, originating from one of said home network devices, said method comprising the following steps: including in the network layer of said packet a configured logical address to represent the network layer source address of the source home network device, and a logical destination address, said f II ~I ~~Y~15'~ ' A k4 ~' : ~V ~i ' ~I~ ' I
-4a-configured logical address being common to each home network device with a common home network, and its router; including in the datalink layer of said packet the MAC address of said router as the datalink layer destination address of the packet;
forwarding said packet from said source homec network device to said router;
determining whether said packet is intended for a home network device; if said packet is intended for a home network device, replacing said configured logical address at the network layer of said packet with the logical address of said source home network device, replacing said logical address of the destination home network device with said configured logical address, and replacing said router MAC address with the MAC address of the destination home network device; if said packet is intended for an Internet destination device, recording packet identifying information; and forwarding said packet to its intended destination device.
Brief Description of the Drawinss FIG. 1 is a prior art topology drawing of a plurality of home network devices connected to the Internet through a router.
FIG. 2 is a descriptive flowchart of the process of network address translation of a packet originating from a home network, in accordance with the present invention.
FIG. 3 is an illustrative default profile of a router for directing certain packets to specific predetermined home network devices.
FIG. 4 is a descriptive flowchart of the process of network address translation of a packet originating from an Internet source, in accordance with the present invention.
Detailed Description of the Invention In accordance with the method of the present invention every home network device shares an identical configured address G which is identical to the network address of the router R enabling access to the Internet to each of the home network devices. Each home network device also has a logical address visible only to the other devices in the same home network. Lastly, each home network device includes a medium access control ("MAC") address.
Referring to FIG. 2, in a data communications system in accordance with the present invention packets originating from the home network, include the MAC
address of the home network source device and that of the router in the datalink layer, and the configured address and the network destination address in the network layer (step 210). In accordance with the present invention every packet originating from the home network, whether to another device on the home network, or to an Internet destination, passes through router R as shown in step 211. As shown in step 212, router R examines the network destination address to determine whether the communication is intranet or Internet. For intranet communications the network destination address is the logical address of the home network destination device. As shown in step 215, the router replaces in the network layer the configured address of the home network source device with the logical address of the home network source device and the logical address of the home network destination device with the configured address. In the datalink layer, the muter replaces its MAC address with the MAC address of the home network destination device. The muter then forwards the packet to the home network destination device, as shown in step 216.
By initially including the configured address as the network source address the network layer leaves the source ready for forwarding both along the Internet and within the home network. The packet is ready for Internet transmission since the configured address is the router address, the only Internet unique address for the home network devices. Since the configured network source address is Internet unique, it can be included in the payload in accordance with H.323 and IP security can be applied as well.
Where muter R determines that the network destination address is an Internet unique address, it forwards the packet along the Internet without replacing any of the source or destination information in the headers of the packet, as shown in step 214.
Based on the source MAC address, however, the muter records the logical address of the home network source device as well as the DA, SP, DP and PT in order to identify a response to the packet from the Internet destination device, as shown in step 213.
The packet is also ready for intranet communications since the logical address of the home network destination device is included in the network layer and it is relatively simple for router R to replace the configured address with the home network source device's logical address. While the present invention adds some complexity to a router for intranet communications, the benefits realized for Internet communications make it worthwhile, especially in systems with relatively heavy Internet traffic.
When receiving a response from a home network device the router handles the packet much the same way as if the responding device is a home network source device as explained above. However, the task is more complicated when the packet originates from the Internet and is destined to a home network device. Referring to FIG.
4, upon receiving a packet from the Internet, as shown in step 410, router R first determines whether the network layer information matches any of the 'network layer information from a packet that had been forwarded from a home network device, as shown in step 415. In other words the router first determines whether the packet is a response to another packet that had originated from the home network.
The network layer information that the router looks to identify includes for example the network address. In other words, does the network destination address of any packets sent from the home network to the Internet match the network source address of the Internet originating packet. Other network layer information includes datalink port and protocol type as explained above.
If the network layer information enables router R to identify the packet as a response, router R will replace the network destination address in the network layer of _7_ the packet with the configured address and add the MAC address of the intended home network destination device in the datalink layer, as shown in step 420.
Thereafter router R will forward the packet to the appropriate home network destination device.
If, however, muter R cannot identify the home network destination device from the network layer information, the router will then refer to a default profile to match the packet with an appropriate home network device, if applicable, as show in steps 430 and 435. An illustrative default profile is shown in FIG. 3. If no default profile is specified router R then determines whether the protocol type of the packet is User Datagram Protocol ("UDP") or Transmission Control Protocol ("TCP") (step 440).
If either one of these protocols are specified then router R will broadcast the packet to all the home network devices as shown in step 445. This is accomplished by adding the broadcast MAC address at the datalink layer. If router R determines in step 450 that less than all home network devices respond to the broadcast packet, it will forward future packets with the same network layer information only to those responding home network devices, as shown in step 465. Otherwise, future packets with the same network layer information will continue to be broadcast, as shown in step 455.
Note, that if the router R cannot identify the home network destination device, and the protocol type is not either TCP or UDP, the router may not be able to forward the packet as shown in step 460.
One skilled in the art will understand that if the Internet originating packet has a multicast network address then the router will simply add the multicast MAC
address and forward the packet on the home network.
