This invention relates to computer networks. More specifically, it relates to a system and method for an Options Based Address Reuse (xe2x80x9cOBARxe2x80x9d) for computer networks.
Internet Protocol (xe2x80x9cIPxe2x80x9d) is an addressing protocol designed to route traffic within a network or between networks. Current versions of IP, such as IP version 4 (xe2x80x9cIPv4xe2x80x9d), are becoming obsolete because of limited address space. With a 32-bit address-field, it is possible to assign 232 different addresses, which is U.S. Pat. No. 4,294,967,296, or greater than 4 billion possible addresses. A unique IP number is typically assigned to network devices and a network using IP, whether or not the network is connected to the Internet. Most organizations, such as corporations and universities have multiple networks using IP, with multiple network devices each assigned an IP address. With the explosive growth of the Internet and intranets, IP addresses using a 32-bit address-field may soon be exhausted. IP version 6 (xe2x80x9cIPv6) proposes the use of a 128-bit address-field for IP addresses. However, a large number of legacy networks, including a large number of Internet nodes, will still be using older versions for IP with a 32-bit address space for many years to come. For more information on IP, see Internet Engineering Task Force (xe2x80x9cIETFxe2x80x9d) Request For Comments (xe2x80x9cRFCxe2x80x9d) RFC-791, specifically incorporated herein by reference.
Transmission Control Protocol (xe2x80x9cTCPxe2x80x9d) is a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols which support multi-network applications. For more information on TCP, see RFC-793, specifically incorporated herein by reference. Transmission Control Protocol/Internet Protocol (xe2x80x9cTCP/IPxe2x80x9d) is a common and well-known networking protocol comprised of TCP and IP that provides communication across interconnected networks, between computers with diverse hardware architectures and various operating systems. TCP/IP requires each network device to have its own globally routable, globally unique IP address, and each TCP/IP connection or socket is unique for, and characterized by, a quadruple of source-address/source-port/destination-address/destination-port.
Typical TCP/IP Session
FIG. 1 illustrates a typical TCP/IP session between a Host 1 and a Server 1 over the Internet and through Router A and Router B. As is known in the art, a router translates differences between network protocols and routes data packets to an appropriate network node or network device. While only traffic between Host 1 and Server 1 is shown in FIG. 1 for ease of illustration, it should be understood that there may be multiple Hosts and Servers connected to Router A and Router B, respectively. In setting up the session, Host 1 and Server 1 each have their own globally routable, globally unique IP address, and TCP port. For the example shown in FIG. 1, Host 1 has a globally routable and unique IP address of xe2x80x9cHost 1xe2x80x9d and a TCP port of 1029, and Server 1 has a globally routable and unique IP address of xe2x80x9cServer 1xe2x80x9d and a TCP port of 80.
Although Router A and Router B also have at least one of their own globally routable and unique IP addresses, they need not be mentioned for purposes of this example, since Router A and Router B simply act as forwarding agents during the session. In other words, each packet that arrives at either Router A or Router B is simply forwarded out the appropriate interface, depending on the destination IP address indicated in the packet. Because packets from the Internet are forwarded to the network devices (i.e., Host 1 and Server 1) by their respective routers (i.e., Router A and Router B) based on a destination IP address, however, it is critical that each of the network devices have a globally routable, globally unique IP address. Otherwise, the routers would not know to which network device to send the packets.
FIG. 1 illustrates the typical steps involved with setting up, conducting, and terminating the TCP/IP session. Host 1 creates a TCP/IP socket in computer memory for the connection between itself and Server 1. This socket holds state information for the TCP/IP connection, such as sequence number, acknowledgement number, and round-trip calculation (see, e.g., W. R. Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994). The unique quadruple characterizing the TCP/IP socket created by Host 1 is Host 1/1029/Server 1/80. Host 1 sends a TCP-SYN packet to Server 1 to begin TCP transmission. The IP header of the TCP-SYN packet, as well as any other data packet sent by Host 1 to Server 1, contains a source address of Host 1, a source port of 1029, a destination address of Server 1, and a destination port of 80.
Assuming a listen socket exists on the TCP port for which the TCP request refers, Server 1 creates a TCP/IP socket for the connection between itself and Host 1. This socket holds information similar to that held by the TCP/IP socket at Host 1. In addition, the unique quadruple characterizing the TCP/IP socket created by Server 1 is Server 1/80/Host 1/1029.
Server 1 then sends a TCP-SYN-ACK packet to Host 1 to acknowledge the TCP transmission. The IP header of the TCP-SYN-ACK packet, as well as any other data packet sent by Server 1 to Host 1, contains a source address of Server 1, a source port of 80, a destination address of Host 1, and a destination port of 1029. Host 1 responds with a TCP-ACK packet to acknowledge the acknowledgement sent by Server 1, and data is exchanged between Server 1 and Host 1. Assuming the host closes the TCP/IP session first, Host 1 sends a TCP-FIN packet to Server 1 to initiate termination of the TCP/IP session. Finally, the session ends when Server 1 sends a TCP-FIN-ACK packet to Host 1 to acknowledge receipt of the termination request.
