USOORE43057E

(19) United States (12) Reissued Patent

(10) Patent Number:

Molitor (54)

(45) Date of Reissued Patent:

METHOD AND APPARATUS FOR

6,128,298 A

FACILITATING PEER-TO-PEER

yanagidatle et 11L

6,141,749 A _

Inventor:

Jan. 3, 2012

10/2000 Wootton et al.

2

APPLICATION COMMUNICATION (75)

US RE43,057 E

10/2000 £18185? '

6,581,108 B1

6/2003

Andrew T. Molitor, San FranCIsco, CA

6,61 5,3 57 B 1

9/2003 Boden et al,

Denison et a1.

(US)

6,717,949 B1*

4/2004 Boden et al. ................ .. 370/401

7/2004 Tari et al. 8/2004 EdhOIm '5 ~~~~~~~~~~~~~~~~ ~' 709/226

(73)

Assignee: Alcatel Lucent, Paris (FR)

6,765,920 B1 6,772,210 B1 * 6,832,322 B1*

12/2004

(21)

APPI- NOJ 11/299,236

RE38,902 E

11/2005 Srisuresh et a1.

(22)

Flledi

6,779,035 B1 _

8/2004 Gbadegesm

7,224,687 B2

Dec. 9, 2005

5/2007

2005/0180433 A1 2005/0286538 A1

12/2005 Oberle et al.

Related US. Patent Documents

_ (Contmued)

Relssue of:

(64) i’a‘engl NO-1 ssue :

36615729303 ec. ,

FOREIGN PATENT DOCUMENTS

App1.No.:

09/661,070

Filed:

Sep. 13, 2000

EP

1 793 533

OTHER PUBLICATIONS (200601)

NAT Working Group, Internet Draft (Informational), P. Srisuresh,

US. Cl. ...... .. 370/401; 370/466; 370/492; 370/392;

Campio Communications Jul 2000

726/3; 713/201

(58)

_ 4/2001

(Con?rmed)

Int_ CL H04L 12/28

(52)

Shah et al.

8/2005 Jouenne et a1.

.

(51)

Boden et al. .................. .. 726/15



'

Field of Classi?cation Search ...................... .. None

'

(Continued)

See application ?le for complete search history. Primary Examiner * Bob Phunkulh

(56)

References Cited

(74) Attorney, Agent, or Firm * Dorsey & Whitney LLP

US. PATENT DOCUMENTS 5,227,778 A 5,732,078 A 5,781,550 A

5,793,763 A 5,883,891 A 6,006,272 A

3/1998 Arango

h. h 11

i??:?£m et 31' 5/2000 Srisuresh et a1.

7/2000 Gray et al.

t.

t

t. f

109 Claims, 3 Drawing Sheets

i i i

HostA

419

Host R

1 i i i

324 Address

A p, A1

121

germinating address

i

Manager

Original ing address

App.erminating A2 address 17.,

322 '

App. R1

i i i

Address

Originatan a ddress

Tr

App. R2

I

'

r

I I i

320

400

i

i I

i

470

i

‘1

Host B

510

Host 8

i i i

321

322

i i i

A pp .51 A

pp

. 52

.

through the NAT device in the absence of statically de?ned rules for speci?c channels of communication.

i

110

t.

address translatlons to be performed, so that those apphca tions may send useful information to other applications for the purposes of allowing applications to communicate

4/2000 Nessett e't 31‘

6,094,676 A

1.

W 10 a ows app 1ca lons o reques 1n orma 1on concerning

8/1993 Mayes et 31, 3/ 1999 Williams et a1. 12/1999 Amvamudan et a1~

6,058,431 A

ABSTRACT

A system for performing Network Address Translation,

7/1998 Temphn et al‘

2 63053236 A

(57)

7/1993 Vacon et al'

521

App, S1

1

/-310

I | l | l | l

| | |

App. 82 522

US RE43,057 E Page 2 U.S. PATENT DOCUMENTS 2008/0101389 A1

5/2008 Hiribarren et al.

FOREIGN PATENT DOCUMENTS JP JP JP JP JP JP

H10-056482 H11-150566 A 2000-059430 2000138696 2000-209278 2000-224219 A

2/1998 6/1999 2/2000 5/2000 7/2000 8/2000

499 (ED. Tex., Tyler Division, Aug. 7, 2007) Appendix BiUPnP Layer3Forwarding:0.3 Service Template (“[L3F]” 22 pages. “Microsoft’s Invalidity Contentions Under Patent Rule 3-3 And Document Production Under Patent Rule 3-4” Alcatel USA

Resources, Inc., v. Microsoft Corporation, Civil Action No. 6 :06 -CV

499 (ED. Tex., Tyler Division, Aug. 7, 2007) Appendix CiIETF IP Network Address Translator Application Programming Interface (“NAT-API”) 27 pages. “Microsoft’s Invalidity Contentions Under Patent Rule 3-3 And Document Production Under Patent Rule 3-4” Alcatel USA

Resources, Inc., v. Microsoft Corporation, Civil Action No. 6 :06 -CV

OTHER PUBLICATIONS Eun-Sang Lee et al., “An Expanded NAT with Server Connection Ability”, IEEE pp. 1391-1394 (1999). Lo J. et a1, “IP Host Network Address ( and Port) Translation”,

URL :http ://www.watersprings .org/pub/id/draft-ietf-nat-hnat-00. txt>, Nov. 1998, pp. 1-14. Schulzrinne, H. et al., “Internet Telephony: Architecture and Proto

colsiAn IETF Perspective”, Computer Networks and ISDN Sys tems, North Holland Publishing, Amsterdam, NL, vol. 31, No. 3., Feb. 11, 1999, pp. 237-255. Borella et al. “Realm Speci?c IP: Protocol Speci?cation” draft-ietf nat-rsip-protocol-02.txt, The Internet Engineering Task Force (IETF), Aug. 1999, 27 pages. Crocker et al. “Universal Plug and Play Internet Gateway Usage Scenarios” UPnPTM Forum, Aug. 19, 2000, 6 pages. Iyer et al., Layer3Forwarding:0.3 Service Template For Universal

Plug and Play Version 1.0, UPnPTM Proposed Service Template, UPnPTM Forum, Aug. 5, 2000, 15 pages. Leech at al. “Socks Protocol Version 5” RFC 1928, The Internet

Engineering Task Force (IETF), Mar. 1996, 9 pages. “Microsoft’s Invalidity Contentions Under Patent Rule 3-3 And Document Production Under Patent Rule 3-4” Alcatel USA

Resources, Inc., v. Microsoft Corporation, Civil Action No. 6 :06-CV

499 (ED. Tex., Tyler Division, Aug. 7, 2007) Appendix DiUS. Pat. No. 6,779,035 B1 32 pages.

Montenegro, G. “Negotiated Address Reuse (NAR)” draft montenegro-aatn-nar-00.txt The Internet Engineering Task Force (IETF), 1998, 21 pages. Packet-based multimedia communications systems, International Telecommunication Union, Recommendation H.323, Feb. 1998, 117 pages.

Postel et al. “File Transfer Protocol (FTP)” RFC 959, The Internet Engineering Task Force (IETF), Oct. 1985, 69 pages. Srisuresh et al. “The IP Network Address Translator (NAT)” draft

rfced-info-srisuresh-05.txt, The Internet Engineering Task Force (IETF), Feb. 1998, 21 pages. Srisuresh et al. “IP Network Address Translator (NAT) Terminology and Considerations” draft-ietf-nat-terminology-01.txt, The Internet Engineering Task Force (IETF), Oct. 1998, 26 pages. Srisuresh et al. “IP Network Address Translator Application Pro

gramming Interface” draft-ietf-nat-api-00 .txt, The Internet Engineer ing Task Force (IETF), Nov. 1998, 23 pages. Biggs, B. “A SIP Application Level Gateway for Network Address Translation draft-biggs-sip-nat-00.txt” The Internet Engineering Task Force (IETF), Mar. 2000, 8 pages.

Rosenberg et al. “Getting SIP throughtxt” draft-rosenberg-sip

“Microsoft’s Invalidity Contentions Under Patent Rule 3-3 And

?rewalls-00.1xt, The Internet Engineering Task Force (IETF), Feb. 22, 2000, 27 pages. SIP Overview Retrieved from http://www.cs.columbia.edu/sip/over

Document Production Under Patent Rule 3-4” Alcatel USA

view.html on Nov. 23, 2005. 2 pages.

499 (ED. Tex., Tyler Division, Aug. 7, 2007) 42 pages. Redacted. Resources, Inc., v. Microsoft Corporation, Civil Action No. 6 :06-CV

SIP Components. Retrieved from http://www.cisco.com on Nov. 25,

499 (ED. Tex., Tyler Division, Aug. 7, 2007) Appendix AiIETF

2005 1 page.

Negotiated Address Reuse (“[NAR]”) 24 pages. “Microsoft’s Invalidity Contentions Under Patent Rule 3-3 And

Network address translation. Retrieved from http:en/wikipedia.org on Nov. 17, 2005.4 pages.

Document Production Under Patent Rule 3-4” Alcatel USA

Resources, Inc., v. Microsoft Corporation, Civil Action No. 6 :06-CV

* cited by examiner

US. Patent

Jan. 3, 2012

Sheet 1 0f3

US RE43,057 E

5'9

22

111mm with multiple

NAT Device (mnvw?oml)

m Global lutemet

*

m 10

20

Finn!

(prior an)

.

E

US. Patent

Jan. 3, 2012

a:

Sheet 2 0f3

8

US RE43,057 E

8

5

c!

g I

\

#3 §

1:

l

3

58

N



.3 33.": 11.0.

§§ s!

I

K A1A99

HOStA

142 150

162

/

so

US. Patent

Jan. 3, 2012

US RE43,057 E

Sheet 3 0f 3

cow va own

Alm9:l92' 00m .

$2.9Q;< 3952o6w0n

mu93.2m5:$3m_wc2s~zm8N_5on9<._

VNP6@$358:26ka

O:\(“on

N
A .

mt m own

o$mmi\n?

mac:

Pm.Q < 86

00?

