Patent Grant
6944672
This invention relates generally to the field of network addressing, and more particularly to a method and system for processing fragments and their out-of-order delivery during address translation.
Due to the success of the Internet, the Internet Protocol (IP) has become the primary networking protocol. Major concerns of the Internet community are the depletion of global IP address space (IPV4) and the complexity of configuring hosts with global IP addresses for Internet access. To extend the life of current IP address space and provide configureless access, network address translation (NAT) and its extension, port address translation (PAT), have been employed.
Network address translation supports connectivity between the Internet and hosts using private addressing schemes. This connectivity provides configureless access to the Internet in that hosts may have independently assigned, globally non-unique addresses that need not be coordinated with the Internet Address Numbering Association (IANA) or other Internet registry. Network address translation pairs up the private addresses to public addresses so that the inside IP addresses appear as legally registered IP addresses on the Internet.
Port address translation allows a number of private network addresses and their ports to be translated to a single network address and its ports. Thus, multiple hosts in a private network may simultaneously access the Internet using a single legally registered IP address. The registered IP address is typically assigned to a router that translates addressing information contained in message headers between the addressing schemes.
Port address translation uses transport layer header information (protocol, port, etc.) to uniquely translate and direct IP traffic to the correct receiver. IP fragments, other than the first fragment, however, do not carry any transport layer protocol information. Thus, when IP fragments are delivered out-of-order, which is common with IP traffic, the IP fragments cannot be translated unless the first fragment of the packet is already received. As a result, the fragments are discarded and the data must be resent. This leads to delays in obtaining information and increased traffic on the Internet.
The present invention provides a method and system for translating addressing information for packetized fragments that substantially eliminate or reduce disadvantages and problems associated with previously developed systems and methods. In particular, the present invention stores fragments delivered out-of-order until additional fragments are received having address translation information with which the stored fragments may be translated.
In accordance with one embodiment of the present invention, a set of packetized fragments in which only a portion of the fragments carry translation information for the set of fragments is translated by storing in a memory fragments received before the translation information. In response to receiving the translation information, the fragments stored in the memory are translated based on the translation information. After receipt of the translation information, fragments are translated as they are received based on the translation information.
More particularly, in accordance with a particular embodiment of the present information, the translation information is address translation information and each fragment is translated by translating addressing information for the fragment. In this embodiment, the fragments may be Internet Protocol (IP) fragments in which only the first fragment carries the translation information. Address translation is performed in accordance with Network Address Translation (NAT) and Port Address Translation (PAT).
The technical advantages of the present invention include providing a method and system for processing fragments during address translation. In addition, it also provides a method and system for processing fragments delivered out-of-order. In particular, fragments delivered out-of-order without address translation information are stored until the address translation information is received. At that time, addressing information for the stored fragments is translated and the fragments are directed to that address. Accordingly, out-of-order fragments need not be discarded nor retransmitted. Thus, any delay is minimized and network traffic reduced.
Another technical advantage of the present invention extends network and port address translation capabilities to forward IP traffic without compromise. This capability makes network and port address translation highly deployable and useful. Moreover, resource impact is minimized by creating fragment-context and searching only when needed. Requirements for dynamic memory objects are also kept to a minimum by using aging timers for both fragment-context and stored fragments.
Other technical advantages will be readily apparent to one skilled in the art from the following figures, description, and claims.
For a more complete understanding of the present invention and its advantages, reference is now made to the following description taken in conjunction with the accompanying drawings, wherein like reference numerals represent like parts, in which:
The Intranet 20 includes an inside network connecting a plurality of remote hosts 24 to the router 16. The inside network is a local area network (LAN), a wide area network (WAN), or the suitable type of link capable of communicating data between the hosts 24 and the router 16. For the local area network embodiment, the inside network may be an Ethernet. The Internet 22 can be other types of outside networks such as a local area network (LAN) or public Internet which employs the outside addressing scheme. Translation function translates network address information between these two schemes whenever packets cross the boundary which is router 16.
