WO2013056999A1 - Procédé et système pour permettre une traversée nat pour protocoles multi-connexion - Google Patents

Procédé et système pour permettre une traversée nat pour protocoles multi-connexion Download PDF

Info

Publication number
WO2013056999A1
WO2013056999A1 PCT/EP2012/069836 EP2012069836W WO2013056999A1 WO 2013056999 A1 WO2013056999 A1 WO 2013056999A1 EP 2012069836 W EP2012069836 W EP 2012069836W WO 2013056999 A1 WO2013056999 A1 WO 2013056999A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
interface
client
endpoint
modified
Prior art date
Application number
PCT/EP2012/069836
Other languages
English (en)
Inventor
John Fitzpatrick
Abdelhamid NAFAA
Original Assignee
Forkstream Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Forkstream Limited filed Critical Forkstream Limited
Publication of WO2013056999A1 publication Critical patent/WO2013056999A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2567NAT traversal for reachability, e.g. inquiring the address of a correspondent behind a NAT server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/677Multiple interfaces, e.g. multihomed nodes

Definitions

  • This invention relates to a method and system for enabling network address translation (NAT) traversal for multi-homing protocols, and in particular, endpoint centric NAT traversal.
  • NAT network address translation
  • NAT Network address translation
  • Fig. 1 depicts a private communications network 100 connected to a public communications network 102.
  • First, second and third client endpoints, 104, 106, and 108 are provided within the private network 100, and are arranged to access the public network 102, such as the Internet, via a NAT router 110.
  • the NAT router 110 is arranged to provide a mapping between private IP addresses 112, 114, and 116, of the first second and third endpoints, 104, 106, and 108, respectively, and the NAT router's public and routable IP address 118.
  • the NAT router 110 When the NAT router 110 receives a data packet for a given transport session from the first client endpoint 104 in the private network 100 for transmission to an endpoint 120, such as an Internet server, the NAT router 110 will modify the header information by replacing a source IP address, i.e. 112, with the NAT router's public IP address, 118, and preferably also by replacing a source port number for traffic of the transport session in the upstream, i.e. an internal port number, with a port number specific to the particular client, i.e. an external port.
  • a source IP address i.e. 112
  • the NAT router's public IP address 118
  • a source port number for traffic of the transport session in the upstream i.e. an internal port number
  • a port number specific to the particular client i.e. an external port.
  • the endpoint 120 when the data packet is routed to the endpoint 120, the endpoint identifies the NAT router's public IP address as a source address and the external port number as a source port number and thereafter transmits data packets intended for the client to the NAT router's public IP address, i.e. 118 and the external port number.
  • the NAT router maintains a translation table 122 to keep track of the mapping of private IP addresses to the NAT router's public IP address, and the mapping of internal port numbers to external port numbers, and thus, on receipt of data packets of the transport session intended for the client, the NAT router determines the client's private IP address and port information for the transport session from the translation table, modifies the header information to replace the NAT router's public IP address, 118, with the client's private IP address, 112, as the destination IP address, replaces the external port number with the internal port number for the identified transport session and routes the data packet to the client.
  • NAT routers enable multiple client endpoints in a private network 100 to access the Internet using a single public IP address, and have therefore become indispensable for home and office Internet connections.
  • Multi -homing is a technique often employed in order to eliminate network connectivity as a potential single point of failure (SPOF), and thereby increase the reliability and robustness of a connection. This is preferably achieved by ensuring that data travels on physically different paths when different IP addresses are utilised.
  • SPOF single point of failure
  • the first endpoint 200 is arranged to communicate with a second endpoint 204 in a public network 205 via NAT routers, 206a, 206b, and 206c, each having IP addresses 208a, 208b and 208c, respectively.
  • SCTP Transmission Protocol
  • the first endpoint 200 is arranged to transmit, from a first interface having IP address 202a, to the second endpoint 204, an EMIT message comprising a list of the other addresses by which the client is reachable, namely, 202b, and 202c.
  • the NAT router 206a modifies the EMIT message's header information to convert the client's private IP address, 202a, to the NAT router's IP address, 208a.
  • the endpoint 204 retrieves the IP address 208a from the header, and stores it as the primary address for the client endpoint 200.
  • the endpoint 204 is then arranged to send an acknowledgement message to the first endpoint 200.
  • the acknowledgment message is transmitted to the IP address 208a of the NAT router 206a, and the NAT router 206a changes a destination address in the header of the acknowledgement message from the IP address 208a of the NAT router 206a to the private IP address 202a of the endpoint client 200, as determined from a translation table (not shown).