NNm

US RE43,057 E 1

2

METHOD AND APPARATUS FOR FACILITATING PEER-TO-PEER APPLICATION COMMUNICATION

infrastructure will correctly deliver data to the organization, and then (as is the normal case with IP) rely on the organiza

tion to locate the right [end point] endpoint application inside the organization for ?nal delivery. The organization could then assign each of the oi?cial IP

Matter enclosed in heavy brackets [ ] appears in the original patent but forms no part of this reissue speci?ca

addresses it has been allocated to an individual application for

tion; matter printed in italics indicates the additions made by reissue.

net access. A better solution, allowing wider access, is to use

RELATED U.S. PATENTDOCUMENT

to the Global Internet at any given time. Addresses are recov

The present application is a broadening reissue applica tion of and claiming priority to US. Pat. No. 6,661,799 Peer Application Communication ” issued on Dec. 9, 2003,

ered from applications no longer using them, and made avail able for reassignment. This sharing system works very well and is, in the simplest form, exactly what a conventional NetworkAddress Translator (NAT) usually does. (See RFC 2663 IP NetworkAddress Translator (NAT) Terminology and

application Ser. No. 09/66],070,?led Sep. 13, 2000, which is

Considerations, published by the Internet Engineering Task

hereby incorporated by reference herein.

Force (IETF). This is the basic IETF document describing the operation and issues surrounding NAT devices.) Often, an

an inde?nite period, allowing a lucky few applications Inter a device that can, in effect, assign the o?icially allocated IP addresses dynamically to whichever applications need access

entitled “Method and Apparatus for Facilitating Peer-to

BACKGROUND OF THE INVENTION

20

organization will be assigned some very small number of oi?cial IP addresses. Perhaps as few as 31, or 255 such

1. Field of the Invention This invention relates to devices for handling communica tions between applications exchanging data over the Internet. More particularly, this invention relates to a Network Address Translation (NAT) device and a system and method using such NAT device for facilitating peer-to-peer commu-nica

addresses may be given to an organization. For an organiza tion with thousands of applications on its internal network, a 25

which might correspond to an individual employee) can be using the Global Internet at once, the problem may not be

considered fully solved.

tion of data over the Internet.

2. Description of the Prior Art As shown in FIG. 1, a Network Address Translation (NAT) device 20 of the conventional kind is usually placed within an Internet Protocol (IP) network at the border between two

In order to effectively expand the useful size of the of? 30

by such a conventional device is that an organization may require a large internal network, with many devices on it, each device requiring a unique IP address. In view of the currently available address space for unique IP addresses (232 available addresses) and present address allocation patterns, this orga

multiple internal applications. Data arriving for a speci?c oi?cial IP address, say, X, may be further distinguished by 35

belonging to one of several data streams, say A, B and C. The NAT may have assigned address X, streamA to a speci?c data stream for one application, while address X streams B and C

belong to two different, other applications. The stream identi?ers are called port numbers. A stream of

data in an IP network is uniquely identi?ed by the so-called 40

nization may be unable to have allocated to it a suf?cient

number of official IP addresses, by the authorities that assign such addresses. Therefore, the organization is effectively forced to make up internally valid addresses for its own inter nal network. This will allow the internal network to function

“5-tuple”, which consists of 5 separate numeric quantities: 1) Source IP address 2) Destination IP address 3) Source Port Number 4) Destination Port Number

5) Transport Protocol

correctly; there is no requirement to use of?cially assignele addresses in such a context. The dif?culty arises when devices

or applications (programs running on a particular device) in the large internal network need to communicate with the Global Internet (by which we mean any IP network, public or

cially allocated address pool, the organization’s NAT will usually have the ability to use the same official address for

disparate address realms 50 and 30. One realm 50 may be a private organization’ s internal network 1 0 and the other realm

30 may be the public global Internet. The problem addressed

naive NAT, able only to assign oi?cial IP addresses, may not be enough. If only 31 of, say, 5000 applications (each of

50

Every data item (packet) in an IP network has these 5 numeric identi?ers in it. The two IP addresses (items 1 and 2 above) identify, more or less, the source and destination appli cations. The protocol identi?es which of the mechanisms for ensuring reliable transport of data are being used. For present

private, using of?cially assigned IP addresses). Because the

purposes the protocol is ignored, because it is not something

addresses assigned internally by the organization either over lap with of?cially assigned addresses belonging to some other

a NAT does much with. The source and destination ports

organization, or are o?icially unassigned, the Global Internet

network sent and is to receive, respectively, this packet.

cannot use these to send data correctly into the organization’ s internal network. In order to send data to a network-attached

(items 3 and 4 above) identify which application within the 55

A conventional NetworkAddress Translator (e. g., a Private

Internet Exchange (PIX), made by Cisco Systems, Inc. of San Jose, Calif.) as viewed by this document operates by altering

device, for example, the sending application must have an address for the target application, and the network receiving

these ?ve numeric identi?ers within a packet. As noted above,

the data itself must know how to locate the target application. These operations work only if all applications involved are in

realms, usually, but not always, the Global Internet and an

agreement regarding what IP addresses belong to what devices and applications.

have incompatible IP addressing schemes. A NAT device uses

a NAT device resides at the boundary between two address

organization’s private network, where these two networks intelligent re-writing of the four source/destination elements within each packet ?owing through it, to present to each of the

One solution is for the organization to have allocated to it some set of official IP addresses. These are unique addresses.

Any application on the Global Internet sending data to these addresses may rely on that data arriving at the entrance to the

two networks a false but compatible view of the other net work’s IP addressing scheme. Each NAT must have a set of

organization’s internal network. That is, the Global Internet

rules de?ning the internal address-external address pairing it

65

US RE43,057 E 3

4

will use for address translation. A useful NAT must build

application using the same internal address A and some other

these pairings to allow internal applications to make effective use of available external addresses, which will be limited if the external realm requires o?icial IP addresses.

tion data.

port, again according to some ?xed, pre-de?ned con?gura The dif?culty is that the ?rst mode only allows Internal Clients to send data to (and thereafter receive data from) External Servers, while the second only allows External Cli ents to send data to (and thereafter receive replies from) a

A conventional NAT device associated with an internal

network supports, essentially, two concurrent modes of

operation. The ?rst allows data transactions from applications on the internal network outwards to the Global Internet (for example, a corporate user accessing a web page). This is an Internal Client to External Server access. The second allows applications on the Global Internet to access speci?c services on speci?c devices on the internal network (for example, a

small set of Internal Servers at ?xed IP addresses and ports, pre-de?ned in the NAT associated with the Internal Servers. Transactions in which an External Client connects to a just created Internal Server at a just-allocated port number are not

supported.

customer accessing an organization’s web site). This is Exter

A variety of prior art references discuss NAT devices and

nal Client to Internal Server access. The way in which the

variations on their basic address translation functions:

conventional NAT device builds the address pairing that

US. Pat. No. 6,055,236, titled “Method And System For Locating Network Services With Distributed Network Address Translation,” covers methods for, in effect, advertis ing a service securely. US. Pat. No. 6,055,236 is silent on the symmetrical issue of providing addresses for Client-side

allows the ?rst and second type of access are somewhat dif

ferent. A conventional NAT device implements the ?rst mode as follows: when the initial packet of a data transaction arrives on the NAT device outbound, the NAT device examines the source address and port (which identify the internal device

20

ful addresses for servers and saying nothing regarding exter nal addresses to be used by clients. US. Pat. No. 5,793,763, titled “Security System For Net

and the application that originated the packet). The NAT then chooses from its pool of available official addresses and ports an extemally-valid IP address and port to use in place of the

internally-valid source address and port in the packet. The mapping from the internally-valid source address and port to the externally-valid source address and port is maintained somehow within the NAT, for example, in a table de?ning the correspondence rule. Finally, the NAT modi?es the inter nally-valid source address and port ?elds in the outbound packet, and sends it on. When an inbound reply packet, responding to the initial packet, turns up at the NAT from the

work Address Translation Systems” is a patent on a NAT 25

device of sorts, except that it only translates IP addresses and it is concerned with security considerations. There is nothing taught on the subject of using port numbers to expand the “logical” address space available.

30

(IETF) standard, which provides a mechanism by which an application can query an application [?re wall] ?rewall as to

SOCKS. SOCKS is an Internet Engineering Task Force

an externally useful address which it can advertise to a remote

outside, the destination address and port in the reply packet will match the externally-valid source address and port (be cause in a reply, naturally, the sender address and the recipient

information, focusing entirely on advertising externally use

35

client application. SOCKS is this application’s proxy, which provides services similar to a NAT, but operates quite differ ently. Rather than re-writing the packet contents as it ?ows

address change places, exactly as with, say, a postal letter).

through the device, SOCKS (like any application proxy) will

The NAT uses this incoming extemally-valid source address and port to locate the internally-valid source address and port from the initial, outbound packet. The NAT then uses the

terminate two communication channels, and logically con nect them together at a high layer inside itself. For example,

located, internally valid source address and port to replace the

a server on the inside of a network might start its service, and 40

then make a request to a SOCKS application at the edge of the

destination address and port in this incoming reply packet. Now the incoming reply packet has the correct intemally

network. The SOCKS application will start a “thin” server on

valid destination address and port for delivery to the device and application which sent the initial outbound packet. A conventional NAT device implements the second mode using ?xed intemal-external address correspondence con

server of the address and port at which the “thin” server may be found. The original server can communicate this informa tion to the client, which connects to the “thin” server which

its host, at the network edge, and then inform the original 45

SOCKS is operating. SOCKS will then connect to the original

?guration information, de?ned by the person administrating

server as a client, and then copy data received from the exter

the NAT. For this mode, the initial packet will be incoming,

nal client to the original server, as well as copying data received from the original server back out to the external client. In particular, SOCKS is not a NAT and does not oper

arriving at the NAT from the outside, with some destination information containing an IP address among those of?cially allocated, because these extemally-valid addresses are the only IP addresses the Global Internet can use to deliver pack ets to the target organization with the NAT. The NAT at the

target organization consults its con?guration information to determine which (?xed) intemally-valid destination IP

50

ate packet-by-packet, which has certain performance and scaling implications. For more information on SOCKS, see

http://www.socks.nec.com. It is expected that there will be an increase in use of IP 55

address and port it should use to replace the externally valid destination address and port contained in the incoming packet. In effect, if an application (say, a web server) is present at the target organization on internal device A (a

non-of?cial, but intemally-valid IP address), expecting pack ets on port X, the NAT might be con?gured to recognize that packets addressed to IP address M (of?cially assigned and extemally-valid), port Y should be re-addressed to the inter nally-valid address, device A/port X. Another application at the target organization might be running on another internal device, externally identi?ed as device B, at port Z, and the NAT might use an intemal-external address pairing for this

networks to send data that consists of digitized voice, sound or video (“media” content). What is needed is a method and apparatus for network address translation facilitating peer-to peer data exchange, including media transmission, over the Internet and other IP networks.

