throbber
Thesis 95-12-12-4
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ABSTRACT
`
`
`The address space of IP, a standard Internet Protocol, is being exhausted by explosively increasing the
`
`number of demands and the inefficient address allocation scheme based on the network class partitions. Among the
`short-term solutions that have been suggested so far, IP address reuse through automatic translation between local
`and global addresses is considered as an appropriate solution prior to adopting a new protocol.
`
`In this paper, we suggest a translator which improves the one-to-one translation of local-global address
`translator by enabling several local nodes to share a globally unique address, and to discuss various problems and
`solutions that we have encountered in designing and implementing the translator. Also, the problems and the
`effectiveness of IP address reuse by the automatic address translation are investigated.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` Seoul National University College of Natural Science Department of Computational Statistics
`Thesis Number: 95139-0407
`Date Received: April 7, 1995
`
` *
`
`
`
`3277
`
`Google Ex. 1004, pg. 1
`
`

`

`36 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`For example, in a situation in which 150
`addresses from among 255 addresses within one C
`class local area network are used and only 50 of those
`addresses communicate through external network
`circuits, the amount of IP addresses that this local
`area network must have, from the perspective of an
`Internet wide area network, is only 50. The 100
`addresses, which do not communicate externally,
`only need to be identifiable within that local area
`network. In this case, the 100 or so addresses that are
`left after using 150 from the 255 addresses cannot be
`used by a different local area network and are thus
`wasted unnecessarily.
`
`Thus, the division of addresses based on
`class units and the unnecessary assignment of global
`addresses can be considered the two main sources of
`wasted IP address space.
`
`2. Studies Regarding Address Reuse
`local area
`
`In building private TCP/IP
`networks such as corporate enterprise networks, a
`method was previously proposed for a method that
`assigns duplicate addresses within that local area
`network that are not globally exclusive.
`
`[RM94] points out as seen in the previous
`paragraphs of this paper, that the number of nodes
`within a unit local area network that connects
`externally and requires being assigned as globally
`exclusive is relatively small. This document states
`that the IP addresses, which can be used in duplicates
`when building a private TCP/IP network, are
`reserved as follows by the Internet management
`agency.
`
` Class 10.0.0.0 – 10.255.255.255, 1x
`B Class 172.16.0.0 – 172.31.255.255, 16x
`C Class 192.168.0.0 – 192.168.255.255, 255x
`
`Also, [FLYV93] suggests that the address
`
`space being wasted due to network division based on
`class can be prevented by realizing a CIDR (Classless
`Inter-Domain Routing) between B class domains.
`
`3. Proxy Server
`
`When operating a private network that
`requires stringent security, there are cases in which a
`firewall is built so that access from the outside is
`completely blocked. Usually, communication
`to
`within the network is blocked using a Packet
`Filtering Gateway wherein selective filtering of
`packets takes place. At this time, since many users
`within the private network wish to receive Internet
`services from various external servers, providing a
`method for accessing outside networks from inside
`the local area network is just as important as blocking
`communications
`from
`the
`outside.
`
` A
`
`
`
`I. Overview
`
`One of the biggest problems with the
`Internet is the lack of IP addresses. IP addresses,
`which are 4 bytes in length, are being consumed
`more quickly than what was expected when it was
`designed due to the use of Inter-Domain routing for
`each class unit and the very fast expansion of the
`Internet [TE93]. Compared to the United States
`where even elementary schools are assigned an IP
`address, the amount of IP addresses assigned in our
`country is insufficient, and a method for using the
`insufficient IP space more effectively is desperately
`needed.
`
`While new communication protocols, which
`will replace IP as a more fundamental and long-term
`solution, are currently in the process of being
`established, the increase in the speed of consumption
`for address space due to the distribution of the
`commercial Internet, educational network expansion,
`etc. are making the lack of IP addresses a problem
`that must be desperately solved now. Thus, a few
`short-term solutions are being proposed that can be
`utilized with the existing Internet easily and at low
`cost in parallel with research being conducted for a
`more long-term solution.
`In Chapter 2 of this paper, we’ll talk about
`the structural problem of insufficient IP addresses
`and
`introduce a solution
`that
`reuses existing
`addresses. In Chapter 3, we’ll discuss the reuse of
`address space using port-address translation. Creation
`of the 1st prototype of the aforementioned port-
`address translator has been completed and thus, the
`problems with its design and implementation as well
`as the solutions will be explained in Chapter 4. Lastly,
`in Chapter 5, we’ll summarize the feasibility and
`characteristics of the method proposed in this paper.
`
`
`II. Problems of IP Address Assignments and
`Short-Term Solutions
`
`
`1. IP Address Space Being Wasted
`
`An IP address is comprised of 4 bytes and
`may, in theory, be accessed by 232 different nodes.
`However, there is a tendency for this address space to
`be wasted for the following two reasons:
`
`1. IP addresses are divided into class units, and one
`local area network has one or more A/B/C class
`network addresses. The same network address is
`never shared among different local area networks.
`2. The amount of simultaneous communication with
`an external network from within one local area
`network is relatively small compared with the
`corresponding local area network.
`
`
`3278
`
`Google Ex. 1004, pg. 2
`
`

