The present invention relates generally to computer networks and more particularly to network management techniques for use in computer networks.
Computers and other devices attached to a network utilizing Internet Protocol (IP) addressing are assigned IP addresses which identify those devices so as to facilitate inter-device communications within the network. For devices attached to the Internet or other similar global or wide area network, it is of course important that the devices have unique registered IP addresses, such that network communications can be appropriately routed through the network. However, when companies plan IP address ranges for devices on their private networks, they often take advantage of rules allowing unregistered IP addresses that may be identical to those used by other companies. This is not a problem as long as the private networks do not connect to the Internet or other similar networks in which unique addresses are assured by registration, and do not in other ways appear in the same xe2x80x9caddress spacexe2x80x9d together.
This use of conflicting unregistered IP addresses in private networks can become a significant problem, however, when the corresponding conflicting networks are brought into the support systems of a single network management service company. Network management service companies have attempted to solve this problem either by not accepting customers with unregistered IP address domains, or by putting customers with known conflicting IP address spaces on separate domains each using a separate and independent network management station. Unfortunately, this conventional approach results in underutilization of the existing domains and a higher cost per managed device.
Although a number of IP address translation techniques exist, such techniques have not been able to provide an adequate solution to the above-described problem of conflicting unregistered IP addresses in private networks. Examples of such techniques include Network Address Translation (NAT) for IP header address translation, which is currently implemented in public domain software such as Linux and FreeBSD, as well as in many commercial products.
It is therefore apparent that a need exists for improved techniques for translating conflicting addresses into non-conflicting addresses such that multiple private networks can be managed on a single management platform.
The invention provides methods and apparatus for address translation in a network system. In accordance with an illustrative embodiment of the invention, incoming packets are received from multiple private networks with potentially conflicting address spaces, e.g., potentially conflicting Internet Protocol (IP) address spaces. Header and payload address translation operations are then performed to ensure that the IP address spaces of the incoming packets are made non-conflicting, such that the packets can be managed using a single network management platform. A router in the system receives the packets and performs Network Address Translation (NAT) on IP header information. Packets identified as being associated with a particular protocol, e.g., a Simple Network Management Protocol (SNMP), are redirected by the router to a Management Payload Address Translator (MPAT) that applies a fast parsing process to the packet payloads to identify IP address-related information therein, and if necessary applies an appropriate translation of the identified information before routing the packets to a network management platform. The fast parsing process is an efficient object-based process which avoids the need to parse the entire packet payload.
Advantageously, the invention allows multiple private networks with conflicting addresses to be managed on a single management platform. The invention eliminates the problem of domain underutilization, and substantially reduces the network management cost per managed device.