Network address translator and secure transfer device for interfacing networks

US 7,283,542 B2
Filed: 11/15/2002
Issued: 10/16/2007
Est. Priority Date: 11/15/2002
Status: Active Grant

First Claim

Patent Images

1. An interface for a network for interfacing flows of packets between Internet Protocol ‘

IP’

addressable devices in the network and IP addressable devices external to the network, each packet in each flow of packets containing respective fields for a source IP address, a destination IP address, a source port and a destination port, the interface having;

an address translator coupled to the IP addressable devices for translating addresses of the packets flowing to and from the IP addressable devices,a secure transfer device coupled to the address translator for maintaining secure paths for each of the flows of packets to and from the IP addressable external devices, each of said secure paths having a path identifier, the secure transfer device being arranged for each secure path to insert the path identifier for said secure path into the source port field of each packet flowing on said secure path into the secure transfer device, andthe address translator being arranged to store the path identifiers inserted into said source port fields of said packets flowing into the secure transfer device in order to maintain a record of which of the secure paths corresponds to which of the packet flows.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An interface for a private IP network interfaces flows of packets between gateway controllers and external media gateways. It has a network address translator and an IPsec device for maintaining secure paths to the external devices. A path identifier records which of the packet flows corresponds to which path. It is incorporated in the packet header, and means that the same interface can be used to couple many different external gateways, and interface them with many of the gateway controllers. Widespread deployment of such interfaces in anonymisers to achieve hiding of device addresses and network topology, as well as the reduction in use of expensive registered addresses is facilitated. By sending the path identifier in the packet, the IPsec device and the address translator can be loosely coupled devices, so standard readily available devices can be used.

Citations

13 Claims

1. An interface for a network for interfacing flows of packets between Internet Protocol ‘
- IP’
  
  addressable devices in the network and IP addressable devices external to the network, each packet in each flow of packets containing respective fields for a source IP address, a destination IP address, a source port and a destination port, the interface having;
  
  an address translator coupled to the IP addressable devices for translating addresses of the packets flowing to and from the IP addressable devices,a secure transfer device coupled to the address translator for maintaining secure paths for each of the flows of packets to and from the IP addressable external devices, each of said secure paths having a path identifier, the secure transfer device being arranged for each secure path to insert the path identifier for said secure path into the source port field of each packet flowing on said secure path into the secure transfer device, andthe address translator being arranged to store the path identifiers inserted into said source port fields of said packets flowing into the secure transfer device in order to maintain a record of which of the secure paths corresponds to which of the packet flows.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The interface of claim 1, wherein the address translator is further arranged for each secure path to insert the path identifier for said secure path into the source port field of each packet flowing on said secure path away from the address translator.
  - 3. The interface of claim 1, wherein the secure paths are arranged to use UDP encapsulation of IPsec packets.
  - 4. The interface of claim 1, wherein the secure transfer device is arranged to insert the path identifier in the source port field within a header of the packets.
  - 5. The interface of claim 1, wherein the path identifier is inserted into source port fields in return packets arriving at the secure transfer device from the address translator.
  - 6. The interface of claim 1, wherein the secure transfer device is arranged to handle flows having different protocols, and to send an indication of the protocol for each flow.
  - 7. The interface of claim 1, wherein the address translator comprises a twice NAT device.
  - 8. The interface of claim 7, wherein the twice NAT device has separate look up tables for packet flows in each direction.
  - 9. The interface of claim 1, wherein it comprises software.
  - 10. An anonymiser for hiding network addresses, having the interface of claim 1.
  - 11. A network having a number of separate IP addressable devices, and an interface to other networks, and having the interface of claim 1 arranged to hide IP addresses of the IP addressable devices from the other networks.
  - 12. A method of offering a voice over IP communications service using a network having the interface of claim 1.
  - 13. The method of claim 12, wherein the network is a service providers network, and the IP addressable devices are gateway controllers arranged for setting up a VoIP call between the IP addressable devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genband US LLC (Ribbon Communications, Inc.)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Mitchell, Julian
Primary Examiner(s)
NGUYEN, HANH N

Application Number

US10/298,103
Publication Number

US 20040095944A1
Time in Patent Office

1,796 Days
Field of Search

370/352, 370/389, 370/351, 370/392, 370/353, 713/153, 713/151, 713/162, 709/224, 709/223, 709/225, 726/13, 726/14, 726/15
US Class Current

370/401
CPC Class Codes

H04L 61/2539   Hiding addresses; Keeping a...

H04L 61/255   Maintenance or indexing of ...

H04L 61/2557   Translation policies or rules

H04L 63/0407   wherein the identity of one...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/164   Adaptation or special uses ...

H04L 69/22   Parsing or analysis of headers

H04L 9/40   Network security protocols

Network address translator and secure transfer device for interfacing networks

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Network address translator and secure transfer device for interfacing networks

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links