WO2001020870A1 - Relais d'acces transparent a un reseau serveur - Google Patents
Relais d'acces transparent a un reseau serveur Download PDFInfo
- Publication number
- WO2001020870A1 WO2001020870A1 PCT/FR2000/002469 FR0002469W WO0120870A1 WO 2001020870 A1 WO2001020870 A1 WO 2001020870A1 FR 0002469 W FR0002469 W FR 0002469W WO 0120870 A1 WO0120870 A1 WO 0120870A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- machine
- network
- application
- server
- address
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
Definitions
- Computer networks allow the execution of applications distributed on remote machines connected to the same network or connected to different networks interconnected by means of interconnection machines.
- a transaction between remote machines is initiated by a client application which sends a request message to a server application in standby state.
- the client application goes into a waiting state for a response message to its request message.
- the server application prepares a response message which it sends to the client application.
- a network layer makes it possible to convey each message in the form of a datagram, from the machine that hosts the sending application to the machine that hosts the receiving application.
- a transport layer makes it possible to convey the message between the sending application and the network layer and then between the network layer and the receiving application, that is to say for example from a client application to a server application.
- An application layer concerns the execution of the application in its own environment.
- network layer routing protocols route the datagrams from the sending machine to an interconnection machine and from the interconnection machine to the receiving machine using protocol addresses. inter-networks such as for example IP addresses.
- inter-networks such as for example IP addresses.
- the datagrams remain at the network layer.
- the network between the client machine and the interconnection machine is called the client network.
- the network between the server machine and the interconnection machine is called the server network.
- the technical field to which the invention relates more particularly relates to an interconnection machine for hosting a relay application (proxy in English).
- a relay application is useful for processing messages exchanged between the client network and the server network.
- datagrams intended for the final receiving machine are not naturally traced back to the application layer of the interconnection machine.
- the sending application sends its messages to the relay application of the interconnection machine instead of sending them directly to the final receiving application and indicates in its messages to the relay application to which final application its messages are intended so that the relay application can redirect them there according to the processing it applies to them.
- the object of the invention is to allow a client application to simply establish a connection to a server application as it would do without using the services of a relay application, so that the use of relay application services is transparent to the client application.
- a first object of the invention is an interconnection machine connected to a client network by means of a first physical interface and connected to a server network by means of a second physical interface, characterized in that at least one address inter-network protocol of a server machine connected to the server network, is associated with the first physical interface, and in that it comprises a first relay application for receiving datagrams intended for the server machine from the client network and for transmitting on the server network of datagrams destined for the server machine.
- the interconnection machine is recognized by its network layer as being the destination machine of the datagram.
- the network layer of the interconnection machine then goes up the datagram to the application layer of the interconnection machine by simply respecting the established protocol. Receiving this datagram, the relay application can process it and then retransmit it or not retransmit it to the server machine. This is completely transparent to the client application.
- a variant of the invention relates to an interconnection machine connected to a client network by means of a first physical interface and connected to a server network by means of a second physical interface, characterized in that at least one inter-network protocol address of a server machine connected to the server network, is associated with a third physical interface, distinct from the first physical interface and from the second physical interface and in that it comprises a first relay application for receiving datagrams intended for the server machine from the client network and for transmitting datagrams to the server machine on the server network.
- the protocol of the network layer does not require that the destination address be assigned to the first physical interface which receives the datagram but to any physical interface of the interconnection machine, in order to be escalated to the application layer of the interconnection machine.
- said server machine address is associated with the first physical interface as an address synonymous with the base address of the interconnection machine on the client network.
- a second object of the invention is a method for processing, by means of a relay application executed in an interconnection machine between a client network and a server network, datagrams transmitted on the client network by a client application at destination. of a server machine having an address on the server network, characterized in that it comprises a first step which associates said address on the server network with a physical interface of the interconnection machine which is not connected to the server network , so that the relay application picks up said datagrams.
- This has the advantage of not having to configure or inform said client application so that the relay application can process datagrams. Indeed, the client application continues to send its datagrams using the address of the server machine.
- the network protocol causes the datagram to go up naturally towards the application layer of the interconnection machine, thus allowing the relay application to pick it up.
- the method is characterized in that the first step is preceded by a second step to route the datagrams transmitted over the client network to the server machine, to the interconnection machine. This is for example the case when the interconnection machine between the client network and the server network is not unique.
- FIG. 1 shows an example of an interconnection machine with two physical interfaces
- 0 - Figure 2 shows an example of a datagram
- FIG. 3 shows an example of an interconnection machine with three physical interfaces.
