This invention relates to computer networks. More specifically, it relates to a method and system for distributed network address translation on computer networks.
The Internet Protocol (xe2x80x9cIPxe2x80x9d) is an addressing protocol designed to route traffic within a network or between networks. Current versions of IP such as IP version 4 (xe2x80x9cIpv4xe2x80x9d) are becoming obsolete because of limited address space. With a 32-bit address-field, it is possible to assign 232 different addresses, which is 4,294,967,296, or greater than 4 billion possible addresses. A unique IP number is typically assigned to network devices and a network using IP, whether or not the network is connected to the Internet. Most organizations, such as corporations and universities have multiple networks using IP, with multiple network devices assigned an IP address. With the explosive growth of the Internet and intranets, IP addresses using a 32-bit address-field may soon be exhausted. IP version 6 (xe2x80x9cIpv6) proposes the use of a 128-bit address-field for IP addresses. However, a large number of legacy networks including a large number of Internet nodes will still be using older versions for IP with a 32-bit address space for many years to come.
Network address translation (xe2x80x9cNATxe2x80x9d) has been proposed to extend the lifetime of Internet Protocol (xe2x80x9cIPxe2x80x9d) version 4 (xe2x80x9cIPv4xe2x80x9d) and earlier versions of IP by allowing a small home office or small network to exist behind a single IP address. The single IP address is used for communication with external networks such as the Internet. Internally, the small home office or small network uses private addressing. When a device or node using private addressing desires to communicate with the external world, a private address is translated to a common IP address used for communication with an external network by a NAT device.
There are several problems associated with using NAT to extend the life of IP. NAT interferes with the end-to-end routing principal of the Internet that recommends that packets flow end-to-end between network devices without changing the contents of any packet along a transmission route. (see e.g., Routing in the Internet, by C. Huitema, Prentice Hall, 1995) Current version""s of NAT replace a private network address in a data packet header with an external network address on outbound traffic, and replace an external address in a data packet header with a private network address on inbound traffic. This type of address translation is computationally expensive, causes security problems by preventing certain types of encryption from being used, or breaks a number of existing applications in a network that cannot do NAT (e.g., File Transfer Protocol (xe2x80x9cFTPxe2x80x9d)).
Current versions of NAT may not gracefully scale beyond a small network containing a few dozen nodes or devices because of the computational and other resources required. NAT potentially requires support for many different internal network protocols be specifically programmed into a translation mechanism for external protocols in a NAT device such as a NAT router. As is known in the art, a router translates differences between network protocols and routes data packets to an appropriate network node or network device. Computational burdens placed on a NAT router may be significant and degrade network performance, especially if several NAT-enabled stub networks share the same NAT router. In a worst case scenario, a NAT router translates every inbound and outbound data packet.
As is known in the art, Transmission Control Protocol (xe2x80x9cTCPxe2x80x9d) and User Datagram Protocol (xe2x80x9cUDPxe2x80x9d) are often used over IP in computer networks. TCP provides a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols that support multi-network applications. UDP provides a transaction oriented datagram protocol, where delivery and duplicate packet protection are not guaranteed. When NAT is used to translate a TCP/IP or UDP/IP data packet, the packet""s IP, TCP or UDP checksums are recalculated. When a port in a TCP or UDP header is translated, the packet""s TCP or UDP checksum are also recalculated. This further increases the computational cost of translation in a NAT router.
When an IP address or port is translated with NAT, a new length may result for the data packet and a possible change in a TCP sequence number. A running sequence number offset (i.e., a delta) must then be maintained throughout the remainder of the connection. This delta must be applied to a future traffic, including acknowledgment numbers further increasing computational time in a NAT router.
In addition to TCP or UDP, a NAT router must be able to translate addresses, ports, change lengths and maintain sequence numbers for a number of different protocols that may transmit an IP address or port number (e.g., FTP, H.323, H.324, CUSeeME, RealAudio, Internet Relay Chat and others). Thus, it is desirable to provide NAT without large computational burdens in a NAT router.
In accordance with preferred embodiments of the present invention, some of the problems associated with NAT are overcome. A system for Distributed Network Address Translation (xe2x80x9cDNATxe2x80x9d) is provided. The system includes a Port Allocation Protocol (xe2x80x9cPAPxe2x80x9d) for allocating globally unique port numbers for a network device. A globally unique port is unique on a local network and used with a common external network address to identify multiple devices to a second external network. Thus, one external network address can be used without network address translation to service multiple network devices on an internal network.
The system distributes network address translation by requesting a network device obtain globally unique port for all external communications. The network device replaces local or default ports with the globally unique ports. The network device uses a combination network address (e.g., common external network address/globally unique port number) for communications with network devices on a second external network. The system distributes network address translations to individual network devices on a network and remove the computation burden of NAT from a router. A NAT router is no longer required to support multiple individual protocols for the network address translation process.
In addition, DNAT may allow a local network with a common external network address to easily switch from a first network service provider to a second network service provider by replacing the common external network address assigned to the local network. DNAT may also allow an entity to purchases a smaller block of IP addresses, which are becoming very expensive, and use a single or a smaller number of IP addresses as a common external network address.