  • the second endpoint 204 On receipt of the EMIT message, the second endpoint 204 also retrieves from the EMIT message, the list of addresses by which the first endpoint is reachable, 202b, and 202c, and stores these addresses as secondary addresses. However, given that these are private IP addresses, they are not reachable outside of the private network 201, which includes the first endpoint 200. Thus, any traffic directed to the first endpoint 200 from the second endpoint 204 using the private IP addresses 202b and 202c will cause an error, as the private IP addresses are not recognised outside of the private network 201, and in general, the SCTP protocol will mark the private IP addresses as unreachable.
  • the first endpoint 200 tries to utilise these private non-externally routable IP addresses, 202b, and 202c, to perform a handover/failover between two interfaces of the first endpoint 200, or perform any association configurations, (ASCONF), the attempt will fail and cause an error in the SCTP association.
  • the failure to intercept and modify the messages will result in the second endpoint 204 attempting to communicate with the first endpoint 200 using a private IP address, 202b or 202c, which causes a communication failure, and interruption of traffic.
  • US2006/0018301 discloses a method for establishing a multi-homed connection with a number of paths between two components of a communications network. In order to address NAT traversal issues, the method modifies and extends the existing SCTP standard, therefore requiring modifications to currently deployed code bases and stacks.
  • US 7,685,290 is also concerned with the reliable handling of SCTP multi-homed connections across multiple NAT devices and addresses the NAT traversal problem by updating the NAT devices to understand the internal signalling mechanisms of SCTP and to dynamically modify signalling messages with translated addresses.
  • the present invention provides a method for enabling network address translation, NAT, traversal for multi- homed protocols within a communications network, the method comprising the steps of:
  • the step of receiving the association request comprises capturing the association request before it arrives at a multi-homing protocol stack.
  • the method further comprises the step of:
  • the method further comprises the step of
  • said address for the first interface is a modified address for the first interface.
  • the step of retrieving the address for the first interface involves retrieving the address from a header of the establishment request.
  • the step of retrieving the original address for the secondary interface involves retrieving the original address from a body of the association request.
  • the step of utilising the original address for the second interface to determine a modified address for the second interface comprises consulting a mapping table associated with the client.
  • the method further comprises the step of
  • mapping table for the client, wherein said mapping table includes an entry providing a mapping of the original address to the modified address for the first interface.
  • the method further comprises the step of:
  • k responsive to receipt of a signalling message to establish a signalling session from the second interface associated with the client, retrieving from the signalling message the modified address and the original address for the second interface, and adding to the mapping table for the client, an entry providing a mapping of the original address to the modified address for the second interface.
  • the method comprises carrying out steps j) and k) prior to receiving the request to establish a multi- homing association.
  • the method further comprises the step of:
  • the method further comprises the step of:
  • additional interface associated with the client, retrieving from the signalling message a modified address and an original address for the third or additional interface, adding to the mapping table for the client, an entry providing a mapping of the original address to the modified address for the third or additional interface.
  • said addresses are Internet Protocol, IP, addresses.
  • said signalling session is established using Transmission Control Protocol, TCP, or User Datagram Protocol, UDP.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the multi-homing association is established using a multi-homing protocol such as Stream Control Transmission Protocol, SCTP, or Multi-Path Transmission Control Protocol, MPTCP.
  • a multi-homing protocol such as Stream Control Transmission Protocol, SCTP, or Multi-Path Transmission Control Protocol, MPTCP.
  • the method further comprises the step of:
  • n responsive to receipt of a signalling message from a first interface associated with the client at the first endpoint, assigning a port number to the client endpoint, and transmitting the port number to the first interface of the client endpoint.
  • the method further comprises the step of:
  • the step of transmitting comprising transmitting an acknowledgement message to the first interface, the port number being included within the body of the acknowledgement message.
  • the port number is a uniquely identifiable with the client.
  • the establishment request includes the addresses of only the first interface associated with the client.
  • the SCTP stack at the first endpoint is configured so that no other interfaces associated with the client are included within the body of the establishment request. In this way, the association created by the agent at the second endpoint will not include any non-routable addresses as secondary IP addresses associated with the client.
  • the step of receiving the establishment request comprises:
  • the agent at the second endpoint is arranged to delete the non-routable addresses associated with interfaces other than the primary interface associated with the client at the first endpoint. Furthermore, the agent may be arranged to delete any information associated with interfaces other than the first or primary interface from the establishment message.
  • step of receiving the establishment request comprises:
  • the agent at the second endpoint is arranged to modify the secondary IP addresses within the establishment request with their routable addresses as determined from the mapping table, before allowing the establishment request proceed to the multi-homing stack for processing.
  • a method for enabling network address translation, NAT, traversal for multi-homed protocols within a communications network comprising the steps of:
  • the step of retrieving the establishment request comprises capturing the establishment request before it arrives at a multi-homing protocol stack.
  • the method further comprises the step of:
  • the method further comprises the steps of:
  • a system for enabling network address translation, NAT traversal for multi-homed protocols within a communications network comprising an agent deployed at an endpoint, the agent arranged to carry out the steps of any of the methods described above.
  • a computer program product comprising a non-transitory computer readable medium encoded with computer executed instructions, which when executed in a computing device, is arranged to carry out the steps of any of the methods described above.
  • the present invention provides an endpoint centric solution to the problem of NAT traversal for multi -homed protocols, such as SCTP or Multi-path TCP.
  • multi -homed protocols such as SCTP or Multi-path TCP.
  • the present invention does not involve modifications to the underlying protocol stack, or modifications to the NAT methods employed in the NAT routers.
  • no modifications or agents are required at the client endpoint, which is of distinct advantage in cases where the invention is being implemented with devices with limited resources such as mobile devices and/or in which the alternative endpoint is operating as a proxy, endpoint, or data gateway.
  • multi-homed protocols can operate over networks using existing NAT routers or gateways and can utilise their in-band signalling mechanisms even when security mechanisms, such as Internet Protocol Security (IPSec), are being used.
  • IPSec Internet Protocol Security
  • Fig. 1 illustrates a communications network including a plurality of client endpoints provided within a private network, and arranged to communicate with a public network;
  • Fig. 2 illustrates a communications network including a first endpoint provided within a private network and associated with a plurality of IP addresses, and arranged to communicate with a public network;
  • Fig. 3 a and Fig. 3b is a message flow depicting steps of a method for enabling NAT traversal for multi -homed protocols within the communications network of Fig. 2, according to the preferred embodiment of the invention;
  • Fig. 4 is a mapping table including entries mapping original IP addresses to modified IP addresses associated with the first endpoint of Fig. 2;
  • Fig. 5 is a message flow depicting steps of a port negotiation mechanism employed in the method of Fig. 3, in an embodiment of the present invention.
  • FIG. 3 there is illustrated a message flow depicting steps of establishing an association between multiple IP addresses of the first endpoint 200 of Fig. 2, according to a preferred embodiment of the invention.
  • the first endpoint 200 transmits a first signalling message to a second endpoint to establish an out-of band signalling session with the second endpoint 204, step 300.
  • the out-of-band signalling sessions are preferably separate sessions to the subsequent sessions of data flow discussed below in relation to association establishment and configuration messages and may be carried out using a single homing protocol such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) or a multi-homing protocol such as SCTP.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • SCTP multi-homing protocol
  • the first signalling message includes a unique identifier of the first endpoint 200 and an original IP address 202a indicating an original source IP address of a first interface of the first endpoint 200.
  • the unique identifier of the first endpoint 200 and the original source IP address 202a are provided within the body of the signalling message.
  • the NAT router 206a modifies a source IP address in the header by replacing the source IP address 202a of the first endpoint 200, with an IP address 208a of the NAT router 206a, step 302, and relays the message to the second endpoint 204, step 304.
  • an agent deployed at the second endpoint 204 creates a mapping between the source IP address in the header of the message, namely, the IP address 208a of the NAT router 206a, and the original IP address 202a of the first endpoint 200, step 306.
  • this mapping is recorded in a mapping table, as illustrated in Fig. 4. It will be appreciated that source IP address in the header of the message will depend on a path traversed by the signalling message from the first endpoint 200 to the second endpoint 204, and in general, is the IP address of the most recently traversed NAT router 206a prior to delivery of the signalling message to the second endpoint 204.
  • the first endpoint 200 transmits a signalling message to the second endpoint 204 for each available interface associated with the first endpoint 200.
  • the first endpoint 200 is also associated with an available interface having an IP address of 202b.
  • the first endpoint 200 transmits a second signalling message to the second endpoint 204, step 308.
  • the second signalling message includes a unique identifier of the first endpoint 200, and a source IP address, 202b, associated with the second interface of the first endpoint 200.
  • the NAT router 206b modifies a source IP address in the header by replacing the source IP address 202b of the first endpoint 200, with an IP address 208b of the NAT router 206b, step 310, and relays the message to the second endpoint 204, step 312.
  • the agent On receiving the signalling message at the second endpoint 204, the agent creates an entry in the mapping table, as illustrated in Fig. 4, to record the mapping between the source IP address in the header of the message, namely, the IP address 208b of the NAT router 206b, and the original IP address 202b of the second interface associated with the first endpoint 200, step 314.