60

SUMMARY OF THE INVENTION

This invention comprises a network address translation device for facilitating communication between a ?rst appli 65

cation in a ?rst address realm and a second application in a different address realm. The device uses an address translator

for translating an address valid in the ?rst address realm into

US RE43,057 E 5

6

an address valid in the second address realm, based on a

communication between the two client/micro-server pairs

translation rule and for translating the address valid in the second address realm into the address valid in the ?rst realm. It also uses an address manager for establishing a translation

can commence, using the NAT to handle the different address realms. As noted above, FIG. 1 shows the context in which a

rule by associating an address valid in the ?rst address realm

conventional NAT is used. The general problem usually to be

with an address valid in the second address realm. There is a

solved is that of a large internal network 10, existing in a realm 50 of un-o?icial, or un-assigned, IP addresses, which are unknown to, or will not be correctly routed by, the Global Internet. The NAT device 20 is deployed at the interconnect point (or points) of the internal network 10 to the Global Internet 30. Using a small pool of of?cially assigned addresses, the NAT 20 creates the illusion, to the Global Internet 30, of a small network of devices using the of?cially assigned IP addresses, and provides some access to the Glo

control channel communicating with the address manager for receiving from the ?rst application a request for an address valid in the second address realm to be associated with a

speci?ed address valid in the ?rst realm and for providing the ?rst application access to the address valid in the second address realm to facilitate communication of the address valid in the second realm to the second application. In one embodiment of the invention the applications are entities connected for IP telephony. In another embodiment of the invention the address manager establishes more complex translation rules such that an externally valid destination address could be translated into an internally valid address of

bal Internet 30 to many or all of the devices within the internal network 10. Peer-to-peer applications will not work through a current generation NAT device, in part because of the limited way an

one value or a different value depending on the incoming

source address. Speci?c remote addresses, larger sets of

20

remote addresses, or any remote address at all could be used as the triggers for the use of special, more complex NAT rules. In a further embodiment an application is programmed to

control, within speci?ed ranges, the translation rules estab lished by the address manager.

application and its corresponding NAT communicate. Nor mally, a NAT device deals only with the IP address ?elds of

message packets, performing address translation according to 25

DESCRIPTION OF THE DRAWINGS

a limited set of rules. FIG. 2 shows the basic address transla tion functions of a conventional NAT 120. HostA 110 is part of an address realm 100 serviced by conventional NAT 120. Application A1 121 is running on HostA. It has a destination or terminating address that is internally valid and is used to

get incoming message packets routed to it. Application A1 FIG. 1 is a block diagram showing a NAT device as used in a prior art network to connect an internal network with mul

30

tiple devices or applications to the Internet. FIG. 2 is a block diagram showing a NAT device perform

ing address translation according to the prior art. FIG. 3 is a block diagram showing a NAT device accord ing to an embodiment of the present invention for facilitating communication between an application in the address realm served by the NAT and an application in another address realm. DETAILED DESCRIPTION

35

40

also may have an originating address that is used to identify Application A1 as the source of message packets that Appli cation A1 originates. As discussed above, an IP message packet includes a ?ve part IP header. Thus, an outgoing packet 130 that Application A1 desires to send to Host R 210 in a remote, external address realm, will have the following com ponents in its IP header 140:

1) 2) 3) 4)

Source IP address Destination IP address Source Port Number Destination Port Number

5) Transport Protocol I. Peer-to-peer Applications A system using the present invention is useful for, at least, the new class of Internet applications that operate in a peer to-peer (two or more devices located anywhere and commu

45

nicating essentially symmetrically) fashion as opposed to the traditional model in which one device is at a well-known

location (IP address), and the other may or may not be located at a well-known location (IP address). The new generation of Internet Applications such as IP

50

This IP header is followed by data 142, which may be media. WhenApplicationA1 presents outgoing message 130 to NAT 120, the NAT 120 must replace any internally valid addresses and port numbers with externally valid addresses and port numbers. The NAT 120 may have hardware and software 122 that apply its translation rules, stored in any form, such as a

correspondence table 124. Typically, ApplicationA1 121 is in possession only of its internally valid Source IP address and Source Port Number (its originating address) and the NAT 120 must translate these as inserted in any outgoing message 130 into an externally valid address header 240 for packet 230

Telephony, Instant Messaging, and so on, allow users on

networks in different address realms to connect directly to

to chat in a continuous, real-time interaction. In these proto cols, each user’s computer will set up an application that might be termed a micro-server, and then communicate to the other computer, located in a different address realm, an IP address and port at which that micro-server can be reached.

55

before transmitting them on to Host R 210. If we assume for simplicity that Host R is in an address realm 200 that uses o?icial IP addresses, no NAT or address translation is needed

(This is the “just-created Internal Server” at the “just-allo

60

for it to deliver packet 230 with the externally valid address header 240 to the speci?ed destination IP address and port in Host R’s address realm 200. Host R’s reply packet 250 will use externally valid IP addresses in its address header 260. The NAT 120 will need to

one another’ s computers to share data or to collaborate, or just

cated port number” which a conventional NAT device does

translate these externally valid addresses into intemally valid

not handle). To complete the peer-to-peer connection, each

IP addresses for its address realm 100. Again, the NAT will use hardware and software 122 that apply its translation rules, stored in any form, such as a correspondence table 124. The result transmitted to HostA from Host R is an internally valid

user’s computer then launches a client application to connect to the micro-server in the other’s address realm. The respec

tive client applications must then be put in possession of an address at which the micro-server on the other computer in the other’ s address realm can be reached. Thereafter, two -way

65

packet 150 with appropriately-translated address header 160 that has an internally valid destination address and port, (i.e.,

US RE43,057 E 7

8

the terminating address for Application A1). This permits the

II. An Improved Peer-to -peer Network Address Translation Device

internally valid packet 150 with data content 162 to reach

Application A1. The following discussion makes reference to FIG. 3 to describe how the present invention uses an improved NAT device and method to establish peer-to-peer Internet commu nications.

The micro-servers for the peer-to-peer communication facilitated by the present invention reside, potentially, on any host device within an organization’s internal network. These

micro-servers generally will be assigned a random, available port number by the underlying operating system (in an oper ating system speci?c way) as the port to use for its service;

Ef?cient peer-to -peer application communication between different address realms requires that the applications (for simplicity, we will con?ne discussion to two applications exchanging data between them, as opposed to a one-to-many

this will be a number currently not in use by any other appli cation on the host device where the micro-[servers] server

or many-to-many exchange) have access to the of?cial, exter

runs. Indeed, there is no reason the micro-server needs to

nally-valid IP address information that will be used in their communication. In the simplest case, a ?rst application needs to have access to (l) the externally-valid address information

reside on the same device as the application communicating the micro-server’s address, nor is there a need for the micro server’s client in the other address realm to reside on the same device as the device to which the micro-server’s address is to

others will use to reach it, so that such ?rst application can communicate that address information to a second applica

be communicated to set up data exchange. However, if this separation does occur, some intra-network communication must occur so that all the applications will know all the

20

tion in another address realm, and (2) the externally valid address of the second application. In fact, for symmetry and to facilitate security and other functions, it is better that each of

address and port information they need to know. We will refer to the class of applications discussed herein

the ?rst and second applications has two addresses: an origi nating address A0, used to identify the device and port of a

as “peer-to-peer applications,” which is intended to cover all applications in which two applications communicate over a

packet, and a separate terminating address, A], used to iden

network in an essentially symmetric fashion, where neither

sending application as the source of an outbound message 25

tify another device and port that will receive inbound mes sage

application is clearly a server or a client in the sense of an

packets. Thus, ideally communication is established by each

application providing a service or receiving a service, respec tively; rather, both applications perform the same or similar functions on behalf of the other. Note that throughout the rest

of the ?rst and second applications having and communicat ing two associated official addresses: originating and termi nating. In addition, each of the ?rst and second applications has access to the originating and terminating addresses of the

of this document we use the term “client” to mean an appli

30

counterpart with which it wants to have peer-to -peer commu

cation which initiates a data transfer session, and the term “server” to mean an application which accepts the initiation of a data transfer session from a client. This is convenient

terminology, which helps to de?ne in which direction the initial data packet passing between two applications passes. This initiation step is important for a discussion of NAT behavior. For our purposes, unless otherwise stated, the term “client” will mean the application or device sending the initial session packet of a data transfer, and “server” will mean the

nication. FIG. 3 shows a system for facilitating improved commu nication between two peer applications in different address 35

realms. Host A 110 and Host B 310 are both part of address realm 100. HostA has one or more applications running in it.

By way of example, Application A1 121 and Application A2 122 are shown. Each has an internally valid terminating

address and internally valid originating address. Host B may 40

also have one or more applications running in it. By way of

application or device to which that initial packet is directed. IP Telephony is an important example of a peer-to-peer

example, Application B1 321 and Application B2 322 are

application. In this example each [end point] endpoint appli

otherwise connected so that there is a channel 370 (e.g.,

shown. Host A and Host B may be on the same network or

cation acts as a client by initiating a so-called “media” con

nection to send packets containing digitized voice to the

connection to a common communication network) for com 45

other, which receives the packets containing digitized voice as a server. The relationship is more or less symmetrical, as

digitized voice normally passes in both directions. In IP telephony, a micro-server on an internal network (say,

an IP telephone awaiting a stream of digitized voice packets from a remote telephone) will usually need to communicate

50

its host device’s IP address to a remote client (the other IP telephone, or some other device, such as a virtual PBX or

other IP telephony gateway acting on behalf of the other

telephone). The micro-server’s internally valid network

55

munication between Ho stA and Host B. Additional hosts may also be present in this address realm 100 but are not shown. Improved NAT 320 serves the address realm 100. Improved NAT 320 has two functional sections. One is the address translation section 322, which performs the conven tional address translation functions as discussed with respect to NAT 120 in FIG. 2. The other is the address manager section 324. An IP message channel 360 connects HostA 110 to the address translation section. This channel 360 is used when an application on Host A or any other host served by NAT 320 needs to send out an outgoing message and requires

address won’t work for a client on the Global Internet,

internally valid addresses translated into externally valid

because this address is not an of?cially assigned IP address. In the event that the micro-server could somehow independently discover or compute an official IP address, which it could communicate to the remote client in the initial packet, the conventional NAT would still have no procedures or rules for what to do with the ?rst reply packet as sent by the remote

addresses. The channel 360 is also used when an incoming message has arrived with an externally valid address, the NAT 320 has translated the externally valid addresses in an incom ing message into internally valid addresses and needs to send on the message to the appropriate application in address realm 100. The address translation section 322 is connected to the “outside” address realms. By way of example, FIG. 3 shows

60

client application. That is, unless, the NAT itself took part in this discovery or computation of the official IP address in the initial packet, the NAT will have no translation rule associat ing the internal network address and any official IP address in an incoming message.