- FIG. 1 In FIG. 1 are represented server machines 1, 2 and client machines 11, 12. 5
- the machines 1, 2, 11, are connected to a server network 3 by means of respective physical interfaces 7, 8, 17.
- a client machine 12 is connected to a client network 13 by means of a physical interface 18.
- Networks 3 and 13 are physically distinct.
- An interconnection machine 4 is connected to the server network 3 by means of a physical interface 14 and to the network 13 by means of a physical interface 19. 0
- the machine 12 is recognized by means of an address @ C2 with a network field value which identifies the network 13 and a machine field value which identifies the machine 12 on the network 13.
- the machine 4 is recognized by means of an address @ P1 with a network field value which identifies the network 13 and a machine field value which identifies the machine 4 on the network 13 and by means of an address @ P2 with a network field value which identifies the network 3 and a machine field value which identifies machine 4 on network 3.
- FIG. 2 shows an example of a datagram.
- This datagram consisting of a frame of successive bits, is structured essentially in three successive fields.
- a first field marked DR is intended for the protocol of the network layer.
- a second field marked DT is intended for the protocol of the transport layer which supervises the network layer.
- a third field marked DA is intended for an application layer which supervises the transport layer.
- the DR field contains the source and destination IP addresses
- the DT field contains the source and destination TCP port numbers
- the DA field contains HTTP data.
- a client application 15 executed in the client machine 11, requests access to a file processed by a server application 5 located in the server machine 1, the application 5 transmits its request to the CT layer of the machine 11 which writes the request in the DA field and which writes in the DT field, a service port number for the application 15 and a service port number for the application 5.
- the CT layer of the machine 11 transmits the fields DT and DA to the layer CR of the machine 11 which writes in the field DR, the address @ C1 of the machine 11 and the address @ S1 of the machine 1.
- the layer CR then transmits the datagram thus constituted to the interface 17 which arrives on the interface 7 of the machine 1.
- the CR layer of the machine 1 recognizes by the address @ S1 that the datagram is intended for the upper layers of the machine 1 and retransmits the fields DT and DA to the CT layer of machine 1. Using the service port number for application 5, the CT layer forwards the DA field to application 5 which processes the request.
- an application 16 executed in the client machine 12 requests access to a file processed by the application 5 located in the server machine 1, the application 16 transmits its request to the CT layer of the machine 12 which 'written in the DA field and which writes in the DT field, a service port number for the application 16 and a service port number for the application 5.
- the CT layer of the machine 12 transmits the DT fields and DA to the CR layer of the machine 12 which writes in the field DR, the address @ C2 of the machine 12 and the address @ S1 of the machine 1.
- the CR layer then transmits the datagram thus formed to the interface 18 which arrives on the interface 19 of the machine 4, declared as a router between the networks 13 and 3.
- the layer CR of the machine 4 recognizes that the datagram is not intended for the upper layers of the machine 4
- the CR layer of the machine 4 searches in routing tables for a line containing a value identical to the network field of the address @ S1. The line thus found then indicates the interface 14 as being that of access to the network 3.
- the CR layer of the machine 4 then retransmits the datagram on the network 3 by the interface 14 so that the datagram arrives on the interface 7 of machine 1.
- the layer CR of machine 1 recognizes by the address @ S1 that the datagram is intended for the upper layers of machine 1 and retransmits the fields DT and DA to the layer CT of machine 1.
- the CT layer retransmits the DA field to application 5 which processes the request.
- the machine 4 comprises an application 22 which acts as a relay (proxy server in English) for requests from the network 13.
- the application 22 has several advantages, for example it can perform a access control to machines 1, 2, 11 connected to the server network 3, it can save responses to previous requests in a cache memory (cache in English) to restore these responses to new requests without the need to route these new requests to the server machine 1, 2.
- the application 22 includes an input port 9 with a number identical to the input port of the application 5 and an output port 10 to which it has the possibility of assigning a number to manage any request messages intended for application 5.
- the machine 12 does not need to know that it establishes an intermediate connection with the machine 4. If an application 16 executed in the client machine 12, makes a request intended for the application 5 located in the server machine 1, the address @ S1 is now recognized on the network 13 as being that of the machine 4.
- the application 16 sends a datagram Q on the network 13 which contains in the field CR, the addresses @ S1 and @ C2, in the field transport, the port numbers of the applications 5 and 16, in the CA field, the final information intended for application 5.
- the network layer CR of the machine 4 recognizes the destination address @ S1 in the field DR as being its own address and therefore sends back the datagram towards the transport layer CT of the machine 4.
