This invention relates to computer networks. More specifically, it relates to a method and system for dual network address utilization.
The Internet Protocol (xe2x80x9cIPxe2x80x9d) is an addressing protocol designed to facilitate the routing of traffic within a network or between networks. The Internet Protocol is used on many computer networks including the Internet, intranets and other networks. Current versions of Internet Protocol such as Internet Protocol version-4 (xe2x80x9cIPv4xe2x80x9d) are becoming obsolete because of limited address space. With a 32-bit address-field, it is possible to assign 232 different addresses, which is 4,294,967,296, or greater than 4 billion globally unique addresses.
However, with the explosive growth of the Internet and intranets, Internet Protocol addresses using a 32-bit address-field may soon be exhausted. Internet Protocol version-6 (xe2x80x9cIPv6xe2x80x9d) proposes the use of a 128-bit address-field for Internet Protocol addresses. However, a large number of legacy networks including a large number of Internet subnets will still be using older versions for Internet Protocol with a 32-bit address space for many years to come. As is known in the art, a subnet is smaller of part of a larger network using a similar network addressing scheme.
Network Address Translation (xe2x80x9cNATxe2x80x9d) has been proposed to extend the lifetime of Internet Protocol version 4 by allowing subnets with private Internet Protocol addresses to exist behind a single or small number of globally unique Internet Protocol addresses (see e.g., Internet Engineering Task Force (xe2x80x9cITEFxe2x80x9d) RFC 2663, xe2x80x9cIP Network Address Translator (xe2x80x9cNATxe2x80x9d) Terminology and Considerations,xe2x80x9d by P. Srisuresh and M. Holdrege, August 1999). Each private host uses a single global Internet Protocol address for communication with external networks such as the Internet.
Internally, a subnet may use local private addressing. Local private addressing may be any addressing scheme that is different from the public Internet Protocol addressing. The local addresses on a subnet are typically not available to the external, global Internet. When a device or node using local addressing desires to communicate with the external world, its local address is translated to a common external Internet Protocol address used for communication with an external network by a network address translation device. That is, network address translation allows one or more global Internet Protocol addresses to be shared among a larger number of two network devices using local private addresses.
There are several problems associated with using network address translation to extend the life of the Internet Protocol version-4. Network address translation interferes with the end-to-end routing principal of the Internet that recommends that packets flow end-to-end between network devices without changing the contents of any packet along a transmission route (see e.g., xe2x80x9cRouting in the Internet,xe2x80x9d by C. Huitema, Prentice Hall, 1995, ISBN 0-131-321-927).
Current versions of network address translation replace a local network address in a data packet header with an external global network address on outbound traffic, and replace an external global network address in a data packet header with a local private network address on inbound traffic. This type of address translation is computationally expensive, causes security problems by preventing certain types of encryption from being used, or breaks a number of existing applications in a network that cannot coexist with network address translation (e.g., File Transfer Protocol (xe2x80x9cFTPxe2x80x9d)).
Current versions of network address translation may not gracefully scale beyond a small subnet containing a few dozen nodes or devices because of the computational and other resources required. Network address translation potentially requires support for many different application layer internal network protocols be specifically programmed into a translation mechanism such as a network address translation router.
Computational burdens placed on a network address translation router may be significant and degrade network performance, especially if several network address translation-enabled sub-networks share the same network address translation router. In a worst case scenario, a network address translation router translates every inbound and data packet.
Application Layer Gateways (xe2x80x9cALGxe2x80x9d) have also been used at a border between a private network and a public network like the Internet to provide address translation. As is known in the art, a gateway is a device that connects two networks using different communications protocols so that information can be passed from one to the other. A gateway both transfers information and converts it to a form compatible with the protocols used by a receiving network.
However, the Application Layer Gateways complicate the deployment of new applications. Sending and receiving systems need to support the new applications, and any Application Layer Gateways in a routing path must be able to identify new applications to provide network address translation.
Some of the problems associated with network address translation of private network addresses into public network addresses have been overcome with Distributed Network Address Translation (xe2x80x9cDNATxe2x80x9d) described in co-pending application Ser. No. 09/035,600 (now U.S. Pat. No. 6,353,614), Ser. Nos. 09/270,967 and 09/271,025 (now U.S. Pat. No. 6,055,236), assigned to the same Assignee as the present application. See also xe2x80x9cDistributed Network Address Translationxe2x80x9d, by Michael Borella, David Grabelsky, Ikhlaq Sidhu, and Brian Petry, IETF Internet Draft,  less than draft-borella-aatn-dnat-01.txt greater than , October 1998. Distributed Network Address Translation is also called xe2x80x9cRealm Specific Internet Protocolxe2x80x9d (xe2x80x9cRSIPxe2x80x9d) by the IETF. For more information on Realm Specific Internet Protocol see xe2x80x9cRealm Specific IP Framework,xe2x80x9d by M. Borella and J. Lo, IETF draft,  less than draft-ieft-nat-rsip-framework-02.txt greater than , October 1999, and xe2x80x9cRealm Specific IP: Protocol Specification,xe2x80x9d by M. Borella and J. Lo, IETF draft,  less than draft-ietf-nat-rsip-protocol-02.txt greater than , August 1999.
