The present invention relates generally to computer network connections in a large scale network environment, and more particularly, to a system and method for providing addresses and ports for specific nodes in the computer network using a dynamic port management module.
There are many types of computer networks, including local area networks, wide area networks, and the Internet. Companies and organizations often use local or wide area networks as their private networks to link individual nodes (e.g., computers) for email communications, remote access, telephone calls, and internal data sharing. Depending on the sizes of the companies, these private networks can be very large. In order to maintain the integrity of the private networks, the computers therein are connected through a gateway to an outside network, such as the Internet, for additional communication purposes.
Often, each node of the private network will have a unique network address for the private network. The address, however, may not be of the type or format that is commonly used for the outside network (e.g., Internet Protocol (IP) address for the Internet), and therefore may not be used for communications with computers outside of the private network. In this situation, the gateway will have to assign a registered network address to the node of the private network that is communicating through the gateway with the outside networks. However, in the present art, the gateway only controls the mapping of unregistered network addresses with the registered addresses, and rarely does anything more.
Due to the complexity of the private networks and their various network applications, and for security reasons, it is important for the gateway to control which types of communications should be allowed between the private network and the outside network. For example, the gateway may wish to block a particular application initiated by any computer inside the private network. However, networking devices similar to the gateway, such as switches, routers, firewalls, VPNs, usually don't have the capability to acquire knowledge about addresses or ports used for applications that other networking devices need for communication purposes. To make it even more difficult for managing the control of the application, multiple application sessions can be initiated by multiple computers inside the private network. Although the gateway may provide IP addresses and port mapping, and when a fixed port is used for a well-known application, the gateway can block or otherwise control sessions of the application as long as they use the fixed port, in cases where a port is dynamically assigned for a particular application session, the gateway will lose such control, and leave the application session unregulated.
What is needed is a system and method for allowing the gateway to control packet communications and application sessions, including those that do not use a fixed, predetermined port.