Computers connected to a network must have a means to facilitate communication between themselves. One such means is the Internet Protocol (IP). As networks have evolved, the IP has been updated accordingly. Internet Protocol version 4 (IPv4) is the version that is currently used for network communication.
FIG. 1 illustrates an exemplary group of networks. A first network includes a first computer (2), a second computer (4), a third computer (6), and a first network printer (8), each including an interface, e.g., an Ethernet™ card, to connect to a first physical network (10) e.g., an Ethernet™. A second network includes a second network printer (14), a fourth computer (16), a fifth computer (18), and a storage server (23), each including an interface to connect to the second physical network (11). The first network and the second network are able to connect to a wide area network (22), such as the Internet, via the first router (12) and the second router (13), respectively.
Referring to FIG. 1, the devices connected to a network communicate using packets. As mentioned above, the contents of the packets are governed by the Internet Protocol.
FIG. 2 illustrates a typical IPv4 packet arrangement. The IPv4 packet includes the header (58) and the data (60), also known as a payload. The payload may be as large as 64 kilobytes, and must be at least 512 bytes. The header (58) includes one or more of the following: a version (30), an Internet header length (IHL) (32), a type of service (ToS) (34), a total length (36), an ID (38), a flag (40), a fragment offset (42), a time to live (TTL) (44), a protocol (46), a checksum (48), a source address (SA) (50), a destination address (DA) (52), an option (54), and a padding (56). The SA (50) is the IP address of the sender. The DA (52) is the IP address of the destination node. The SA is allocated 32 bits and the DA is allocated 32 bits. The IP address may be mapped to a physical machine address, also known as a media access control address (MAC address). The options (54) are up to 3 option fields for user-defined use. The options are allocated 16 bits.
The wide adoption of networks in the workplace has resulted in the creation of Supernets. A Supernet is a virtual network located on top of a pre-existing network. The Supernet appears as a single, private network, though the individual members may be spread across a multi-network, public infrastructure. The Supernet contains a set of processes that are denoted as nodes. FIG. 3 illustrates an exemplary Supernet located on top of the group of networks illustrated in FIG. 1. The Supernet (17) is located on top of the existing group of networks shown in FIG. 1. The Supernet (17) includes a first node (3) located on the first computer (2), a second node (5) and third node (7) located on the fifth computer (18), and a fourth node (9) located on the Storage server (23).
The Supernet includes an addressing structure and security services that protect data transmitted by the pre-existing network. Each Supernet contains a channel and a set of nodes. The Supernet is identified by a Supernet ID, and the channel is identified by a Channel ID. The channel is a communication abstraction that defines an association between Supernet members through a shared key. The shared key is used in conjunction with an encryption method, e.g., Data Encryption Standard (DES), etc., to ensure authentication and confidentiality of the communication abstractions by restricting access to group members with knowledge of the key. The channel is similar to a local network on the Internet. A node is a process running on a networked computer identified by an IP address within the Supernet. On a given computer there may be multiple nodes. The node can participate in multiple channels, but at most one Supernet.
Nodes can communicate with other nodes only if they belong to the same channel on the Supernet, i.e., they share the same key.
Supernets are typically implemented using IPv4 with additional dedicated headers for conveying security context, e.g., channel, node information, etc., or using a separate message exchange (e.g., IPSec IKE protocol). These Supernets typically run over a pre-existing network running IPv4. The aforementioned techniques typically require modification of the operating system upon which the node is running, such that the operating system can track the Supernet and the channel using the Supernet ID and channel ID, respectively.