One last note is that the address resolution protocol ("ARP") used to translate logical addresses to MAC addresses must be modified in a home network operating in accordance with the present invention. Typically, a home network device sends an ARP request to learn the MAC address of an intended destination device. The request will include the destination device's logical address and the requesting machine will wait for a response from the destination device with the destination device's MAC
address. These requests will however be lost in a network operating in accordance with the present invention since the devices do not recognize their own logical _g_ addresses. Thus ARP must be modified such that the ARP requests are sent to the router. Since the router recognizes each device's logical and MAC addresses, it can respond to the request with the MAC address of the intended destination home network device. Alternatively, the router can respond to the ARP request by forwarding its own MAC address and then upon receipt of the packet, replace its MAC
address with that of the intended destination home network device and forward the packet accordingly.
Likewise, the router should be designed to intercept all gratuitous ARP
transmissions. Otherwise, the device transmitting its own MAC address will announce itself with the configured logical address and confuse all the devices on the home network which identify themselves by the configured address as well.
Lastly, the router can use known techniques for identifying the MAC addresses of the home network devices. These techniques include a Dynamic Host Configuration Protocol ("DHCP") request from a device, a gratuitous ARP transmission from a device and an ARP request from a device.
The foregoing merely illustrates the principles of the present invention.
Those skilled in the art will be able to devise various modifications, which although not explicitly described or shown herein, embody the principles of the invention and are thus within its spirit and scope.
Claims (7)
1. In a data communications system comprising an internet and at least one home network, each of said home networks comprising a plurality of home network devices and having access to said internet through a router with an internet-unique network address, said system employing a method for network address translation of a packet having at least a network layer and a datalink layer, originating from one of said home network devices, said method comprising the following steps:
including in the network layer of said packet a configured logical address to represent the network layer source address of the source home network device, and a logical destination address, said configured logical address being common to each home network device with a common home network, and its router;
including in the datalink layer of said packet the MAC address of said router as the datalink layer destination address of the packet;
forwarding said packet from said source home network device to said router;
determining whether said packet is intended for a home network device;
if said packet is intended for a home network device, replacing said configured logical address at the network layer of said packet with the logical address of said source home network device, replacing said logical address of the destination home network device with said configured logical address, and replacing said router MAC address with the MAC address of the destination home network device;
if said packet is intended for an internet destination device, recording packet identifying information; and forwarding said packet to its intended destination device.
including in the network layer of said packet a configured logical address to represent the network layer source address of the source home network device, and a logical destination address, said configured logical address being common to each home network device with a common home network, and its router;
including in the datalink layer of said packet the MAC address of said router as the datalink layer destination address of the packet;
forwarding said packet from said source home network device to said router;
determining whether said packet is intended for a home network device;
if said packet is intended for a home network device, replacing said configured logical address at the network layer of said packet with the logical address of said source home network device, replacing said logical address of the destination home network device with said configured logical address, and replacing said router MAC address with the MAC address of the destination home network device;
if said packet is intended for an internet destination device, recording packet identifying information; and forwarding said packet to its intended destination device.
2. In a system according to claim 1 wherein said packet identifying information includes the logical address of said source home network device, the network layer destination address, the datalink source and destination addresses and the protocol type specified in the packet.
3. In a system according to claim 1 further employing a method for MAC address resolution comprising the following steps:
forwarding all requests for address resolution of a second home network device from a requesting first home network device to said muter; and said router responding to said request for address resolution by forwarding to said first home network device the MAC address of said second home network device.
forwarding all requests for address resolution of a second home network device from a requesting first home network device to said muter; and said router responding to said request for address resolution by forwarding to said first home network device the MAC address of said second home network device.
4. In a system according to claim 3 wherein said muter is designed to intercept all gratuitous requests for address resolution originating from said home network.
5. In a system according to claim 1 further employing a method for MAC address resolution comprising the following steps:
forwarding all requests for address resolution of a second home network device from a requesting first home network device to said router; and said router responding to said request for address resolution by forwarding to said first home network device the MAC address of said router.
forwarding all requests for address resolution of a second home network device from a requesting first home network device to said router; and said router responding to said request for address resolution by forwarding to said first home network device the MAC address of said router.
6. In a system according to claim 5 wherein said router is designed to intercept all gratuitous requests for address resolution originating from said home network.
7. In a data communications system comprising an internet and at least one home network, each of said home networks comprising a plurality of home network devices and having access to said internet through a router with an internet-unique network address, said system employing a method for network address translation of a packet having at least a network layer and a datalink layer, originating from a source device on said internet, received at said muter and intended for one of said home network devices, said method comprising the following steps:
determining whether the network layer of a first packet from said source device includes information that matches that of any packet previously transmitted from a home network device to said source device on said internet;
if said network layer of said first packet includes information that matches that of any packet having previously been transmitted from a home network device to said source device on said internet, then replacing the network layer destination address of said first packet with a configured logical address, said configured logical address being common to each home network device with a common home network, and its router and adding at said datalink layer the MAC address of said home network device as the datalink destination address;
if network layer information of said first packet matches an entry in a default service profile, then forwarding said first packet in accordance with said default service profile;
if said first packet includes a TCP or UDP protocol type, then broadcasting said first packet to all of said plurality of home network devices;
if any of said home network devices respond to said broadcast first packet, then forward subsequent packets with the same network layer information as said first packet, only to said responding home network devices;
and discarding all packets not forwardable by the foregoing steps.
