The present invention relates to establishing a communication session between users connected to a computer network, and more specifically, to detecting the presence of firewalls connecting each user to the network and configuring the communication session so that network packets can be exchanged through whatever firewalls are present.
Internetworking (i.e., the interconnection of many computer networks) allows the interaction of very large numbers of computers and computer users. The most well known example is the Internet. Computers connected to the Internet may be widely separated geographically and utilize many different hardware and software configurations. In order to achieve communication sessions between any two endpoints on the Internet, an addressing system and various standard protocols for exchanging computer data packets have been developed.
Each packet sent over the Internet includes fields that specify the source and destination address of the packet according to Internet Protocol (IP) addresses assigned to the network interface nodes involved. Currently assigned addresses comprise 32 bits, although future standards allow for 128 bit addresses. The 32 bit addresses are normally written by breaking the 32 bits into 4 groups of 8 bits each and writing the decimal equivalents of each group separated by periods (e.g., 208.25.106.10).
Since numerical IP addresses are inconvenient to use and remember, a protocol for assigning and accessing logical names is used known as the domain name system (DNS). DNS servers are deployed within the Internet which perform a translation function between a logical domain name such as “sprint.com” and its numerical equivalent “208.25.106.10”. After receiving an IP address back from a DNS server, a computer can forward data packets to the IP address and establish a connection or session with the remote computer.
While the DNS system works well for hosted content (e.g., material made available for browsing by commercial and private entities), it is not well suited to ad hoc communications or exchanges of data between individuals. Hosting a website and registering an IP address within the DNS system is expensive and time consuming. Furthermore, due to an impending shortage of IP addresses and the cost for maintaining use of each IP address, many Internet service providers assign IP addresses dynamically to their individual users. In other words, when a user signs on to their service, they are temporarily assigned an IP address from an address pool assigned to their service provider. The user occupies that IP address only for their current session.
Even when individual users have their own static IP addresses, and when other users can remember the IP address of a user with whom they would like to establish a connection session over the Internet (e.g., for voice or video telephony), the need to configure their hardware or software is too complex for many users. This is one reason why e-mail is such a popular and successful Internet application. A mail server with an easy to remember domain name acts as intermediary between two individual users. Using a simple application program and the recipient's account name on the mail server (i.e., their e-mail address), text messages and computer files can be exchanged. The exchange, however, does not allow the users to interact in real time.
Parent application U.S. Ser. No. 09/978,616 and copending application U.S. Serial No. (1793), incorporated herein by reference in its entirety, teach the use of a central server allowing two or more individual users to establish interactive connection sessions over the Internet without requiring overt knowledge of the other's IP address and without complicated configurations or set-ups. Each user registers with the central server, resulting in a database of users and their current IP addresses. A calling user sends a request to the central server to establish a connection with a called user. The central server can either relay all network message packets between the users for the duration of a “call”, or it may provide the IP addresses to the users so that they can exchange packets directly.
To reduce processing load and the corresponding size of the central server, the provider of the central server may find it preferable to provide the IP addresses to the calling and/or called users so that it does not have to act as intermediary for all packet exchanges (e.g., receiving each packet, detecting sources and intended destinations, and rewriting each packet header). Handing off the connection, however, may be impeded if the existing sessions include any firewalls.
Many different types of firewalls have been developed to block certain types of communication through the firewall. Blocking of particular packets within user traffic directed at the firewall can be performed based on several different criteria, such as IP address where the traffic originated, domain names of the source or destination of the traffic, the protocol in which the traffic is formatted, and the port sending or receiving the traffic, among others. Firewalls can also perform proxy services or perform network address translation (NAT) or port address translation (PAT) in which a user's local (i.e., private) equipment IP address is translated into a global (i.e., public) IP address of the firewall, so that a particular computer is not directly accessible from outside the firewall.
In the presence of firewalls, some users may only be able to participate in a connection session that they initiate. Thus, a calling user may not be able to get any response to packets it sends to an IP address that it received from the central server. If a firewall is performing address translation, then the IP address reported by the central server is the global address of the firewall and not the local equipment address of the user. Thus, while the user behind the firewall will continue to communicate with the central server (since the user initiated that session when it signed on or registered with the central server), the user will not communicate with a calling user who sends a packet to the global address of the firewall.