  • a multi-homing protocol connection is next established. This is preferably achieved using SCTP. However, it will be appreciated that any suitable multi-homing protocol, such as Multi-Path TCP, may be employed.
  • the first endpoint 200 transmits an SCTP INIT message, from the interface whose IP address is to represent a primary address of a multi -homing association, which is, in this case, the first interface having IP address 202a, to the agent at the second endpoint 204, to thereby initiate establishment of the multi- homing protocol connection, step 316.
  • the source information in the IP header of the SCTP INIT message is modified by the NAT router 206a, step 318, and the SCTP INIT message is routed to the second endpoint 204, step 320.
  • the multi-homing protocol configuration at the client or first endpoint 200 is configured to include in the establishment request or SCTP INIT message, only the IP address of the primary or first interface having IP address 202a. No other addresses of available interfaces are included in the establishment message. This involves a deviation from the default SCTP behaviour of including all available IP addresses associated with the first endpoint 200 in the SCTP INIT message during association establishment. In this case, since the SCTP INIT message does not include any other IP addresses associated with other interfaces of the first endpoint 200, on receipt of the SCTP INIT message at the second endpoint 204, the other IP addresses are not included as part or elements of the established association.
  • the association for the client or first endpoint 200 is established, and the source IP address in the header of the SCTP INIT message, namely, the IP address 208a of the NAT router 206a, is recorded as the primary IP address of the association, step 322.
  • the second endpoint 204 sends an acknowledgement message, INIT-ACK, indicating receipt of the SCTP INIT message to the NAT router 206a, step 324, which modifies the destination information in the header of the acknowledgement message to indicate the IP address 202a of the first endpoint 200, step 326 and routes the acknowledgement message to the client, step 328.
  • the SCTP INIT message includes a cookie, created at the first endpoint 200.
  • the cookie includes information by the second endpoint 204 to establish the association, and possibly information to authenticate the cookie as being originated for the second endpoint 204, and a time stamp, with an expiration deadline.
  • a cookie echo message, COOKIE- ECHO, for the second endpoint 204 is transmitted from the first endpoint 200, step 330.
  • the source IP address of the cookie echo message is modified to the public IP address 208a at router 206a, step 332, and the cookie echo message is forwarded to the second endpoint 204, step 334.
  • the second endpoint 204 When the second endpoint 204 receives the cookie echo message, it examines the previously received cookie to ensure the cookie is authenticated, correct and has not expired, step 336. If these conditions are satisfied, a cookie acknowledgement message, COOKIE-ECHO, is transmitted to the IP address of the NAT 206a, step 338.
  • the NAT router 206a modifies the destination address to direct the a cookie acknowledgement message to the first endpoint, step 340, and routes the cookie acknowledgement message to the first endpoint 200, step 342.
  • the SCTP INIT message, the INIT-ACK message, the COOKIE-ECHO message and the COOKIE- ACK message form a four-way handshake, which assists in mitigating security attacks.
  • the first endpoint 200 transmits an association configuration message to request the second endpoint 204 to add to the association, a second available interface IP address, 202b, step 344.
  • the association configuration message includes within the body of the message, the interface IP address 202b.
  • the interface IP address is also included in the header of the association configuration message as the source of the association configuration message.
  • the source address in the header is replaced with the IP address 208a of the NAT router 206a, step 346.
  • the IP address 202b provided in the body of the association configuration message is not modified by the NAT router 206a.
  • the NAT router 206a then relays the association configuration message to the endpoint 204, step 348.
  • the agent at endpoint 204 is arranged to catch or capture the association configuration message before it reaches the upper layer multi-homing protocol stack.
  • the agent instead allowed the association configuration message to proceed to the SCTP stack, the IP addresses 202b provided within the body of the association configuration message would be added to the association, and since this IP address is not reachable from the agent endpoint 204, it could not be used successfully, as described above.
  • the agent at the second endpoint 204 captures the association configuration message and retrieves from the body of the association configuration message, the IP address 202b of the second interface associated with the client endpoint, step 336.
  • the agent consults the mapping table as illustrated in Fig. 4, created from the signalling messages to determine a suitable and routable IP address to which the second interface is to be mapped, step 350.
  • the agent then replaces the IP address 202b of the second interface provided within the body of the association configuration message with its mapped IP address, 208b, which corresponds to the IP address of the NAT router 206b, through which the second signalling message from the second interface was routed, step 350.