- the transport layer CT recognizes the destination number in the field DT as being the port number 9 of the application 22 to which it then transmits the content of the datagram Q.
- the application 22 then processes the content of the field DA of the datagram Q.
- the processing of the datagram Q by the application 22 consists for example of verifying access rights, of verifying whether the machine 4 already contains a response to the request in its cache memory to decide whether to communicate or not to communicate the Q datagram to the server application 5.
- the application 22 When to process the request message from the client application 16, the application 22 needs to send a request message to the application 5, the application 22 communicates the following data to the transport layer CT of the machine 4, the content of the request to be put in the field DA, the input port number of the application 5, an output port number of the application 22 to manage the response to the request, the inter-network protocol address @ S1 of the machine 1.
- This data is transmitted to the network layer CR of the machine 4.
- the network layer CR of the machine 4 searches in its routing tables on which network to send a datagram, according to the network field of the address @ S1.
- the network field of the address @ S1 corresponding to the network 3 to which the machine 1 is connected the layer CR transmits to the physical interface 14, a datagram containing in the field DR, the address of destination @ S1 and the source address @ P2 associated with the physical interface 14.
- the datagram conventionally reaches the machine 1 and the server application 5 in the machine 1.
- the response received from the application 5 on the interface 14 is sent back to the application 22 by the network layer because the address @ P2 is an address of the machine 4, and by the transport layer CT because the port number for the response is that assigned on port 10 by the application 22.
- the application 22 associates the response with the output port number received from the application 16.
- the application 22 communicates the following data to the transport layer CT of the machine 4, the content of the response to be put in the field DA, the output port number of the application 16, the input port number of the application 22 which is identical to the input port number of the application 5 for managing the response to the request, the destination inter-network protocol address @ C2 of the machine 12 and the source internetwork protocol address @ S1 of the machine 1.
- These data are transmitted to the network layer CR of the machine 4 by the transport layer.
- the network layer CR of the machine 4 searches in its routing tables on which network to send a datagram, as a function of the network field of the address @ C2.
- the network field of the address @ C2 corresponding to the network 13 to which the machine 12 is connected the layer CR transmits to the physical interface 19, a datagram containing in the field DR, the address of destination @ P2 and the source address @ S1 associated with the physical interface 19.
- the datagram conventionally reaches the machine 12 and the client application 16 in the machine 1.
- the application 16 in the machine 12 sees a response coming from the application 5 in the machine 1 without seeing its transit through the application 22 which was done transparently for the client application 16.
- the address @ S1 is associated with a physical interface 20 different both from the interface 14 as before and from the interface 19 as here in particular.
- the routing protocol of the network layer CR of the machine 4 picks it up on the interface 19 with which the address @ P1 is associated.
- the address @ S1 associated with the physical interface 20 is an address of the machine 4
- the datagram is raised to the application layer CA of the machine 4.
- a relay application 21 processes the request message from the received datagram, in the same way as the previous relay application 22.
- the relay application 22 has a specific pilot to a virtual network to which the physical interface 20 is connected.
- IP address @ S1 is associated with the interface 19 is particularly advantageous for the ease of implementation of the invention.
- application 16 performs a Telnet function as a client application
- application 22 performs a telnetd function as a server application of application 16
- a Telnet function as a client of application 5.
- Application 5 performs a telnetd function as a server of application 22. Telnet and telnetd are known functions, using TCP / IP to connect to a client machine terminal where the Telnet function is executed , to a server machine where the telnetd function is executed.
- the command: route add -host 192.90.249.124 129.182.51.21 defines that to reach the server machine 1 of address @ S1, the datagrams transmitted pass through the relay machine of address @ P1.
- the command: route add -net 129.182.50 192.90.249.22 -netmask 255.255.254.0 defines that to reach any machine on network 13 with address @ R1, the datagrams transmitted pass through the address relay machine @ P2.
- Telnet 192.90.249.124 activates the Telnet application to reach server machine 1 with address @ S1.
- the only machine recognized by the IP address @ S1 is the server machine 1.
- the IP layer of machine 4 routes the datagrams transmitted by the IP layer of machine 12, to the IP layer of server machine 1
- the IP layer of machine 1 recognizing the address @ S1 goes up the datagram application field to the telnetd application of machine 1.
- the telnetd application of machine 1 sends back to machine 12, the message:
- the display of this message on the terminal of machine 12 shows that it is in the environment of the DNS system, that is to say that machine 1 is reached directly.
- Relay machine 4 has not been crossing only to perform IP routing.