65

a Global Internet realm 400 connected to address translation

section 322. Within address realm 400 is another address realm 200 containing Host R 410 and Host S 510 that may

US RE43,057 E 9

10

host other applications (Applications R1, R2, S1 and S2 are

manager 324 requires hardware and/ or software that permits

shown by way of example) with which Host A or Host B may communicate. Channel 470 (e.g., a common network connec

requests to be made over the control channel 350 and requested information or status information returned to the

tion) provides communication between Host R 410 and Host

application.

S 510.

A control channel 350 connects HostA 110 (and indirectly Host B 310) to the address manager section 324. The control

III. Sample Peer-to-Peer Interchanges Using the Control Channel

channel 350 is used when an application on Host A or any

other host served by NAT 320 needs to communicate with NAT 320 to request services of the address manager 324. The address manager can perform several services for a request

Returning to the above discussion of server and client relationships, the function of the control channel 350 and communications between an application and the address manager section 324 and address translation section 322 in several different example situations can be explained. Each example is presented in reference to FIG. 3.

ing application. First, a requesting application can present an internally-valid address (either an originating address or a

terminating address), and ask the address manager 324 to

provide an externally valid address paired with the internally

Server Address/Port Allocation and Discovery Example:

valid address and give the address translation section 322

Host A 110 in address realm 100 starts a micro-server, an

access to this pairing. This can be done so that the address translation section 322 will use this correspondence as its

Application A1 121 that has the purpose of communicating

translation rule for incoming and outgoing message packets.

address information to Host R 410, in address realm 200 outside of address realm 100, which address information Host

Second, an application may cause the address manager 324 to add additional or more complex translation rules to those

20

R 410 can use to connect to the micro-server, ApplicationA1.

In order to provide Host R with useful address information, the following steps occur:

used in the NAT 320, going beyond simple intemal/external pairings. For example, instead of just performing an uncon ditional substitution of a corresponding internally-valid des tination address or port for a speci?ed extemally-valid desti

25

324 of the internally valid IP address and port Applica tion A1 is using; 2. Application A1 121 receives from the address manager

nation address or port found in an incoming message, a more

complex translation rule can be built by the address manager 324 at an application’s request. A rule could be formulated so

that the address translation section 322 checks the incoming source address and/ or port and applies a different translation

1. Application A1 121 contacts the NAT device 320 over the control channel 350 to inform the address manager

30

324 in return an externally valid IP address and a port number which the NAT device 320 will translate to the

rule depending on the content of that ?eld. [e]E.g., externally valid address AB in a packet received at NAT 320 is translated

internally valid terminating address provided by Appli

into internally valid address Al 1, if a certain source address is

3. ApplicationA1 (which we must assume has the ability to address an IP message packet to Host R, Application R1 421) then sends an IP message packet via the address translation section 322 of NAT 320. The data portion of the packet contains the externally valid IP address and a port number to inform Host R 410, Application R1 421

cation A1 in its request.

present in the packet; but no translation is done and the packet is discarded if that source address is not present. This may be

35

useful for security. Alternatively, an externally valid destina tion port number PE could be translated into an internally valid port number of one value PM, or a different value Pl2 depending on the incoming source address. Speci?c remote addresses, larger sets of remote addresses, or any remote source address at all could be used as the triggers for the use

how to send packets to Application A1. 40

request per the externally valid IP address and a port

number Application A1 gave it, which (being correctly

of special NAT rules. Third, an application could specify to the address manager

addressed to an official IP address) arrives at the NAT

320, where the externally valid address is translated to

324 required or desired characteristics for an extemally-valid

address requested for association with an intemally-valid address. This could be useful to let an application specify that

45

the external IP address to result from translation must be a particular IP address or within a speci?ed range of IP

server in the public Global Internet that, in turn, would direct the message to a particular private network where a certain type of transmission or billing could occur before the packet was forwarded again into a public Global Internet. It can be seen then that the control channel 350 and the address manager section 324 represent a ?exible facility for

421 on to Application A1 121 on Host A.

The external Host R 410 in address realm 200 starts a 50

address information Host R can use to validate an incoming 55

providing applications both information that they do not get

address information is useful for security and may be required by Application R1 for its own purposes, such as compliance with a communication protocol. 2. Application A1 121 on Host A contacts the NAT device 320 over the control channel 350 to inform the address

may desirable that the address manager 324 have its own

microprocessor and memory for storing the code that deter that each application that communicates with the address

useful address information, the following steps occur: 1. Application R1 421 sends a packet to Host A requiring from Host A, Application A1 121, information about from which IP address and port the connection from

Application A1 121 will originate. This originating 60

ware or software or a combination of both. For example, it

mines what services and functions are available in response to control messages from an application. It will further be seen

microserver, e. g., an Application R1 421. Application A1 has the intention of communicating address information to Host R, in address realm 200 outside of address realm 100, which connection from Host A. In order to provide Host R 420 with

with a conventional NAT and the power to establish certain

translation rules for the address translation section 322 of the NAT. The address manager 324 can be implemented in hard

Application A1’s internally valid address and port. 5. NAT 320 sends the reply packet from Application R1 Client Address/ Port Allocation and Discovery Example:

addresses. Thus, with an appropriate request, the application could establish a NAT rule that would require that the mes sage packet be directed or forced to a particular external

4. Application R1 421 at Host R 410 sends a connection

65

manager 324 of the internally valid IP address and port ApplicationA1 will use to communicate with the micro server on Host R.

US RE43,057 E 11

12

3. Application A1 121 receives from the address manager

portion of the packet contains the externally valid IP

324 in return an externally valid IP address and a port number into which the NAT device 320 will translate the

address and a port number to inform Ho st R, Application R1 421, how to send packets to Application B1 321.

internally valid originating address provided by Appli

5 . Application R1 421 at Host R sends a connection request

cation A1 in its request.

per the externally valid IP address and a port number

4. Application A1 121 (which we must assume has the

Application A1 121 gave it, which (being correctly

ability to address an IP message packet to Host R, Appli cation R1) then sends an IP message packet via the address translation section 322 of NAT 320. The data

addressed to an of?cial IP address) arrives at the NAT

320, where the externally valid address is translated to

Application B1’s intemally valid address and port.

portion of the packet contains the externally valid IP

6. NAT 320 sends the reply from Application R1 on to Application B1 on Host B. Client Address/Port Allocation and Discovery With Client/

address and a port number to inform Host R, Application R1 421 from what IP address and port packets from

Servers Separated From Negotiating Entities Example:

Application A1 121 will originate. 5. Application A1 121 then initiates the connection by sending an outgoing packet addressed to Host R, Appli cation R1 421, which packet arrives at the address trans

In this example, Host R 410 and Host S 510 make use ofa communication channel 470 between them. This permits an application on Host R 410 to act as a proxy for an application on Host S 510 . For example, if applications on Host S are IP

lation section 322 of NAT device 320. 6. The address translation section 322 of NAT device 320

translates the packet’s source address and port (which indicate Application A1’s internal IP address and port) to the externally valid version of these (which was passed to Application A1 in step 3 and which Applica tion A1 sent to Application R1 in step 4). 7. The address translation section 322 sends the packet on to Host R, Application R1 with the source information Application R1 now expects.

telephones without much intelligence, then Host R 410 could be a virtual PBX with applications that could address a variety 20

address association) needed by an IP telephone or could be some other form of IP telephony gateway.

25

Server Address/Port Alocation and Discovery with Separate

from Host B. In order to provide Host S 510 with useful

In this example, HostA and Host B make use of a commu 30

tion on HostA to act as a proxy for an application on Host B.

For example, if applications on Host B are IP telephones

35

association) needed by an IP telephone or could be some other form of IP telephony gateway. With the use of a proxy, it is evident that there need be no relationship between the

addresses and ports actually owned or used by the requesting entity, and those addresses and ports called out in the requests

address information, the following steps occur: l.Application R1 421 sends a packet to HostA 110 requir ing from Host A, Application A1 121 information about from which IP address and port the connection with

Application B1 321 will originate. This originating

without much intelligence, then Host A could be a virtual PBX with applications that could address a variety of services

(e.g., directory assistance, telephone number to IP address

Host S 510 in address realm 100 starts a micro-server, e.g., an Application 51. Application B1 has the intention of com municating address information to Host S 510, in address realm 200 outside of address realm 100, which address infor mation Host S 510 canuse to validate an incoming connection

Requestor/ Server Example: nication channel 370 between them. This permits an applica

of services (e. g., directory assistance, telephone number to IP

40

address information is useful for security and may be required by Application S1 for its own purposes, such as compliance with a communication protocol 2. Application A1 121 communicates with Application B1 321 over channel 370 to discover what internally valid address and port will be used by Application B1 321 to contact Application S1 521.

to the address manager 324. Host B 310 in address realm 100 starts a micro-server, e.g.,

3. Application A1 121 on Host A contacts the NAT device 320 over the control channel 350 to inform the address

anApplication B1 321 that has the purpose of communicating

manager 324 of the internally valid IP address and port

address information to Host R, in address realm 200 outside of address realm 100, which address information Host R

Application B1 will use to communicate with the micro 45

address information, the following steps occur: 1. Application A1 121 communicates with Application B1 over channel 370 to discover what intemally valid address and port can be used to contact Application B1 321. 2. Application A1 121 needs to contact Application R1 in

address realm 200 to provide Application R1 externally valid address information for Application B1.

server on Host S 510.

4. Application A1 121 receives in return from the address manager 324 an externally valid IP address and a port number into which the NAT device 320 will translate the

(which will act as the client) can use to connect to the micro server, Application B1 . In order to provide Ho st R with useful

internally valid originating address provided by Appli 50

cation A1 121 in its request. 5. Application A1 121 (which we must assume has the

ability to address an IP message packet to Host R, Appli cation R1 421) then sends an IP message packet via the address translation section 322 of NAT 320. The data 55

portion of the packet contains the externally valid IP

Application A1 contacts the NAT device 320 over the con trol channel 350 to inform the address manager 324 of the

address and a port number to inform Ho st R, Application R1 421 from what IP address and port packets from

internally valid IP address and port Application B1 is using;

Application B1 321 will originate. 6. Application R1 421 will communicate with Application

3. Application A1 121 receives from the address manager 324 in return an externally valid IP address and a port number which the NAT device 320 will translate to the

60

internally valid terminating address for Application B1 provided by Application A1 in its request.

tion B1 321 will use to communicate to Application S1 521.