`

`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`
` 37
`
`
`
`
`
`
`
`
`
`Using this socket server allows to form
`
`packets to be relayed between local area networks
`and global networks
`regardless of UDP/TCP.
`However, while the socket server method provides a
`transparent environment to the user, revisions to the
`client program are required and are only applicable to
`the UNIX operating system, which is a disadvantage.
`
`
`5. Network Address Translator
`
`As was described earlier, in a local area
`network in which duplicate addresses are used,
`access to the global network is not possible unless a
`special method is used. The above presented methods
`for allowing access to the global network, regardless
`of whether it’s a transparent method or not, inevitably
`require a process for translating a reused local
`address to a globally unique address.1
`
`P. Francis of Bellcore has previously
`discussed a method for realizing the reuse of IP
`addresses and B class unit routing through the use of
`a transparent bi-directional network address translator
`that is joined to the DNS (Domain Name System)
`[TE93] [EF94]. A conceptual network composition of
`local access networks, with duplicate addresses,
`being connected to a global network by using an
`address translator is provided in Figure 2.
`
`A NAT (Network Address Translator) that
`reserves a few global addresses is located at the
`border between the local area network, which uses
`duplicate addresses, and the global network. This
`network address translator dynamically assigns a
`global address whenever a globally unique address is
`needed in order for a node, which is within the local
`area network
`that
`the
`translator manages,
`to
`communicate with the outside. Once an address has
`been assigned, it is used until that node’s external
`connection is completely terminated, and the network
`address translator automatically translates the local
`address and the global address while the connection
`is maintained. This translation occurs by searching
`the TCP/IP header information of all packets that
`pass through the border to the external network and
`revising the header by referencing the mapping table
`between the global address and the local address.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Figure 1. External connection using a proxy server
`
`The simplest way of achieving this is by
`
`connecting to the outside using a proxy server. This
`is a method of assigning a global address to a proxy
`server, for which security can be fully maintained, so
`that the proxy server must be passed through first if
`connection to an external network is needed (refer to
`Figure 1).
`
`
`In this case, the local area network user must
`know the settings for the local area network that the
`user is using, and the proxy server must prepare an
`account for the local area network user. In addition,
`since the proxy server serves as a bridge from the
`local area network to the outside, resources and users
`will become centralized.
`
`
`4. Socket Server
`
`In most UNIX operating systems, network
`connections by application programs usually occur
`through a socket. While this socket is usually
`managed by a host kernel that runs the application
`program, a study was done previously regarding a
`method for providing transparent external service to
`users by having a separate server manage/assign the
`socket.
`that
`[KK92] presents a socket server
`
`provides a relay to an external network through
`remotely managing a socket when the number of
`nodes inside one local area network, able to directly
`connect to the outside, has been limited to just a few.
`The sockets that can communicate with the outside
`must be assigned through Rconnect() from socket
`servers with external addresses, and internal nodes
`that cannot connect directly must connect with the
`outside only through external sockets assigned in this
`way. The socket server assigns its IP port number to
`each socket client and relays the communication
`between the internal and external nodes using this.
`
`
`
`
`
`1) In actuality, inter-domain routing is achieved through address translation. Consider the translation of Ethernet interface address based on
`routing.
`
`3279
`
`Google Ex. 1004, pg. 3
`
`

