Recent years has given significant advances in networking technology and reduced pricing, resulting in a significant buildup of networking infrastructure. Most businesses and households are interconnected through private and public networks, the most well known network being the Internet. Most networks now utilize the Transmission Control Protocol/Internet Protocol (TCP/IP) communication protocol, in which network locations are assigned a globally unique 32-bit numeric address typically presented in dot quad notation (four numbers each having values of zero to 255). TCP/IP network traffic is routed based on a destination IP address for the traffic.
Unfortunately, the explosive growth of the Internet has resulted in a shortage of available network addresses. To compensate, attempts have been made to share a single network address among multiple computers. One well-known example is Network Address Translation (NAT), which hides an internal network behind an access point in communication with an external network by routing network traffic through the access point. Since the internal network uses private network addresses the packets from this network are not routable in the Internet without translation. During operation, NAT modifies source IP address and ports of outgoing network traffic to map the traffic to an external or public address and a unique NAT port. NAT also modifies destination IP address and port of incoming network traffic using the mapping of external address and unique NAT port back to the original internal address and port. NAT ignores network traffic not received in response to original outgoing network traffic, and incoming traffic to unmapped ports.
Network traffic translation performed by a translating access point such as a NAT gateway/router 102, firewall 108, or the like, is transparent to many applications. However, translations break protocols under certain circumstances, such as with audiovisual conferencing (e.g., International Telecommunication Union (ITU) standard H.323), IP Security (IPSec), end-to-end security models that cannot allow packet header alterations, and protocols that embed a machine's network address and/or communication port values as application data within network traffic, such as the File Transfer Protocol (FTP), multi-player network game protocols, etc.
For example, in FIG. 1, an H.323 client 110 inspects its network configuration and sends it to an H.323 gateway 118 as application data. Because H.323 client 110 is in a private network, the configuration indicated in the application data cannot be used by H.323 gateway 118 to access it from the Internet. That is, a translating access point modifies packet header data not application data. Therefore, the protocol fails because the protocol effectively reports the wrong information within the application data.
One proposed solution to this problem is the REALM specific IP (RSIP) protocol, an Internet Engineering Task Force (IETF) suggested revision to NAT. Assuming the International Organization for Standardization Open Systems Interconnection (ISO/OSI) model, networking protocol layers 3 and 4 are altered to support RSIP in every translating access point. An RSIP access point grants a client, e.g., a machine in network 100, resources (e.g., address, ports) in an external realm, e.g., network 104.
Unfortunately, RSIP (and related solutions) are expensive and impractical. To work properly, all translating access points have to be revised to support RSIP; this solution fails if an upstream non-supporting translating access point is reached.