For Distributed Network Address Translation or Realm Specific Internet Protocol, network devices request a set of locally unique ports from a Distributed Network Address Translation server or a Realm Specific Internet Protocol server for external communications with a public network like the Internet. A network device on a private network replaces default or ephemeral ports (e.g., such as Transmission Control Protocol or User Datagram Protocol) with the locally unique ports. The network device uses a combination network address including a locally unique port and a common external network address (e.g., an IP address) for the Distributed Network Address Translation server for communications with the external networks. The network devices use private network addresses for local communications on the private network.
A Distributed Network Address Translation server or a Realm Specific Internet Protocol server maintains a port-to-private network address table as locally unique ports are allocated to network devices. Network devices send data packets to external networks using a combination network address including a locally unique port and the common external network address via the Distributed Network Address Translation server or Realm Specific Internet Protocol server. For inbound data packets from an external network, the Distributed Network Address Translation server or Realm Specific Internet Protocol uses the port-to-private network address table to route data packets back to the appropriate network device on the private network.
Distributed Network Address Translation or Realm Specific Internet Protocol allows a host to tunnel data packets to/from a network device and a server over a virtual tunnel. As is known in the art, a xe2x80x9cvirtual tunnelxe2x80x9d is created by encapsulating a data packet inside another data packet. The outer header typically identifies the xe2x80x9cendpointsxe2x80x9d of the tunnel. The inner header typically identifies an original sender and recipient of the data. Thus, data packets are not modified between a source and a destination using Distributed Network Address Translation or Realm Specific Internet Protocol.
It is becoming commonplace for private stub network or subnets to be xe2x80x9cmultiple address networks.xe2x80x9d Multiple address networks are networks in which more than one type of network address is used. For example, a private subnet may use new 128-bit Internet Protocol version-6 addresses to communicate internally and may use the older 32-bit Internet Protocol version-4 addresses to communicate with external networks such as the Internet.
However, there are a number of problems associated with using Internet Protocol version-6 addresses on a private subnet and Internet Protocol version-4 addresses on public networks like the Internet. One problem is that Internet Protocol version-6 subnets and Internet Protocol version-4 subnets can not communicate directly with one another without translation of network addresses since Internet Protocol version-4 uses 32-bit addresses and Internet Protocol version-6 uses 128-bit addresses. The network address translations required are subject to the network address translation problems described above.
Another problem is that some network devices will support only Internet Protocol version-6, others will support only Internet Protocol version-4, and still others will support both versions of the Internet Protocol. Network address translators have to be provided with information as to which network devices support which version of the Internet Protocol to provide network address translation. This complicates the deployment of new applications that are used across networks.
Thus, it is desirable to provide a solution that allows legacy Internet Protocol version-4 subnets to be connected to and communicate with newer Internet Protocol version-6 subnets. The solution should allow network devices to use any combination of Internet Protocol version-6 and/or Internet Protocol version-4 on a subnet with limited computational burdens and without complicating deployment of new applications.
In accordance with preferred embodiments of the present invention, some of the problems associated supporting legacy networks are overcome. A method and system for dual network address utilization is provided.
One aspect of the invention includes a method for dual network address utilization. A dual protocol stack provides dual address allocation of X-bit and Y-bit network addresses (e.g., 128-bit Internet Protocol version-6 and 32-bit Internet Protocol version-4 network addresses). Network devices communicate with legacy Y-bit networks while using X-bit network addresses on an X-bit network for local communications. X-bit over Y-bit remote virtual tunnels are used to allow network devices using X-bit network addresses on a local X-bit network to communicate with remote X-bit networks over Y-bit networks (e.g., the Internet). Y-bit over X-bit local virtual tunnels may be used to allow network devices to using Y-bit network addresses on a local X-bit network to communicate with remote Y-bit networks. The Y-bit addresses allocated include Y-bit addresses may also used for the Distributed Network Address Translation protocol and/or the Realm Specific Internet Protocol.
Another aspect of the invention includes a system for dual network address utilization. The dual network address system includes a multiple network devices including a dual protocol stack and a virtual tunnel gateway. The dual protocol stack includes a first portion for networking protocols using X-bit network addresses and a second portion for networking protocols using Y-bit network addresses. The virtual tunnel gateway is used for adding a remote tunnel header for a remote virtual tunnel for a data packet with a header including X-bit network addresses sent from a local network by a local network device using X-bit network addresses across an intermediate network using Y-bit network addresses to a remote network device on a remote network using X-bit network addresses. The virtual tunnel gateway is also used for removing a local tunnel header including X-bit network addresses for a data packet with a header including Y-bit network addresses and for transmitting the data packet with the header including Y-bit network address across the intermediate network using Y-bit network addresses.
The methods and system described herein may help the transition from Internet Protocol version-4 (xe2x80x9cIPv4xe2x80x9d) networks to Internet Protocol version-6 (xe2x80x9cIPv6xe2x80x9d) networks. However, the present invention is not limited to such an embodiment, and can be used with virtually any set of networks that require transitions between X-bit and Y-bit network addresses and dual network address utilization.