`

`38 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3280
`
`Figure 2. Configuration of a network with duplicate addresses
`
`Figure 3. Transparent address translation (connection from the inside to the outside)
`
`Google Ex. 1004, pg. 4
`
`

`

`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`
` 39
`
`of sockets simultaneously required by one node, the
`connections to external networks by multiple local
`nodes by using one global address can be provided by
`translating many local sockets to one global address
`and unused port number.
`From this point on, the sockets in each node
`will be marked as (IP address, TCP port number),
`and all TCP packets will be expressed as (srcIP,
`srcPORT, dstIP, dstPORT).
`If you assume that there are no nodes that
`have the same IP address in all of the paths through
`which
`packets
`pass
`through,
`the
`primary
`communication agents within each node can be
`uniquely
`identified within
`the unit
`local area
`network—or in the entire Internet if there is no IP
`the (srcIP,
`address duplication at all—through
`srcPORT) sockets. Therefore, the sockets pairs of
`((srcIP, srcPORT), (dstIP, dstPORT)) allow for the
`transmitter and the receiver to be uniquely identified
`[TCP81].
`
`1. One-to-one packet transmission when
`using a proxy server
`First, let’s take a look at the minimum
`information absolutely required in the process of
`delivering packets between the TCP connection’s
`peer entities using a proxy server.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`By using telnet G from S, which has a local address, to
`remotely log-in to G and then using telnet D again from G,
`an indirect telnet connection is made between S and D. S is
`connected to an external global network, without having a
`unique global address, and the packets being exchanged
`with D, a normal node, is being relayed through proxy
`server G.
`Figure 4. Telnet session using a proxy server
`
`3281
`
`As can be seen in Figure 3, the network
`address translator has a very close relationship with
`the DNS and inter-domain router/gateway. We’ll use
`this figure to look at the operating process of the
`network address translator.
`When Node I, which wants to connect to the
`outside, attempts to send the packet out, the network
`address translator grabs that packet and assigns it to
`an external address. All packets go through the
`network address translator, and each time a packet
`passes through the border between the inside and the
`outside, the network address translator translates
`Node I’s local address and the global address
`assigned earlier and relays the revised packet. In
`addition, if there is a connection request from the
`outside to Node I, which is inside this local access
`network, the DNS notifies the network address
`translator of the situation so that the network address
`translator can prepare a global address for [Node] I.
`Thus, a transparent bi-directional address translation
`occurs. At this time, the maximum number of local
`network nodes that can connect to the outside
`simultaneously is equal to the number of global
`addresses reserved in advance by the network address
`translator.
`This method
`disadvantages:
`
` 
`
`in connectionless
`
` Does not apply to applications that do not
`use DNS.
`to apply
` Difficult
`communications such as UDP.
` There may be insufficient global addresses
`if a large number of nodes within one local area
`network connects to the outside.
` Separate considerations must be made for
`the application which include the IP address inside
`the packet (FTP, ICMP, etc.).
`
`This method allows for transparent address
`translations to occur by installing a network address
`translator at the border between networks without
`making any special revisions to the nodes inside the
`local area network. In addition, the problem of
`inbound request is solved by joining with the DNS.
`This thesis will be published again using the
`Internet standardized document RFC format [EF94].
`
`III. Transparent Port-Address Translator
`
`In this paper, we’ll discuss a method for re-
`using addresses by using a new network address
`translator called
`the port-address
`translator. By
`focusing on the fact that there are significantly more
`actual UDP and TCP ports compared to the number
`
`has
`
`the
`
`following
`
`Google Ex. 1004, pg. 5
`
`