determining whether the network layer of a first packet from said source device includes information that matches that of any packet previously transmitted from a home network device to said source device on said internet;
if said network layer of said first packet includes information that matches that of any packet having previously been transmitted from a home network device to said source device on said internet, then replacing the network layer destination address of said first packet with a configured logical address, said configured logical address being common to each home network device with a common home network, and its router and adding at said datalink layer the MAC address of said home network device as the datalink destination address;
if network layer information of said first packet matches an entry in a default service profile, then forwarding said first packet in accordance with said default service profile;
if said first packet includes a TCP or UDP protocol type, then broadcasting said first packet to all of said plurality of home network devices;
if any of said home network devices respond to said broadcast first packet, then forward subsequent packets with the same network layer information as said first packet, only to said responding home network devices;
and discarding all packets not forwardable by the foregoing steps.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/027,708 | 1998-02-20 | ||
US09/027,708 US6006272A (en) | 1998-02-23 | 1998-02-23 | Method for network address translation |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2260561A1 CA2260561A1 (en) | 1999-08-20 |
CA2260561C true CA2260561C (en) | 2002-11-26 |
Family
ID=21839326
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002260561A Expired - Fee Related CA2260561C (en) | 1998-02-20 | 1999-01-26 | An improved method for network address translation |
Country Status (2)
Country | Link |
---|---|
US (1) | US6006272A (en) |
CA (1) | CA2260561C (en) |
Families Citing this family (178)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6130892A (en) * | 1997-03-12 | 2000-10-10 | Nomadix, Inc. | Nomadic translator or router |
KR100528156B1 (en) * | 1997-03-12 | 2005-11-15 | 노마딕스, 인코포레이티드 | Nomadic Translator or Router |
US6304912B1 (en) * | 1997-07-24 | 2001-10-16 | Fujitsu Limited | Process and apparatus for speeding-up layer-2 and layer-3 routing, and for determining layer-2 reachability, through a plurality of subnetworks |
US6189041B1 (en) * | 1997-11-12 | 2001-02-13 | International Business Machines Corporation | Next hop resolution protocol cut-through to LANs |
US6353614B1 (en) | 1998-03-05 | 2002-03-05 | 3Com Corporation | Method and protocol for distributed network address translation |
EP0945807A1 (en) * | 1998-03-27 | 1999-09-29 | Hewlett-Packard Company | Adress remapping for a bus |
US6154839A (en) * | 1998-04-23 | 2000-11-28 | Vpnet Technologies, Inc. | Translating packet addresses based upon a user identifier |
US6377990B1 (en) * | 1998-06-15 | 2002-04-23 | Lodgenet Entertainment Corporation | System for providing internet access from locations different from those for which the user's software was configured |
US6584509B2 (en) * | 1998-06-23 | 2003-06-24 | Intel Corporation | Recognizing audio and video streams over PPP links in the absence of an announcement protocol |
US6745243B2 (en) * | 1998-06-30 | 2004-06-01 | Nortel Networks Limited | Method and apparatus for network caching and load balancing |
US6360265B1 (en) * | 1998-07-08 | 2002-03-19 | Lucent Technologies Inc. | Arrangement of delivering internet protocol datagrams for multimedia services to the same server |
US6553421B1 (en) * | 1998-09-15 | 2003-04-22 | International Business Machines Corporation | Method and system for broadcast management in a data communication network that permits namesharing |
US6199112B1 (en) * | 1998-09-23 | 2001-03-06 | Crossroads Systems, Inc. | System and method for resolving fibre channel device addresses on a network using the device's fully qualified domain name |
US10511573B2 (en) | 1998-10-30 | 2019-12-17 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
EP1125419B1 (en) | 1998-10-30 | 2009-08-26 | VirnetX Inc. | An agile network protocol for secure communications with assured system availability |
US7418504B2 (en) | 1998-10-30 | 2008-08-26 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
US6839759B2 (en) | 1998-10-30 | 2005-01-04 | Science Applications International Corp. | Method for establishing secure communication link between computers of virtual private network without user entering any cryptographic information |
US6446127B1 (en) * | 1998-10-30 | 2002-09-03 | 3Com Corporation | System and method for providing user mobility services on a telephony network |
US6502135B1 (en) * | 1998-10-30 | 2002-12-31 | Science Applications International Corporation | Agile network protocol for secure communications with assured system availability |
US6457061B1 (en) * | 1998-11-24 | 2002-09-24 | Pmc-Sierra | Method and apparatus for performing internet network address translation |
US8266266B2 (en) | 1998-12-08 | 2012-09-11 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization, authentication and accounting |