4. Application A1 121 (which we must assume has the

ability to address an IP message packet to Host R, Appli cation R1 421) then sends an IP message packet via the address translation section 322 of NAT 320. The data

S1 521 via communication channel 470 to communicate

to Application S1 521 the IP address and port Applica

65

7. Application B1 321 then initiates the connection by sending an outgoing packet addressed to Host S, Application S1 521, which packet arrives at the address translation section 322 of NAT device 320.

US RE43,057 E 14

13 8. The address translation section 322 of NAT device 320

network located inside a NAT device. In the examples dis cussed below, all NAT devices are of the kind discuss in FIG. 3. The various cases may be combined, of course. In general,

translates the packet’s source address and port (which indicate Application B1’s internal IP address and port) to the externally valid version of these (which was passed to Application A1 121 in step 4 and whichAppli

some proxy server will provide to other proxy servers in the

network, as well as to the phones involved, the illusion that

cation A1 sent to Application R1 421 in step 5. 9. The address translation section 322 sends the packet via Host R 410 on to Host S, Application S1 521 with the source information Application S1 now expects.

there are no NAT devices. Because this can be done success

fully, you can actually have many NAT devices working with many proxy servers, each convinced that it is the only NAT, and each convincing the rest of the network that, in effect, “there is no NAT here.”

IV. A Voice Communication Application

1. Target Phone is Inside a NAT

In this case, the target phone, Phone B, which is inside the address realm of a NAT, will have no problem sending data to

A. Without NAT

To explain in greater detail the application of the present invention to IP telephony it is helpful to explain how a simple phone call using a protocol called SIP might work. SIP is the Session Initiation Protocol, but is a generally accepted short hand for SIP and all the related protocols that work together to

the originating phone, because a NAT generally provides

networks, like IP.

things “inside” with the ability to simply send tra?ic out to anywhere, by addressing it to the outside address. The dif? culty is in sorting out what to tell the originating phone, because the target phone is “inside” a NAT, it cannot be reached from the outside without some help from the NAT. The target phone does not use a globally routably IP address;

In a simple example, there are basically two messages that get sent to establish a phone call. (This discussion suppresses certain detail; there may in fact be quite a bit more going on.)

it probably uses a private IP address, an address the rest of the world has no idea how to deliver packets to. Only devices on the target phone’ s local network can address data to the target

allow users to do telephony (and some other things) over data

20

The two messages we are concerned with are the INVITE 25 phone’ s actual IP address with any hope of having data deliv

ered to it. In this case, a proxy server within the target phone’s net

message, and the OK response to it.

Assume that someone, using a SIP telephone designated

work must be involved. Of course, it will always be involved

Phone A wishes to make a telephone call to someone else,

possibly identi?ed by a telephone number, or some other identi?er such as an email address. The person making the

30

anyway, because it has responsibility for routing the INVITE to the correct phone within the local network, to complete the

call would enter the desired target party by typing in the phone

call. This proxy server will also process the OK response from

number or other identi?er. Of course, Phone A doesn’t know

the target phone. Remember that the target phone writes its

anything about where the target party is, but it does know

address and port, 2.2.2.2/2222, into this OK message. In this case, 2.2.2.2 is not a useful address for the originating phone,

where a smarter device called a proxy server is. Phone A

therefore formulates an INVITE message which includes

35

because it is private and only internally valid. The proxy

information about who the target is, some other information

server must, therefore, obtain a different, externally valid

andisigni?cantly4destination information about where Phone A expects to receive media packets from the target whenever the target is located, rung, and picks up the phone. Phone A will typically supply this information in the form of

address, and replace the address (andpossibly port) contained in the OK message before sending it back toward the origi

nating phone. 40

its own IP address, and a port number. Let us imagine that

these are 1.1.1.1, and 1111, respectively. The proxy server contacted by Phone A will probably send the INVITE on to other proxy server devices, following some

network search path, until the target is located. At this point, the INVITE message originally formulated by Phone A is

45

delivered to the target, which we will designate as Phone B.

sends this new OK message off to Phone A. Now when Phone B sends a media packet to Phone A it is

Phone B will presumably ring for a while, and (with luck) someone will pick it up. At this point Phone B replies with an OK message, which includes a variety of information, includ ing the destination address at which Phone B expects to receive media. Let’s imagine this is IP address 2.2.2.2, port number 2222.

Phone B may begin to send media packets with digitized voice to 1111/1111 immediately, because it received this

50

55

received in the OK message. Assuming correct con?guration, this packet will arrive at the NAT device, which will translate it so that it is now addressed to 2.2.2.2/2222, per the request made by the proxy server, and sent inside the network. The

returns (through the proxy servers) to Phone A, that phone may begin to send similar media packets to 2.2.2.2/2222. Digital audio data is being sent in both directions at this point, 60

media packet is now correctly addressed, and is within the local network which knows how to deliver this “privately addressed” media packet, so the media packet arrives at Phone B, as desired.

2. Target Phone is Outside the NAT This is almost exactly the same as the previous example,

discussed. In the ?rst case, the target phone is eventually located by the proxy servers inside some NAT device. In the second, the source phone is located inside some NAT device. In the third case, neither phone is located “inside” a NAT device, but the media traf?c between them needs to traverse a

addressed to 1.1.1.1/1111, and the NAT allows this to work just ?ne4outbound traf?c can be simply addressed to the “right”, externally valid address. When Phone A sends a media packet to Phone B, however, it will send it to 3.3.3.3/

3333ithe destination [end point] endpoint information it

information in the INVITE message. When the OK message

and conversation presumably ensues. B. With NAT With a NAT device in the picture, we have three cases to be

The proxy server will make a request to the NAT device of

the target phone, a “Server Address/ Port Allocation/Discov ery” request. The NAT will reply with an address and port, say 3.3.3.3/3333, by which devices on the other side (the “out side”) of the NAT device may reach a device at 2.2.2.2/2222 (the target phone). The proxy server re-writes the OK mes sage to indicate 3.3.3.3/3333 instead of 2.2.2.2/2222, and

except that in this case the proxy server near Phone A (which 65

is now the phone “inside” the NAT, and which has a private IP address useful only within its local network) must re-write the INVITE message after querying the NAT device for an exter

US RE43,057 E 15

16

nally valid address. Perhaps the 1111/1111 address is re written under the requested NAT rule to 4.4.4.4/4444 (1.1.1.1 is assumed to be a private IP address, while 4.4.4.4 is not, in

OK message will be re-written by the Egress Proxy Server to indicate this, and be sent on to the Ingress Proxy Server. This Proxy Server will ask NAT A for an address by which things outside (say, Phone A) may reach address 40.40.40.40/4040. NAT A might return the address 50.50.50.50/5050. The OK

this case). A media packet from Phone A proceeds outwards through the NAT device unchanged, while a media packet from Phone B, outside the NAT will be addressed to 4.4.4.4/4444, will arrive at the NAT device and be translated to 1.1.1.1/1111, and ?nally delivered to Phone A inside. 3. Both Phones OutsideiTransit Network has NATs

will be re-written again to indicate this, and be sent on to

In this case we assume that both phones are somewhere

50.50.50.50/5050, and all the addresses eventually get trans lated so that the media packets arrive at the right place at the end of the day. The advantages of doing this are that IP

Phone A, which will then send all its media packets to address 50.50.50.50/5050. The upshot is that Phone B sends its media packets to 20.20.20.20/2020, and PhoneA will send its media packets to

“out there”, and the network with the NAT devices is a transit

networkiperhaps a long-distance carrier for IP telephones. We assume further that this network is taking part in the processing and routing of INVITE and OK messages. Per haps this network provides person-location services, as well

addresses such as 20.20.2020 and 50505050 can be forced

by applications that the ability to control a NAT and selected to be addresses that belong to the transit network itself, guar anteeing that the packet from the two phones arrive at suitable

as media handling. Let us leave Phone A and Phone B at 1111/1111 and

ingress points to the transit network itself, guaranteeing that

2.2.2.2/2222 respectively. Assume the INVITE from Phone A arrives at some proxy

the transit network actually handles the media data, and fur 20

thermore guaranteeing the ingress point for each media

server in the NAT-equipped transit network under consider

stream. Without this, there is no way the transit network has a

ation. We may call this the Ingress Proxy Server, because it handles the “inbound” INVITE in our example. The Ingress Proxy Server performs the same “Server Address/Port Dis

priori control over how the media packets get from one of the phones to the other.

covery” as in the earlier examples, to discover an address that

25

IV. Conclusion and Aternate Embodiments

a device inside the transit network could use to reach PhoneA. Let us assume that it performs this operation on a speci?c

It will be readily apparent to those skilled in the art that

NAT device, designated NAT A, which is at the egress point

innumerable variations, modi?cation, applications, and extensions of these embodiments and principles can be made

from the transit network to Phone A. Say NAT A returns an

address/port, which is 10.10.10.10/1010. This is a private

30

without departing form the principles and spirit of the inven

address, useful within the transit network, which things inside

tion. Accordingly, it is intended that the scope of the invention

that transit network could use to reach Phone A. That is, any message packets within the transit network addressed to 10.10.10.10/1010 would be routed by the network to NAT A, which would translate the addresses to 1 .1 .1 .1/ 1111. and send

be only limited as necessitated by the accompanying claims.

35

them on to Phone A.

