Apparatus and methods for providing an application level gateway for use in networks
First Claim
1. A method by which an application level gateway reference translator in a first network modifies an application data structure for sending to a computer system in a second network, the second network coupled to the first network by a gateway computer system, the application data structure comprising a local reference to a computer system in the first network, the local reference being local to the first network, the method comprising:
- determining whether a mapping entry for the local reference has been established in a reference translation data structure of the application level gateway reference translator;
if the mapping entry has not been established, theninvoking a computer system identifier negotiation protocol at the application level gateway reference translator to request a computer system identifier from the gateway computer system, the computer system identifier being associated with the local reference in the gateway computer system, andupon receiving the computer system identifier at the application level gateway reference translator from the gateway computer system, storing the computer system identifier in association with the local reference to create the mapping entry in the reference translation data structure of the application level gateway reference translator;
obtaining the computer system identifier from the mapping entry based on the local reference from the application data structure, the application data structure comprising a first web site construct served by a web server computer system in the first network, the local reference comprising a portion of a uniform resource locator (URL), wherein the URL is included in the web site construct and identifies the computer system in the first network that serves a portion of data identified by the uniform resource locator;
replacing the local reference in the application data structure with a translated reference to create a modified application data structure, the translated reference including the computer system identifier and an external address of the gateway computer system, the external address being accessible from the second network, the modified application data structure comprising a second web site construct; and
sending the modified application data structure to the computer system in the second network.
0 Assignments
0 Petitions
Accused Products
Abstract
An application level gateway allows computers on a local area or “internal” network to serve data (e.g., web pages, files or other constructs) to computer systems on an external or public network such as the Internet, even though references such as hostnames and/or network addresses within the internal network that are contained within the data (e.g., URLs in web pages) might not be compatible (e.g., DNS resolvable or routable) with the external network. The system detects, in a portion of data (e.g., a web page), a local reference to a computer system on the internal network, determines whether a computer system identifier is mapped to the computer system specified in the local reference, and replaces the local reference with a translated reference obtained from the mapping. The translated reference contains the computer system identifier and a reference to a gateway computer system coupled to the internal network, such that subsequent referrals to the translated reference are directed to the gateway computer system. When a request for the data is subsequently received, the gateway performs a reverse mapping to determine the identity of the computer system on the internal network.
-
Citations
30 Claims
-
1. A method by which an application level gateway reference translator in a first network modifies an application data structure for sending to a computer system in a second network, the second network coupled to the first network by a gateway computer system, the application data structure comprising a local reference to a computer system in the first network, the local reference being local to the first network, the method comprising:
-
determining whether a mapping entry for the local reference has been established in a reference translation data structure of the application level gateway reference translator; if the mapping entry has not been established, then invoking a computer system identifier negotiation protocol at the application level gateway reference translator to request a computer system identifier from the gateway computer system, the computer system identifier being associated with the local reference in the gateway computer system, and upon receiving the computer system identifier at the application level gateway reference translator from the gateway computer system, storing the computer system identifier in association with the local reference to create the mapping entry in the reference translation data structure of the application level gateway reference translator; obtaining the computer system identifier from the mapping entry based on the local reference from the application data structure, the application data structure comprising a first web site construct served by a web server computer system in the first network, the local reference comprising a portion of a uniform resource locator (URL), wherein the URL is included in the web site construct and identifies the computer system in the first network that serves a portion of data identified by the uniform resource locator; replacing the local reference in the application data structure with a translated reference to create a modified application data structure, the translated reference including the computer system identifier and an external address of the gateway computer system, the external address being accessible from the second network, the modified application data structure comprising a second web site construct; and sending the modified application data structure to the computer system in the second network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. The method of operating a gateway computer system to enable a first computer system in a first network to be accessed from a second computer system in a second network, the method comprising:
-
establishing a mapping entry in a reference translation data structure in the gateway computer system, the mapping entry mapping a local reference to a computer system identifier, the local reference identifying the first computer system within the first network, the computer system identifier identifying the first computer system within the gateway computer system; receiving a first message from the first network, the first message including a web page, the web page including a universal resource locator (URL) comprising the local reference; creating a first modified message by replacing the local reference in the web page with both an identifier of the gateway computer system and the computer system identifier from the mapping entry; forwarding the first modified message to the second network; and upon receiving a second message from the second network, the second message including the computer system identifier and the identifier of the gateway computer system as message destination identifiers; obtaining the local reference from the mapping entry of the reference translation data structure based on the computer system identifier in the second message; creating a second modified message by replacing the identifier of the gateway computer system and the computer system identifier with the local reference from the mapping entry; and forwarding the second modified message to the first network. - View Dependent Claims (8, 9)
-
-
10. A first computer system comprising:
-
