This invention relates to computer networks. More specifically, it relates to a method and system for distributed network address translation for mobile network devices on computer networks.
The Internet Protocol (xe2x80x9cIPxe2x80x9d) is an addressing protocol designed to route traffic within a network or between networks. The Internet Protocol is used on many computer networks including the Internet, intranets and other networks. Internet Protocol addresses are typically assigned to xe2x80x9cimmobilexe2x80x9d nodes on a network. An immobile node may be moved to a different computer network, but is typically associated with a static physical location (e.g., 3Com Corporation in Santa Clara, Calif.).
The Mobile Internet Protocol allows xe2x80x9cmobilexe2x80x9d nodes to transparently move between different Internet Protocol sub-networks (xe2x80x9csubnetsxe2x80x9d). Internet Protocol addresses are typically assigned to mobile nodes based on their home Internet Protocol subnet. The home subnet is connected to an external network (e.g., the Internet or an intranet) with a xe2x80x9chome agentxe2x80x9d that serves as the subnet""s gateway router. As is known in the art, the gateway connects computer networks using different networking protocols or operating at different transmission capacities. As is known in the art, a router translates differences between network protocols and routes data packets to an appropriate network node or network device. When a mobile node xe2x80x9croams,xe2x80x9d (i.e., dynamically changes its physical location), it periodically transmits xe2x80x9cagent solicitationxe2x80x9d messages to other gateway routers. A mobile node also listens for xe2x80x9cagent advertisementxe2x80x9d messages from other gateway routers. When a mobile node receives an agent advertisement message indicating that it is now on a foreign subnet, it registers with the foreign gateway router or xe2x80x9cforeign agentxe2x80x9d and its home agent. The registration with the home agent indicates the mobile node is away from xe2x80x9chomexe2x80x9d (i.e., away from its home subnet). The registration with the foreign agent allows the mobile node to receive data on the foreign subnet.
The Mobile Internet Protocol allows a mobile node to dynamically change its network connectivity in a manner that is transparent to protocol layers above the Internet Protocol layer. For example, without re-establishing Transmission Control Protocol or User Datagram Protocol sessions. As is known in the art, the Internet Protocol suite includes from lowest-to-highest, a link, network, transport and application layer. The Internet Protocol typically resides in the network layer in the Internet Protocol suite. Transmission Control Protocol and User Datagram Protocol typically reside in the transport layer of the Internet Protocol suite.
As is known in the art, Transmission Control Protocol (xe2x80x9cTCPxe2x80x9d) and User Datagram Protocol (xe2x80x9cUDPxe2x80x9d) are often used over IP in computer networks. Transmission Control Protocol provides a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols that support multi-network applications. User Datagram Protocol provides a transaction oriented datagram protocol, where delivery and duplicate packet protection are not guaranteed.
Current versions of Internet Protocol such as Internet Protocol version-4 (xe2x80x9cIPv4xe2x80x9d), including those used for Mobile Internet Protocol are becoming obsolete because of limited address space. With a 32-bit address-field, it is possible to assign 232 different addresses, which is 4,294,967,296, or greater than 4 billion possible addresses. However, with the explosive growth of the Internet and intranets, and the increased use of Mobile Internet Protocol, Internet Protocol addresses using a 32-bit address-field may soon be exhausted. Internet Protocol version-6 (xe2x80x9cIPv6xe2x80x9d) proposes the use of a 128-bit address-field for IP addresses. However, a large number of legacy networks including a large number of Internet subnets will still be using older versions for Internet Protocol with a 32-bit address space for many years to come.
Network Address Translation (xe2x80x9cNATxe2x80x9d) has been proposed to extend the lifetime of Internet Protocol version 4 and earlier versions of Internet Protocol by allowing subnets to exist behind a single or small number of Internet Protocol addresses. A single Internet Protocol address is used for communication with external networks such as the Internet. Internally, the subnet uses local addressing. When a device or node using local addressing desires to communicate with the external world, a local address is translated to a common external Internet Protocol address used for communication with an external network by a network address translation device.
There are several problems associated with using network address translation to extend the life of the Internet Protocol including Mobile Internet Protocol. Network address translation interferes with the end-to-end routing principal of the Internet that recommends that packets flow end-to-end between network devices without changing the contents of any packet along a transmission route (see e.g., xe2x80x9cRouting in the Internet,xe2x80x9d by C. Huitema, Prentice Hall, 1995, ISBN 0-131-321-927).
Current versions of network address translation replace a local network address in a data packet header with an external network address on outbound traffic, and replace an external network address in a data packet header with a local network address on inbound traffic. This type of address translation is computationally expensive, causes security problems by preventing certain types of encryption from being used, or break a number of existing applications in a network that cannot provide network address translation (e.g., File Transfer Protocol (xe2x80x9cFTPxe2x80x9d)).
