Described below is an apparatus and a method for address mapping and in particular to an apparatus and a method for address mapping of devices in a home network to an external IP address space.
Such internal networks or, more specifically, home networks HN can be connected to the Internet N via so-called NAT (network address translation) network nodes or, more specifically, routers R, network nodes R of this kind having network address (port) translation (NA(P)T) capability.
Network address translation is a method whereby, for example, an IP address is replaced by another in a data packet. Such network address translation is necessary mainly because IP addresses are in increasingly short supply, and internal IP addresses are therefore employed in a home network. To ensure that the devices in the internal network HN can nevertheless communicate with the external network or, more specifically, the Internet N, the internal addresses must be translated, i.e. converted, into external addresses. In the case of outgoing data packets, the internal source IP address is replaced by an as yet unused external IP address, the network address translation unit noting this conversion. In the case of incoming data packets, it can then be determined, on the basis of the destination IP address and the table entry, which device within the home network HN had requested the data packets.
However, the disadvantage with this system is that, on the one hand, connections always have to be initiated internally, i.e. by the home network HN, so that the network node or, more specifically, the router R can identify the internal communications partner. Moreover, the internal network users or rather devices do not know the external IP address of the home network HN, the internal network users in some cases not even knowing the externally used port numbers.
To obviate these disadvantages, extremely complex concepts are currently in use. For example “ALGs” (application layer gateways) scan the data traffic in the network node or, more specifically, the router R, classifying the data traffic on the basis of application-specific features and manipulating it accordingly by interchanging e.g. IP addresses and port numbers.
In addition, so-called “port forwarding/virtual server” can be used in which a user can define static routes in the network node R in order to allow externally initiated communication. Here, however, a user has to be very familiar with IP addresses and port numbers.
Finally so-called “port triggering” should be mentioned whereby, on the basis of application characteristics which, however, may change and are unknown to new applications when a system is sold, time-limited static routes for outgoing connections are enabled for incoming connections. However, a unique assignment again cannot be maintained, for which reason encryption methods in particular are subject to major problems at network and transport level.
An aspect is therefore to provide an apparatus and a method for address mapping with which devices within a home network can be addressed directly from the outside.
In particular, by using a configuration client to request port numbers intended for a network service and a configuration server to request the required port numbers from a network address translation unit, the network address translation unit assigning an external network address with the requested port number directly to the network service, direct addressing of devices within a home network can, for the first time, be carried out without conventional address translation. In this way particular devices which need to be externally accessible only via a limited number of port numbers, such as VoIP telephones, web cameras, dedicated web servers, etc., can be mapped directly in an external IP address space.
Preferably the configuration client is a DHCP (dynamic host configuration protocol) client and the configuration server is a DHCP server. Such a protocol is available for a large number of network nodes and in particular for network address translation units, so that extremely inexpensive implementation is possible.
If the requested port number is unavailable, the network address translation unit can preferably propose an alternative port number, thereby enabling configuration to be considerably simplified.
For example, the network address translation unit and the configuration server can be implemented in a network node or, more specifically, a router, and the configuration client and network service can be implemented in a telecommunications terminal such as a telephone. In this way any devices of a home network can be mapped directly to the external IP address space by a network node.
Alternatively, the functionalities of the network address translation unit, configuration server, configuration client and network service can also be implemented in a single telecommunications unit, thereby providing a so-called standalone solution of the system which can be directly connected to an external network.
Although a VoIP service for implementing IP telephony is a preferred option as a network service, in principle web cameras, web servers and the like are also conceivable.
In respect of the method for address mapping, first at least one port number for a network service is requested, the required port number is then requested from a network address translation unit, the requested port number is then confirmed or an alternative port number is issued, the confirmed or alternative port number is then accepted or declined by the network service and finally incoming data traffic is through-connected in the network address translation unit to the network service if the port number was accepted.
These and other aspects and advantages will become more apparent and more readily appreciated from the following description of exemplary embodiments, taken in conjunction with the accompanying drawings of which:
Reference will now be made in detail to the preferred embodiments, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.
The simplified block diagram in
The network node R has a network address translation (NAT) unit AU which translates, i.e. converts, an external network address into an internal network address and, in the reverse direction, converts an internal network address into an external network address. As shown in
As shown in
To implement a network address or more specifically an external IP address directly assigned to the network service NS, the configuration client KC can first request the network service NS for at least one port number intended for the network service NS. This at least one port number requested from the network service NS is now communicated from the configuration client KC to the configuration server KS, which for its part requests the at least one required port number from the network address translation unit AU, the network address translation unit AU finally directly assigning its network address with the at least one requested port number to the network service NS and therefore enabling through-connection of data traffic as far as the network service NS. Address translation or conversion normally carried out in the network address translation unit AU no longer takes place in this context.
The network node or, more specifically, router R address space present after a configuration of this kind is shown in
Optionally, the port numbers usually requested from the network service NS can also be already predefined, thereby eliminating a corresponding request. For example, the desired port numbers can be present in the configuration client KC or in the configuration server KS.
According to
As shown in
The DHCP client KC responds to this offer via unicast message “DHCPREQUEST”, no new content being communicated. The DHCP server KS finally acknowledges this positive response via unicast message “DHCPACK”, again no new content being communicated. In this way an offered port number configuration can be confirmed by the configuration client KC to the configuration server KS.
