The Internet Protocol (IP) is the protocol most widely in use on the Internet for routing data from a source to a destination host. The Internet currently employs version four of the IP, or IPv4. IPv4 hosts are identified by a 32-bit address, for example 134.7.1.1. Each host on the Internet is assigned one or more unique IPv4 addresses where other hosts can refer unambiguously to a given host using one of its addresses. In addition, hosts on the Internet usually have one or more names associated with those hosts. This enables end users to refer to a given host using its name rather than use its 32-bit IPv4 address. To resolve names to IP addresses, the domain name system (DNS) provides the service of mapping names to corresponding IP addresses.
As a consequence of the dramatic rise in the number of hosts on the Internet and the inefficient allocation of IPv4 addresses, the IPv4 address space is nearing exhaustion. To combat the shortage of IPv4 addresses and to meet the growing demands of IPv4 addresses the Internet Engineering Task Force (IETF) specified the use of a network address translator (NAT) and dedicated a portion of the IPv4 address space as “private”. The range of private addresses is defined in the IETF's Request for Comments (RFC) number 1918. With the help of a NAT, independent networks can reuse the private address space at their discretion when assigning addresses to hosts and these hosts are able to access other hosts on the Internet unambiguously. The NAT enables the sharing of one or more global IPv4 addresses assigned to private networks, so that packets emanating from private hosts in private networks have a valid and unambiguous global source address before leaving the private network. An example of private networks is a home network that is allocated a global IPv4 address upon dial-up, and users in the home network are able to share the global IPv4 address amongst multiple home devices using a NAT.
A significant disadvantage with accessing hosts behind a NAT is that one-to-many and many-to-one mappings must be performed from a gateway's global address for incoming and outgoing connections, respectively. Therefore, when a connection arrives at the gateway, the gateway must determine for which internal host the connection is destined. For example, if a home user runs a web-server and a file-sharing service, these services are registered using the gateway's global IPv4 address in order to be accessible from the global network, e.g. the Internet. Given that there is only one address associated with a multitude of applications within the private network (or behind the gateway), when a connection comes in, the gateway needs to know whether the connection is for the web-server or the file-sharing service. This problem is exacerbated by the fact that some NATs allow incoming traffic from an outside address if an outgoing packet has already been sent to the outside address. Consequently, the use of a NAT in a private network means it is harder to deploy peer-to-peer applications and thus severely impedes the application space of private networks.
Ng, T. S. Eugene, Stoica, Ion, and Zhang, Hui, “A Waypoint Service Approach To Connect Heterogeneous Internet Address Space,” USENIX Annual Technical Conference 2001, 2001, describe a mechanism involving the integration of an application-level gateway (ALG) of a Domain Name System (DNS), i.e., a DNS-ALG, with one or more relays. Private hosts register their private addresses and corresponding names with the DNS-ALG along with their gateway's global IPv4 address. When a DNS query is received by the DNS-ALG, the DNS-ALG locates a free relay and informs the relay of the queried host's private address and the gateway's IPv4 address. The DNS-ALG then returns the relay's IPv4 address in its DNS reply. The requesting host then tries to establish a connection to the returned IPv4 address that happens to be the relay's address. The relay uses the information passed previously by the DNS-ALG to tunnel received packets to the target host's gateway. The target host's gateway then de-capsulates the packets and re-writes the packet header before forwarding the packets to the target host.
A once-off state is used by the relays to associate an incoming connection request with a destination host. This is due to the relay not having a reliable way of telling whether the source host of an incoming connection actually made the last DNS query. Further, the foregoing mechanism requires at least one global IPv4 address for translation purposes; however, this is not available in most home networks. The mechanism depletes the scarce global IPv4 address space to support peer-to-peer applications. The number of available IPv4 addresses for relaying purposes dictates the number of connections that can be made to private hosts, giving rise to connection limits.
