The present invention relates to enabling access to multiple services of a local server, where the local server is located within a private network, and the access attempt is made by an application outside of that private network. It is applicable in particular to the case where the private network is connected to a public network, such as the Internet, via a Network Address Translator (NAT) function.
Currently implemented communication systems for mobile devices allow users to easily access data services in addition to the traditional telephony services. Commonly used data services include email and web browsing. These existing data services rely on the mobile device acting as client, with data being requested (either directly or by subscription to a relevant service) and subsequently pushed to the mobile device from a network server (based for example in the network operator's domain or in the wider Internet).
Machine-to-machine (m2m) refers to the exchange of information between devices substantially without the need for human intervention. Such communication may be facilitated by the data services offered by existing mobile communication networks. By way of an example, a domestic electricity meter may be coupled to a mobile device (with SIM card installed) in order to periodically send electricity meter readings to a central server of an electricity supply company, via a mobile communication network to which the mobile device has access. Such services work well where it is the device which initiates the communication. It may be difficult however to implement services which require the central server (or other remote point) to initiate the communication. Considering again the above example, this scenario might arise when a user detects a fault with his or her meter and reports this to the supply company, whereupon the supply company wishes to poll the user's home electricity meter to obtain various data therefrom.
In today's Internet, IPv4 address space is severely limited given that an IPv4 address is composed of 32 bits. Despite the standardisation of IPv6 with a much greater address space, legacy issues (particularly associated with Internet routers) mean that IPv4 remains dominant. Mobile network operators must therefore live with the constraints of IPv4. In particular, operators have had to find a way to allow the many millions of mobile users to access IP data services despite the fact that the operators themselves are allocated only a relatively small number of unique IPv4 addresses. This is generally achieved using a process known as Network Address Translation, whereby the mobile devices are located behind a Network Address Translator (NAT). Within the operator's domain, private IP addresses are used to identify connected mobile devices. These private IP addresses are unique only within the operator's domain. The NAT allocates external IP addresses and ports (from a pool of available addresses and ports) as and when required by mobile devices. Using 3GPP terminology, this IP address allocation will likely occur at Packet Data Protocol (PDP) context creation. Typically, multiple mobile devices will share a single external IP address. A mobile device will randomly select a so-called “ephemeral” port number from a range of available port numbers. This ephemeral port number is included as the source port number in outgoing packets for the mobile node, and as the destination port number in incoming packets destined for that mobile node. The NAT maintains a mapping between external IP addresses and port numbers on the one hand and private IP addresses and port numbers on the other. The NAT performs IP address and port number translation for incoming packets using this mapping. IP address and port number translation is also performed by the NAT for outgoing packets based upon this mapping.
A problem with NATing is that, as a mobile device does not have a permanently allocated external IP address and port number, it is generally not possible for an external device to initiate a communication session with the mobile device. The external IP address and port number mapped to a particular mobile node may even change between different PDP context creations. The NAT must reject all such externally initiated communications to avoid the risk of them being forwarded to the wrong mobile device. In some cases it may be possible for a mobile device to initiate and establish a connection with an intermediary server via the NAT, and to maintain that connection by regularly polling the server. An external peer device may then initiate a connection with the mobile device by routing a connection request via the intermediary node and through the already open “pinhole” in the NAT. This of course requires that an appropriate application be installed in the mobile device (and in the external peer device), and that signalling be exchanged between the mobile device and the intermediary server hosting the registration service each time the device is allocated a new external IP address and port number (in addition to the polling traffic).
US2010/0094978 describes a mechanism for interfacing a private network to a public network such as the Internet. This involves providing a node or nodes in the public network with a host identifier having a first part identifying a server agent interfacing the two networks and a second part identifying a server present in the local network. Using the first part of the host identifier, a node in the public network is able to obtain an IP address for the server agent (e.g. using a DNS lookup) and open a TCP connection to the server agent. The public network node then forwards a message, destined for the private network server, to the server agent. This message includes in it the relevant host identifier. The server agent listens to a well known port, e.g. 80, and receives connection requests on that port. The server agent uses the second part of the host identifier to forward the received message to the private network server. This approach is limited to those protocols such as HTTP which allow the hostname to be included within the message sent from the public network node to the private network server. It is not applicable to protocols that do not allow this such as SNMP, SSH, SMTP, LDAP as well as other proprietary protocols that run over IP.