- Telnet 129.182.51.21 activates the Telnet application to reach relay machine 4 with address @ P1.
- the IP layer of machine 4 recognizing the address @ P1, goes up the datagram application field to the telnetd application of machine 4.
- the telnetd application of machine 4 sends back to machine 12, the message:
- interface 19 being named en1
- the command: ifconfig enl 192.90.249.124 alias defines address @ S1 as an additional address associated with interface 19.
- Machine 4 is not likely to be confused with machine 1 on network 13 via the IP layer, because the latter is physically distinct from network 3.
- the command: ifconfig enl 192.90.249.125 alias would define the address @ S2 as an additional address associated with the interface 19.
- Telnet 192.90.249.124 then activates the Telnet application with an effect different from that described above.
- the message displayed on the terminal of machine 12 is: Trying ... Connected to 129.182.51.21.
- the display of this message on the terminal of machine 12 shows that it is in the environment of the AIX system of machine 4.
- the command has made a connection to the telnetd application on machine 4.
- the IP layer of machine 4 recognizes the address @ S1 as a destination address specific to machine 4, regardless of routing to network 3.
- the IP layer of machine 4 goes up the applicative field of datagrams received on interface 19, towards the telnetd application of machine 4.
- the command: Telnet 192.90.249.124 activates the Telnet application to reach server machine 1 with address @ S1.
- the only machine recognized by the IP address @ S1 from the interface 14, is the server machine 1.
- the IP layer of the machine 1 recognizing the address @ S1 goes up the applicative field of the datagrams to the telnetd application of machine 1.
- the telnetd application of machine 1 sends back to the Telnet application of machine 4, the message: Trying ...
- This message is retransmitted by the telnetd application of machine 4 to the Telnet application of machine 12.
- the display of this message on the terminal of machine 12 shows that it is in the environment of the DNS system. , that is to say that machine 1 is reached.
- the application field of datagrams is raised to the application layer of the relay machine 4, in a manner transparent to machine 12.
- the datagrams destined for machine 1, passing through the IP layer of machine 4, are reassembled in the application layer of machine 4 because the address @ S1 is associated with a physical interface of machine 4.
- An example of particular processing by the application 22 described here has a particular advantage.
- encryption keys are associated with the address @ S1 to encrypt the requests from and the responses to the machine 12, the decryption of the requests and the encryption of the responses can be ensured by the machine 4.
- the data can flow decrypted on the server network 3 without risk. So the encryption and decryption resources can be centralized in machine 4, leaving a maximum of resources available to machine 1 for its server functions.
- the application 22 is also responsible for re-encrypting the responses before sending them on the network 13.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2001524324A JP2003509969A (ja) | 1999-09-16 | 2000-09-07 | クライアントネットワークに対してトランスペアレントな、サーバネットワークへのアクセス中継 |
EP00960821A EP1129560A1 (fr) | 1999-09-16 | 2000-09-07 | Relais d'acces transparent a un reseau serveur |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR99/11594 | 1999-09-16 | ||
FR9911594A FR2798795B1 (fr) | 1999-09-16 | 1999-09-16 | Relais d'acces a un reseau serveur, transparent sur un reseau client |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001020870A1 true WO2001020870A1 (fr) | 2001-03-22 |
Family
ID=9549920
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2000/002469 WO2001020870A1 (fr) | 1999-09-16 | 2000-09-07 | Relais d'acces transparent a un reseau serveur |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1129560A1 (fr) |
JP (1) | JP2003509969A (fr) |
FR (1) | FR2798795B1 (fr) |
WO (1) | WO2001020870A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1259029A2 (fr) | 2001-05-14 | 2002-11-20 | Canon Development Americas, Inc. | Passerelle de réseaux d'applications |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0713311A1 (fr) * | 1994-11-18 | 1996-05-22 | Milkyway Networks Corporation | Méthode et passerelle sécurisée pour communication entre réseaux |
