System and method for increasing host visibility in network address translation environments

US 7,684,394 B1
Filed: 05/01/2006
Issued: 03/23/2010
Est. Priority Date: 05/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically performing Network Address Translation (NAT) comprising:

receiving a Domain Name Service (DNS) lookup request for an internal host inside a firewall from an external device located outside the firewall;

creating, in response to the received DNS lookup request, a new mapping of an internal address from a device inside the firewall to an external network address;

modifying a hostname to include an identifier for a communication protocol as part of the received DNS lookup request; and

configuring a specific port for the new mapping based on the identifier for the communication protocol in the received DNS lookup request reconfiguring dynamically a NAT device to reflect the new mapping.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for dynamically performing Network Address Translation that allows external devices to contact internal host systems that would otherwise be hidden behind a NAT device is discussed. The dynamic NAT mechanism of the present invention maps internal host system addresses to external network addresses and reconfigures the NAT configuration of the network firewall to account for the new mapping on demand. Domain Name Service (DNS) lookup requests for an authorized internal system serve as a trigger to create a new mapping between the internal host system and the external network address. The new mappings may have a lifecycle controlled by dynamic leases that are created for each new mapping.

178 Citations

16 Claims

1. A method of dynamically performing Network Address Translation (NAT) comprising:
- receiving a Domain Name Service (DNS) lookup request for an internal host inside a firewall from an external device located outside the firewall;
  
  creating, in response to the received DNS lookup request, a new mapping of an internal address from a device inside the firewall to an external network address;
  
  modifying a hostname to include an identifier for a communication protocol as part of the received DNS lookup request; and
  
  configuring a specific port for the new mapping based on the identifier for the communication protocol in the received DNS lookup request reconfiguring dynamically a NAT device to reflect the new mapping.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - assigning a lease to the new mapping, the lease indicating the length of time for which the new mapping is valid.
  - 3. The method of claim 2 wherein a DHCP server is used to create the lease.
  - 4. The method of claim 2, further comprising:
    - renewing the lease based on a minimum number of packets being transmitted between the external device and the internal address within a defined time period.
  - 5. The method of claim 1 wherein a single external address is mapped to a single internal address.
  - 6. The method of claim 1 wherein a plurality of external addresses are individually and uniquely mapped to a plurality of internal addresses.
  - 7. The method of claim 1, further comprising:
    - routing a communication from said external device to the internal address using the new mapping in the NAT device.

8. A system for dynamically performing Network Address Translation (NAT) comprising:
- a Network Address Translation (NAT) device providing NAT for a network, the network having at least one external network address;
  
  at least one internal host located inside a firewall for the network;
  
  a dynamic Domain Name Service (DNS) server for creating a new mapping of an internal host address to an external host for the network;
  
  a DNS proxy that identifies DNS lookup requests for the at least internal host inside the firewall that are received from an external device located outside the firewall, the DNS proxy reconfiguring dynamically the NAT device to reflect a new mapping between an address for the internal host and an external address for the network;
  
  wherein,the NAT is reconfigured to modify a host address to include an identifier for a communication protocol included in the DNS lookup request; and
  
  the NAT reconfiguration includes configuring a specific port for the new mapping based on the identifier for the communication protocol in the DNS lookup request.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8 wherein a communication is routed from said external device to the internal address using the new mapping in the NAT device.
  - 10. The system of claim 8, further comprising:
    - a Domain Host Configuration Protocol (DHCP) server that creates a lease assigned to the new mapping.
  - 11. The system of claim 10 wherein the length of the lease depends upon continued traffic occurring between the external device and the internal host.

12. A non-transitory medium holding computer-executable instructions for dynamically performing Network Address Translation (NAT), the instructions comprising:
- instructions for receiving a Domain Name Service (DNS) lookup request for an internal host inside a firewall from an external device located outside the firewall;
  
  instructions for creating, in response to the received DNS lookup request, a new mapping of an internal address from a device inside the firewall to an external network address;
  
  instructions for modifying a hostname to include an identifier for a communication protocol as part of the received DNS lookup request;
  
  instructions for configuring a specific port for the new mapping based on the identifier for the communication protocol in the received DNS lookup request;
  
  instructions for reconfiguring dynamically a NAT device to reflect the new mapping; and
  
  instructions for routing a communication from said external device to the internal address using the new mapping in the NAT device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The medium of claim 12 wherein the instructions further comprise:
    - instructions for assigning a lease to the new mapping, the lease indicating the length of time for which the new mapping is valid.
  - 14. The method of claim 13 wherein a DHCP server is used to create the lease.
  - 15. The medium of claim 13 wherein the instructions further comprise:
    - instructions for renewing the lease based on a minimum number of packets being transmitted between the external device and the internal address within a defined time period.
  - 16. The medium of claim 12 wherein the instructions further comprise:
    - instructions for routing a communication from said external device to the internal address using the new mapping in the NAT device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Earls, Johnson M., Cutbill, R. Gary
Primary Examiner(s)
Cho; Hong
Assistant Examiner(s)
Choi; Eunsook

Application Number

US11/414,877
Time in Patent Office

1,422 Days
Field of Search

None
US Class Current

370/389
CPC Class Codes

H04L 61/2517   using port numbers

H04L 61/2521   Translation architectures o...

H04L 61/4511   using domain name system [DNS]

H04L 63/029   Firewall traversal, e.g. tu...

System and method for increasing host visibility in network address translation environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

178 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for increasing host visibility in network address translation environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

178 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links