  • the agent then releases the modified association configuration message and it is passed to a local SCTP stack on the second endpoint 204, where the IP address 208b is added to the association. As this address is reachable from the second endpoint 204, the address can be successfully utilised as an alternative route to the first endpoint 200. Thus, should it be desired to communicate with the client at the first endpoint via the second interface, any messages may be transmitted from the second endpoint 204 to the IP address 208b of the NAT router 206b, where the header information will be modified to indicate the destination IP address 202b of the second interface of the first endpoint 200, and the message will be successfully routed to client.
  • this third interface can also be added to the association using the method of the present invention.
  • out-of-band signalling via path 202c-206c-208c is employed in order to record an entry in the mapping table, as illustrated in Fig. 4, associating the new interface's IP address, 202c, and a public routable address 208c.
  • the client at the first endpoint 200 transmits a third signalling message to the second endpoint 204 to establish an out-of band signalling session with the agent at the second endpoint 204, step 352.
  • this signalling session uses an ordinary transport protocol, which need not necessarily be a multi- homing protocol, such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the third signalling message includes a unique identifier of the first endpoint 200 and an original IP address 202c indicating a source IP address of the third interface of the first endpoint 200.
  • the unique identifier of the first endpoint 200 and the original IP address 202c are provided within the body of the signalling message.
  • the NAT router 206c modifies a source IP address in the header by replacing the source IP address 202c of the first endpoint 200, with an IP address 208c of the NAT router 206c, step 354, and the NAT router 206c routes the signalling message to the second endpoint 204, step 356.
  • the agent On receiving the signalling message at the second endpoint 202, the agent creates an entry in the mapping table, as illustrated in Fig. 4, identifying a mapping between the source IP address in the header of the message, namely, the IP address 208c of the NAT router 206c, and the original IP address 202c of the first endpoint 200, step 358.
  • the first endpoint 200 then transmits, from the first interface 202a an association configuration message to have the third available interface IP address 202c, added to the association, step 360.
  • the association configuration message includes within the body of the message, the interface IP address 202c.
  • the interface IP address is also included in the header of the association configuration message as the source of the association configuration message. As the message is relayed through NAT router 206a the source address in the header is replaced with the IP address 208a of the NAT router 206a, step 362. However, the IP address 202c provided in the body of the association configuration message is not modified by the NAT router 206a.
  • the NAT router 206a then relays the association configuration message to the second endpoint 204, step 364.
  • the agent at endpoint 204 is arranged to catch or capture the association configuration message before it reaches the SCTP stack and retrieve from the body of the association configuration message, the IP address 202c of the third interface associated with the first endpoint, step 366.
  • the agent consults the mapping table, as illustrated in Fig. 4, which was created from the signalling messages, to determine a suitable and routable IP address to which the third interface is to be mapped, step 366.
  • the agent then replaces the IP address 202c of the second interface provided within the body of the association configuration message with its mapped IP address, 208c, which corresponds to the IP address of the NAT router 206c, through which the third signalling message from the third interface was routed, step 366.
  • the agent then releases the modified association configuration message and it is passed to a local SCTP stack on the second endpoint 204.
  • the local SCTP stack adds the IP address 208c to the association.
  • the address can be successfully utilised as an alternative route to the first endpoint 200.
  • any messages may be transmitted from the second endpoint 204 to the IP address 208c of the NAT router 206c, where the header information will be modified to indicate the destination IP address 202c of the second interface of the first endpoint, and the message will be successfully routed to client.
  • the SCTP EMIT message from the first interface associated with the first endpoint 200 is arranged to include some or all available interface IP addresses and is transmitted to the endpoint 204.
  • the source address of the SCTP EMIT message is modified from 202a to 208a by the NAT 206a, the IP address 202b of the other available interfaces associated wit the first endpoint 200 and provided within the body of the SCTP EMIT message remain unchanged.
  • the agent at the second endpoint 204 is arranged to capture the SCTP EMIT message and delete from the body of the SCTP EMIT message, the IP address 202b of the second and any other interfaces associated with the first endpoint 200 provided there within. The agent then releases the SCTP EMIT message and passes the SCTP EMIT message to the SCTP stack for processing as normal.
  • the SCTP EMIT message from the first interface associated with the first endpoint 200 is arranged to include some or all available interface IP addresses and is transmitted to the endpoint 204.
  • the source address of the SCTP EMIT message is modified from 202a to 208a by the NAT 206a, the IP address 202b of the other available interfaces associated wit the first endpoint 200 and provided within the body of the SCTP EMIT message remain unchanged.