What is claimed is: 1. A network address translation device for facilitating message packet communication between a ?rst application having an internal address valid in an internal address realm

The INVITE mes sage (now indicating that Phone A wished

and one or more applications in an external address realm,

to receive media at 10.10.10.10/1010) is sent on across the transit network. At some point, another proxy server which

said internal address realm having available to it a set of available addresses valid for use in the external address realm,

we will call the Egress Proxy Server because it will handle the INVITE on the way out of the transit network, will receive

40

an address translator for translating addresses included in

this INVITE. This Egress Proxy Server will perform yet another request, on another NAT device (say, NAT B) well situated to provide traf?c to and from Phone B, to discover an

address by which things “outside” NAT B may reach the end point currently contained in the INVITEi10.10.10.10/ 1010. NAT B should respond with some address, say 20.20.20.20/ 2020. The point of this address is that packets sent by things outside (say, for example, Phone B) addressed to 20.20.20.20/

45

2020, arriving at NAT B, will be re-addressed, speci?cally,

50

the headers of message packets incoming to and outgo ing from the internal address realm in accordance with translation rules that resolve the incompatibility of the internal and external address realms; an address manager for establishing and storing the trans lation rules, said address manager having access to the set of available addresses valid for use in the external

address realm; and a control channel communicating with the address man

ager for receiving from the ?rst application a service request message for establishing in response to the ?rst application’s service request a translation rule speci?ed

translated to be addressed to 10.10.10.10/1010. Then the transit network will route this data (because it’s set up to route

this way) to NAT A, which will re-address the data again to 1111/ 1111 as indicated in the previous paragraph. The INVITE is then sent on to Phone B, which will send

comprising:

by the ?rst application. 55

2. The network address translation device of claim 1,

media packets to address 20.20.20.20/2020, per the contents of the INVITE. The media packets will travel to address

wherein the ?rst application speci?es that the translation rule to be established associates the ?rst application’s internal

20.20.20.20, which will, assuming correct network con?gu

address with an available external address and the ?rst appli

ration, cause it to arrive at NAT B, where it will be translated to 10.10.10.10/1010, and thence to NATA. NATAwill trans late it to 1111/1111, and send it on to Phone A.

Exactly the same set of operations, though resulting in different addresses, will apply to the OK coming back from Phone B, but in the opposite direction. First the Egress Proxy Server will ask NAT B for an address by which things inside the transit network may reach Phone B (at 2222/ 2222). Perhaps NAT B will return the address 40.40.40.40/4040. The

60

cation has access to the associated available external address as data for an outgoing message packet. 3. The network address translation device of claim 1

wherein the ?rst application speci?es that the translation rule to be established associates the ?rst application’s internal 65

address with an available external address that is a particular WP address or within a speci?ed range of IP addresses. 4. The network address translation device of claim 1

wherein the ?rst application speci?es that the translation rule

US RE43,057 E 17

18

is one of two or more translation rules applicable to an incom

and [providing] returning to the ?rst application access to the

ing message packet, where the selection of which translation rule is applied is contingent on address information in the

message packet.

associated available external address as data for an outgoing

incoming message packet. 5. The network address translation device of claim 2

16. The method of claim 14 wherein the step of [providing] receiving via a control channel [for receiving] a request com

wherein the available external address requested by the ?rst application is a terminating address.

prises receiving from the ?rst application a request [that

6. The network address translation device of claim 2

associates the ?rst application’s internal address with an available external address that is a particular IP address or within a speci?ed range of IP addresses.

speci?es] specijj/ing that the translation rule to be established

wherein the available external address requested by the ?rst application is an originating address. 7. The network address translation device of claim 2 wherein the internal address realm is a private network and the external address realm is the Internet. 8. The network address translation device of claim 1 wherein the internal address realm is a private network and the external address realm is the Internet and the address manager establishes a translation rule by associating an address valid in the private network realm with an address valid in the Internet. 9. The network address translation device of claim 4, wherein the selection of which translation rule is applied is made in response to the presence or absence of speci?ed

17. The method of claim 14 wherein the step of [providing] receiving via a control channel [for receiving] a request com

prises receiving from the ?rst application a request that the translation rule is one of two or more translation rules appli

cable to an incoming message packet, where the selection of which translation rule is applied is contingent on address

information in the incoming message packet. 18. The method of claim 14 wherein the step of [providing] 20

originating address information in the incoming message. 10. The network address translation device of claim 1, wherein the communication facilitated is peer-to-peer appli

25

cation communication. 11. The network address translation device of claim 1, wherein the communication facilitated is peer-to-peer tele

phony communication. 12. The network address translation device of claim 3, wherein the translation rule to be established forces the out going message packet to have a destination address in a transit network. 13. The network address translation device of claim 3, wherein the translation rule to be established forces at least a

30

receiving via a control channel [for receiving] a request com prises receiving from the ?rst application a request for a translation rule for a terminating address. 19. The method of claim 14 wherein the step of [providing] receiving via a control channel [for receiving] a request com prises receiving from the ?rst application a request for a translation rule for an originating address. 20. The method of claim 14 wherein the internal address realm is a private network and the step of [providing] estab lishing and storing translation rules using an address man

ager comprises [providing] using an address manager having access to a set of available addresses valid in the Internet.

21. The method of claim 14 wherein the internal address realm is a private network and the external address realm is 35

the Internet and the step of [providing] establishing and stor ing the translation rules using an address manager comprises

portion of the packet communication between the ?rst appli

[providing] using an address manager that establishes a trans

cation and the second application to pass through a speci?ed network. 14. A method for facilitating message packet communica tion between a ?rst application having an internal address

lation rule by associating an address valid in the private net work realm with an address valid in the Internet.

22. The method of claim 17, wherein step of [providing] 40

receiving via a control channel [for receiving] a request com

valid in an internal address realm and one or more applica

prises receiving from the ?rst application a request that the

tions in an external address realm, said internal address realm having available to it a set of addresses valid for use in the

translation rule is one of two or more translation rules appli

external address realm, comprising: [providing the internal address realm with] receiving mes

45

incoming message.

sage packets at a network address translation device

having an address translator for translating addresses included in the headers of message packets incoming to and outgoing from the internal address realm in accor dance with translation rules that resolve the incompat ibility of the internal and external address realms; [providing] establishing and storing using an address man

23. The method of claim 14, wherein the communication

facilitated is peer-to-peer application communication. 24. The method of claim 14, wherein the communication 50

ager [for establishing and storing the] translation rules for the network address translation device, said address manager having access to the set of available addresses valid for use in the external address realm; and

[providing] receiving via a control channel communicating with the address manager [for receiving from the ?rst application] a service request message transmittedfrom the ?rst application for establishing [in response to the ?rst application’s service request] a translation rule

55

facilitated is peer-to-peer telephony communication. 25. The method of claim 16, wherein the step of [provid ing] receiving via a control channel [for receiving] a request comprises receiving from the ?rst application a request that the translation rule to be established forces the outgoing mes sage packet to have a destination address in a transit network.

26. The method of claim 16, wherein the step of [provid ing] receiving via a control channel [for receiving] a request comprises receiving from the ?rst application a request that the translation rule to be established forces at least a portion of 60

speci?ed by the ?rst application. 15. The method of claim 14, wherein the step of [provid ing] receiving via a control channel comprises receiving from

the ?rst application a request [that speci?es] speci?/ing that

cable to an incoming message, where the selection of which translation rule is applied is made in response to the presence or absence of speci?ed originating address information in the

the packet communication between the ?rst application and the second application to pass through a speci?ed network. 27. A methodforfacilitating message packet communica tion between a ?rst application having an internal address valid in an internal address realm and one or more applica

the translation rule to be established associates the ?rst appli

tions in an external address realm, said internal address realm having available to it a set ofaddresses validfor use in

cation’s internal address with an available external address

the external address realm, comprising:

65

US RE43,057 E 19

20

receiving message packets at a network address transla

39. The method ofclaim 3 5, wherein an SIP proxy server is invoked in transmitting the ?rst address to an SIP-aware

tion device having an address translatorfor translating addresses included in the headers of message packets incoming to and outgoing from the internal address

application in the external address realm. 40. The method ofclaim 35, wherein the SIP message is

realm in accordance with translation rules that resolve

used to establish a peer-to-peer communication session.

the incompatibility of the internal and external address

4]. The method ofclaim 35, wherein the SIP message is

realms;

used to establish an IP telephonic communication session.

establishing and storing using an address manager the translation rules for the network address translation device, said address manager having access to the set of

42. The method ofclaim 35, wherein the SIP message is used to establish an instant messaging session.

43. A methodforfacilitating message packet communica

available addresses val idfor use in the external address

tion between a ?rst application having an internal address

realm; and

valid in an internal address realm and one or more applica

receiving via a control channel communicating with the

tions in an external address realm, said internal address realm having available to it a set ofaddresses validfor use in

address manager a service request message transmitted

from the ?rst application for establishing in response a

the external address realm, comprising:

translation rule speci?ed by the ?rst application, wherein the address manager transmits to the ?rst appli cation in response to the service request a ?rst address validfor use in the external address realm and wherein

the ?rst application causes the ?rst address to be trans

20

sagepackets incoming to and outgoingfrom the internal

mitted to the external address realm in an SIP message.

address realm in accordance with at least one transla

28. The method ofclaim 27, wherein the SIP message is an SIP INVITE message.

29. The method ofclaim 27, wherein the?rst application causes the SIP message to be transmitted to a second appli

25

cation in the external address realm.

30. The method of claim 27, wherein the ?rst address 30

internal address to use in an outgoing message tofacili tate an incoming message from an application in the

external address realm. 44. The method ofclaim 43, wherein the service request comprises instructing the network address translation device

32. The method ofclaim 27, wherein the SIP message is used to establish a peer-to-peer communication session.

33. The method ofclaim 27, wherein the SIP message is used to establish an IP telephonic communication session.

tion rule that maps correspondence between addressing in the internal and external address realms; and responsive to the service requestfrom the ?rst application received by the network address translation device, establishing a translation rule specified by the service

request that providesfor the?rst application an external address realm address paired with the?rst application ’s

includes an IP address and a port number.

3]. The method ofclaim 27, wherein an SIPproxy server is invoked in transmitting the SIP message to a second applica tion in the external address realm.

receiving a service request from the ?rst application at a networkaddress translation device, wherein the network address translation device has an address translatorfor translating addresses included in the headers of mes

35

to communicate the external address realm address included

in the translation rule to the?rst application. 45. The method ofclaim 43,further comprising receiving a

34. The method ofclaim 27, wherein the SIP message is used to establish an instant messaging session.

35. A methodforfacilitating message packet communica

service request with speci?cationsfor a new translation rule.

46. The method ofclaim 43,further comprising receiving a

tion between a?rst host having an internal address valid in an

internal address realm and one or more hosts in an external 40 service request with desired characteristics for a translation

address realm, the internal address realm having available to

rule. 47. The method ofclaim 46, wherein the desired charac

it a set of addresses valid for use in the external address

realm, comprising the steps of'

teristics for the translation rule identify a speci?ed range of

transmittingfrom an initiating application associated with the ?rst host in the internal address realm to a network address translation device a service request establishing a translation rule on the network translation device, the

IP addresses. 45

IP address.

network translation device adapted to translate addresses included in headers of message packets

incoming to and outgoing from the internal address

50

realm in accordance with translation rules that resolve

incompatibility between the internal and external address realms; receiving at the initiating application from the network translation device in response to the service request a

49. The method ofclaim 43, wherein the message packet communication is communication ofmedia packets. 50. The method ofclaim 43, wherein the message packet communication is communication of digitized voice packets. 5]. The method ofclaim 43, further comprising establish ing a translation rule with di?‘erent translated address values depending on an incoming source address.