US7194554B1 (en) | 1998-12-08 | 2007-03-20 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization authentication and accounting |
US8713641B1 (en) | 1998-12-08 | 2014-04-29 | Nomadix, Inc. | Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device |
EP1142227A2 (en) * | 1998-12-23 | 2001-10-10 | Nokia Wireless Routers, Inc. | A unified routing scheme for ad-hoc internetworking |
US6490290B1 (en) * | 1998-12-30 | 2002-12-03 | Cisco Technology, Inc. | Default internet traffic and transparent passthrough |
US6425008B1 (en) * | 1999-02-16 | 2002-07-23 | Electronic Data Systems Corporation | System and method for remote management of private networks having duplicate network addresses |
US20010000301A1 (en) * | 1999-04-12 | 2001-04-19 | Zong Garrison G. | Device and system for providing access to the internet |
US7778259B1 (en) | 1999-05-14 | 2010-08-17 | Dunti Llc | Network packet transmission mechanism |
US6754214B1 (en) * | 1999-07-19 | 2004-06-22 | Dunti, Llc | Communication network having packetized security codes and a system for detecting security breach locations within the network |
JP3136140B2 (en) * | 1999-06-03 | 2001-02-19 | 松下電送システム株式会社 | Internet-connected SOHO gateway device |
US6587456B1 (en) * | 1999-06-17 | 2003-07-01 | Nortel Networks Limited | Method and apparatus for reducing load distribution delay in an internet protocol switch |
WO2001013579A1 (en) * | 1999-08-18 | 2001-02-22 | Fujitsu Limited | Distributed network load system and method, and recording medium for program thereof |
US6681252B1 (en) | 1999-09-27 | 2004-01-20 | 3Com Corporation | System and method for interconnecting portable information devices through a network based telecommunication system |
US6937699B1 (en) | 1999-09-27 | 2005-08-30 | 3Com Corporation | System and method for advertising using data network telephone connections |
US6795429B1 (en) | 1999-09-27 | 2004-09-21 | 3Com Corporation | System and method for associating notes with a portable information device on a network telephony call |
US6744759B1 (en) | 1999-09-27 | 2004-06-01 | 3Com Corporation | System and method for providing user-configured telephone service in a data network telephony system |
US7016675B1 (en) | 1999-09-27 | 2006-03-21 | 3Com Corporation | System and method for controlling telephone service using a wireless personal information device |
US6857072B1 (en) | 1999-09-27 | 2005-02-15 | 3Com Corporation | System and method for enabling encryption/authentication of a telephony network |
US6683865B1 (en) | 1999-10-15 | 2004-01-27 | Nokia Wireless Routers, Inc. | System for routing and switching in computer networks |
US6836463B2 (en) | 1999-10-15 | 2004-12-28 | Nokia Corporation | System for communicating labeled routing trees to establish preferred paths and source routes with local identifiers in wireless computer networks |
US6732188B1 (en) * | 1999-12-15 | 2004-05-04 | Avaya Technology Corp. | Method for providing customer treatment based on specified rules in conjunction with network source address of a request originator |
CN1192578C (en) * | 1999-12-22 | 2005-03-09 | 西门子公司 | Method for transmitting data packets containing private internet addresses |
US7079495B1 (en) | 2000-01-04 | 2006-07-18 | Cisco Technology, Inc. | System and method for enabling multicast telecommunications |
US6804254B1 (en) | 2000-01-04 | 2004-10-12 | Cisco Technology, Inc. | System and method for maintaining a communication link |
US7006494B1 (en) * | 2000-01-04 | 2006-02-28 | Cisco Technology, Inc. | System and method for a virtual telephony intermediary |
US7069432B1 (en) * | 2000-01-04 | 2006-06-27 | Cisco Technology, Inc. | System and method for providing security in a telecommunication network |
US7752333B1 (en) * | 2000-01-18 | 2010-07-06 | Avaya Inc. | Methods and apparatus for local network address acquisition, analysis and substitution |
US6650901B1 (en) | 2000-02-29 | 2003-11-18 | 3Com Corporation | System and method for providing user-configured telephone service in a data network telephony system |
US6804224B1 (en) | 2000-02-29 | 2004-10-12 | 3Com Corporation | System and method for providing telephone service having private branch exchange features in a voice-over-data network telephony system |
US6731630B1 (en) | 2000-02-29 | 2004-05-04 | 3Com Corporation | Flexible dial plan for a data network telephony system |
EP1266507B1 (en) * | 2000-03-17 | 2004-06-02 | America Online, Inc. | Home-networking |
US20020019875A1 (en) * | 2000-03-20 | 2002-02-14 | Garrett John W. | Service selection in a shared access network |
US7301952B2 (en) * | 2000-04-06 | 2007-11-27 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
US6697806B1 (en) * | 2000-04-24 | 2004-02-24 | Sprint Communications Company, L.P. | Access network authorization |
US7324635B2 (en) | 2000-05-04 | 2008-01-29 | Telemaze Llc | Branch calling and caller ID based call routing telephone features |
US6831917B1 (en) | 2000-05-10 | 2004-12-14 | Cisco Technology, Inc. | Network address translation for multicast virtual sourcing |
US6741586B1 (en) | 2000-05-31 | 2004-05-25 | 3Com Corporation | System and method for sharing computer screens over a telephony network |