  • the agent at the second endpoint 204 is arranged to capture the SCTP EMIT message and retrieve from the body of the SCTP EMIT message, the IP address 202b of the second and any other interfaces associated with the first endpoint 200 provided there within.
  • the agent consults the mapping table as illustrated in Fig. 4, created from the signalling messages, to determine a suitable and routable IP address to which the second interface is to be mapped and replaces the IP address 202b of the second interface provided within the body of the association configuration message with its mapped IP address 208b, which corresponds to the IP address of the NAT router 206b, through which the second signalling message from the second interface was routed.
  • the agent then releases the modified association configuration message and it is passed to a local SCTP stack on the second endpoint 204.
  • the local SCTP stack then creates the association including the IP address 208b as a secondary interface for the first endpoint 200.
  • the SCTP EMIT message from the first interface associated with the first endpoint 200 is arranged to include some or all available interface IP addresses and is transmitted to the endpoint 204.
  • the source address of the SCTP EMIT message is modified from 202a to 208a by the NAT 206a, the IP address 202b of the other available interfaces associated with the first endpoint 200 and provided within the body of the SCTP EMIT message remain unchanged.
  • the agent at the second endpoint 204 does not intercept the SCTP EMIT message and it is passed to the SCTP stack. Accordingly, an association is established which includes the original and un-routable IP addresses of the second and/or additional interfaces as secondary addresses for the first endpoint 200.
  • the IP address 202b of the second or additional interface provided within the body of the association configuration message is replaced with its mapped IP address, 208b, and the modified association request is released.
  • the entry in the association for the second or additional interface as set up or entered when the association was established is simply overwritten with the new and mapped IP address.
  • Multi-homed protocols in general, assume that all interfaces in a specific association connect to a router, such as a gateway, on a same port, identified by a port number. However, when multiple clients at different endpoints connect to a NAT router, such as a NAT gateway, on a same port, the NAT router carries out a port mapping and the NAT router will modify a source port number of the client's traffic so that traffic directed to each client in the downstream can be differentiated.
  • the present invention further provides a port negotiation mechanism as illustrated in the message flow of Fig. 5, to allow for the allocation of a specific port to each association.
  • the agent at the second endpoint 204 on reception of the first signalling message from the first interface of the first endpoint 200, the agent at the second endpoint 204 deterministically assigns a port number to the client and records the port number as being associated with the client, step 500.
  • the agent at the second endpoint 204 transmits the suggested port number to the client at the first endpoint 200, preferably within a body of an acknowledgement message, step 502.
  • the acknowledgement passes through the NAT router 206a, the NAT router performs traditional IP address and port translations, step 504, but the body of the acknowledgement message remains unmodified and is passed to the first interface of the first endpoint 200, step 506.
  • the first endpoint 200 is arranged to retrieve the port number from the acknowledgement message, step 508, and to thereafter utilise the suggested port number when communicating with the second endpoint 204 from the first interface of the first endpoint 200.
  • the agent at the second endpoint determines previously assigned the port number for the client, step 510 and transmits the port number to the second interface within the body of an acknowledgement message, step 512.
  • the acknowledgement message passes through NAT router 206b where traditional IP address and port translation is carried, step 514, and is routed to the second interface of the first endpoint 200, step 516.
  • the first endpoint 200 retrieves the port number from the acknowledgement message, step 518 and thereafter utilises the port number when communicating with the second endpoint 204 from the second interface of the first endpoint.
  • the port number is unique to each first endpoint 200 connected through the same NAT router and accordingly, a traditional NAT will have no need to perform any source port number modification to packets passing through it from the first endpoint 200 to the second endpoint 204.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur un procédé pour permettre une traversée de traduction d'adresse réseau, NAT, pour des protocoles multi-connexion dans un réseau de communication. Le procédé consiste à recevoir une requête d'établissement demandant d'établir une association multi-connexion en provenance d'une première interface associée à un client ; à extraire de la requête d'établissement une adresse pour la première interface ; et à enregistrer l'adresse de la première interface en tant qu'adresse primaire pour le client. Le procédé consiste en outre à recevoir une requête d'association demandant d'associer une adresse secondaire au client ; à extraire de la requête d'association une adresse originale pour la seconde interface ; à utiliser l'adresse originale pour la seconde interface afin de déterminer une adresse modifiée pour la seconde interface ; et à créer une requête d'association modifiée par remplacement de l'adresse originale pour la seconde interface par l'adresse modifiée.
PCT/EP2012/069836 2011-10-20 2012-10-08 Procédé et système pour permettre une traversée nat pour protocoles multi-connexion WO2013056999A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IES2011/0468 2011-10-20
IES20110468 2011-10-20