`

`40 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`If you look at Figure 4, you’ll see that the
`packet going from (S, 1000) to (D, 23) is relayed by
`G, changed to (G, 3000), and then sent to (D, 23) and
`that the packet sent from (D, 23) to (G, 3000) is
`relayed to (S, 1000) by G so that a one-to-one
`connection can be made between S and D.
`The role of the port-address translator is to
`automate this process so that a transparent translation
`and relay can be made.
`
`2. Relay through a port-address automatic
`translation
`As was seen previously, all packets received
`by D were packets called (S, 1000, G, 23) that were
`converted by G to (G, 3000, D, 23), and all packets
`received by S were converted by G from (D, 23, G,
`3000) to (G, 23, S, 1000). These translations were the
`result of the user explicitly using a proxy server, and
`the inability to provide transparency is due to reasons
`mentioned above. In this case, we can see that in
`order for perfect transparency to be guaranteed to the
`user and for the same effect to be obtained while
`minimizing revisions to the existing system, a
`method that allows for G to complete the above
`translation automatically must be utilized.
`If a local area network node, which does not
`use an address that is globally unique, wants to send a
`packet out, the method for converting the sender’s
`address to a globally unique address using local
`address translator G has already been discussed
`[TE93]. In this case, the translation between the
`global address and the local address that occurs at the
`border between the local network and the global
`network allows the packet receiver within the global
`network to be uniquely identified through the (dstIP,
`dstPORT) pair, guaranteeing their uniqueness within
`each unit network.
`Since the port number of the TCP packet is
`comprised of 16 bits, up to 216 different nodes can
`exist within one IP node. This means that up to 216
`different receivers can exist per one IP address.
`
`
`Table 1. Example of a Port-Address
`Translation Table
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3282
`
`the
`
`The well-known ports used in most applications are
`reserved to the number 10000 and below, and in
`many cases, the number of ports used by one mode is
`much less than 216. Therefore, a method wherein the
`address of a different node can be corresponded to an
`unused port so that a node, which has a global
`address, handles the connection between an external
`global network and a node with a local address can
`be considered.
`
`Take a look at Table 1. This table shows the
`sockets (IPaddr, PORT) created from the Node 1
`(inner nodes) of the stub B class network with the
`address of 172.16.0.0 being corresponded with the
`port number of G (Gateway node) with a global
`address. This act of corresponding is dynamically
`allocated as follows:
`
`1. Through the DNS as in [TE93] and
`2. Through detection of a SYN flag in the TCP
`header information
`
`is CLOSED,
`the STATUS
`Once
`
`corresponding port is deallocated.
`
`Each time a packet, requiring translation of
`the address, is discovered, G refers to this table to
`revise the header information before relaying the
`packet. This relay process occurs by monitoring
`inbound and outbound packets.
`
`The transmitter header of an outbound
`packet is revised from (I. Addr. I. PORT) to (G. Addr.
`G. PORT) in accordance with the port-address
`translation table and then relayed to an external
`global network. In addition, the receiver header of a
`packet, received by G from outside, is revised from
`(G. Addr. G. PORT) to (I. Addr. I. PORT) and
`delivered to an internal local area network.
`
`Since an outbound TCP packet has a reused
`IP, it must not leave the local area network without
`being revised. While only dynamic allocation based
`on external request has been discussed thus far, relay
`of internal connection requests based on a static
`allocation method, which will be discussed below, is
`also possible.
`
`
`3. Effectiveness of Address Reuse
`A port-address translator allows IP address
`
`space to be used efficiently.
`
`For example, let’s say that a globally
`available B Class network address is used to re-
`configure C Class local area networks and the
`number of global sockets required simultaneously in
`one local area network is 10,000. (This number is not
`completely without warrant. While a maximum of
`255 nodes can exist within a C Class, since the
`number of nodes that simultaneously connects to the
`outside will not exceed 50, it’s possible that up to a
`
`Google Ex. 1004, pg. 6
`
`