55

?rst address val idfor use by the initiating application to identify itself in the external address realm; and

52. The method ofclaim 43, wherein the step ofreceiving a service request comprises receiving a request communicated from a proxy server.

53. A methodforfacilitating message packet communica

causing the ?rst address to be transmitted to the external address realm in a data portion ofan SIP messagefrom

the initiating application.

48. The method ofclaim 46, wherein the desired charac teristicsfor the translation rule identi?) a particular external

tion between an internal address realm and an external 60

address realm, comprising:

36. The method ofclaim 35, wherein the SIP message is an SIP INVITE message.

receiving at a network address translation device a service

37. The method ofclaim 35, wherein the?rst address is

address valid in the internal address realm, wherein the

transmitted to an SIP-aware application in the external address realm.

38. The method of claim 35, wherein the ?rst address includes an IP address and a port number.

request from a ?rst application having an internal network address translation device has an address 65

translator for translating addresses included in the headers ofmessage packets incoming to and outgoing from the internal address realm in accordance with at

US RE43,057 E 21

22

least one translation rule that maps correspondence

66. Thefirst SIP-aware application ofclaim 63, wherein an

between addressing in the internal and external address

SIP proxy server is invoked in transmitting thefirst address to a second SIP-aware application in the external address realm.

realms; establishing at the network address translation device a

67. Thefirst application ofclaim 62, wherein the IPpacket

translation rule with respect to the service requestfrom the first application, the translation rule including an external address valid for use in the external address

is used to establish a peer-to-peer communication session.

realm and paired with the first application ’s internal

is used to establish an IP telephonic communication session.

68. Thefirst application ofclaim 62, wherein the IPpacket 69. Thefirst application ofclaim 62, wherein the IPpacket

address to use in an outgoing message tofacilitate an

is used to establish an instant messaging session.

incoming messagefrom an application in the external address realm; and providing the external address to the first application. 54. The method ofclaim 53,further comprising receiving a

7 O. A network address translation device for facilitating message packet communication between a first application having an internal address valid in an internal address realm and one or more applications in an external address realm,

service request with specificationsfor a new translation rule.

said internal address realm having available to it at least one

55. The method ofclaim 53,further comprising receiving a

address validfor use in the external address realm, compris

service request with desired characteristics for a translation rule.

56. The method ofclaim 55, wherein the desired charac teristics for the translation rule identi?) a specified range of

ing: 20

IP addresses.

an address translatorfor translating addresses included in the headers ofmessagepackets incoming to and outgo ing from the internal address realm in accordance with

translation rules that resolve the incompatibility ofthe internal and external address realms; and

57. The method ofclaim 55, wherein the desired charac teristicsfor the translation rule identi?) a particular external

an address managerfor establishing a new translation rule for the address translator in response to a service

IP address.

58. The method ofclaim 53, wherein the message packet communication is communication ofmedia packets. 59. The method ofclaim 53, wherein the message packet communication is communication of digitized voice packets. 60. The method ofclaim 53, wherein the step ofestablish

25

ing at the network address translation device a translation

30

request received from the first application, the new translation rule including the internal address specified in the service request paired with an external address from the at least one address validfor use in the external address realm.

rule comprises establishing a translation rule with different

7]. The device of claim 70 wherein the service request specifies a required or desired characteristic for the external

translated address values depending on an incoming source

address to be established in the new translation rule.

address.

72. The device ofclaim 7], wherein the required or desired characteristic is that the external address ofthe new transla

6]. The methodofclaim 52, wherein the step ofreceiving at a network address translation device a service request com

35

tion rule must be a particular address or in a specified range

ofIP addresses.

prises receiving a request communicatedfrom a proxy server. 62. Afirst application encoded on a non-transitory com

puter readable medium forfacil itating message packet com munication between a first host having an internal address valid in an internal address realm and one or more hosts in an 40

73. The device ofclaim 7], wherein the required or desired characteristic for the external address is an externally valid port number to be translated into an internally valid port number.

external address realm, the internal address realm having

74. The device ofclaim 73, wherein the internally validport

available to it a set ofaddresses validfor use in the external

number is ofone value or a di?‘erent value depending on an incoming source address.

address realm, the first application comprising software instructions executable by a processor for performing steps

comprising:

45

transmitting in the internal address realm to a network address translator a service request whereby a transla

tion rule is established for the network translator, the network translator adapted to translate addresses included in headers ofmessagepackets incoming to and outgoingfrom the internal address realm in accordance with translation rules that resolve incompatibility between the internal and external address realms; receiving in the internal address realm from the network translator in response to the service request a first address val idfor use in the external address realm; and causing the first address to be transmitted to the external address realm in an IP packet sent by the first applica

port number of the internal address for the first application. 50

55

60

address includes an IP address and a port number.

79. A methodforfacilitating message packet communica tion between a first application in an internal address realm and one or more applications in an external address realm,

64. Thefirst, SIP-aware application ofclaim 63, wherein 65. The first application of claim 62, wherein the first

response to control messages from the application. 77. The device ofclaim 76, comprising a control channel whereby the address manager exchanges the control mes sages with the application. 78. The device ofclaim 77, wherein the address manager receives service requests and returns requested information orstatus information to the application over the control chan nel.

tion is SIP-aware and the IP packet is an SIP INVITE mes sage.

the SIP message is transmitted to a second SIP-aware appli cation in the external address realm.

76. The device ofclaim 70, wherein the address manager comprises a processor and memory for storing code that determines what services and functions are available in

tion.

63. Thefirst application ofclaim 62, wherein the applica

75. The device ofclaim 73, wherein the external address includes an externally valid IP address and the externally val id port number, which the address translator will translate into an internally valid IP address and the internally valid

said internal address realm having available to it at least one address valid for use in the external address realm and an 65

address translator translating addresses included in headers ofmessagepackets incoming to and outgoingfrom the inter nal address realm in accordance with translation rules that

US RE43,057 E 24

23 map correspondence between addressing in the internal and external address realms, the method comprising the steps of'

addressfrom the at least one address validfor use in the

external address realm; and sending, from the internal application, an outgoing mes sage whose header includes the ?rst internal address to the external application via the address translator; whereby the?rst internal address included in the header of the outgoing message is translated according to the?rst translation rule into the ?rst external address and this translated outgoing message initiates communications with the external application, and in response to such internal application initiated communications, the external application in the external address realm sends

sending from the ?rst application a service request for establishing a new translation rule at the address trans

lator, the service request speci?1ing an internal address ofthe?rst application to be mapped with an external address for the ?rst application from the at least one address val idfor use in the external address realm; and receiving the external address at the ?rst application. 80. The method of claim 79 wherein the service request speci?es a required or desired characteristic for the external address to be established in the new translation rule.

8]. The method ofclaim 80, wherein the required or desired characteristic is that the external address of the new transla

an incoming message addressed to the ?rst external address which the address translator will translate

tion rule must be a particular address or in a speci?ed range

according to the ?rst translation rule into the ?rst inter

ofIP addresses. 82. The method ofclaim 80, wherein the required or desired characteristic for the external address is an externally valid port number to be translated into an internally valid port number. 83. The method ofclaim 82, wherein the internally valid

nal addressfor the internal application. 92. The method ofclaim 9], comprising the steps of' specifying, by the internal application, establishment of a 20

port number is ofone value or a di?‘erent value depending on an incoming source address.

84. The method ofclaim 82, wherein the external address includes an externally valid IP address and the externally val id port number, which the address translator will translate into an internally valid IP address and the internally valid

providing, in a data portion ofa messagefrom the internal 25

application, the second external address to the external

application in the external address realm;

port number of the internal address for the ?rst application. 85. The method ofclaim 79, wherein the?rst application sends service requests and receives requested information or

second translation rule at the address translator, the second translation rule de?ning a second internal addressfor the internal application to be mapped with a second external address from the at least one address validfor use in the external address realm; and

30

status information from the address translator over a control

whereby the external application can initiate communica tions with the internal application by addressing mes sages to the second external address which the address translator will translate according to the second trans lation rule into the second internal addressfor the inter

nal application.

channel.

86. The method ofclaim 79, comprising the step ofprovid ing, in a data portion ofa messagefrom the?rst application,

93. A methodforfacilitating message packet communica tion between a ?rst application having an internal address

the external address to which messages from the one or more 35 valid in an internal address realm and one or more applica

applications in the external address realm are to be sent for

tions in an external address realm, using a network address

communicating with the?rst application.

translator that translates addresses included in the headers of message packets incoming to and outgoingfrom the internal

87. The method of claim 86, wherein the one or more applications in the external address realm can initiate com

munications with the ?rst application by addressing mes

address realm in accordance with at least one address trans 40

lation rule that resolves incompatibility of the addressing

sages to the external address.

schemes of the internal and external address realms, com

88. The method ofclaim 79, comprising the step ofprovid ing, in a data portion ofa messagefrom the?rst application,

prising the method steps: receiving from the ?rst application a service message requesting establishment ofan address translation rule;

the external address to a second application acting as a proxy on behalf of the one or more applications in the external

45

address realm.

using an address manager associated with the address translator to establish an address translation rule acces

89. The method ofclaim 79, wherein the?rst application

sible to the address translator, said rule providing an

and the one or more applications in the external address

external address andportfor use by the?rst application

realm are peer-to-peer applications which communicate in

as a terminating address identifying a device andport that will receive inbound message packets directed to the

an essentially symmetricfashion. 90. The method of claim 89, wherein each peer-to-peer

50

?rst application during peer-to-peer communication; and

application functions as a client and a server.

communicating to the?rst application the external address

9]. A methodforfacilitating message packet communica tion between an internal application in an internal address realm and an external application in an external address

55

realm, said internal address realm having available to it at least one address validfor use in the external address realm and an address translator translating addresses included in

headers ofmessage packets incoming to and outgoingfrom the internal address realm in accordance with translation

60

rules that map correspondence between addressing in the internal and external address realms, the method comprising

the steps of' specifying, by the internal application, establishment of a ?rst translation rule at the address translator, the ?rst translation rule de?ning a ?rst internal address for the internal application to be mapped with a ?rst external