The hosts 24 are each a computer such as a personal computer, file server, workstation, minicomputer, mainframe, or any general purpose or other computer or device capable of communicating with other computers or devices over a network. For the personal computer embodiment, the hosts 24 each include input devices, output devices, processors, and memory. The input devices may include a pointing device such as a mouse, keyboard, or the like. The output devices may include a monitor, a printer, or the like.
In a particular embodiment, the hosts 24 are each assigned a private Intranet Protocol (IP) address for communication within the Intranet 20. The router 16 is assigned a public Internet Protocol (IP) address and uses port address translation (PAT) to translate the private IP addresses to the public IP address for communication on the Internet 22. It will be understood that other suitable types of addressing protocols and translation may be used in and between the private and public addressing spaces 12 and 14. For example, network address translation (NAT) or a similar system may be used to translate private IP or other addresses to public IP or other addresses.
Referring to
The IP header 40 includes protocol data 45, a fragment set ID 46, and a fragment offset 48. The protocol data 45 identifies the packet protocol for the primary fragment 32. The fragment set ID 46 identifies the fragment set to which the primary fragment 32 belongs. The fragment offset 48 identifies the number of the primary fragment 32. For the IP embodiment, the fragment offset is one identifying that the primary fragment 32 is the first fragment of the set. The fragment set ID and offset 46 and 48 allow fragments in the set to be identified, associated and ordered.
The transport header 42 includes a source port 50 and a destination port 52. The source port 50 identifies the port transmitting the fragment set. The destination port 52 identifies the port to which the fragment set is destined. As described in more detail below, port address translation uses the protocol data and ports 45, 50, and 52 in the IP and transport headers 40 and 42 to uniquely translate and direct the IP fragments to the appropriate receiver.
Referring to
The IP header 60 includes protocol data 64, a fragment set ID 66, and a fragment offset 68 as previously described in connection with the IP header 40 of the primary fragment 32. The fragment set ID and offset 66 and 68 allow the secondary fragment 34 to be associated with the primary fragment 32 and ordered within the fragment set.
No transport header is provided in the secondary fragment 34. Instead, described in more detail below, information from the transport header 42 of the primary fragment 32 is used for translating the secondary fragment 34. This allows the secondary fragment 34 to carry an increased amount of the payload data 62.
Returning to
The router 16 may be a Cisco 675 router manufactured by Cisco Systems, Inc. or other suitable border router or device capable of translating addressing information between disparate addressing systems. The router 16 includes a translation engine 80, a translation table 82, and a fragment memory 84. The translation engine 80 uses the translation table 82 to translate addresses between the private and public address spaces 12 and 14.
For the IP embodiment, the translation engine 60 performs port address translation (PAT). Port address translation automatically establishes binding between the private IP addresses and the public IP address dynamically during initiation of a session. Port address translation uses the protocol and port data in the IP and transport headers to translate the larger number of private IP addresses to the smaller number of public IP addresses. In the IP embodiment, the translation engine 80 uses the protocol data and port information 45, 50, and 52 in the IP and transport headers 40 and 42 of the primary fragment 32 to translate addressing information for the primary fragment 32 and uses a fragment-context based on that protocol data and port information 45, 50 and 52 in the primary fragment 32 along with the IP header 60 of the secondary fragments 34 to associate and translate the secondary fragments 34. In particular, as described in more detail below, translation engine with Port Address Translation (PAT) creates fragment-context using the 16-bit fragment identification information in the IP header of every first fragment of every fragmented IP packet. This fragment-context 92 is associated with the address translation entry 90 used for translating the packet. Fragments received subsequent to creating fragment-context 92 can be translated using the address translation entry 90 that is associated with the fragment context 92 that matches the fragment-context of the current fragment. Further information concerning port address translation may be obtained from RFC 1631 and RFC 1918, published by Internet Engineering Task Force (IETF), which are hereby incorporated by reference.
