Method and system for enabling connections into networks with local address realms

US 20050223095A1
Filed: 03/28/2003
Published: 10/06/2005
Est. Priority Date: 04/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a connection between a node of an outside address realm and a node of an inside address realm through an intermediate communication gateway having a number of outside-realm gateway addresses for enabling outside-realm representation of inside-realm nodes, said method comprising the steps of:

preparing, at said outside node, a user-resource identifier query that includes an inside node identifier as well as predetermined connection information including at least one of outside node address information and inside node port information;

determining inside-realm network address information based on said inside node identifier included in said identifier query;

identifying, based on said predetermined connection information included in said identifier query, an outside-realm gateway address to be used in establishing a dynamic gateway connection state for a flow between said outside node and said inside node through said gateway; and

establishing said dynamic gateway connection state based on said identified outside-realm gateway address, said predetermined connection information included in said identifier query and said inside-realm network address information, thereby enabling an outside-realm initiated connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention generally concerns the issue of providing connectivity between two different address realms, generally referred to as an inside realm and an outside realm, by establishing connections through an intermediate gateway. The gateway normally has a number of outside-realm gateway addresses for enabling representation of inside-realm nodes in the outside realm. In a first aspect, support for flexible outside-realm initiated connections is enabled by dynamically establishing new gateway connection states triggered, for each new connection, by a respective user-resource identifier query initiated from a corresponding outside node. In a second aspect of the invention, intelligent use of predetermined connection information in the process of setting up new gateway connection states makes it possible to significantly increase the number of connections that can be simultaneously supported by the gateway using a limited number of outside-realm addresses.

Citations

65 Claims

1. A method for establishing a connection between a node of an outside address realm and a node of an inside address realm through an intermediate communication gateway having a number of outside-realm gateway addresses for enabling outside-realm representation of inside-realm nodes, said method comprising the steps of:
- preparing, at said outside node, a user-resource identifier query that includes an inside node identifier as well as predetermined connection information including at least one of outside node address information and inside node port information;
  
  determining inside-realm network address information based on said inside node identifier included in said identifier query;
  
  identifying, based on said predetermined connection information included in said identifier query, an outside-realm gateway address to be used in establishing a dynamic gateway connection state for a flow between said outside node and said inside node through said gateway; and
  
  establishing said dynamic gateway connection state based on said identified outside-realm gateway address, said predetermined connection information included in said identifier query and said inside-realm network address information, thereby enabling an outside-realm initiated connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein said step of establishing said dynamic gateway connection state comprises the steps of:
    - creating a partially complete gateway connection state based on said identified outside-realm gateway address, said predetermined connection information included in said identifier query and said inside-realm network address information; and
      
      upon receipt of a packet from said outside node to said gateway, transforming said partially complete gateway state into a complete gateway connection state based on complementary connection information associated with said packet.
  - 3. The method according to claim 1, wherein said step of identifying an outside-realm gateway address comprises the step of identifying an outside-realm gateway address, which in combination with said predetermined information included in said identifier-query defines a partially complete outside-realm gateway state representation that has no counterpart in any existing partially complete gateway connection state.
  - 4. The method according to claim 3, further comprising the step of maintaining a separate list representation of existing partially complete gateway connection states, and wherein said partially complete outside-realm representation is identified based on comparison with corresponding information of all existing partially complete gateway connection states represented in said list representation.
  - 5. The method according to claim 4, wherein said step of identifying an outside-realm gateway address comprises the step of traversing outside-realm gateway addresses associated with said gateway until finding an outside-realm gateway address, which in combination with said predetermined connection information included in said identifier query has no counterpart in any existing partially complete gateway connection state represented in said list representation.
  - 6. The method according to claim 4, wherein said step of identifying an outside-realm gateway address comprises the step of verifying that a pre-allocated outside-realm gateway address in combination with said predetermined connection information included in said identifier query has no counterpart in any existing partially complete gateway connection state represented in said list representation.
  - 7. The method according to claim 2, wherein said predetermined connection information included in said identifier query is an outside network address of said outside node, and said complementary connection information for completing the gateway connection state includes a port number of said inside node and a port number of said outside node.
  - 8. The method according to claim 2, wherein said predetermined connection information included in said identifier query is an inside node port number, and said complementary connection information for completing the gateway connection state includes an outside network address of said outside node and a port number of said outside node.
  - 9. The method according to claim 1, further comprising the step of notifying said outside node of said identified outside-realm gateway address.
  - 10. The method according to claim 1, wherein said user-resource identifier query is a Domain Name Server (DNS) query.
  - 11. The method according to claim 1, wherein said inside address realm is a private address realm and said outside address realm is a public address realm.