The problems presented by approaches such as US2010/0094978 are addressed by WO2012/103938 which proposes allocating a private network IP address, a hostname (e.g. imsi_x.oper.com) and a service name (e.g. service_x_.tcp.imsi_x.oper.com) to a first node (e.g. being a mobile terminal associated with a particular International Mobile Subscriber Identity, IMSI) within a private network, the service name being associated with a service provided by the first node. At a gateway interconnecting the private network with a public IP network, a unique public network side port number is allocated to the first node. A mapping between the private network IP address (and optionally the private network side port number) and the public network side port is included in a connection table. The following records are installed in a Domain Name System, DNS, of the public IP network:
A second node or “application”, attached to the public network but outside of the private network, is thereafter able to perform a DNS lookup in the public IP network in order to resolve the service name into a public IP address and port number. The gateway listens at the public side network port number for connection attempts to the first node, performs address and port translation on incoming requests using the mapping, and forwards the requests to the first node.
In summary, WO2012/103938 enables two-way communication between a (m2m) device located in internal network and an application located in an external network. Any request received by the gateway from an external application will be forwarded automatically to the device, i.e. transparently, using the private IP address and private port number via port mapping in the gateway. This gateway is transparent and able to forward any two-way communication traffic in any protocol based on TCP/UDP between the external application and the internal device.
The approach described in WO2012/103938 does not, by itself, allow an external application to explicitly address and access multiple service instances (i.e. resources) with the same service protocol name on the device, e.g. the external application cannot directly access multiple HTTP or CoAP service instances (resources) that are defined on different resource URI paths with the same service protocol (HTTP/CoAP) and service port number, and with the same IP address (same device).
Consider for example a logistics company operating a fleet of delivery trucks. Each truck may be provided with an m2m device that is attached to a Public Land Mobile Network PLMN. The PLMN performs NATing on upstream and downstream packet traffic to allow a large number of m2m devices to share a relatively small pool of public IP addresses. Each truck is further provided with a number of sensors (“resources”), e.g. including a container temperature sensor, camera, etc. These resources are coupled to the m2m device, for example via a local WiFi network or using Bluetooth™. Via an application provided at the control centre of the logistics company, the company wishes to obtain data from each of the resources across its fleet of trucks.
WO2012/103938 provides only for direct addressing of m2m devices via service protocol, IP address, and port number. Such addressing, via a unique DNS registered device hostname (for example based on the m2m device's IMSI and which links the SRV records to the A records) is a coarse and inconvenient method and in particular does not allow developers of m2m applications to distinguish between different APIs exposed by the device. Furthermore, the mapping provided by the prior art approach limits both the amount of services that can be exposed behind a given public IP address (to the total number of ports —65535) and the flexibility with which new services can be introduced (due to the need for manual configuration of the mapping). An m2m device may act as an aggregator of multiple resources which are identified by different resource URIs and need to be addressed and accessed individually by an application. The mechanisms presented in WO2012/103938 require the application to know everything about the device and the resources exposed by it, e.g. what is the correct resource URI path on the device to address and access, and the application must use exactly the same service protocol and request format as the device uses in order for the device to understand and parse the request correctly. Commonly used applications do not know so much about the device or the services they access.
According to a first aspect of the present invention there is provided apparatus for operating as a server node within a private IP network to host or aggregate a plurality of resources. The apparatus comprises an address controller for obtaining a private IP network IP address, for allocating a server node port number to said resources, and for causing the server node to listen on that server node port. A resource configurator is provided for determining for each of said resources a resource private Uniform Resource Identifier, URI, or URI path together with resource metadata, and for sending to a gateway, interconnecting the private IP network with a public IP network, an advertisement containing said private URI or URI path and respective resource metadata. The apparatus further comprises a resource request receiver for receiving requests at said server node port, for identifying private URIs or URI paths included within the requests, and for delivering resources corresponding to said URI or URI paths.
Embodiments of the invention may allow individual server nodes, within private networks, to make multiple resources available to external applications, i.e. applications outside of the private network, in such a way that detailed URIs or URI paths need not be known a priori to the external applications. This simplifies the process of developing those external applications.