The fragment memory 84 is a queue or any other suitable memory data structure capable of storing one or more secondary fragments 34. The fragment memory 84 allows secondary fragments 34 delivered out-of-order without address translation information to be saved for later translation. Accordingly, the out-of-order fragments need not be discarded nor retransmitted. Thus, delay is minimized and network traffic reduced.
In one embodiment, the fragment memory 84 stores secondary fragments 34 until the primary fragment 32 is received or a timer expires. Accordingly, secondary fragments 34 for which no primary fragment 32 will be received, may be aged and removed from the fragment memory 84. As a result, dynamic memory requirements are minimized.
Referring to
Referring to
Returning to decisional step 102, if the packet is a fragment, the Yes branch of decisional step 102 leads to decisional step 108. At decisional step 108, the translation engine 80 determines if the fragment 30 is a primary fragment 32 including address translation information. For IP fragments, this may be determined from the fragment offset 48 and/or 68. If the fragment 30 is a primary fragment 32, the Yes branch of decisional step 108 leads to step 110.
At step 110, the translation engine 80 identifies a translation entry 90 in the translation table 82 for the primary fragment 32 using the IP and transport header information 40 and 42. At step 112, the translation engine 80 translates addressing information for the primary fragment 32 using the identified translation entry 90. At this point, translation for the primary fragment 32 is complete and the primary fragment 32 may be directed to the appropriate receiver.
Proceeding to step 114, the translation engine 80 generates a fragment-context 92 for the identified translation entry. The fragment-context 92 may be any structure or data capable of associating secondary fragment 34 with address translation information for translating addressing information in the secondary fragments 34. As described in more detail below, the fragment-context 92 is used to associate secondary fragments 34 with the translation entry 90 in the translation table 82 to allow translation of the addressing information in the secondary fragments 34. In one embodiment, the fragment-context 92 is created using the 16-bit identification information in the IP header 40 of the primary fragment 32. The fragment-context 92 is associated with the translation entry 90 identified by the primary fragment 34. In this embodiment, the translation engine 80 may translate secondary fragments 34 by matching their IP header to the fragment-context 92 and using the associated entry 90 for translation.
Next, at step 116, the translation engine 80 translates each secondary fragment 34 that was previously received and stored in the fragment memory 84. As used herein, each means each of at least a subset of the identified items. Related fragments are those fragments having an IP header 60 matching the fragment-context 92. Accordingly, secondary fragments 34 delivered out-of-order are translated as soon as the primary fragment 32 is received at the router 16. It will be understood that the stored fragments may be otherwise translated in response to receiving the translation information. Thus, the translation need not be immediate or may be delayed by the occurrence or nonoccurrence of an intervening event.
Returning to decisional step 108, if the fragment 30 is not a primary fragment, then it is a secondary fragment 34 that cannot be translated on its own and the No branch of decisional step 108 leads to decisional step 118. At decisional step 118, the translation engine 80 determines if a fragment-context 92 exists for the secondary fragment 34. In one embodiment, this is determined by comparing the IP header 60 of the secondary fragment 34 to all fragment-contexts 92 in the translation table 82 to determine if a match exists. If a match does not exist, then the secondary fragment 34 has been received out-of-order before the primary fragment 32 and address translation information does not exist for translating the secondary fragment 34. Accordingly, the No branch of decisional step 118 leads to step 120. At step 120, the secondary fragment 34 is stored in the fragment memory 84 from which it can be later translated if the primary fragment 32 is timely received. Thus, the out-of-order fragment 34 is not discarded and the message of the fragment set need not be retransmitted. Accordingly, network delays and traffic are reduced.
Returning to decisional step 118, if an existing fragment-context 92 exists for the secondary fragments 34, the secondary fragments 34 may be translated and the Yes branch of decisional step 118 leads to step 122. At step 122, a translation entry 90 in the translation table 82 with which the matching fragment-context 92 is associated is identified. At step 124, the secondary fragment 34 is translated using the identified entry 90. Accordingly, after the primary fragment 32 has been received, later received secondary fragments 34 are translated as they are received. This way, out-of-order fragments are handled with minimal impact on translation and forwarding performance and system resources.