12. A system for establishing a connection between a node of an outside address realm and a node of an inside address realm through an intermediate communication gateway having a number of outside-realm gateway addresses for enabling outside-realm representation of inside-realm nodes, said system comprising:
- means, responsive to a user-resource identifier query from said outside node, for determining inside-realm network address information based on an inside node identifier included in said identifier query, wherein said identifier query further includes predetermined connection information including at least one of outside node address information and inside node port information;
  
  means for identifying, based on said predetermined connection information included in said identifier query, an outside-realm gateway address to be used in establishing a dynamic gateway connection state for a flow between said outside node and said inside node through said gateway;
  
  means for establishing said dynamic gateway connection state based on said identified outside-realm gateway address, said predetermined connection information included in said identifier query and said inside-realm network address information, thereby enabling an outside-realm initiated connection.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The system according to claim 12, wherein said means for establishing said dynamic gateway connection state comprises:
    - means for creating a partially complete gateway connection state based on said identified outside-realm gateway address, said predetermined connection information included in said identifier query and said inside-realm network address information;
      
      means for transforming;
      
      upon receipt of a packet from said outside node to said gateway, said partially complete gateway state into a complete gateway connection state based on complementary connection information associated with said packet.
  - 14. The system according to claim 12, wherein said means for identifying an outside-realm gateway address is operable for identifying an outside-realm gateway address, which in combination with said predetermined connection information included in said identifier-query defines a partially complete outside-realm gateway state representation that has no counterpart in any existing partially complete gateway connection state.
  - 15. The system according to claim 14, further comprising means for maintaining a separate list representation of existing partially complete gateway connection states, and wherein said partially complete outside-realm representation is identified based on comparison with corresponding information of all existing partially complete gateway connection states represented in said list representation.
  - 16. The system according to claim 15, wherein said means for identifying an outside-realm gateway address comprises means for traversing outside-realm gateway addresses associated with said gateway until finding an outside-realm gateway address, which in combination with said predetermined connection information included in said identifier query has no counterpart in any existing partially complete gateway connection state represented in said list representation.
  - 17. The system according to claim 15, wherein said means for identifying an outside-realm gateway address comprises means for verifying that a pre-allocated outside-realm gateway address in combination with said predetermined connection information included in said identifier query has no counterpart in any existing partially complete gateway connection state represented in said list representation.
  - 18. The system according to claim 13, wherein said predetermined connection information included in said identifier query is an outside network address of said outside node, and said complementary connection information for completing the gateway connection state includes a port number of said inside node and a port number of said outside node.
  - 19. The system according to claim 13, wherein said predetermined connection information included in said identifier query is an inside node port number, and said complementary connection information for completing the gateway connection state includes an outside network address of said outside node and a port number of said outside node.
  - 20. The system according to claim 12, further comprising means for notifying said outside node of said identified outside-realm gateway address.
  - 21. The system according to claim 12, wherein said means for identifying an outside-realm gateway address, among the outside-realm gateway addresses associated with said gateway, includes a gateway resource manager.
  - 22. The system according to claim 12, wherein said user-resource identifier query is a Domain Name Server (DNS) query.
  - 23. The system according to claim 12, wherein said inside address realm is a private address realm and said outside address realm is a public address realm.

24. A method for establishing a connection between a node of an outside address realm and a node of an inside address realm through an intermediate communication gateway, said method comprising the step of dynamically establishing, triggered by a user-resource identifier query initiated from said outside node, a gateway connection state for a flow between said outside node and said inside node through said gateway.
- View Dependent Claims (25)
- - 25. The method according to claim 24, wherein said gateway connection state is dynamically established based on at least one of an outside network address of said outside node and a port number of said inside node included in said identifier query.

26. A gateway resource manager for a communication gateway that has a number of outside-realm gateway addresses for enabling outside-realm representation of inside-realm nodes, said gateway resource manager comprising:
- means for receiving inside-realm network address information corresponding to an inside node and predetermined connection information including at least one of address information of an outside node and inside node port information;
  
  means for identifying, based on said predetermined connection information, an outside-realm gateway address to be used in establishing a dynamic gateway connection state for a flow between said outside node and said inside node through said gateway; and
  
  means for requesting said gateway to establish said dynamic gateway connection state based on said identified outside-realm gateway address, said predetermined connection information and said inside-realm network address information.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The gateway resource manager according to claim 26, wherein said predetermined connection information is an outside node address, and said requesting means is operable for requesting allocation of said identified outside-realm gateway address to said inside node for traffic coming from said outside node address.
  - 28. The gateway resource manager according to claim 26, wherein said requesting means is operable for sending a request to said gateway for establishment of a partially complete gateway connection state based on said identified outside-realm gateway address, said predetermined connection information and said inside-realm network address.
  - 29. The gateway resource manager according to claim 28, further comprising:
    - means for receiving a reply from said gateway that said partially complete gateway connection state has been created; and
      
      means for notifying said outside node of said identified outside-realm gateway address in response to said reply from said gateway.
  - 30. The gateway resource manager according to claim 28, wherein said means for identifying an outside-realm gateway address is operable for identifying an outside-realm gateway address, which in combination with said predetermined information defines a partially complete outside-realm gateway state representation that has no counterpart in any existing partially complete gateway connection state.
  - 31. The gateway resource manager according to claim 30, further comprising means for maintaining a list representation of existing partially complete gateway connection states, and wherein said partially complete outside-realm representation is identified based on comparison with corresponding information of all existing partially complete gateway connection states represented in said list representation.