The apparatus may comprise an interface or interfaces for communicating with one or more sub-nodes, which sub-nodes are responsible for hosting said resources, said resource request receiver being configured to forward received requests to the appropriate sub-node. These sub-nodes may be considered “child” nodes or “embedded” nodes.
Where the private IP network is a Public Land Mobile Network, PLMN, the apparatus may further comprise a radio unit for communicating with the PLMN. Such a configuration allows installation of the server node on a vehicle, plane, or aeroplane.
The resource configurator may be configured to determine metadata including one or more of enterprise controlled alias names, a resource UUID, a resource name or ID, a device serial number, product type, model number, device type, geographical location of the resource/device, owner/user of the resource/device.
The apparatus may comprise a message wrapper and unwrapper for wrapping a protocol specific message including resource metadata into a generic message format including a resource URI or URI path for inclusion in said advertisement, and for unwrapping a generic message format including a resource URI or URI path, contained within a received request, to determine a protocol specific message.
According to a second aspect of the present invention there is provided a transport mode, such as a vehicle, train or aeroplane, comprising the apparatus of the above first aspect of the invention.
According to a third aspect of the present invention there is provided apparatus for hosting an external application capable of accessing a resource hosted or aggregated by a server node attached to a private IP network. The apparatus comprises a memory for storing a Uniform Resource Name, URN, and metadata concerning said resource, and a resolver for communicating with a DDDS/DNS server or servers in order to resolve said URN into a public IP address and port number and one or more SRV+TXT records, where the TXT field of the or each record contains metadata associated with a resource hosted or aggregated by said server node and a resource Uniform Resource Identifier, URI, or URI path. The apparatus further comprises a processor for selecting an SRV+TXT record by matching the metadata stored in said memory to metadata contained in the TXT field(s), and a resource requester for sending a resource request to said public IP address and port number and including the resource URI or URI path contained in the selected SRV+TXT record.
According to a fourth aspect of the present invention there is provided a gateway for interconnecting a private IP network and a public IP network in order to facilitate external access to a plurality of resources hosted or aggregated by a server node attached to the private IP network. The gateway comprises a first address controller for obtaining a private IP network IP address and port number allocated to said server node, a second address and port controller for allocating a public IP network IP address and public network side port number to said server node, and for causing the gateway to listen on the allocated public network side port number, and a database and database controller for maintaining at the gateway a mapping between the private side IP address and port number and the public side port number.
The apparatus further comprises a receiver for receiving at the gateway from the server node, an advertisement of respective resource private Uniform Resource Identifier, URI, paths together with respective resource metadata, and a registrar for registering
The apparatus further comprises a request handler for,
According to a fifth aspect of the present invention there is provided a gateway for interconnecting a private IP network and a public IP network in order to facilitate external access to a plurality of resources hosted or aggregated by a server node attached to the private IP network. The gateway comprises an address and port controller for allocating a public IP network IP address and public network side port number to said server node, and for causing the gateway to listen on the allocated public network side port number, and a receiver for receiving at the gateway from the server node, an advertisement of respective resource private Uniform Resource Identifiers, URIs, together with respective resource metadata. The apparatus further comprises a database and database controller for maintaining at the gateway a mapping between the private URIs and respective public URIs, and a registrar for registering
a) said public side IP address and port number, and
b) said public URIs and respective resource metadata
as resource records in a public network Dynamic Delegation Discovery System, DDDS, and Domain Name System, DNS, to allow Uniform Resource Name, URN, based queries to be resolved into public URIs using DDDS and DNS lookup based upon resource metadata.
The apparatus further comprises a request handler for,
Further aspects of the invention, including aspects relating to method of operating network nodes, and set out in the appended claims.
As will be appreciated by the person of skill in the art, the conventional approach to NATing requires the maintenance within the NAT of a table mapping private IP addresses on the one hand with public IPv4 addresses and ephemeral port numbers on the other. Due to the relatively low numbers of public IPv4 addresses and ephemeral port numbers available to the NAT, the NAT will seek to reallocate unused public IPv4 address and ephemeral port number combinations. This makes it difficult to establish connections between a device located in a private network behind the NAT and an external device coupled to a public network such as the Internet, where it is the external device that initiates the connection. In such a scenario, the external device operates as the client, whilst it is the mobile device behind the NAT that operates as the server. Known solutions addressing this problem do not allow an external application to easily and flexibly access multiple resources available behind specific private network (m2m) devices.