`

`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`
`41
`
`maximum of 200 sockets that connect with the
`outside can exist simultaneously for every one node.2)
`Since up to 216 TCP Ports can be used in each node,
`one global address can be used to handle all global
`sockets. Thus, the reused exclusive address presented
`in [RM94] can be allocated to a general node, and
`one global address can be allocated to each C Class
`local area network.
`
`In this way, the reuse of addresses can
`reduce the waste of IP address space and alleviate the
`lack of IP addresses to a certain degree. In this case, a
`port-address translator can be used at a very low cost
`to provide transparent service to users without having
`to revise
`the existing applications or network
`configurations.
`
`IV. Considerations for Designing and Implementing a
`Port-Address Translator
`
`[KK92] using a socket server as described above
`where information is explicitly provided by Rbind(),
`the transparent address translator faces significant
`difficulty since it must perform the relay by only
`using information contained in the packet header.
`
`Since the calculation of TCP/IP checksum is
`very simple, revision to the header checksum can be
`performed efficiently by combing additions and
`subtractions
`[EF94]
`[TE93]. The port-address
`translator in this paper solved the checksum problem
`by implementing the algorithm presented in [TE93].
`
`the Port-Address
`1. Point based on
`Translation Table Allocated/Deallocated
`In regard to the point at which a port is
`allocated/deallocated, two methods were mentioned
`above.
`
`First, selecting the method of dynamic
`address allocation from the DNS has the advantage of
`clarifying the point of the address allocation and
`providing internal service. However, the decision for
`the point of deallocation becomes significantly
`complex as a separate method such as monitoring the
`session or explicitly returning an address that must be
`implemented. In addition, the benefits of this method
`are weak since all nodes must be pre-registered to the
`DNS, and DNS queries may result in mismatches of
`names and addresses due to caching.
`If the second method of monitoring the
`header and content of packets
`is used,
`the
`implementation of a TCP STATE tracking algorithm
`for local area sockets may be significantly difficult.
`This information can be obtained through TCP
`header flags such as SYN, FIN, etc. Figure 5 shows a
`table of TCP STATE tracking status based on
`detection of header flags. The pseudo code of the
`algorithm used
`to
`implement
`the port-address
`translator in this paper is included in Appendix A.
`
`
`The above proposed port-address translator
`
`was implemented on IBM PC compatible machines
`and packet drivers. Since more secondary functions,
`such as address translations, are required compared to
`the widely used PC bridge, more hardware resources
`are required compared to a standard bridge. When
`tested on a 386SX machine, no performance decrease
`was found compared to other bridges. A detailed
`performance evaluation should be performed in the
`future.
`The biggest problems with implementation
`
`are as follows:
`
`
`
` An adequate revision to the checksum is
`needed in accordance with the revision to the TCP/IP
`header.
`the point of allocation and
` How
`
`deallocation for the internal local socket will be
`decided.
`
` If UDP is supported, it is difficult to
`decide
`the point at which
`the port will be
`allocated/deallocated.
`
` Separate considerations must be made for
`relay of inbound requests to servers with only local
`addresses.
`
` If a packet, containing an IP address, is
`generated from an application layer such as FTP or
`ICMP, it must be handled from the application layer.
`
`Such problems are attributable to the fact
`
`that information that the port-address translator can
`obtain from a packet is limited. This is similar to the
`problems that occur when establishing a Packet
`Filtering Gateway in order to enhance security
`[CB94]. Compared with the case of translations
`
`
`2) In order to actually implement an address translator, a quantitative analysis of activity characteristics of local area network nodes must be
`performed.
`
`
`
`
`3283
`
`Google Ex. 1004, pg. 7
`
`