US6914905B1 (en) | 2000-06-16 | 2005-07-05 | Extreme Networks, Inc. | Method and system for VLAN aggregation |
SG101985A1 (en) * | 2000-07-12 | 2004-02-27 | Distribution Systems Res Inst | Integrated information communication system |
US7349967B2 (en) * | 2000-07-21 | 2008-03-25 | Samsung Electronics Co., Ltd. | Architecture for home network on world wide web with private-public IP address/URL mapping |
US7133404B1 (en) | 2000-08-11 | 2006-11-07 | Ip Dynamics, Inc. | Communication using two addresses for an entity |
US7216179B2 (en) | 2000-08-16 | 2007-05-08 | Semandex Networks Inc. | High-performance addressing and routing of data packets with semantically descriptive labels in a computer network |
KR100342514B1 (en) * | 2000-09-08 | 2002-06-28 | 윤종용 | Method to use unique internet protocol address for a period of time when needed under local-unique internet protocol address domain |
US6661799B1 (en) | 2000-09-13 | 2003-12-09 | Alcatel Usa Sourcing, L.P. | Method and apparatus for facilitating peer-to-peer application communication |
US7047561B1 (en) * | 2000-09-28 | 2006-05-16 | Nortel Networks Limited | Firewall for real-time internet applications |
US6870830B1 (en) | 2000-11-30 | 2005-03-22 | 3Com Corporation | System and method for performing messaging services using a data communications channel in a data network telephone system |
EP1598714B1 (en) * | 2000-12-13 | 2016-09-28 | LG Electronics Inc. | Apparatus and method for remotely controlling household appliances |
US7072981B1 (en) | 2000-12-21 | 2006-07-04 | Cisco Technology, Inc. | Preallocation of client network address translation addresses for client-server networks |
US20020083344A1 (en) * | 2000-12-21 | 2002-06-27 | Vairavan Kannan P. | Integrated intelligent inter/intra networking device |
US7127524B1 (en) * | 2000-12-29 | 2006-10-24 | Vernier Networks, Inc. | System and method for providing access to a network with selective network address translation |
US7089328B1 (en) | 2000-12-29 | 2006-08-08 | Cisco Technology, Inc. | Method allocation scheme for maintaining server load balancers services in a high throughput environment |
US6877042B2 (en) * | 2001-01-02 | 2005-04-05 | Dell Products L.P. | System and method for generating world wide names |
US6912592B2 (en) * | 2001-01-05 | 2005-06-28 | Extreme Networks, Inc. | Method and system of aggregate multiple VLANs in a metropolitan area network |
US7509435B2 (en) * | 2001-03-12 | 2009-03-24 | International Business Machines Corporation | Network Address Translation and Port Mapping |
US6990101B1 (en) * | 2001-03-23 | 2006-01-24 | Advanced Micro Devices, Inc. | System and method for performing layer 3 switching in a network device |
KR100399431B1 (en) * | 2001-04-27 | 2003-09-29 | 플러스기술주식회사 | Apparatus and method for interconnecting networks |
US7085267B2 (en) * | 2001-04-27 | 2006-08-01 | International Business Machines Corporation | Methods, systems and computer program products for translating internet protocol (IP) addresses located in a payload of a packet |
JP4352630B2 (en) * | 2001-04-27 | 2009-10-28 | 沖電気工業株式会社 | Connection proxy device |
US7124173B2 (en) * | 2001-04-30 | 2006-10-17 | Moriarty Kathleen M | Method and apparatus for intercepting performance metric packets for improved security and intrusion detection |
KR100434270B1 (en) * | 2001-05-30 | 2004-06-04 | 엘지전자 주식회사 | Control System for Home Appliance Network |
CA2388938C (en) | 2001-06-08 | 2010-05-04 | The Distributions Systems Research Institute | Terminal-to-terminal communication connection control system for ip full service |
US7051116B1 (en) * | 2001-06-21 | 2006-05-23 | America Online, Inc. | Client device identification when communicating through a network address translator device |
KR100424297B1 (en) * | 2001-07-20 | 2004-03-24 | 엘지전자 주식회사 | Home Appliance Controlling System and Operating Method for the Same |
US7845004B2 (en) * | 2001-07-27 | 2010-11-30 | International Business Machines Corporation | Correlating network information and intrusion information to find the entry point of an attack upon a protected computer |
US7103648B1 (en) | 2001-07-31 | 2006-09-05 | Gateway Inc. | Method and system for assigning an IP address to a host based on features of the host |
US7065047B2 (en) * | 2001-10-22 | 2006-06-20 | Pctel, Inc. | System and method of providing computer networking |
US7006436B1 (en) * | 2001-11-13 | 2006-02-28 | At&T Corp. | Method for providing voice-over-IP service |
US7447215B2 (en) * | 2001-12-03 | 2008-11-04 | Hatteras Networks | Methods, systems, and computer program products for classifying a packet based on a destination address |
US20030145082A1 (en) * | 2002-01-25 | 2003-07-31 | Son Yong Ho | NAT device with LAN monitor for remote management |
US7209481B2 (en) * | 2002-02-05 | 2007-04-24 | Gateway Inc. | System and method for automated network address cloning for routers |
KR100420526B1 (en) | 2002-03-15 | 2004-03-02 | 엘지전자 주식회사 | Home Appliance Network System and Controlling Method for the Same |
US7937471B2 (en) * | 2002-06-03 | 2011-05-03 | Inpro Network Facility, Llc | Creating a public identity for an entity on a network |
US8072979B2 (en) * | 2002-06-07 | 2011-12-06 | The Distribution Systems Research Institute | Terminal-to-terminal communication control system for IP full service |