A number of abbreviations will be used in the following discussion and are listed here for ease of reference:
A new approach to enabling external applications to access multiple resources available behind a private network (m2m) node will now be described. This approach builds upon that described in WO2012/103938 and it may be helpful for the reader to refer to that document. The new approach assumes that multiple resources available behind a private network connected m2m node are represented by respective resource URIs, and that an external application is able to lookup and identify resources in a flexible manner via respective resource identifiers, e.g. URNs. Addressing by URN is a convenient and flexible mechanism and allows application developers to define enterprise controlled “alias” names for enterprise devices/resources.
The key features required to implement the proposed resource access mechanism are as follows:
Considering further the resource wrapper present in the server node (m2m device),
The resource wrapper is used in both the resource discovery process and the resource access process. In a resource discovery process, i.e. when the m2m device advertises the available resources, the content of the advertisement message will be mapped to a message format using a generic message schema in order to facilitate the later provisioning process. In a resource access process, i.e. when an external application initiates a resource-URI based request to an m2m device, the request will be mapped into the device protocol specific request format by the resource wrapper (acting here as an “un-wrapper”) upon receipt of the request by the m2m device, thereby allowing the device to understand the protocol specific request. [When the m2m device initiates communication with the external application, the device protocol specific request will be mapped into the resource URI based request using the generic message schema, and then sent to the DAE.] The wrapping and unwrapping processes are illustrated further in
[Steps 1 to 6]: The m2m device powers on, and the PLMN authenticates the device using for example the APN and IMSI. The device acquires a private network IP address from the DAE and GGSN (analogous to the procedures described in WO2012/103938.
[Step 7]: The m2m device gathers metadata from the underlying/embedded devices and resources and advertises the resources to the DAE. This metadata is descriptive of, i.e. can be used to identity and/or address and/or describe, the underlying/embedded devices and resources. [The m2m device will send a multicast or unicast advertisement message containing the metadata towards the DAE (e.g. SSDP advertisement messages or CoAP multicast messages), with the GGSN forwarding the message to the DAE.] Metadata may include, for example, enterprise controlled alias names, e.g. a resource type, or a resource UUID, or a resource name or ID, a device serial number, product type, model number, device type, geographical location of the resource/device, owner/user of the resource/device, etc. Some of the resource metadata, e.g. geographical location, device subscriber, etc, can be directly acquired from an access network such as a PLMN, and automatically provisioned into the system.
The device comprises an address controller 13 for obtaining a private IP network IP address from the PLMN, for allocating a server node port number to the available (local) resources, and for causing the server node to listen on that server node port. The apparatus comprises a resource configurator 14 for determining for each of the available resources a resource private URI path together with resource metadata, and for sending to a gateway (DAE), interconnecting the private IP network to a public IP network, an advertisement containing the private URI paths and respective resource metadata. The apparatus also comprises a resource request receiver 15 for receiving requests at the server node port, for identifying private URI paths included within the requests, and for delivering resources corresponding to the URI paths. The apparatus also comprises a resource wrapper/unwrapper 16.
Referring now to
The apparatus comprises a memory 21 for storing a URN and metadata concerning the m2m device resource that the apparatus wishes to access. This data may be received via a user interface from a user wishing to access the resource, or could be pre-programmed. The apparatus further comprises a resolver 22 for communicating with a DDDS/DNS server or servers in order to resolve a Uniform Resource Name, URN, into a public IP address and port number and one or more SRV+TXT records. [The TXT field of the SRV+TXT records contains metadata associated with a resource hosted or aggregated by the server node and a resource Uniform Resource Identifier, URI, path. The apparatus comprises a processor 23 for selecting an SRV+TXT record by matching the metadata stored in the memory to metadata contained in the TXT field(s), and a resource requester 24 for sending a resource request to the public IP address and port number and including the resource URI path contained in the selected SRV+TXT record.