Current versions of network address translation may not gracefully scale beyond a small subnet containing a few dozen nodes or devices because of the computational and other resources required. Network address translation potentially requires support for many different internal network protocols be specifically programmed into a translation mechanism for external protocols in a network address translation device such as a network address translation router. Computational burdens placed on a network address translation router may be significant and degrade network performance, especially if several network address translation-enabled stub networks share the same network address translation router. In a worst case scenario, a network address translation router translates every inbound and outbound data packet.
When network address translation is used to translate a Transmission Control Protocol/Internet Protocol or User Datagram Protocol/Internet Protocol data packet, the packet""s Internet Protocol, Transmission Control Protocol or User Datagram Protocol checksums are recalculated. When a port in a Transmission Control Protocol or User Datagram Protocol header is translated, the packet""s Transmission Control Protocol or User Datagram Protocol checksums are also recalculated. This further increases the computational cost of translation in a network address translation router.
When an Internet Protocol address or port is translated with network address translation, a new length may result for the data packet and a possible change in a Transmission Control Protocol sequence number. A running sequence number offset (i.e., a delta) must then be maintained throughout the remainder of the connection. This delta must be applied to a future traffic, including acknowledgment numbers further increasing computational time in a network address translation router.
In addition to Transmission Control Protocol or User Datagram Protocol, a network address translation router should be able to translate addresses, ports, change lengths and maintain sequence numbers for a number of different protocols that may transmit an Internet Protocol address or port number (e.g., FTP, H.323, H.324, CUSeeME, RealAudio, Internet Relay Chat and others). On a networks using Internet Protocol, it is desirable to provide network address translation without large computational burdens in a network address translation router.
Use of Mobile Internet Protocol may further aggravates network address translation problems. A number of address translations may be completed for a mobile node using Mobile Internet Protocol. For example, a home agent on a home subnet with a local network address receives data packets addressed to a mobile node. The local network address for the mobile node may not be globally routable (i.e., not available to external networks). The mobile node roams to a foreign subnet and is assigned a temporary foreign network address on the foreign network that is also not globally routable. The home agent sends the data packets for the mobile node via a first external network address, that identifies the home subnet to external networks. A foreign agent at a second external network address that identifies the foreign subnet to external networks, receives data from the home agent. The foreign agent also has a local network address on the foreign network.
The foreign agent sends the data packets to the mobile node at the temporary foreign network address assigned to the mobile node on the foreign network via the first and second internal network addresses on the foreign network.
Since the home agent and foreign agent may use multiple network addresses and may function as network address translation routers, they may also suffer from the network address translation problems discussed above. Thus, it is desirable to provide an improved network address translation method for network devices that use the Mobile Internet Protocol.
In accordance with preferred embodiments of the present invention, some of the problems associated with network address translation are overcome. A method and system for distributed network address translation is provided. In one preferred embodiment of the present invention, one aspect of the method for distributed network address translation includes requesting from a mobile first network device on a first network with a first protocol, one or more locally-unique ports. The one or more locally-unique ports are requested from a second network device on the first network to identify the mobile first network device on the first network if the mobile first network device roams to a second external network. The one or more locally-unique ports allow the mobile first network device to use distributed network address translation. In one preferred embodiment of the present invention, the first protocol is a Port Allocation Protocol that allows distributed network address translation to be used. One or more default or ephemeral ports on the mobile first network device are replaced with one or more locally-unique ports obtained with the first protocol. A default port is typically statically assigned. An ephemeral port is typically dynamically assigned for a duration of time. A combination network address is created for the mobile first network device with a locally unique port and an external network address for the first network to identify the mobile first network device if the mobile first network device roams to a second external network.
Another aspect of the method for distributed network address translation includes roaming a mobile first network device from a first network to a second external network. The mobile first network device is identified by a combination network address obtained with a first protocol, the combination network address including a locally-unique port and an external network address for the first network. The mobile first network device registers with a third network device on the second external network. The mobile first network device receives a temporary foreign network address from the third network device to identify the mobile first network device on the second external network. The mobile first network device sends the temporary foreign network address and the combination network address to a second network device on the first network to indicate that the mobile first network device has roamed to the second external network. The combination network address and the temporary foreign network address are used to send data received on the first network to the mobile first network device on the second network.
In one preferred embodiment of the present invention, the distributed network address translation system includes a mobile first network device on a first network with a combination network address from a Port Allocation Protocol, capable of roaming from the first network to a second external network. The combination network address from the Port Allocation Protocol address allows distributed network address translation and includes a locally-unique port on the first network and an external network address for the first network to identify the first network to the external second network. An immobile second network device on the first network sends data to the mobile first network device using the combination network address from the Port Allocation Protocol when the mobile first network device roams to the external second network
The method and system of a preferred embodiment of the present invention may allow mobile network devices using Mobile Internet Protocol to use distributed network address translation. Distributed network address translation may allow mobile network devices to share a smaller number of globally-routable network addresses with immobile network devices on the same subnet.