US7383339B1 (en) | 2002-07-31 | 2008-06-03 | Aol Llc, A Delaware Limited Liability Company | Local proxy server for establishing device controls |
US20040030709A1 (en) * | 2002-08-12 | 2004-02-12 | Gateway, Inc. | Personalized setup poster generation |
US8234358B2 (en) | 2002-08-30 | 2012-07-31 | Inpro Network Facility, Llc | Communicating with an entity inside a private network using an existing connection to initiate communication |
US7139828B2 (en) * | 2002-08-30 | 2006-11-21 | Ip Dynamics, Inc. | Accessing an entity inside a private network |
US20040043756A1 (en) * | 2002-09-03 | 2004-03-04 | Tao Haukka | Method and system for authentication in IP multimedia core network system (IMS) |
US7290050B1 (en) * | 2002-09-20 | 2007-10-30 | Blue Coat Systems, Inc. | Transparent load balancer for network connections |
US8051176B2 (en) | 2002-11-07 | 2011-11-01 | Hewlett-Packard Development Company, L.P. | Method and system for predicting connections in a computer network |
US8209371B2 (en) * | 2002-11-07 | 2012-06-26 | Hewlett-Packard Development Company, L.P. | Method and system for managing communication in a computer network using aliases of computer network addresses |
US7467227B1 (en) * | 2002-12-31 | 2008-12-16 | At&T Corp. | System using policy filter decision to map data traffic to virtual networks for forwarding the traffic in a regional access network |
NZ543148A (en) * | 2003-03-24 | 2006-12-22 | Re Src Ltd | Multiconfigurable device masking shunt and method of use |
US7949785B2 (en) | 2003-03-31 | 2011-05-24 | Inpro Network Facility, Llc | Secure virtual community network system |
DE10321227A1 (en) * | 2003-05-12 | 2004-12-09 | Siemens Ag | Process for data exchange between network elements |
JP4161791B2 (en) * | 2003-05-12 | 2008-10-08 | ソニー株式会社 | Inter-device authentication system, inter-device authentication method, communication device, and computer program |
US7590144B1 (en) * | 2003-05-13 | 2009-09-15 | Advanced Digital Broadcast Holdings S.A. | Network router apparatus and method |
AU2003246151A1 (en) * | 2003-05-30 | 2005-01-21 | Lg Electronics, Inc. | Home network system |
KR100638017B1 (en) | 2003-05-30 | 2006-10-23 | 엘지전자 주식회사 | Network device |
KR100605218B1 (en) * | 2003-05-30 | 2006-07-31 | 엘지전자 주식회사 | Network adaptor |
US20080097631A1 (en) * | 2003-05-30 | 2008-04-24 | Lg Electronics Inc. | Home Network System |
KR100596755B1 (en) * | 2003-05-30 | 2006-07-04 | 엘지전자 주식회사 | Home network system |
US7337219B1 (en) | 2003-05-30 | 2008-02-26 | Aol Llc, A Delaware Limited Liability Company | Classifying devices using a local proxy server |
AU2003246146A1 (en) * | 2003-05-30 | 2005-01-21 | Lg Electronics, Inc. | Home network system and its configuration system |
WO2004107662A1 (en) * | 2003-05-30 | 2004-12-09 | Lg Electronics, Inc. | Home network system |
KR20050026752A (en) * | 2003-09-06 | 2005-03-16 | 삼성전자주식회사 | System for multicasting multimedia contents |
US7437457B1 (en) | 2003-09-08 | 2008-10-14 | Aol Llc, A Delaware Limited Liability Company | Regulating concurrent logins associated with a single account |
US20050128995A1 (en) * | 2003-09-29 | 2005-06-16 | Ott Maximilian A. | Method and apparatus for using wireless hotspots and semantic routing to provide broadband mobile serveices |
US20050271047A1 (en) * | 2004-06-02 | 2005-12-08 | Huonder Russell J | Method and system for managing multiple overlapping address domains |
US8458453B1 (en) | 2004-06-11 | 2013-06-04 | Dunti Llc | Method and apparatus for securing communication over public network |
WO2005125070A2 (en) * | 2004-06-14 | 2005-12-29 | Semandex Networks, Inc. | System and method for providing content-based instant messaging |
KR20050121610A (en) * | 2004-06-22 | 2005-12-27 | 전자부품연구원 | Method for human readable and writable addressing in home network protocol |
US7925729B2 (en) | 2004-12-07 | 2011-04-12 | Cisco Technology, Inc. | Network management |
US7904712B2 (en) * | 2004-08-10 | 2011-03-08 | Cisco Technology, Inc. | Service licensing and maintenance for networks |
US8316438B1 (en) | 2004-08-10 | 2012-11-20 | Pure Networks Llc | Network management providing network health information and lockdown security |
US7760720B2 (en) * | 2004-11-09 | 2010-07-20 | Cisco Technology, Inc. | Translating native medium access control (MAC) addresses to hierarchical MAC addresses and their use |
US7827252B2 (en) | 2004-12-07 | 2010-11-02 | Cisco Technology, Inc. | Network device management |
US8478849B2 (en) | 2004-12-07 | 2013-07-02 | Pure Networks LLC. | Network administration tool |
WO2006125454A1 (en) * | 2005-05-23 | 2006-11-30 | Telefonaktiebolaget L.M. Ericsson (Publ.) | Traffic diversion in an ethernet-based access network |
WO2007035725A2 (en) * | 2005-09-19 | 2007-03-29 | Schweitzer Engineering Laboratories, Inc. | Method and apparatus for routing data streams among intelligent electronic devices |
US10277519B2 (en) | 2006-01-31 | 2019-04-30 | Silicon Laboratories Inc. | Response time for a gateway connecting a lower bandwidth network with a higher speed network |
US20150187209A1 (en) | 2006-01-31 | 2015-07-02 | Sigma Designs, Inc. | Method and system for synchronization and remote control of controlling units |