The gateway comprises a first address controller 30 for obtaining a private IP network IP address and port number allocated to the server node (m2m device). It also comprises a second address controller 31 for allocating a public IP network IP address and public network side port number to the server node, and for causing the gateway to listen on the allocated public network side port number. The gateway further comprises a database 32 and database controller 33 for maintaining at the gateway a mapping between the private side IP address and port number and the public side port number, as well as a receiver 34 for receiving at the gateway, from the server node, an advertisement of respective resource private Uniform Resource Identifier, URI, paths together with respective resource metadata.
The gateway is provided with a registrar 35 for registering the public side IP address and port number, and the private URI paths or public URI paths mapped to the private URI and respective resource metadata, as resource records in a public network Dynamic Delegation Discovery System, DDDS, and Domain Name System, DNS, to allow Uniform Resource Name, URN, based queries to be resolved into public or private URI paths using DDDS and DNS lookup based upon resource metadata. The gateway comprises a request handler 36 for receiving access requests, destined for the public side IP address and port number, and containing one of the public or private URI paths, mapping, for each request, the public side port number to the corresponding private side IP address and port number, and, if required, for mapping the contained public URI path to a private URI path, and forwarding the connection request to the server node.
Considering now
Considering now
The gateway receives (S6a) from the server node, an advertisement of respective resource private Uniform Resource Identifiers, URI, paths together with respective resource metadata. This metadata is descriptive, i.e. identifies, the resources that the server node is making available. The gateway then registers (S7a) the public side IP address and port number, and the private URI paths or public URI paths mapped to the private URI paths and respective resource metadata, as resource records in a public network Dynamic Delegation Discovery System, DDDS, and Domain Name System, DNS. These records allow queries containing resource metadata to be resolved into public or private URI paths using DDDS and DNS lookup.
The gateway is subsequently able to receive (S8a) access requests, destined for the public side IP address and port number and containing one of the public or private URI paths, and, for each request, to map (S9a) the public side port number to the corresponding private side IP address and port number. If required, the gateway maps (S10a) the contained public URI path to a private URI path, and forwards (S11a) the connection request to the server node.
The above discussion has been concerned with application layer requests, e.g. HTTP, sent by the external application. An alternative scenario involves the external application sending resource layer requests. The resource layer is a layer that resides above the application layer. An example of a resource layer request is as follows:
The gateway handles this request at the resource layer. Rather than using port and URI mapping, the resource layer generates a new request, using URI mapping. For example, after URI mapping, the following new request is created:
This new request message is forwarded to the device: the IP/TCP layers add packet headers in accordance with the destination IP address and port number contained within the URI.
Considering this scenario further, the URI mapping only occurs on the URI resource layer, not on the TCP/UDP/IP layer. The Gateway will look at the URI request, map the URI to the private URI, and form a new URI request to the server node using the new URI. The IP packet layers are not directly involved in this process. Of course, the new IP packet needs to be created and sent to the server node (i.e. a new IP packet is created with a new IP and port number and a new URI path, and is then sent to the server node), but that could be done by a web server (if the web server supports, e.g. the RESTful framework in case of HTTP request). When receiving the application request, the Gateway will not look at the incoming IP packet, it will only look at the resource layer URI request, map the public URI to the private URI, and send the new URI request. Here the Gateway can reuse the existing RESTful framework (for the HTTP case) or use a new RESTful framework (e.g. for SIP/COAP/FTP/SNMP/LDAP/etc case) to be able to send the new URI request to the server node.
This invention is not only applicable to “root” m2m devices, i.e. m2m devices that themselves provide the resources, but is also applicable to the “sub” devices behind a “parent” device. This assumes that the sub devices either register their resources via the parent device or directly to the DAE.
This invention is applicable to devices in a mobile network, but also to devices in a fixed network, WiFi network, Zigbee over IP network, etc.
Steps within the URN resolution procedure may be delegated by the external application to other nodes.
The embodiment described above with reference to the figures includes the possibility of a wrapper/unwrapper implemented at the server node in order to map URI paths and metadata to and from a generic message format. According to an alternative embodiment, this wrapper/unwrapper is implemented at the gateway (DAE). It could also be implemented at a node functionally located between the server node and the gateway.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/EP12/76879 | 12/24/2012 | WO | 00 |