Although the present invention has been described with several embodiments, various changes and modifications may be suggested to one skilled in the art. It is intended that the present invention encompass such changes and modifications as fall within the scope of the appended claims.
This application is a continuation of U.S. patent application Ser. No. 09/227,048 filed Jan. 7, 1999 U.S. Pat. No. 6,453,357 and entitled “Method and System for Processing Fragments and Their Out-of-Order Delivery During Address Translation”.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4771425 | Baran et al. | Sep 1988 | A |
| 4819228 | Baran et al. | Apr 1989 | A |
| 4903261 | Baran et al. | Feb 1990 | A |
| 4975906 | Takiyasu et al. | Dec 1990 | A |
| 4985889 | Frankish et al. | Jan 1991 | A |
| 5020058 | Holden et al. | May 1991 | A |
| 5059925 | Weisbloom | Oct 1991 | A |
| 5072449 | Enns et al. | Dec 1991 | A |
| 5088032 | Bosack | Feb 1992 | A |
| 5113392 | Takiyasu et al. | May 1992 | A |
| 5115431 | Williams et al. | May 1992 | A |
| 5119403 | Krishnan | Jun 1992 | A |
| 5128945 | Enns et al. | Jul 1992 | A |
| 5224099 | Corbalis et al. | Jun 1993 | A |
| 5255291 | Holden et al. | Oct 1993 | A |
| 5274631 | Bhardwaj | Dec 1993 | A |
| 5274635 | Rahman et al. | Dec 1993 | A |
| 5274643 | Fisk | Dec 1993 | A |
| 5313454 | Bustini et al. | May 1994 | A |
| 5317562 | Nardin et al. | May 1994 | A |
| 5337313 | Buchholz et al. | Aug 1994 | A |
| 5359592 | Corbalis et al. | Oct 1994 | A |
| 5394394 | Crowther et al. | Feb 1995 | A |
| 5422880 | Heitkamp et al. | Jun 1995 | A |
| 5430715 | Corbalis et al. | Jul 1995 | A |
| 5434863 | Onishi et al. | Jul 1995 | A |
| 5440545 | Buchholz et al. | Aug 1995 | A |
| 5452306 | Turudic et al. | Sep 1995 | A |
| 5459723 | Thor | Oct 1995 | A |
| 5461624 | Mazzola | Oct 1995 | A |
| 5473599 | Li et al. | Dec 1995 | A |
| 5473607 | Hausman et al. | Dec 1995 | A |
| 5509006 | Wilford et al. | Apr 1996 | A |
| 5517488 | Miyazaki et al. | May 1996 | A |
| 5519704 | Farinacci et al. | May 1996 | A |
| 5541919 | Yong et al. | Jul 1996 | A |
| 5555244 | Gupta et al. | Sep 1996 | A |
| 5561663 | Klausmeier | Oct 1996 | A |
| 5561669 | Lenney et al. | Oct 1996 | A |
| 5566170 | Bakke et al. | Oct 1996 | A |
| 5570360 | Klausmeier et al. | Oct 1996 | A |
| 5583859 | Feldmeier | Dec 1996 | A |
| 5583862 | Callon | Dec 1996 | A |
| 5588000 | Rickard | Dec 1996 | A |
| 5590122 | Sandorfi et al. | Dec 1996 | A |
| 5598581 | Daines et al. | Jan 1997 | A |
| 5602850 | Wilkinson et al. | Feb 1997 | A |
| 5602853 | Ben-Michael et al. | Feb 1997 | A |
| 5604741 | Samueli et al. | Feb 1997 | A |