65

established in the address translation rulefor use by the ?rst application as its terminating address in a data portion of a peer-to-peer communication. 94. The method ofclaim 93 wherein the address translation rule established is formulated so that the address translator checks a source address and/orport ofan incoming message and applies a di/ferent translation rule depending on the source address and/or port of an incoming message. 95. The method ofclaim 93 wherein the service message

speci?es that the requested address translation rule establish a particular terminating address from those external addresses available to the ?rst application. 96. The method ofclaim 93 wherein the service message

speci?es that the requested address translation rule establish

US RE43,057 E 25

26 lating addresses included in headers ofmessage packets incoming to and outgoing from the internal address

a terminating address from within a speci?ed range ofexter

nal addresses available to the?rst application. 97. A methodforfacilitating message packet communica tion between a?rst application having an internal address

realm in accordance with translation rules that map

correspondence between addressing in the internal and external address realms; and

valid in an internal address realm and one or more applica

a service componentfor (a) sendingfrom the?rst applica

tions in an external address realm, using a network address

translator that translates addresses included in the headers of

tion to an address manager for the internal address realm a service request for establishing a new transla

message packets incoming to and outgoingfrom the internal

tion rule at the address translator, the service request

address realm in accordance with at least one address trans

lation rule that resolves incompatibility of the addressing

10

schemes of the internal and external address realms, com

speci?1ing an internal address ofthe?rst application to be mapped with an external addressfrom the at least one address validfor use in the external address realm, and

prising the method steps: receiving from the ?rst application a service message requesting establishment ofan address translation rule;

(b)for receiving an address manager response compris ing the external address mapped to the internal address

of the ?rst application.

using an address manager associated with the address

sible to the address translator, said rule providing an

102. The apparatus of claim 101 wherein the service request speci?es a required or desired characteristic for the

external address and portfor use by the?rst application

external address to be established in the new translation rule.

translator to establish an address translation rule acces

as an originating address identi?1ing a device andport that will receive inbound message packets directed to the

103. The apparatus ofclaim 102, wherein the required or 20

desired characteristic is that the external address of the new

?rst application during peer-to-peer communication;

translation rule must be a particular address or in a specified

and

range ofIP addresses. 104. The apparatus ofclaim 102, wherein the required or desired characteristicfor the external address is an externally

communicating to the?rst application the external address established in the address translation rulefor use by the ?rst application as its originating address in a data portion of a peer-to-peer communication. 98. The method ofclaim 97 wherein the address translation rule established is formulated so that the address translator checks the source address and/or port of an incoming mes sage and applies a diferent translation rule depending on the source address and/or port of an incoming message.

99. The method ofclaim 97 wherein the service message speci?es that the requested address translation rule establish a particular originating address from those external addresses available to the ?rst application.

25

ing on an incoming source address. 30

106. The apparatus of claim 104, wherein the external address includes an externally valid IP address and the exter

nally valid port number, which the address translator will translate into an internally valid1P address andthe internally

valid port number of the internal address for the ?rst appli 35

cation.

107. The apparatus of claim 101, further comprising a componentforproviding, in a dataportion ofa messagefrom the ?rst application, the external address. 108. The apparatus ofclaim 101, wherein the?rst appli

100. The method ofclaim 97 wherein the service message

speci?es that the requested address translation rule establish an originating addressfrom within a speci?ed range ofexter

nal addresses available to the?rst application. 101. An apparatusforfacilitating messagepacket commu

valid port number to be translated into an internally valid

port number. 105. The apparatus ofclaim 104, wherein the internally validport number is ofone value or a diferent value depend

40

cation and the one or more applications in the external

nication between a ?rst application in an internal address

address realm are peer-to-peer applications which commu

realm and one or more applications in an external address

realm, said internal address realm having available to it at least one address validfor use in the external address realm,

nicate in an essentially symmetricfashion. 109. The apparatus of claim 101, wherein the address manager response includes the external addressfor use by the

comprising:

?rst application.

a message component for sending message packets from the ?rst application to an address translator for trans

UNITED STATES PATENT AND TRADEMARK OFFICE

CERTIFICATE OF CORRECTION PATENT NO.

I RE43,057 E

Page 1 ofl

APPLICATION NO.

I 1 1/299236

DATED INVENTOR(S)

: January 3, 2012 I Andrew T. Molitor

It is certified that error appears in the above-identi?ed patent and that said Letters Patent is hereby corrected as shown below:

SPECIFICATION Column 16

Line 65

PTO WP address or Within

Should Read IP address or within

Signed and Sealed this

Twenty-seventh Day of March, 2012 v

David J. Kappos Director 0fthe United States Patent and Trademark O?ice

Method and apparatus for facilitating peer-to-peer application ...

Dec 9, 2005 - view.html on Nov. 23, 2005. ...... to add additional or more complex translation rules to those used in the ..... identi?er such as an email address.

2MB Sizes 2 Downloads 342 Views

Recommend Documents

Method and apparatus for facilitating peer-to-peer application ...
Dec 9, 2005 - microprocessor and memory for storing the code that deter mines what services and ..... identi?er such as an email address. The person making the ..... responsive to the service request from the ?rst application received by the ...

Scanning apparatus and method
Dec 24, 2009 - FOREIGN PATENT DOCUMENTS. DE. 3 938 714 A1. 5/1991. EP. 0159187 A1 10/1985. EP. 0159187. 10/1985. EP. 0 328 443. 8/1989. EP. 0 348 247. 12/1989. EP. 0 550 300. 7/1993. EP. 0 589 750. 3/1994. EP. 0 750 175. 12/1996. EP. 0 750 176. 12/19

Scanning apparatus and method
24 Dec 2009 - 29, 1991 from Mr. Stephen Crampton of 3D Scan ners Ltd. to Mr. Michel Brunet of Vision 3D, Marked as Page Nos. M0083274-M0083275. Vision 3D document labeled “Potential Partners”, addressed to 3D. Scanners Ltd., dated Jan. 10, 1991,

Method and apparatus for treating hemodynamic disfunction
Aug 8, 2002 - Funke HD, “[OptimiZed Sequential Pacing of Atria and. VentriclesiA ..... 140941417. Tyers, GFO, et al., “A NeW Device for Nonoperative Repair.

Apparatus and method for enhanced oil recovery
Nov 25, 1987 - The vapor phase of the steam ?ows into and is de?ected by the ?ngers of the impinge ment means into the longitudinal ?ow passageway ol.

Method and apparatus for RFID communication
Sep 28, 2007 - USPTO Transaction History 0 re ate U.S. App . No. 09-193,002, ...... purpose computer such as an IBM PC; a calculator, such as an HPZ I C; the ...

Apparatus and method for sealing vascular punctures
Oct 22, 1993 - (US); Hans Mische, St. Cloud, MN (US) .... 4,168,708 A * 9/1979 Lepley, Jr. et al. 5,035,695 A * 7/1991 ... 4,404,971 A * 9/1983 LeVeen et al.

Method and apparatus for treating hemodynamic disfunction
Aug 8, 2002 - Kass DA, et al., “Improved Left Ventricular mechanics From. Acute VDD ..... Ventricular Tachycardia,” J. Am. College of Cardiology, Vol. 5, No.

Method and apparatus for RFID communication
Nov 26, 2002 - 340/101. 3,713,148 A * 1/1973 Cardullo etal. . 342/42. 3,754,170 A * 8/1973 Tsudaet al. .. 257/659 ..... When a sheet of transponders is aligned, computer 86 directs RF sWitch ..... described in detail in r'Error Control Coding.

Method and apparatus for filtering E-mail
Jan 31, 2010 - Petition for Suspension of Rules Under CFR § 1.183; 2 ...... 36. The e-mail ?lter as claimed in claim 33 Wherein one of the plurality of rule ...

Method and apparatus for destroying dividing cells
Aug 27, 2008 - synovioma, mesothelioma, EWing's tumor, leiomyosarcoma, rhabdomyosarcoma, colon carcinoma, pancreatic cancer, breast cancer, ovarian ...

Method and apparatus for filtering E-mail
Jan 31, 2010 - Clark et a1., PCMAIL: A Distributed Mail System for Per. 6,052,709 A ..... keted as a Software Development Kit (hereinafter “SDK”). This Will ...

Apparatus and method for enhanced oil recovery
25 Nov 1987 - Appl. No.: Filed: [51} Int. Cl.5 pocket mandrel or other downhole tools. Along with the impingement device, a centralizer to guide tools. Nov. 1, 1985 through the impingement device and to cause a pressure. E21B 43/24. [52] US. Cl. 166/

Method and apparatus for RFID communication
Nov 26, 2002 - network interface 26 connect to individual peripheral con trollers 20a-20c via ... 16, as well as monitor 22 andperipheral controllers 20a20c are all conventional .... other media will be readily apparent to those skilled in the.

Apparatus and method for applying linerless labels
Aug 5, 1998 - 270; 428/418; 283/81; 226/195. References Cited. U.S. PATENT DOCUMENTS ... removal from said source of linerless label sheet, a die cutter and an anvil roller de?ning an area through Which ..... 6 is optionally advanced in the system to

Method and apparatus for RFID communication
Sep 28, 2007 - wireless communication protocol. 4 Claims ..... The aspects, advantages, and fea ... 15 is connected by cable 18 to subsystem 24 so that signals.

Method and apparatus for destroying dividing cells
Aug 27, 2008 - ing cleft (e.g., a groove or a notch) that gradually separates the cell into tWo neW cells. During this division process, there is a transient period ...

Method and apparatus for RFID communication
Sep 28, 2007 - mized, transponder identity and location are not confused, and test ...... suggestion is practical using the media access control scheme.

Television gaming apparatus and method
Apr 25, 1972 - IIA is a diagram of apparatus for a simulated ping>pong type game;. FIG. IIB is a sketch of a television screen illustrating the manner of play of ...

Television gaming apparatus and method
Apr 25, 1972 - embodiment a control unit. connecting means and in. Appl. No.: 851,865 ..... 10 is a schematic of a secondary ?ip-flop ar rangement used in ...

Music selecting apparatus and method
Feb 25, 2009 - A degree of chord change is stored as data for each of a plurality of music ...... average value Mave of the characteristic values C1 to Cj for.

Reverse osmosis method and apparatus
recovery of fluid pressure energy from the concentrate stream. ... reciprocating pump means, a drive means, inlet, outfeed and return ... The drive means is reciprocable and is me ...... izing the feed ?uid by a relatively low powered external.

Reverse osmosis method and apparatus
some of the concentrate stream pressure energy using recovery turbine devices .... partially in section, of an alternative crank shaft actuated apparatus according ...... friction sealing ring 180 which projects from the periph ery sufficiently to be