Network Address Translation
Network address translation (xe2x80x9cNATxe2x80x9d) has been proposed to extend the lifetime of IPv4 and earlier versions of IP by allowing a small home office or small network to exist behind one or more IP addresses. The one or more IP addresses are used for communication with external networks such as the Internet. Internally, the small home office or small network uses private addressing. When a device or node using private addressing desires to communicate with the external world, a private address is translated to a common IP address used for communication with an external network by a NAT-enabled device, such as a NAT router.
There are several problems associated with using NAT to extend the life of IP. NAT interferes with the end-to-end routing principal of the Internet which recommends that packets flow end-to-end between network devices without changing the contents of any packet along a transmission route (see e.g., C. Huitema, Routing in the Internet, Prentice Hall, 1995). Current versions of NAT replace a private network address in a data packet header with an external network address on outbound traffic, and replace an external address in a data packet header with a private network address on inbound traffic. In addition, NAT typically replaces an internal network device""s port number in a data packet header with a corresponding external port number on outbound traffic, and replaces an external port number in a data packet header with a corresponding internal network device""s port number on inbound traffic. This type of address and port translation is computationally expensive, causes security problems by preventing certain types of encryption from being used, or breaks a number of existing applications in a network that cannot do NAT (e.g., File Transfer Protocol (xe2x80x9cFTPxe2x80x9d)).
Current versions of NAT may not gracefully scale beyond a small network containing a few dozen nodes or devices because of the computational and other resources required. NAT potentially requires support for many different internal network protocols to be specifically programmed into a translation mechanism for external protocols in a NAT device, such as a NAT router. Computational burdens placed on a NAT router may be significant and degrade network performance, especially if several NAT-enabled stub networks share the same NAT router. In a worst case scenario, a NAT router translates every inbound and outbound data packet.
Furthermore, when NAT is used to translate a TCP/IP data packet, the packet""s IP and TCP checksums are recalculated. When a port in a TCP header is translated, the packet""s TCP checksum are also recalculated. This further increases the computational cost of translation in a NAT router. In addition, when an IP address or port is translated with NAT, a new length may result for the data packet and a possible change in a TCP sequence number. A running sequence number offset (i.e., a delta) must then be maintained throughout the remainder of the connection. This delta must be applied to future traffic, including acknowledgment numbers, which further increases computational time in a NAT router. Moreover, a NAT router must not only be able to translate addresses and ports, but also change lengths and maintain sequence numbers for a number of different protocols that may transmit an IP address or port number (e.g., FTP, H.323, H.324, CUSeeME, RealAudio, Internet Relay Chat and others).
Typical TCP/IP Session Using NAT
FIG. 2 illustrates a typical TCP/IP session using NAT between a Host 1 and a Server 1 over the Internet and through a NAT-enabled Router A and a Router B. While only traffic between Host 1 and Server 1 is shown in FIG. 2 for ease of illustration, it should be understood that there may be multiple Hosts and Servers connected to Router A and Router B, respectively. In setting up the session, only Server 1, Router A, and Router B each have at least one of their own globally routable, globally unique IP addresses, while Host 1 has a globally unroutable, network unique IP address. Host 1, Server 1 and Router A each have at least one of their own TCP ports, however. For the example shown in FIG. 2, Host 1 has an IP address of xe2x80x9cHost 1xe2x80x9d and a TCP port of 1029, Server 1 has an IP address of xe2x80x9cServer 1xe2x80x9d and a TCP port of 80, and Router A has an IP address of xe2x80x9cRouter Axe2x80x9d and a chosen TCP port of 9000.
Although Router B also has at least one unique IP address of its own, it need not be mentioned for purposes of this example, since Router B is not NAT-enabled and simply acts as a forwarding agent during the session. In other words, each packet that arrives at Router B is simply forwarded out the appropriate interface, depending on the destination IP address indicated in the packet.
FIG. 2 illustrates the typical steps involved with setting up, conducting, and terminating the TCP/IP session using NAT. Host 1 creates a TCP/IP socket in computer memory for the connection between itself and Server 1. This socket holds state information for the TCP/IP connection, such as sequence number, acknowledgement number, round-trip calculation (see, e.g., W. R. Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994). The unique quadruple characterizing the TCP/IP socket created by Host 1 is Host 1/1029/Server 1/80. Host 1 then sends a TCP-SYN packet to Server 1 to begin TCP transmission. The IP header of the TCP-SYN packet, as well as any other data packet sent by Host 1 to Server 1, contains a source address of Host 1, a source port of 1029, a destination address of Server 1, and a destination port of 80.