US20150131485A1 (en) * | 2006-01-31 | 2015-05-14 | Sigma Designs, Inc. | Mapping connected devices in a home area network to ip addresses in a local area network |
US10326537B2 (en) | 2006-01-31 | 2019-06-18 | Silicon Laboratories Inc. | Environmental change condition detection through antenna-based sensing of environmental change |
CN101094171B (en) * | 2006-06-22 | 2011-02-16 | 华为技术有限公司 | Method and system for implementing interaction of media streams, controller of media gateway, and media gateway |
US7755872B2 (en) * | 2006-09-14 | 2010-07-13 | Schweitzer Engineering Laboratories, Inc. | System, method and device to preserve protection communication active during a bypass operation |
CA2681734A1 (en) | 2007-03-23 | 2008-10-02 | Allegiance Corporation | Fluid collection and disposal system having interchangeable collection and other features and methods relating thereto |
US9889239B2 (en) | 2007-03-23 | 2018-02-13 | Allegiance Corporation | Fluid collection and disposal system and related methods |
US8041743B2 (en) * | 2007-04-17 | 2011-10-18 | Semandex Networks, Inc. | Systems and methods for providing semantically enhanced identity management |
US7958155B2 (en) * | 2007-04-17 | 2011-06-07 | Semandex Networks, Inc. | Systems and methods for the management of information to enable the rapid dissemination of actionable information |
US20090164387A1 (en) * | 2007-04-17 | 2009-06-25 | Semandex Networks Inc. | Systems and methods for providing semantically enhanced financial information |
US8014356B2 (en) | 2007-07-13 | 2011-09-06 | Cisco Technology, Inc. | Optimal-channel selection in a wireless network |
US9491077B2 (en) | 2007-07-13 | 2016-11-08 | Cisco Technology, Inc. | Network metric reporting system |
US7853829B2 (en) | 2007-07-13 | 2010-12-14 | Cisco Technology, Inc. | Network advisor |
US9026639B2 (en) | 2007-07-13 | 2015-05-05 | Pure Networks Llc | Home network optimizing system |
US8700743B2 (en) | 2007-07-13 | 2014-04-15 | Pure Networks Llc | Network configuration device |
US8683572B1 (en) | 2008-01-24 | 2014-03-25 | Dunti Llc | Method and apparatus for providing continuous user verification in a packet-based network |
DE102008032875A1 (en) * | 2008-07-14 | 2010-01-21 | Deutsche Telekom Ag | Endpoint addressing method, and dedicated network and access node |
SG159399A1 (en) * | 2008-08-13 | 2010-03-30 | Smart Comm Inc | Message routing platform |
WO2010052157A1 (en) * | 2008-11-10 | 2010-05-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Topology determination in a communications network |
WO2011008961A1 (en) | 2009-07-15 | 2011-01-20 | Allegiance Corporation | Fluid collection and disposal system and related methods |
JP2011077804A (en) * | 2009-09-30 | 2011-04-14 | Oki Networks Co Ltd | Communication device and communication method of the same |
US8649297B2 (en) | 2010-03-26 | 2014-02-11 | Cisco Technology, Inc. | System and method for simplifying secure network setup |
US8724515B2 (en) | 2010-03-26 | 2014-05-13 | Cisco Technology, Inc. | Configuring a secure network |
TWI442259B (en) * | 2010-11-05 | 2014-06-21 | Acer Inc | Authority control systems and methods, and computer program products thereof |
CN102232288A (en) * | 2011-04-15 | 2011-11-02 | 华为技术有限公司 | Method and apparatus for network address translation |
CN102970388B (en) * | 2012-11-19 | 2017-02-08 | 北京奇虎科技有限公司 | Method and system for managing outer net access |
JP5949491B2 (en) * | 2012-11-20 | 2016-07-06 | 富士ゼロックス株式会社 | Information processing apparatus and program |
US9294503B2 (en) | 2013-08-26 | 2016-03-22 | A10 Networks, Inc. | Health monitor based distributed denial of service attack mitigation |
US10637681B2 (en) | 2014-03-13 | 2020-04-28 | Silicon Laboratories Inc. | Method and system for synchronization and remote control of controlling units |
US9756071B1 (en) | 2014-09-16 | 2017-09-05 | A10 Networks, Inc. | DNS denial of service attack protection |
US9537886B1 (en) | 2014-10-23 | 2017-01-03 | A10 Networks, Inc. | Flagging security threats in web service requests |
US9584318B1 (en) | 2014-12-30 | 2017-02-28 | A10 Networks, Inc. | Perfect forward secrecy distributed denial of service attack defense |
US9900343B1 (en) | 2015-01-05 | 2018-02-20 | A10 Networks, Inc. | Distributed denial of service cellular signaling |
US9848013B1 (en) | 2015-02-05 | 2017-12-19 | A10 Networks, Inc. | Perfect forward secrecy distributed denial of service attack detection |
US10063591B1 (en) | 2015-02-14 | 2018-08-28 | A10 Networks, Inc. | Implementing and optimizing secure socket layer intercept |
US10749808B1 (en) | 2015-06-10 | 2020-08-18 | Amazon Technologies, Inc. | Network flow management for isolated virtual networks |
US10469594B2 (en) | 2015-12-08 | 2019-11-05 | A10 Networks, Inc. | Implementation of secure socket layer intercept |
US10505984B2 (en) | 2015-12-08 | 2019-12-10 | A10 Networks, Inc. | Exchange of control information between secure socket layer gateways |
US10116634B2 (en) | 2016-06-28 | 2018-10-30 | A10 Networks, Inc. | Intercepting secure session upon receipt of untrusted certificate |
US10158666B2 (en) | 2016-07-26 | 2018-12-18 | A10 Networks, Inc. | Mitigating TCP SYN DDoS attacks using TCP reset |