32. A method for establishing a connection between a node of an inside address realm and a node of an outside address realm through an intermediate communication gateway having a number of outside-realm gateway addresses for enabling outside-realm representation of inside-realm nodes, said method comprising the steps of:
- identifying, whenever possible, based on predetermined connection information, further connection information that in combination with said predetermined connection information defines an outside-realm gateway state representation that has no counterpart in a predetermined set of existing gateway connection states, said predetermined connection information including at least one of network address information and port information and said further connection information including an outside-realm gateway address; and
  
  initiating establishment of said connection based on said outside-realm gateway state representation.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 33. The method according to claim 32, further comprising the step of maintaining a separate list representation of said predetermined set of existing gateway connection states, and wherein said outside-realm gateway state representation is identified based on comparison with corresponding information of said gateway connection states represented in said list representation.
  - 34. The method according to claim 32, wherein said predetermined connection information includes at least one of outside node address information and outside node port information, said outside-realm gateway state representation is an at least partially complete gateway state representation, and said predetermined set of gateway connection states includes the existing gateway connection states in said gateway.
  - 35. The method according to claim 34, wherein said further connection information also includes associated gateway port information, said outside-realm representation is a complete outside-realm representation, and said step of initiating establishment of said connection comprises the step of requesting that said gateway creates a gateway connection state based on said complete outside-realm representation.
  - 36. The method according to claim 34, wherein said outside-realm representation is a partially complete outside-realm representation, and said step of initiating establishment of said connection comprises the step of requesting that said gateway creates a partially complete gateway connection state based on said partially complete outside-realm representation.
  - 37. The method according to claim 36, further comprising the step of selecting, if said identification is not possible, an outside-realm gateway address among the least utilized outside-realm gateway addresses to define said partially complete outside-realm representation to be used for initiating establishment of said connection.
  - 38. The method according to claim 37, further comprising the step of verifying, upon receipt of a packet from said inside node to said gateway, that said partially complete outside-realm representation in further combination with inside node port information associated with said packet, defines a complete outside-realm gateway state representation that has no counterpart in any existing gateway connection state.
  - 39. The method according to claim 38, further comprising the step of transforming a partially complete gateway connection state created in said gateway based on said partially complete outside-realm representation into a complete gateway connection state based on said complete outside-realm representation, thereby completely establishing said connection.
  - 40. The method according to claim 32, wherein said predetermined connection information includes at least one of outside node address information and inside node port information, said outside-realm gateway state representation is a partially complete gateway state representation and said predetermined set of gateway connection states includes the existing partially complete gateway connection states in said gateway.
  - 41. The method according to claim 40, wherein said step of identifying further connection information including an outside-realm gateway address comprises the step of traversing outside-realm gateway addresses of the gateway until finding an outside-realm gateway address, which in combination with said predetermined connection information has no counterpart in any existing partially complete gateway connection state.
  - 42. The method according to claim 40, wherein said step of identifying further connection information including an outside-realm gateway address comprises the step of verifying that a pre-allocated outside-realm gateway address in combination with said predetermined connection information has no counterpart in any existing partially complete gateway connection state.
  - 43. The method according to claim 40, wherein said step of initiating establishment of said connection comprises the step of requesting that said gateway establishes a partially complete gateway connection state based on said partially complete outside-realm representation.
  - 44. The method according to claim 43, further comprising the step of transforming, upon receipt of a packet from said outside node to said gateway, said partially complete gateway connection state that has been created in said gateway into a complete gateway connection state based on complementary connection information associated with said packet.
  - 45. The method according to claim 44, wherein said predetermined connection information is predetermined outside node address information, and said complementary connection information includes inside node port information and outside node port information.
  - 46. The method according to claim 44, wherein said predetermined connection information is predetermined inside node port information, and said complementary connection information includes outside node address information and outside node port information.
  - 47. The method according to claim 40, further comprising the steps of:
    - selecting, if said identification is not possible based on predetermined inside node port information, another gateway port; and
      
      identifying further connection information including an outside-realm gateway address based on said selected gateway port to define a unique, partially complete outside-realm representation of a gateway connection state.
  - 48. The method according to claim 40, wherein said predetermined connection information originates from a user-resource identifier query initiated from said outside node.