Router A intercepts the TCP-SYN packet. Noticing the packet came in on the interface connected to the NAT network, Router A records the source IP address of the packet, which is the IP address of xe2x80x9cHost 1xe2x80x9d in this example, and the TCP source port number of the packet, which is 1029 in this example. A free subnet unique TCP port number is then chosen from Router A""s port-mapping table. Router A changes the source IP address of the packet to equal the IP address of Router A itself, which is xe2x80x9cRouter Axe2x80x9d for purposes of this example. The TCP source port number of the packet is also changed to equal the free TCP port number chosen from the port-mapping table, which is 9000 in this example. An entry is made in the port-mapping table, mapping the free TCP port number (i.e., 9000) chosen by Router A to the original IP address of the packet, which is the IP address ofxe2x80x9cHost 1xe2x80x9d in this example, and the original TCP port number of the packet, which is 1029 in this example. Router A then forwards the modified packet to Server 1. Throughout this entire process, Router A does not create a separate TCP/IP socket.
Server 1 creates a TCP/IP socket for the connection between itself and Host 1. This socket holds information similar to that held by the TCP/IP socket at the host. The TCP/IP socket created by Server 1, however, reflects that the connection is between itself and Router A, even though the actual connection is between itself and Host 1. This discrepancy exists because the TCP-SYN packet received by Server 1 contains the IP address of xe2x80x9cRouter Axe2x80x9d as the source IP address instead of the IP address of xe2x80x9cHost 1.xe2x80x9d As a result, the unique quadruple characterizing the TCP/IP socket created by Server 1 is Server 1/80/Router A/9000. Server 1 then sends a TCP-SYN-ACK packet to Router A to acknowledge the TCP transmission, since the socket at Server 1 indicates the IP address of xe2x80x9cRouter Axe2x80x9d as the IP address of the other end of the TCP/IP connection. The IP header of the TCP-SYN-ACK packet, as well as any other data packet sent by Server 1 to Router A, contains a source address of Server 1, a source port of 80, a destination address of router A, and a destination port of 9000.
Next, Router A receives the TCP-SYN-ACK packet, and finds an entry in the port-mapping table mapping the TCP destination port number of Router A (i.e., 9000) to the IP address of xe2x80x9cHost 1xe2x80x9d and the TCP destination port number of 1029. The destination IP address is set to xe2x80x9cHost 1xe2x80x9d and the TCP destination port to 1029, and the packet is forwarded on by Router A to Host 1. Host 1 responds with a TCP-ACK packet to acknowledge the acknowledgement sent by Server 1. The remainder of the TCP session continues in a similar manner as the previously described TCP/IP session without address reuse technology. Router A continues to replace the source IP address and TCP source port number of all outbound packets, however, and also continues to replace the destination IP address and TCP destination port number of all inbound packets, as described above.
Distributed Network Address Translation
One proposed solution to the problems associated with NAT is disclosed in U.S. patent application Ser. No. 09/035,600, entitled xe2x80x9cMethod And Protocol For Distributed Network Address Translation,xe2x80x9d filed on Mar. 5, 1998, commonly assigned with the present invention, and specifically incorporated herein by reference. The disclosed method and protocol for Distributed Network Address Translation (xe2x80x9cDNATxe2x80x9d) is used to overcome the limited address space of current versions of IP, particularly with small office or home office networks, or other legacy local networks, that have multiple network devices using a common external network address to communicate with an external network. DNAT uses a port allocation protocol to allocate globally unique ports to network devices on a local computer network, which are in turn used in a combination network address with a common external network address, such as an IP address, to identify multiple network devices on a local network to an external network, such as the Internet, an intranet, or a public switched telephone network.
While DNAT overcomes the large computational burdens encountered when NAT is used by a router for multiple network devices on a local network using a common external network address, and simplifies routers since a router in a DNAT system does not have to support multiple individual protocols, DNAT requires modifications to the operating system of the multiple network devices on the local network. Most end users of these network devices (i.e., the hosts), however, are inexperienced with making such modifications and performing the necessary advanced network maintenance, such as operating system upgrades, especially when compared to the network administrators operating the external networks (i.e., the servers). Consequently, from at least a commercial standpoint, DNAT may be difficult to implement.
Accordingly, it is desirable to provide a system and method for IP address reuse that extends the lifetime of IPv4 and earlier versions of IP, yet overcomes the disadvantages associated with NAT and DNAT. In particular, it would be desirable to provide a system and method for IP address reuse that avoids the computational, scalability, and compatibility problems of NAT, while requiring modifications only at the server end, rather than at the host end as required by DNAT.
In accordance with an illustrative embodiment of the present invention, the disadvantages associated with NAT and DNAT are overcome. A system and method for an Options Based Address Reuse (xe2x80x9cOBARxe2x80x9d) is provided. The system of the present invention comprises a first network having a host device with a host address and a host port, and a second network external to the first network and having a server device. The system of the present invention also comprises a combination network address for identifying the host device to the server device. The combination network address includes the host address, the host port, and an option.
The method of the present invention comprising the step of providing a first network having a router and a host device, with the host device having a host address, a host port, and an internal network identifier. The method of the present invention also comprises the step of providing a second network external to the first network and having a server device with a server address and a server port. In addition, the method of the present invention comprises the steps of sending a packet from the host device to the server device through the router, and adding an option to the packet.