Publications (1)

Publication Number Publication Date
WO2013056999A1 true WO2013056999A1 (fr) 2013-04-25

Family

ID=48140368

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/069836 WO2013056999A1 (fr) 2011-10-20 2012-10-08 Procédé et système pour permettre une traversée nat pour protocoles multi-connexion

Country Status (1)

Country Link
WO (1) WO2013056999A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530615A (zh) * 2015-10-23 2016-04-27 江苏鑫软图无线技术股份有限公司 基于sctp协议的组呼业务数据分组识别方法
US9794218B2 (en) 2014-04-29 2017-10-17 Trustiosity, Llc Persistent network addressing system and method
CN112800194A (zh) * 2021-01-15 2021-05-14 亿企赢网络科技有限公司 一种接口变更识别方法、装置、设备及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060018301A1 (en) 2004-07-21 2006-01-26 Siemens Aktiengesellschaft Method of establishing multi-homed connections in networks with address conversion
US20060215654A1 (en) * 2005-03-25 2006-09-28 Senthil Sivakumar Method and apparatus for detecting and recovering from faults associated with transport protocol connections across network address translators
US20080101357A1 (en) * 2006-10-31 2008-05-01 Paola Iovanna Method and apparatus for ip network interfacing
US20100057929A1 (en) * 2008-08-27 2010-03-04 Motorola, Inc. Communication network and method of operation therefor
US7685290B2 (en) 2004-09-21 2010-03-23 Cisco Technology, Inc. Method and apparatus for handling SCTP multi-homed connections

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060018301A1 (en) 2004-07-21 2006-01-26 Siemens Aktiengesellschaft Method of establishing multi-homed connections in networks with address conversion
US7685290B2 (en) 2004-09-21 2010-03-23 Cisco Technology, Inc. Method and apparatus for handling SCTP multi-homed connections
US20060215654A1 (en) * 2005-03-25 2006-09-28 Senthil Sivakumar Method and apparatus for detecting and recovering from faults associated with transport protocol connections across network address translators
US20080101357A1 (en) * 2006-10-31 2008-05-01 Paola Iovanna Method and apparatus for ip network interfacing
US20100057929A1 (en) * 2008-08-27 2010-03-04 Motorola, Inc. Communication network and method of operation therefor

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9794218B2 (en) 2014-04-29 2017-10-17 Trustiosity, Llc Persistent network addressing system and method
CN105530615A (zh) * 2015-10-23 2016-04-27 江苏鑫软图无线技术股份有限公司 基于sctp协议的组呼业务数据分组识别方法
CN112800194A (zh) * 2021-01-15 2021-05-14 亿企赢网络科技有限公司 一种接口变更识别方法、装置、设备及存储介质
CN112800194B (zh) * 2021-01-15 2023-11-17 亿企薪福网络科技有限公司 一种接口变更识别方法、装置、设备及存储介质

Similar Documents

Publication Publication Date Title
US10855654B2 (en) Session identifier for a communication session
EP2394414B1 (fr) Traversée nat en utilisant hole punching
US20160380966A1 (en) Media Relay Server
EP2805476B1 (fr) Traversée nat basée sur un ice
US8396954B2 (en) Routing and service performance management in an application acceleration environment
US20210036953A1 (en) Flow modification including shared context
JP4236364B2 (ja) 通信データ中継装置
JP5054114B2 (ja) Ipネットワークをインタフェースするための方法及び装置
RU2543304C2 (ru) Способ и устройство, для ретрансляции пакетов
US20160380789A1 (en) Media Relay Server
US7558249B2 (en) Communication terminal, and communication method
WO2015143802A1 (fr) Procédé et dispositif de gestion de chaîne de fonctions de service
KR20180125465A (ko) 개선된 라우팅, 진단, 및 콘텐츠-릴레이 네트워크를 위한 어드레스 공간의 오버로딩
JP2003526270A (ja) ローカルipアドレスと変換不可能なポートアドレスとを用いたローカルエリアネットワークのためのネットワークアドレス変換ゲートウェイ
EP1700430B1 (fr) Procede et systeme pour le maintien de tunnel securise dans un systeme de communications par paquets
WO2013056999A1 (fr) Procédé et système pour permettre une traversée nat pour protocoles multi-connexion
JP4746978B2 (ja) ローカルネットワーク及び遠隔ネットワークの運用方法、ソフトウェアモジュール、およびゲートウェイ
JP3614006B2 (ja) 非対称経路利用通信システム、および、非対称経路利用通信方法
WO2006131057A1 (fr) Procédé et appareil d’implémentation du proxy de signalisation
US8576854B2 (en) System for communication between private and public IP networks
Komu et al. Basic host identity protocol (HIP) extensions for traversal of network address translators
Gundavelli et al. RFC 8803: 0-RTT TCP Convert Protocol
Schinazi et al. RFC 9484: Proxying IP in HTTP
Fu et al. General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)
JP2006094105A (ja) トンネリング方法および装置、ならびにそのプログラムと記録媒体

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12772300

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12772300

Country of ref document: EP

Kind code of ref document: A1