According to
In its unicast message “DHCPREQUEST”, the DHCP client KC can now respond positively to this offer or rather this reply of the DHCP server KS, provided it is in agreement with the alternatively proposed port numbers 5062 and 5006, no new content being communicated. A positive reply of this kind from the DHCP server KS is acknowledged with the unicast message “DHCPACK”, again no new content being communicated. In this way, assignment of an external network address to a device or network service NS within a home network HN can be carried out in a simple manner using a DHCP environment.
Consequently, the disadvantages of the conventional NAT concept are obviated in that particular devices within the home network, which need to be accessible externally only via a limited number of ports or more specifically port numbers, such as VoIP telephones, web cameras, web servers, etc., can be mapped directly to the external IP address space.
In the case of a DHCP environment, this is implemented by an extended DHCPREQUEST which, in addition to the currently usual parameters, also contains an inquiry concerning the externally valid IP address of the system, a listing of the port numbers via which the device must be accessible externally, and the port numbers which the device uses for an outgoing connection. The device thereby asks for assignment of the IP address and desired port numbers, the network node R with its network address translation unit AU checking the request and allocating the required parameters to the device unless the ports or, more specifically, port numbers have already been assigned to another device.
If the parameters have already been assigned, the device receives a negative reply and can make a new “request” which can now contain other port numbers. As described above, the negative reply may also contain an alternative proposal with other port numbers.
In principle the concept can also be effected for any port numbers by explicit negotiation of the port numbers whereby the device does not specify port numbers, but only how many ports are required. In order to avoid multiple assignment of port numbers, the network node R or, more specifically, its network address translation unit AU must delete the reserved addresses or port numbers for the device from its list of available port numbers or rather mark them as unavailable.
The method for address mapping will now be described, the arrows S1 to S10 in
After startup in step S0, in a step S1 the DHCP client KC first asks the network service NS which ports or more specifically port numbers are required or desired. This optional step can also be omitted if the required ports or port numbers are already fixed in the DHCP client. For the case that they are not fixed in the DHCP client KC, in the likewise optional step S2 a reply in which the desired port numbers are specified can be sent by the network service NS to the DHCP client KC.
For the above described example of a VoIP service, e.g. the usual port numbers 5060 and 5004 are issued as desired port numbers. In a step S3, an IP configuration request is now made to the configuration server KS whereby the configuration client KC asks the configuration server KS to assign an external IP address and the desired port numbers 5060 and 5004.
In a step S4 this request is forwarded from the DHCP server KS to the network address translation unit AU, inquiring whether the requested ports or, more specifically, port numbers 5060 and 5004 are still free. In a step S5, a reply to this inquiry is sent from the network address translation unit AU to the DHCP server KS, positively confirming the desired port numbers if they are still freely available, or else a negative reply being issued. In the event of a negative reply, optionally one or more alternative port numbers still freely available for the external address space can be issued or proposed.
In step S6, an IP configuration reply is now sent from the DHCP server KS to the DHCP client KC specifying the network configuration and the port numbers reported as freely available by the network address translation unit AU.
In a step S7, these port numbers are forwarded or communicated from the configuration client KC to the network service NS, the network service NS being able, in a step S8, either to accept or decline the communicated port numbers, in which case it sends a negative response. In step S9, this positive or negative response from the DHCP client KC is forwarded to the configuration server KS.
If the port numbers have not been accepted by the network service, i.e. a rejection is present, the configuration client KC can initiate a new request according to step S1 or S3. If the port numbers have been accepted by the network service NS, these port numbers are reported by the configuration server KS to the network address translation unit AU as taken. In a step S11, the data traffic is then through-connected in the network address translation unit AU for the accepted port numbers and the port numbers are marked accordingly as no longer available. The method ends in a step S12.
The device or more specifically network service and network node or, more specifically, router R therefore configure their lists with available port numbers, which means that the device or, more specifically, the network service NS only uses the port numbers assigned to it for its communication and the network node R removes these port numbers from its list. In this way, each correspondingly configured internal device is given a unique external IP address.
If the configuration offer from the configuration server KS is unacceptable, the configuration client KC can send the message “DHCPDECLINE” to the configuration server KS, re-negotiation then taking place. The parameters such as port numbers can change again here.
It is also possible for the network service NS to decide to live with an only internally valid IP address, conventional address translation again having to be performed.
Although the method has been described above in terms of a VoIP service for implementing an IP telephone, it is not limited thereto and also encompasses in like manner web cameras or dedicated web servers as network services. In the same way, although the present method has been described in terms of a DHCP client and server as configuration client and server, it is not limited thereto and also encompasses in like manner alternative configuration clients and servers.
In addition, although a solution has been proposed above in which the telecommunications terminal is embodied separately from the network node in the home network, the system described herein is not limited thereto and also encompasses in like manner devices in which the network address translation unit, the configuration server, the configuration client and the network service are implemented in a terminal of a home network.
The system also includes permanent or removable storage, such as magnetic and optical discs, RAM, ROM, etc. on which the process and data structures of the present invention can be stored and distributed. The processes can also be distributed via, for example, downloading over a network such as the Internet. The system can output the results to a display device, printer, readily accessible memory or another computer on a network.
A description has been provided with particular reference to preferred embodiments thereof and examples, but it will be understood that variations and modifications can be effected within the spirit and scope of the claims which may include the phrase “at least one of A, B and C” as an alternative expression that means one or more of A, B and C may be used, contrary to the holding in Superguide v. DIRECTV, 358 F3d 870, 69 USPQ2d 1865 (Fed. Cir. 2004).
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/EP2006/005968 | 6/21/2006 | WO | 00 | 2/29/2008 |