The present invention relates to methods and apparatus for processing data within a computer network. More specifically, it relates to mechanisms for performing network address translation on data transmitted within such computer network.
For a particular computer to communicate with other computers or web servers within a network (e.g., the Internet), the particular computer must have a unique IP address. IP protocol version 4 specifies 32 bits for the IP address, which theoretically gives about 4,294,967,296 unique IP addresses. However, there are actually only between 3.2 and 3.3 billion available IP addresses since the addresses are separated into classes and set aside for multicasting, testing and other special uses. With the explosion of the Internet, the number of IP address is not enough to give each computer a unique IP address.
One solution for addressing computers with the limited number of IP addresses is referred to as network address translation (NAT). NAT allows an intermediary device (e.g., computer, router or switch) located between the Internet network and a local network to serve as an agent for a group of local computers. A small range of IP addresses or a single IP address is assigned to represent the group of local computers. Each computer within the local group is also given a local IP address that is only used within that local group. However, the group's local IP addresses may be a duplicate of an IP address that is used within another local network. When a local computer attempts to communicate with a computer outside the local network, the intermediary device maps the local computer's IP address to one of the intermediary device's assigned globally unique IP addresses. The intermediary device than replaces the local computer's address with this globally unique IP address enabling the local computer to communicate with the outside computer. If the intermediary device is assigned only one globally unique IP address, then it needs to share this globally unique IP address amongst all the local computers for which it is acting as an agent. Thus the intermediary device would need to modify the TCP/UDP ports for the traffic from the local computers such that it can uniquely map the tuple (local address, local TCP/UDP port number) to the globally unique IP address and assigned TCP/UDP port number. This is called network address port translation (NAPT). The term NAT is used in a generalized form to mean network address translation (NAT) and network address port translation (NAPT). In short, NAT techniques allow IP address to be duplicated across local networks.
In addition, a packet may also contain local IP address(es) and/or TCP/UDP ports embedded in the payload that require translation. Particular applications may embed IP address(es) and/or TCP/UDP ports in the payload for various application specific purposes. The current approach for supporting applications which embed IP addresses and/or TCP/UDP ports in the payload (e.g., DNS (domain name server), FTP (file transfer protocol), H.225/H.245) in a NAT environment is to add application-specific knowledge within the NAT device itself. This approach is described in detail in the Internet Engineering Task Force's Request for Comments document RFC 2663, entitled IP “Network Address Translator (NAT) Terminology and Considerations” by P. Srisuresh and M. Holdrege of Lucent Technologies (August 1999), which document is incorporated herein by reference in its entirety.
Unfortunately, this approach has several associated disadvantages. For example, this approach requires that the NAT device be reprogrammed for each new application or change in an existing application. This reconfiguration process is typically time consuming and complex. Additionally, since NAT devices are typically deployed at the edge of each local network and the number of local networks is rapidly increasing, the number of NAT devices that need to be reconfigured for a new or modified application may quickly become prohibitively large. Also if the payload is encrypted, then the NAT device cannot modify the embedded local IP address(es) and/or TCP/UDP ports to the globally unique IP address(es) and/or TCP/UDP ports.
Accordingly, there is a need for improved network address translation mechanisms that do not require reconfiguration for each new or modified application, as well as mechanisms for handling embedded addresses.