US10637673B2 (en) | 2016-12-12 | 2020-04-28 | Silicon Laboratories Inc. | Energy harvesting nodes in a mesh network |
US10897417B2 (en) * | 2018-09-19 | 2021-01-19 | Amazon Technologies, Inc. | Automated route propagation among networks attached to scalable virtual traffic hubs |
US10834044B2 (en) * | 2018-09-19 | 2020-11-10 | Amazon Technologies, Inc. | Domain name system operations implemented using scalable virtual traffic hub |
US10848331B2 (en) * | 2018-12-19 | 2020-11-24 | Nxp B.V. | Multi-node network with enhanced routing capability |
US11824773B2 (en) | 2021-03-30 | 2023-11-21 | Amazon Technologies, Inc. | Dynamic routing for peered virtual routers |
US11310155B1 (en) * | 2021-03-30 | 2022-04-19 | Amazon Technologies, Inc. | Virtual router workload offloading |
US11601365B2 (en) | 2021-03-30 | 2023-03-07 | Amazon Technologies, Inc. | Wide area networking service using provider network backbone network |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI90710C (en) * | 1992-05-29 | 1994-03-10 | Icl Personal Systems Oy | Procedure for Adapting a TCP / IP Software to a Local Area Network to a Remote Connection |
US5426637A (en) * | 1992-12-14 | 1995-06-20 | International Business Machines Corporation | Methods and apparatus for interconnecting local area networks with wide area backbone networks |
US5636216A (en) * | 1994-04-08 | 1997-06-03 | Metricom, Inc. | Method for translating internet protocol addresses to other distributed network addressing schemes |
JP3224963B2 (en) * | 1994-08-31 | 2001-11-05 | 株式会社東芝 | Network connection device and packet transfer method |
US5623601A (en) * | 1994-11-18 | 1997-04-22 | Milkway Networks Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
JP2770782B2 (en) * | 1995-05-31 | 1998-07-02 | 日本電気株式会社 | LAN connection device |
US5751971A (en) * | 1995-07-12 | 1998-05-12 | Cabletron Systems, Inc. | Internet protocol (IP) work group routing |
US5862344A (en) * | 1995-08-28 | 1999-01-19 | Ncr Corporation | Apparatus and methods for routing data packets through a processing system network |
US5757924A (en) * | 1995-09-18 | 1998-05-26 | Digital Secured Networks Techolognies, Inc. | Network security device which performs MAC address translation without affecting the IP address |
US5802053A (en) * | 1995-10-13 | 1998-09-01 | International Business Machines Corporation | Transport gateway between a native network and a mixed network |
US5793763A (en) * | 1995-11-03 | 1998-08-11 | Cisco Technology, Inc. | Security system for network address translation systems |
US5781550A (en) * | 1996-02-02 | 1998-07-14 | Digital Equipment Corporation | Transparent and secure network gateway |
US5856974A (en) * | 1996-02-13 | 1999-01-05 | Novell, Inc. | Internetwork address mapping gateway |
-
1998
- 1998-02-23 US US09/027,708 patent/US6006272A/en not_active Expired - Lifetime
-
1999
- 1999-01-26 CA CA002260561A patent/CA2260561C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US6006272A (en) | 1999-12-21 |
CA2260561A1 (en) | 1999-08-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2260561C (en) | An improved method for network address translation | |
US7088689B2 (en) | VLAN data switching method using ARP packet | |
US7577144B2 (en) | Dynamic network address translation system and method of transparent private network device | |
US8144709B2 (en) | Method, system and computer processing an IP packet, routing a structured data carrier, preventing broadcast storms, load-balancing and converting a full broadcast IP packet | |
US8089967B2 (en) | Modification of a switching table of an internet protocol switch | |
AU707905B2 (en) | Internet protocol filter | |
US6580717B1 (en) | Packet communication method and apparatus and a recording medium storing a packet communication program | |
EP1234246B1 (en) | System and method for network access without reconfiguration | |
US7701952B2 (en) | Packet communication method and apparatus and a recording medium storing a packet communication program | |
US8135013B2 (en) | Internet protocol switch and use of the switch for switching a frame | |
US20020052972A1 (en) | Communication method among a plurality of virtual LANs in an IP subnet | |
JP2004528748A (en) | Method and apparatus for enabling transmission of data through a firewall | |
US6618398B1 (en) | Address resolution for internet protocol sub-networks in asymmetric wireless networks | |
US20060268863A1 (en) | Transparent address translation methods | |
RU2310994C2 (en) | Traffic division filter | |
US20030031173A1 (en) | Multilayer internet protocol (MLIP) for peer-to-peer service of private internet and method for transmitting/receiving MLIP packet | |
US5917825A (en) | LAN message routing system | |
KR100562390B1 (en) | Network Data Flow Identification Method and System Using Host Routing and IP Aliasing Technique | |
KR20010073827A (en) | Method for expanding address for internet protocol version 4 in internet edge router | |
KR100359223B1 (en) | Method for Realization Multiple IP Address in Router | |
Wasserman et al. | A V6 Under the Hood: IPv6 for Embedded Systems | |
KR20030021598A (en) | Method of IP address managing in router which is acting NAT of frame relay |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |