Real-time communications including audio and/or video conferencing can be difficult to implement on communications networks such as packet-based networks, including internet protocol (“IP”) networks, without compromising existing security mechanisms. Currently proposed solutions require either substantial effort and/or security risks, or are dependant upon specific conferencing platforms.
It is common for computers and private networks to utilize security mechanisms to separate themselves from a public network. Examples of security devices are firewalls, network address translators (“NAT”), and proxies. NAT's are found on many networks that interface with other networks, including public networks such as the Internet. A NAT may operate in combination with another security device(s), and may, for example, be one component of a firewall. NAT's provide security from the outside public network by translating internal network addresses on outgoing data packets so that they appear as a different address when viewed from outside the NAT. In addition to providing security, NAT translations can also alleviate problems related to the relatively small address space of IP by effectively sharing a few public IP addresses among many hosts.
NAT's commonly perform Network Address Port Translation (NAPT, a.k.a. PAT). This is the translation of a packet's originating client address to a different address that is unique on the public network. This source address data is typically contained in a packet header or external data. With reference to FIG. 1 by way of example, a packet sent from User A may have an originating address including an IP/port pair that is summarized as address=X. The NAT 16 could intercept this packet and replace the external originating address=X with a NAT translated address=Y. The packet would then be communicated into the network 10 with the external originating address=Y data. As a result, any recipient of the packet on the network 10 will understand that it originated from address=Y. Typically, a NAT only translates fields in a data packet's external, as opposed to its internal, data. Accordingly, a UDP, TCP, or other protocol packet that included the client originating address in its payload would have its header address information translated by a NAT, but not the payload address data.
NAT translation can make it difficult (and in some cases, impossible) for a host on the public network such as a videoconference server to effectively communicate data such as two-way streaming audio and video data with a client. Because of NAT translation, the server receives data packets from the client with a NAT translated address attached. This can complicate communications for several reasons. For example, some communications sessions may be setup with the server through a request message that is not subject to NAT translation, with the result that the server may have conflicting address data for the client.
A NAT may be combined with another security device, such as a proxy or proxy server (the terms “proxy” and “proxy server” are used interchangeably herein). A proxy may specifically act on data packets only of particular protocols, and may act on both incoming and outgoing data packets. A proxy may operate to translate address data therein, among other actions. When present in combination with a NAT, a proxy can further complicate conducting communications such as a two-way streaming data event.