| Methods and systems for establishing communications through firewalls and network address translators -> Monitor Keywords |
|
|
 
Methods and systems for establishing communications through firewalls and network address translatorsRelated Patent Categories: Multiplex Communications, Pathfinding Or Routing, Switching A Message Which Includes An Address Header, Having A Plurality Of Nodes Performing Distributed Switching, Bridge Or Gateway Between NetworksMethods and systems for establishing communications through firewalls and network address translators description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20070195807, Methods and systems for establishing communications through firewalls and network address translators. Brief Patent Description - Full Patent Description - Patent Application Claims
RELATED APPLICATIONS [0001] This application in a continuation of U.S. patent application Ser. No. 10/024,090 filed on Dec. 17, 2001. TECHNICAL FIELD [0002] The present invention relates generally to computer communications, and, more particularly, to communications flowing through a firewall or a Network Address Translator. BACKGROUND OF THE INVENTION [0003] The growth of networks, specifically the Internet, is spurring a proliferation of applications based on peer-to-peer computer communications. In the older host-sever paradigm, a user took advantage of services provided by a more or less centralized corporate entity. In peer-to-peer communications, a user at one computing device communicates in real time directly with a user at another device. Computer telephony, teleconferencing, interactive games, and remote collaboration are just a few examples of increasingly popular applications that take advantage of inexpensive peer-to-peer communications. [0004] It has long been possible to provide the illusion of peer-to-peer communications by means of a relay service. When two users wish to communicate, each logs on to the relay service and directs its communications to the relay service. The relay service receives the communications and forwards them on to their intended recipient. This approach is very useful as long as the amount of data transferred is small and the latency requirements are lax, but in cases that demand large bandwidth and real-time response, the relay service quickly becomes a traffic bottleneck. In addition, setting up and running a large relay service are quite expensive in terms of money and resources. Ideally, peer-to-peer applications can operate without the mediation of a relay service, but relays are still useful in providing connectivity when, for some reason, direct peer-to-peer communications are not possible. [0005] Direct communications may not be possible if a "communications blocker" sits on the path between the peer computing devices. A firewall is a first example of a communications blocker. For security's sake, many users install firewalls between their computing devices and communications networks. Most firewalls protect computing devices by blocking incoming and outgoing communications except that which comes over specifically allowed addresses and ports. (Modern communications protocols, such as the Internet Protocol (IP), allow for the specification of source and destination fields called "ports," in association with the source and destination addresses. Ports are often used to differentiate messages intended for separate processes running on a single computing device.) If a peer-to-peer application attempts to reach a computing device behind a firewall, the firewall may prevent communications from ever reaching the device. Even for communications directed to an open port on the firewall (e.g., port 80 is usually open), the port may be handling so much traffic from other sources that real-time response requirements cannot be met. [0006] Another potential blocker of peer-to-peer communications is the Network Address Translator (NAT). Ideally, each computing device connected to the Internet is assigned a unique network address within the public address space. The growth of Internet connectivity, however, has rapidly depleted the supply of public addresses. To compensate, many computing devices today do not have public addresses but are, rather, assigned private addresses outside the public address space. Having disparate address spaces leads to complications, however. For example, a device with a private address cannot send a message to a device with a public address unless the private address is first translated to some public address. NATs automatically perform this translation by intercepting packets from the device with the private address and then replacing the device's private address in the packet header with the NAT's own public address. The packet is then sent along to the outside device with the public address. The NAT stores a mapping between the private address of the device behind the NAT and the public address of the device outside the NAT. When communications arrives from the outside device addressed to the public address of the NAT, the NAT refers to this mapping and replaces its own public address in the packet header with the private address of the device behind the NAT. By way of this mapping, the device behind the NAT can both send communications to and receive communications from a device in the public address space. [0007] The NAT translation scheme is based on the premise that communications are initiated by the computing device behind the NAT. The NAT must first set up the translation mapping before it can know how to handle communications coming from the public network address space. Were a device in the public address space to attempt to initiate peer-to-peer communications by sending a message to the public address of the NAT, then, upon receiving the message, the NAT would search for a translation mapping for the sender's public address but would not find one. The NAT would discard the message, and the communications would fail. This problem is compounded when each device is behind its own NAT. In this case, neither device can initiate communications: while the NAT of the communications initiator sets up its translation mapping, the NAT of the recipient does not have an appropriate mapping and discards the incoming message. Communications never start. As NATs proliferate, this shortcoming impedes the spread of any application based on direct peer-to-peer communications. [0008] Note that in the context of this application, "firewall" and "NAT" refer to services, not necessarily to specific devices. These services may be provided on separate hardware boxes, may be combined into one box, and may even be instantiated as software running on the computing device itself. [0009] A known approach to the problem of NATs sets up a signaling exchange between a computing device behind a NAT and the NAT. (The discussion of the current paragraph applies as well to firewalls as it does to NATs, but only NATs are discussed to avoid repetition or having to repeatedly write "NAT/firewall.") The device sends a message directly to the NAT. The message directs the NAT to allow the communications channel needed for a peer-to-peer application. However, this approach has its drawbacks. First, it forces the device to discover its NAT and to take the NAT's presence into account. Traditionally, devices did not need to know whether they sat behind a NAT: the NAT's operation was completely transparent. Second, because NATs operate automatically by intercepting communications and then discarding them or passing them along, no standard protocol exists to facilitate the signaling exchange. Adding that capability greatly alters the architecture of a NAT, which has often been an uncomplicated, firmware-based device. These considerations are compounded if the device sits behind a chain of multiple NATs or firewalls, some of which may be located far from it, such as at the facilities of the device's Internet Service Provider (ISP). The device may not be aware of all of these NATs and firewalls and may not have any means or permissions to communicate directly with them. [0010] What is needed is a method for establishing communications that operates transparently to any communications blockers, e.g., firewalls, NATs, or what have you, in the communications path between peer computing devices. SUMMARY OF THE INVENTION [0011] The above problems and shortcomings, and others, are addressed by the present invention, which can be understood by referring to the specification, drawings, and claims. According to a first aspect of the present invention, two computing devices each establish communications with a rendezvous service. Each device can communicate with the rendezvous service regardless of the presence of communications blockers, such as firewalls or NATs, in the communications path between the device and the service. Through the rendezvous service, the two computing devices signal each other and coordinate their activities in setting up direct, peer-to-peer communications between the two devices. The signaling mechanism through the rendezvous service allows either computing device to attempt to establish communications. If both devices fail to establish direct, peer-to-peer communications, then they invoke the services of a relay service that provides the illusion of direct communications. [0012] According to another aspect of the invention, usable separately or in conjunction with the first aspect, an originating computing device attempts to establish communications with a recipient computing device. The originating device uses an address and port number associated with the recipient computing device. If that attempts fails, possibly because a firewall is blocking communications, then the originating device retries using a port normally held open by firewalls. If this attempt also fails, then the originating device invokes the services of a proxy to negotiate a port acceptable for use by the recipient device and by any intervening firewalls. [0013] The present invention, through its diverse aspects, enables communications to be established regardless of the presence of communications blockers in the path between two computing devices. BRIEF DESCRIPTION OF THE DRAWINGS [0014] While the appended claims set forth the features of the present invention with particularity, the invention, together with its objects and advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawings of which: [0015] FIG. 1a is a network schematic from the prior art showing one computing device behind a NAT and another computing device outside the NAT; [0016] FIG. 1b is a network flow diagram from the prior art showing the computing device behind the NAT of FIG. 1a initiating communications with the computing device outside the NAT; [0017] FIG. 1c is a data table diagram from the prior art showing the NAT's translation mapping that facilitates the communications of FIG. 1b; [0018] FIG. 1d is a network flow diagram from the prior art showing that the computing device outside the NAT of FIG. 1a cannot initiate communications with the computing device behind the NAT; [0019] FIG. 2 is a network flow diagram from the prior art showing how a firewall blocks communications on addresses and ports not specifically allowed; Continue reading about Methods and systems for establishing communications through firewalls and network address translators... Full patent description for Methods and systems for establishing communications through firewalls and network address translators Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Methods and systems for establishing communications through firewalls and network address translators patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Methods and systems for establishing communications through firewalls and network address translators or other areas of interest. ### Previous Patent Application: Method and arrangement device relating to communication network Next Patent Application: Packet routing method and packet routing apparatus Industry Class: Multiplex communications ### FreshPatents.com Support Thank you for viewing the Methods and systems for establishing communications through firewalls and network address translators patent info. IP-related news and info Results in 0.12337 seconds Other interesting Feshpatents.com categories: Tyco , Unilever , Warner-lambert , 3m 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