| 5612957 | Gregerson et al. | Mar 1997 | A |
| 5617417 | Sathe et al. | Apr 1997 | A |
| 5617421 | Chin et al. | Apr 1997 | A |
| 5629933 | Delp et al. | May 1997 | A |
| 5648970 | Kapoor | Jul 1997 | A |
| 5666353 | Klausmeier et al. | Sep 1997 | A |
| 5673265 | Gupta et al. | Sep 1997 | A |
| 5684791 | Raychaudhuri et al. | Nov 1997 | A |
| 5689505 | Chiussi et al. | Nov 1997 | A |
| 5691997 | Lackey, Jr. | Nov 1997 | A |
| 5729546 | Gupta et al. | Mar 1998 | A |
| 5732079 | Castrigno | Mar 1998 | A |
| 5737526 | Periasamy et al. | Apr 1998 | A |
| 5737635 | Daines et al. | Apr 1998 | A |
| 5740171 | Mazzola et al. | Apr 1998 | A |
| 5740176 | Gupta et al. | Apr 1998 | A |
| 5742604 | Edsall et al. | Apr 1998 | A |
| 5742649 | Muntz et al. | Apr 1998 | A |
| 5764636 | Edsall | Jun 1998 | A |
| 5764641 | Lin | Jun 1998 | A |
| 5765032 | Valizadeh | Jun 1998 | A |
| 5781549 | Dai | Jul 1998 | A |
| 5787070 | Gupta et al. | Jul 1998 | A |
| 5787255 | Parlan et al. | Jul 1998 | A |
| 5793763 | Mayes et al. | Aug 1998 | A |
| 5793978 | Fowler | Aug 1998 | A |
| 5796732 | Mazzola et al. | Aug 1998 | A |
| 5802042 | Natarajan et al. | Sep 1998 | A |
| 5805595 | Sharper et al. | Sep 1998 | A |
| 5812618 | Muntz et al. | Sep 1998 | A |
| 5815516 | Aaker et al. | Sep 1998 | A |
| 5822383 | Muntz et al. | Oct 1998 | A |
| 5835036 | Takefman | Nov 1998 | A |
| 5835481 | Akyol et al. | Nov 1998 | A |
| 5835494 | Hughes et al. | Nov 1998 | A |
| 5835725 | Chiang et al. | Nov 1998 | A |
| 5838915 | Klausmeier et al. | Nov 1998 | A |
| 5838994 | Valizadeh | Nov 1998 | A |
| 5859550 | Brandt | Jan 1999 | A |
| 5864542 | Gupta et al. | Jan 1999 | A |
| 5867666 | Harvey | Feb 1999 | A |
| 5870394 | Oprea | Feb 1999 | A |
| 5949799 | Grivna et al. | Sep 1999 | A |
| 5978951 | Lawler et al. | Nov 1999 | A |
| 6026093 | Bellaton et al. | Feb 2000 | A |
| 6044079 | Calvignac et al. | Mar 2000 | A |
| 6046999 | Miki et al. | Apr 2000 | A |
| 6091733 | Takagi et al. | Jul 2000 | A |
| 6111874 | Kerstein | Aug 2000 | A |
| 6111924 | McKinley | Aug 2000 | A |
| 6137798 | Nishihara et al. | Oct 2000 | A |
| 6147996 | Laor et al. | Nov 2000 | A |
| 6154460 | Kerns et al. | Nov 2000 | A |
| 6157955 | Narad et al. | Dec 2000 | A |
| 6160793 | Ghani et al. | Dec 2000 | A |
| 6185208 | Liao | Feb 2001 | B1 |
| 6185620 | Weber et al. | Feb 2001 | B1 |
| 6246684 | Chapman et al. | Jun 2001 | B1 |
| Number | Date | Country |
|---|---|---|
| WO 9520282 | Jul 1995 | WO |
| WO 9604729 | Feb 1998 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20020161915 A1 | Oct 2002 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 09227048 | Jan 1999 | US |
| Child | 10174360 | US |