49. A system for establishing a connection between a node of an inside address realm and a node of an outside address realm through a communication gateway having a number of outside-realm gateway addresses for enabling outside-realm representation of inside-realm nodes, said system comprising:
- means for identifying, whenever possible, based on predetermined connection information, further connection information that in combination with said predetermined connection information defines an outside-realm gateway state representation that has no counterpart in a predetermined set of existing gateway connection states, said predetermined connection information including at least one of network address information and port information and said further connection information including an outside-realm gateway address; and
  
  means for initiating establishment of said connection based on said outside-realm gateway state representation.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
- - 50. The system according to claim 49, further comprising means for maintaining a separate list representation of said predetermined set of existing gateway connection states, and wherein said outside-realm gateway state representation is identified based on comparison with corresponding information of said gateway connection states represented in said list representation.
  - 51. The system according to claim 49, wherein said predetermined connection information includes at least one of outside node address information and outside node port information, said outside-realm gateway state representation is an at least partially complete gateway state representation, and said predetermined set of gateway connection states includes the existing gateway connection states in said gateway.
  - 52. The system according to claim 51 wherein said further connection information also includes associated gateway port information, said outside-realm representation is a complete outside-realm representation, and said means for initiating establishment of said connection comprises means for requesting that said gateway creates a gateway connection state based on said complete outside-realm representation.
  - 53. The system according to claim 51, wherein said outside-realm representation is a partially complete outside-realm representation, and said means for initiating establishment of said connection comprises means for requesting that said gateway creates a partially complete gateway connection state based on said partially complete outside-realm representation.
  - 54. The system according to claim 53, further comprising means for selecting, if said identification is not possible, an outside-realm gateway address among the least utilized outside-realm gateway addresses to define said partially complete outside-realm representation to be used for initiating establishment of said connection.
  - 55. The system according to claim 54, further comprising means for verifying, upon receipt of a packet from said inside node to said gateway, that said partially complete outside-realm representation in further combination with inside node port information associated with said packet, defines a complete outside-realm gateway state representation that has no counterpart in any existing gateway connection state.
  - 56. The system according to claim 55, further comprising means for transforming a partially complete gateway connection state created in said gateway based on said partially complete outside-realm representation into a complete gateway connection state based on said complete outside-realm representation, thereby completely establishing said connection.
  - 57. The system according to claim 49, wherein said predetermined connection information includes at least one of outside node address information and inside node port information, said outside-realm gateway state representation is a partially complete gateway state representation and said predetermined set of gateway connection states includes the existing partially complete gateway connection states in said gateway.
  - 58. The system according to claim 57, wherein said means for identifying further connection information including an outside-realm gateway address comprises means for traversing outside-realm gateway addresses of the gateway until finding an outside-realm gateway address, which in combination with said predetermined connection information has no counterpart in any existing partially complete gateway connection state.
  - 59. The system according to claim 57, wherein said means for identifying further connection information including an outside-realm gateway address comprises means for verifying that a pre-allocated outside-realm gateway address in combination with said predetermined connection information has no counterpart in any existing partially complete gateway connection state.
  - 60. The system according to claim 57, wherein said means for initiating establishment of said connection comprises means for requesting that said gateway establishes a partially complete gateway connection state based on said partially complete outside-realm representation.
  - 61. The system according to claim 60, further comprising means for transforming, upon receipt of a packet from said outside node to said gateway, said partially complete gateway connection state that has been created in said gateway into a complete gateway connection state based on complementary connection information associated with said packet.
  - 62. The system according to claim 61, wherein said predetermined connection information is predetermined outside node address information, and said complementary connection information includes inside node port information and outside node port information.
  - 63. The system according to claim 61, wherein said predetermined connection information is predetermined inside node port information, and said complementary connection information includes outside node address information and outside node port information.
  - 64. The system according to claim 57, further comprising means for selecting, if said identification is not possible based on predetermined inside node port information, another gateway port, and wherein said identifying means is operable for identifying further connection information including an outside-realm gateway address based on said selected gateway port to define a unique, partially complete outside-realm representation of a gateway connection state.
  - 65. The method according to claim 57, wherein said predetermined connection information originates from a user-resource identifier query initiated from said outside node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Ismailov, Yuri, Chambert, George, Landfeldt, Bjorn, Korling, Martin, Volz, Bernie

Granted Patent

US 7,533,164 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 61/2567   for reachability, e.g. inqu...

H04L 61/2578   without involvement of the ...

H04L 61/2582   through control of the NAT ...

H04L 61/4511   using domain name system [DNS]

H04L 67/01   Protocols

Method and system for enabling connections into networks with local address realms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enabling connections into networks with local address realms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links