Srisuresh, P., Tsirtsis, G., Akkiraju, P., and Hefferman, A., “DNS Extensions to Network Address Translators (DNS-ALG)”, IETF RFC 2694, 1999, describe two NAT mechanisms. The NAT mechanism makes use of a DNS-ALG to help with the de-multiplexing incoming connections. This is achieved by having the DNS-ALG record the IPv4 address of the host that made the last DNS query and also the IPv4 address of the host being queried. The assumption is that once a host makes a DNS query a subsequent connection will follow. Once an incoming connection is detected, the NAT asks the DNS-ALG for the target host's IPv4 address, i.e., the IPv4 address of the host that was queried last. The NAT then translates the destination address in the incoming packets before forwarding the packets to the target host. This requires setting up the state to determine the target host within a private network. The other NAT mechanism is used when two networks having similar address spaces wish to communicate. For Network-A and Network-B, two hosts in each respective network may want to communicate without ambiguity even though the networks share similar address spaces. For the hosts to communicate, the NAT mechanism is installed between Network-A and Network-B, where all traffic between the two networks is intercepted and translated accordingly. The first translation serves to translate Network-A's address into another address space, e.g., 148.1.0.1 to 172.16.0.1. The second translation then translates the translated address, i.e., 172.16.0.1, into a globally routable address, e.g., 172.16.0.1 to 134.7.1.1. The DNS-ALG at the second NAT is also responsible for allocating a peer address for resource records (RRs) in DNS replies coming from Network-B, since the RRs contain a similar address space to that of Network-A. For external to internal communications, DNS-ALG installs states. This NAT mechanism requires four address mappings. Hence, to create a connection from one network to another, states need to be maintained for IPv4 to IPv4, and IPv4 to global IPv4 at each site. Further, this mechanism relies on a temporary soft state to associate an incoming connection with an internal host, which can cause connection ambiguity.
Cheriton, D. R., and Gritter, M. “TRIAD: A New Next Generation Internet Architecture”, 2000, describe a mechanism involving the setting up of a “circuit” across realms with different address spaces. The name resolution and routing processes are integrated, whereby a name request is forwarded from one router to the next in which the ensuing packets follow. As the name request is forwarded, appropriate states are created at each router that identify the destination relay in the current realm to forward a packet to. To use the created state, a new header with a label for the created state is inserted between the IP header and the payload. Using the label, a router obtains the forwarding relay address and modifies the source and destination fields accordingly before forwarding the packet to the relay leading to the next addressing realm.
This mechanism involves considerable signaling, packet manipulation, packet overheads, and complexity. The mechanism relies on the name resolution process to install states at a relay node that indicates the destination or target node of a given connection.
Francis, P., and Gummadi, R., “IPNL: A NAT-Extended Internet Architecture”, ACM SIGCOMM'2001, 2001, describe a mechanism to interconnect private realms together over the global Internet. The NAT architecture is extended further so that hosts within NATed sites are accessible from other private and global hosts. NATed sites form an overlay network over the existing IPv4 Internet. The mechanism aims to create such an overlay network so that the NATed sites benefit from invariance to renumbering, avoid running out of IPv4 address space, and the global Internet's routing table size scales relative to number of private sites rather than number of hosts, etc. In addition, the mechanism makes use of DNS names extensively to facilitate ease of renumbering a given site and serves as end-to-end identifier. This mechanism requires new headers and host modifications for the mechanism to work. Further, the mechanism requires additional protocols to maintain the ability of an IPv4 address to act as an identifier and locator of host.
Carpenter, B., and Moore, K., “Connection of IPv6 Domains via IPv4 Clouds”, IETF RFC 3056, and Templin, F., Gleeson, T., Talwar, M., and Thaler, D., “Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)”, “Internet Draft draft-ietf-ngtrans-isatap-04.txt, 2002, describe a mechanism that can be made to access internal hosts by embedding target host's address in the IP version (IPv6) address. However, this mechanism only enables IPv6 to IPv4 communication, meaning the mechanism enables access to an internal IPv4 host from an external IPv6 host.
“One website” The URL describes a mechanism targeted at UDP-based peer-to-peer applications. The mechanism involves using a third party broker to inform a private host of a gateway's global IPv4 address and also for opening up a bi-directional NAT hole. By knowing the gateway's global IP address, the host is able to exchange the host's global address with the peer host instead of sending the host's un-routable private address to the peer host. This mechanism uses an out-of-band protocol to signal a 3rd party service to perform the same functionality as the DNS-ALG. Further, this mechanism does not make use of IPv6 and related IPv4/IPv6 transition technologies. Still further, this mechanism has problems with identifying hosts within the private network unambiguously.
Borella, M., Lo, J., Grabelsky, D., and Montenegro, G., “Realm Specific IP: Framework”, IETF RFC3102, 2001, describe a mechanism that is a replacement to the conventional NAT where hosts take an active role in the creation of a binding at the gateway located between public and private network. As a result, the gateway has an easier time de-multiplexing in/out-bound connections, because internal hosts have informed the gateway of their interest in receiving or sending connections. This mechanism involves setting up bindings at the gateway, requiring a number of global IPv4 addresses or port numbers, and modifications to hosts.
Thus, a need clearly exists for hosts from a private network to access unambiguously hosts in another private network, even though the private networks share only one global IPv4 address.