Driven by increasing usage of a variety of network applications, such as those involving the Internet, computer networks are of increasing interest. FIG. 1 depicts conventional computer networks 1 and 15 coupled via the Internet 14. The conventional computer network 1 includes router 2, clients 4, and 6 and servers 8, 10 and 12. The conventional computer network 15 includes router 16, servers 18, 20, 22 and 24 and clients 17, 19, 21, 23, 25, 27 and 29. The conventional computer networks 1 and 15 may also have other constituents, including other computer systems and/or additional routers, that are not shown for clarity.
The components of the computer networks 1 and 15 may desire to communicate, for example through the Internet 14. For example, a client 4 may communicate with the server 24 or client 17. Similarly, the server 18 may communicate with the client 4. In order to do so, a session is established between computer systems. In the session, data packets are sent between the computer systems involved in the session. Each packet is associated with a source from which the packet originates and a destination to which the packet is to be sent. Thus the source and destination are each one of the computer systems 4, 6, 8, 10, 12, 18, 20, 22 or 24. Each packet includes information relating to the computer systems involved in the session, typically in an IP five-tuple, that is used to route the packet to the appropriate computer system.
FIG. 2 is a block diagram depicting an IP five-tuple 30. The IP five-tuple 30 is taken from various fields in an IP header and TCP header of a packet. The IP five-tuple 30 includes five fields, the protocol 32, two source fields 34 and 36 and two destination fields 38 and 40. The source fields are the source address 34 and the source port 36. The destination fields are the destination address 38 and the destination port 40. The source address 34 is typically the IP address of the source. The source port 36 and destination port 40 are associated with the software application connected to the TCP protocol layer. The destination address 39 is typically the IP address of the destination for the packet.
In a session, each computer system involved in the session sends packets to the other computer system involved in the session. Thus, packets for a session travel in two directions, to and from each computer system. The destination for a packet traveling in one direction is the source for a packet traveling in the opposite direction. For example, suppose a session is established between the client 4 and the server 20. For a packet traveling from the client 4 to the server 20, the source is the client 4 and the destination is the server 20. However, for a packet traveling from the server 20 to the client 4, the source is the server 20 and the destination is the client 4.
In order to keep track of the ongoing sessions and store information used in routing packets for the sessions, a session table is typically used. The conventional session table is typically kept by a router, such as the routers 2 and 16. Each entry in the session table includes data for a corresponding session. This data is used to forward packets for the session to the appropriate destination using the appropriate ports. The entries are indexed using a concatenation of the protocol 32, source address 34, source port 36, destination address 38 and destination port 40. The concatenation of the protocol 32, source address 34, source port 36, destination address 38 and destination port 40 is typically hashed in order to provide the index for the session.
In addition to utilizing sessions, network address translation may also be performed. Network address is typically used when both global addressing information and local addressing information may be associated with a server or client. Network address translation is often required because there is a limited number of individual IP addresses that are available globally. Network address translation allows IP addresses to be reused within multiple local networks. For example, network address translation may be used where a single server supports multiple logical hosts and multiple logical global IP addresses. Each global IP address typically corresponds to one of the logical hosts. Typically, each host is preserved by allocating a different TCP port number to each logical host within the server. Similarly, network address translation may also be performed when certain host names fan out to multiple servers within a network. For example, referring to FIG. 1, the network 15 may have a host name that could refer to any of the servers 18, 20, 22 and 24 and clients 17, 19, 21, 23, 25 and 27. Thus, any of the servers 18, 20, 22 and 24 may be accessed from outside of the network 15 using the global address and the global port for the network 15. Within the network 15, the servers 18, 20, 22 and 24 and clients 19, 19, 21, 23, 25 and 27 have local addresses and ports used for routing communications within the network 15. Thus, in order to route packets from an external source, such as the client 4, the global address and port are used to reach the network 15, then the local address and port are used to reach a specific one of the components 17, 18, 19, 20, 21, 22, 23, 24, 25 and 27 of the network 15. Similarly, in order to route communications to an external destination, the local address and port are used as the source address 34 and source port 36, respectively, through the router 16. The global address and port are then used as the source address 34 and source port 25 when routing the packet external to the network 15. Consequently, the global address and the local address must be translated. This translation may be based on the specific URL path for server farms that distribute web pages across multiple servers, or may be based on current traffic and processing loads for servers that duplicate web content on multiple servers for performance (i.e. response time) or reliability reasons.
FIG. 3 depicts one embodiment of a conventional method 50 for routing packets using network address translation. The method 50 will be described in the context of FIGS. 1 and 2. For clarity, it is presumed that the session is between the server 18 and the client 4 and that the method 50 is performed using the router 16. A key is used to look up the session in the session table, via step 52. The key is typically a concatenation of the protocol 32, the source address 34, source port 36, destination address 38, destination port 40 for the packet being routed. Because of the network address translation discussed above, the key will not only be different for packets flowing in opposite directions, but will also be asymmetric. For example, the key for a packet flowing from the client 4 to the server 18 may be formed using the client's address and port for the source address 34 and source port 36, respectively, and using the global address and global port for the network 15 for the destination address and destination port, respectively. In contrast, a key for a packet flowing from the server 18 to the client 4 will use the client's address and port for the destination address 38 and port 40, respectively, and will use the local address and local port for the source address 34 and source port 36, respectively.
Once the match for the key is found in the search of the session table, the action taken depends upon the match. If the match was for a key formed using the global address and global port as the destination address, then the packet is traveling from the client 4 to the server 18. Thus, it is determined whether the source of the packet is in the local domain, via step 54. Thus, step 54 determines whether the packet is traveling from the client 4 to the server 18. If the source of the packet is not in the local domain, then the destination address and port are translated from the global address and port to the local address and local port, respectively, via step 56. If the source packet is in the local domain, the packet travels from the client 4 to the server 18. The source address and port are then translated from the local address and local port, respectively to the global address and global port respectively, via step 58. After translation in step 56 or 58, the packet is forwarded using the information in the session table that has been accessed and the translated address, via step 60.
Although the conventional method 50 allows the packets for the session to be forwarded to the destination, one of ordinary skill in the art will readily recognize that the method 50 is inefficient. In particular, as described above, there is no symmetry between the source address/port 34/36 and destination address/port 38/40 for packets traveling in opposite directions. Instead, the translation results in a packet traveling from the client having an address for the destination address that is different from the address that a packet traveling from the server has for the source address. Similarly, the packet traveling from the client has a port for the destination port that is different from the port that a packet traveling from the server has for the source port. Furthermore, the data required to perform the conventional network address translation described in steps 56 and 58 is contained in the session table. As a result, the conventional method 50 requires that the session table contain two entries for each session. One entry is indexed using a key that is formed using the global address. Another entry is indexed using a key that is formed using the local address. As a result, the session table may be large. In addition, each time a session is added or removed, two insertions to and two deletions from the session table are required. Thus, additional resources are expended. Furthermore, keeping the two entries synchronized as the session progresses requires additional resources.
Accordingly, what is needed is a system and method for more efficiently identifying sessions. The present invention addresses such a need.