a processor; a network interface; a memory system encoded with logic instructions and data including an application level gateway reference translator process and a reference translation data structure; and an interconnection mechanism coupling the processor, the network interface, and the memory system; wherein, when the application level gateway reference translator process is performed on the processor, the processor performs a method for modification of an application data structure for sending to a second computer system in a second network, the second network coupled to a first network by a gateway computer system, the first computer system in the first network, the application data structure comprising a local reference to the first computer system in the first network, the local reference being local to the first network, the method including the steps of; determining whether a mapping entry for the local reference has been established in a reference translation data structure of the application level gateway reference translator process; if such a mapping entry has not been established, then invoking a computer system identifier negotiation protocol to request a computer system identifier from the gateway computer system, the computer system identifier being associated with the local reference within the gateway computer system, and upon receiving the computer system identifier from the gateway computer system, storing the computer system identifier in association with the local reference to create the mapping entry in the reference translation data structure of the application level gateway reference translator; obtaining the computer system identifier from the mapping entry based on the local reference from the application data structure, the application data structure comprising a first web site construct, the local reference comprising a portion of a uniform resource locator (URL), wherein the URL is included in the web site construct and identifies the first computer system that serves a portion of data identified by the uniform resource locator; replacing the local reference in the application data structure with a translated reference to create a modified application data structure, the translated reference including the computer system identifier and an external address of the gateway computer system, the external address being accessible from the second network, the modified application data structure comprising a second web site construct; and sending the modified application data structure to the second computer system in the second network. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A gateway computer system comprising:
-
a processor; a memory system encoded with logic instructions and data including an application level gateway reference translator process and a reference translation data structure; an interconnection mechanism coupling the processor and the memory system; wherein, when the application level gateway reference translator process is performed on the processor, the processor performs a method enabling a first computer system in a first network to be accessed from a second computer system in a second network, the method comprising; establishing a mapping entry in a reference translation data structure in the gateway computer system, the mapping entry mapping a local reference to a computer system identifier, the local reference identifying the first computer system within the first network, the computer system identifier identifying the computer system within the second network; receiving a first message from the first network, the first message including at least one packet header and an application data structure, the application data structure including the local reference as a message source identifier; creating a first modified message by replacing the local reference in the application data structure with an identifier of the gateway computer system and the computer system identifier from the mapping entry; forwarding the first modified message to the second network; and in response to receiving a second message from the second network, the second message including the computer system identifier and the identifier of the gateway computer system as message destination identifiers; obtaining the local reference from the mapping entry of the reference translation data structure based on the computer system identifier; creating a second modified message by replacing the identifier of the gateway computer system and the computer system identifier with the local reference from the mapping entry; and forwarding the second modified message to the first network. - View Dependent Claims (17, 18)
-
-
19. A first computer system comprising:
-
a processor; a network interface; a memory system encoded with logic instructions and data including an application level gateway reference translator process and a reference translation data structure by which a web page is modified for sending to a second computer system in a second network coupled to a first network by a gateway computer system, the web page comprising a local reference to the first computer system in the first network; an interconnection mechanism coupling the processor, the network interface, and the memory system;
wherein the logic instructions are executable by the processor to;determine whether a mapping entry for the local reference has been established in a reference translation data structure of the application level gateway reference translator process; in response to a determination the mapping entry has not been established, request, based on a computer system identifier negotiation protocol, a computer system identifier from the gateway computer system, the computer system identifier being associated with the local reference within the gateway computer system, and in response to receipt of the computer system identifier from the gateway computer system, store the computer system identifier in association with the local reference to create the mapping entry in the reference translation data structure; replace the local reference in the web page with a translated reference to create a modified web page, the translated reference including the computer system identifier and an external address of the gateway computer system, the external address being accessible from the second network; and sending the modified web page to the second computer system in the second network.
-
-
20. A gateway computer system to enable a first computer system in a first network to be accessed from a second computer system in a second network, the gateway computer system comprising:
-
a processor; a memory system encoded with logic instructions executable with the processor; and an interconnection mechanism coupling the processor and the memory system, wherein the logic instructions, when executed with the processor, are executable to; establish a mapping entry in a reference translation data structure in the gateway computer system, the mapping entry mapping a local reference to a computer system identifier, the local reference identifying the first computer system within the first network, and the computer system identifier identifying the first computer system within the gateway computer system; transmit the computer system identifier from the mapping entry to an application level gateway reference translator process in the first network in response to receipt of a request from the application level gateway reference translator process in connection with modification of a web page comprising the local reference; receive a modified web page formed by replacing the local reference in the web page with the computer system identifier; transmit the modified web page to the second network; receive a message from the second network, the message including the computer system identifier and an identifier of the gateway computer system as message destination identifiers; obtain the local reference from the mapping entry based on the computer system identifier in the message; create a modified message by replacing the identifier of the gateway computer system and the computer system identifier with the local reference from the mapping entry; and forward the modified message to the first network.