US5898830A (en) * | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1051481A (ja) * | 1996-08-05 | 1998-02-20 | Mitsubishi Electric Corp | 情報伝送装置 |
JPH118648A (ja) * | 1997-06-17 | 1999-01-12 | Ricoh Co Ltd | ネットワーク接続装置 |
JPH11122301A (ja) * | 1997-10-20 | 1999-04-30 | Fujitsu Ltd | アドレス変換接続装置 |
JPH11177629A (ja) * | 1997-12-11 | 1999-07-02 | Nippon Telegr & Teleph Corp <Ntt> | セキュリティゲートウェイサーバおよび該サーバを用いたwwwサーバurl隠蔽方法とwwwサーバurl隠蔽プログラムを記録した記録媒体 |
-
1999
- 1999-09-16 FR FR9911594A patent/FR2798795B1/fr not_active Expired - Fee Related
-
2000
- 2000-09-07 JP JP2001524324A patent/JP2003509969A/ja not_active Withdrawn
- 2000-09-07 EP EP00960821A patent/EP1129560A1/fr not_active Withdrawn
- 2000-09-07 WO PCT/FR2000/002469 patent/WO2001020870A1/fr not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0713311A1 (fr) * | 1994-11-18 | 1996-05-22 | Milkyway Networks Corporation | Méthode et passerelle sécurisée pour communication entre réseaux |
US5898830A (en) * | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1259029A2 (fr) | 2001-05-14 | 2002-11-20 | Canon Development Americas, Inc. | Passerelle de réseaux d'applications |
EP1259029A3 (fr) * | 2001-05-14 | 2004-02-11 | Canon Development Americas, Inc. | Passerelle de réseaux d'applications |
US7552239B2 (en) | 2001-05-14 | 2009-06-23 | Canon Information Systems, Inc. | Network device mimic support |
Also Published As
Publication number | Publication date |
---|---|
EP1129560A1 (fr) | 2001-09-05 |
FR2798795B1 (fr) | 2002-05-10 |
JP2003509969A (ja) | 2003-03-11 |
FR2798795A1 (fr) | 2001-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1507384B1 (fr) | Procédé de masquage des traitements applicatifs d'une requete d'accès à un serveur et système de masquage correspondant | |
EP1166527B1 (fr) | Relais de securite multiapplicatif | |
US7102996B1 (en) | Method and system for scaling network traffic managers | |
CN104160680B (zh) | 用于透明代理缓存的欺骗技术 | |
EP1875675B1 (fr) | Procédé d'établissement d'un accès multi-liens entre un réseau local et un réseau distant et modem multi-liens correspondant | |
JP2021506144A (ja) | アプリケーションに関連付けられたリモートフォワードプロキシへのトラフィックのローカルな傍受 | |
WO2001060018A1 (fr) | Procede de gestion de transmission de donnees multimedias via internet et carte a puce pour la mise en oeuvre du procede | |
FR2923969A1 (fr) | Procede de gestion de trames dans un reseau global de communication, produit programme d'ordinateur, moyen de stockage et tete de tunnel correspondants | |
JP2000049867A (ja) | インタ―ネットなどの公衆ネットワ―クに接続された装置とネットワ―クに接続された装置の間の通信を容易にするシステムおよび方法 | |
FR2906909A1 (fr) | Procede, appareil et systeme pour supporter la connexite de reseau ip entre des partitions dans un environnement virtualise | |
FR2984554A1 (fr) | Bus logiciel | |
FR2869180A1 (fr) | Systeme de communication et dispositif de passerelle | |
EP2294798B1 (fr) | Procede de routage d'un paquet de donnees dans un reseau et dispositif associe | |
EP1357724A1 (fr) | Dispositif de gestion de filtres de données | |
EP2807815B1 (fr) | Système et procédö de controle d'une requête dns | |
FR2895621A1 (fr) | Procede et passerelle de raccordement d'entites de communication ip par l'intermediaire d'une passerelle residentielle | |
WO2001020870A1 (fr) | Relais d'acces transparent a un reseau serveur | |
WO2007031654A1 (fr) | Procede, passerelle, systeme d'exploitation et systeme de gestion d'entree | |
EP1142269B1 (fr) | Procede d'adressage et serveur de noms et d'adresses dans un reseau numerique | |
EP3818442B1 (fr) | Gestion de la mise en application d'une politique dans un environnement sdn de réseau de communication | |
FR2800224A1 (fr) | Procede et systeme de mise en antememoire de donnees http transportees avec des donnees de socks dans des datagrammes ip | |
EP1432213B1 (fr) | Plate-forme de médiation et réseau de transport de messages | |
EP1279298B1 (fr) | Dispositif de supervision de terminaux | |
EP1471713B1 (fr) | Procédé et système de contrôle d'accès à des sites internet au moyen d'un serveur cache | |
FR2843508A1 (fr) | Procede et architecture de communication entre un equipement client et un module intermediaire situes tous les deux sur un reseau local |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CN JP KR SG US VN |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000960821 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2001 524324 Kind code of ref document: A Format of ref document f/p: F |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 09831878 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2000960821 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000960821 Country of ref document: EP |