Today's communications networks are supporting ever more numerous services using in particular the Internet and relying especially on an architecture called Client-Server.
This Client-Server architecture designates a mode of communication between several nodes of a communication network which distinguishes one or more terminal nodes (computers, IP telephones, IP camera, IP sensors, etc.) from a server node (service platform, contents server, etc.). This architecture is based on the fact that each terminal node comprises a client for dispatching requests to a server and that the server is initially passive while listening to the client terminal nodes. Depending on the applications, the server is optionally specialized as an applications server, file server, terminal server, electronic messaging server, videomonitoring platform.
In this case, the client sends requests to a server, which may be a Web server or http server, the name of the communication protocol used at the level of the application network layer. The role of the server is to ensure the processing of the request and to return the response to this request. The dialog between client and server is often carried by a transport network layer, such as the TCP layer, the name of a communication protocol: the TCP protocol. The TCP protocol is a reliable transport protocol according to RFC 793.
Thus, the respective Client and Server modes of operation of the nodes apply the transport and application network layers as a whole, which correspond, for example, to the respective TCP and HTTP protocols: the client of a service is also the client in terms of connection, the server of a service is also the server in terms of connection (The transport layers of the client and of the Server need to be connected to allow the service).
In the case of a TCP connection in a network architecture, the server operates in passive opening mode, that is to say that a point of access to a TCP connection is open, namely that it is made available to a TPC connection, and the server places itself on passive standby awaiting connection requests. The client, for its part, effects active opening, namely that it establishes a connection with the server by dispatching a request for connection to the server comprising its client initial sequence number, that the server responds thereto by an acknowledgment of receipt of the client request with its server initial sequence number and the incremented client initial sequence number and that the client acknowledges receipt with the incremented server sequence number and client sequence number incremented again.
Ever more terminals are being installed in private communications networks or LANs (Local Area Networks). These private networks are linked to the public communication network to which the servers generally belong or to the public network ensuring the hookup between the LAN and the network environment hosting the servers by way of access device also called access gateway. The access gateway permits the accessibility of the communication terminals of the private networks of private communication remotely through a public communication network such as an open and/or shared network, in particular of Internet type. For this purpose, the access gateway ensures the interconnection between the private network hosting these terminals and the public communication network. In particular, the gateway implements functions for network address translation and functions for filtering the incoming communications entering the private communication network.
The network address translation functions (NAT or else NAT/PAT for network address to port address translation) have made it possible to limit the number of public IP addresses required in order to individually reach the various terminals connected to this network by establishing a correspondence between network addresses and port addresses. Thus, when such address translation functions are implemented, a terminal of a private communication network placed behind the access gateway is not accessible from the public communication network as long as the translation functions are not configured in the access gateway for this terminal.
In certain services, such as a telemonitoring or video monitoring service, it may be useful for the server to be able at any moment to command a video stream upload or control the motion of a camera. And, if this camera's address translation functions are not configured in the access gateway placed in front of this camera, the telemonitoring server can do nothing.
Moreover, the filtering functions implemented at the level of the access gateways making it possible to secure the private communication network in relation to the public communication network are here again in order to limit the outside accesses entering the private communication network. Therefore if these filtering functions are not configured, the telemonitoring server does not have access to the cameras allowing it to operate the monitoring.
Now, hitherto the procedures for configuring the address translation and filtering functions remain dependent on the implementations of the various gateway providers: they are therefore APIs or methods implemented in the form of proprietary computer programs. This results in difficulties, or indeed impossibilities for the service provider server to configure gateways of heterogeneous origin. The gateways can also be configured manually. However, the problematic issue of modifying the configuration of these gateways is nonetheless not solved.
Furthermore, the correspondences between the network addresses and the port addresses and the filtering are activated only in a temporary manner in most cases, the traffic stream reinitializing the temporary activation timer. This temporary activation is incompatible with certain services, in particular monitoring services, which require the server to search repeatedly (whenever, at any moment, periodically, etc.) for elements at terminals placed behind such access gateways after a long period of traffic inactivity that has caused the deactivation of the correspondences.
Mechanisms such as the heartbeat (or keepalive) mechanism make it possible maintain the crossing of the NATs and therefore the connection between the server and the client. These mechanisms are based on periodic messages exchanged between the server and the client on the initiative of the server when the service requires a permanent connection. These mechanisms pose problems of scalability, that is to say problems of dimensioning when the server dialogs for this service with a large number of clients since the server must then manage the monitoring and the maintaining of as many connections as clients.
The right to configure the translation and filtering functions of an access gateway can also be legally or contractually prohibited to the service provider, in particular when the service provider is not the owner and/or operator of the access gateway. This limits the provision of certain services only to the clients of the same access provider.