-
-
21. A computer program product having a computer-readable medium including computer program logic encoded thereon by which an application level gateway reference translator process in a first network modifies an application data structure for sending to a computer system in a second network, the second network coupled to the first network by a gateway computer system, the application data structure comprising a local reference to a computer system in the first network, such that the computer program logic, when executed on at least one processing unit with a computer system, causes the at least one processing unit to perform the steps of:
-
determining whether a mapping entry for the local reference has been established in a reference translation data structure of the application level gateway reference translator process; if the mapping entry has not been established, then invoking a computer system identifier negotiation protocol at the application level gateway reference translator process to request a computer system identifier from the gateway computer system, the computer system identifier being associated with the local reference within the gateway computer system, and upon receiving the computer system identifier at the application level gateway reference translator process from the gateway computer system, storing the computer system identifier in association with the local reference to create the mapping entry in the reference translation data structure; obtaining the computer system identifier from the mapping entry based on the local reference from the application data structure, the application data structure comprising a first web site construct served by a web server computer system in the first network, the local reference comprising a portion of a uniform resource locator (URL), wherein the URL is included in the web site construct and identifies the computer system in the first network that serves a portion of data identified by the uniform resource locator; replacing the local reference in the application data structure with a translated reference to create a modified application data structure, the translated reference including the computer system identifier and an external address of the gateway computer system, the external address being accessible from the second network, the modified application data structure comprising a second web site construct; and sending the modified application data structure to the computer system in the second network.
-
-
22. A computer program product having a computer-readable medium including computer program logic encoded thereon by which a gateway computer system enables a first computer system in a first network to be accessed from a second computer system in a second network, such that the computer program logic, when executed by at least one processor, causes the at least one processor to perform the steps of:
-
establishing a mapping entry in a reference translation data structure in the gateway computer system, the mapping entry mapping a local reference to a computer system identifier, the local reference identifying the first computer system within the first network, the computer system identifier identifying the first computer system within the gateway computer system; upon request of an application level gateway reference translator process in the first network in connection with modification of an application data structure for sending to the second computer system, providing the application level gateway reference translator process with the computer system identifier from the mapping entry; receiving a modified application data structure in a payload of a packet, the modified application data structure comprising the application data structure modified to include the computer system identifier instead of the local reference; forwarding the application data structure to the second computer; receiving a message from the second network, the message including a message destination identifier comprising the computer system identifier and an identifier of the gateway computer system; obtaining the local reference from the mapping entry of the reference translation data structure based on the computer system identifier; creating a modified message by replacing the identifier of the gateway computer system and the computer system identifier with the local reference from the mapping entry; and forwarding the modified message to the first computer system.
-
-
23. A method of operating a server computer on a local network coupled to a wide-area network by a gateway computer, comprising:
-
monitoring contents of web pages being served by the server computer to client computers on the wide-area network to detect resource locators including local references identifying other server computers on the local network, the local references being in the contents of web pages and not identifying the other server computers from within the wide-area network; detecting, in a web page requested by a client computer on the wide-area network, a local reference to another server computer on the local network, the local reference comprising a portion of a uniform resource locator (URL), wherein the URL is included in the web page and identifies the another server computer on the local network that serves a portion of data identified by the URL; replacing the local reference with a translated reference including first and second identifiers, the first identifier identifying the gateway computer on the wide-area network, the second identifier being mapped to the local reference within the gateway computer; and serving the web page modified to include the translated reference to the client computer. - View Dependent Claims (24, 25, 26)
-
-
27. A server computer, comprising:
-
a processor; a network interface; a memory system encoded with logic instructions and data including an application level gateway reference translator process; and an interconnection mechanism coupling the processor, the network interface, and the memory system; wherein, when the application level gateway reference translator process is performed on the processor, the processor performs a method including the steps of; monitoring contents of web pages being served by the server computer to client computers on a wide-area network to detect resource locators including local references, the resource locators being in the contents of the web pages, the local references identifying other server computers on a local network, the local references not identifying the other server computers from within the wide-area network; detecting, in a web page requested by a client computer on the wide-area network, a local reference to one of the other server computers on the local network; replacing the local reference with a translated reference including first and second identifiers, the first identifier identifying the gateway computer on the wide-area network, the second identifier being mapped to the local reference within the gateway computer; and serving the web page modified to include the translated reference to the client computer. - View Dependent Claims (28, 29, 30)
-
Specification