`

`42 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`
`
`
`
`
`For example, if a HTTP server is waiting at
`
`(www.our.domain. 80), all packets that come into
`(gateway.our.domain.
`80)
`are
`translated
`to
`(www.our.domain. 80) and relayed. In this case,
`www.out.domain is registered as the address of
`gateway.our.domain in the DNS that will be serviced
`externally for
`the convenience of
`the service
`requester.
`for
`trend
`there has been a
`
`Lately,
`information search services to be configured using
`server pools, which provide the same service, for the
`purpose of load balancing. By expanding on the
`above service relay method, it’s possible that it can
`be utilized for dynamic load balancing in which one
`of these servers is selected to perform a relay each
`time there is a request.3
`
`4. Considerations per Application Protocol
`
`For certain application protocols, an
`
`additional function must be added to the port-address
`translator for relay to be possible. Let’s take a look at
`FTP, an application that has been around a long time
`and is used most often in TCP/IP networks.
`
`Data connection in a FTP is generated
`separately from the control connection. When a data
`connection needs to be created, a FTP client notifies
`the server through a control connection its IP address
`and the TCP port number, that is required for a data
`connection, along with the PORT command and then
`waits (LISTEN) at that port [PR85]. Next, a FTP
`server that has received a PORT command sends a
`SYN to the specified address and port number to
`create a new data connection.
`
`If a node with a duplicated local address
`connects to an external FTP server using a port-
`address translator, the FTP client of this node is
`allocated with an address of its own, which is
`duplicated and cannot be known externally, and an
`unused port number within the node after which it
`creates and sends a TCP packet along with a PORT
`command and goes into a LISTEN state at that port.
`Accordingly, in order to create a correct data
`connection,
`the
`port-address
`translator must
`recognize
`that
`the connection,
`in which
`it
`is
`maintaining itself in place of the internal node, is a
`FTP session and apply an appropriate revision to the
`FTP packet each
`time a PORT command
`is
`discovered before performing a relay.
`
`At this time, the IP Address and PORT
`number that follows the PORT command is displayed
`in ASCII text. Accordingly, if the address/port
`
`
`
`
`
`
`
`Figure 5. TCP STATE transition diagram based on
`header flag detection
`
`
`2. UDP Support
`
`If the port-address translator is expanded in
`
`order to support UDP, deciding on the point of
`allocation/deallocation
`is much more difficult
`compared with TCP. Since UDP uses a stateless
`protocol unlike TCP and doesn’t have a sequence
`number, accurately tracking a session is not possible.
`In this case, while an idle time threshold based
`algorithm may be used, in which idle time is
`measured and a UDP session is determined to have
`terminated and deallocation takes place if there is no
`communication to the same socket for a fixed period
`of time, it is difficult to select a threshold, and exact
`operation, as with TCP, cannot be expected due to the
`UDP session’s characteristic of not having a clear
`start and end.
`
`The current prototype port-address translator
`uses an idle time threshold based algorithm with the
`threshold fixed at 2 minutes. This value is sufficiently
`longer than the time out threshold used by application
`layers, with internal time out, such as NIS (Network
`Information System) and NFS (Network File System).
`
`Additional consideration
`is needed
`to
`support the applications that do not have time out or
`use a different threshold.
`
`3. Inbound Request Support
`
`While the port-address translation table for
`
`the address translator in this paper is dynamically
`allocated/deallocated based on detection of packet
`flags, a static address allocation method, which
`always allocates a specific address to a port, can also
`be selected so that inbound connection requests to a
`server within the local area network can also be
`handled.
`
`This static allocation is designated when the
`port-address translator is activated and is always
`available. Since servers such as FTP, HTTP, and
`TELNET are known as well-known ports, relays of
`inbound connection requests are also possible if the
`addresses of servers that must be exposed to external
`networks are allocated to the corresponding ports in
`
`advance.
`
`3) The selection of this load balancing is under consideration in the development of a balanced WWW system.
`
`
`3284
`
`Google Ex. 1004, pg. 8
`
`

`

`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`43
`
`numbers of the PORT command are revised, a
`mismatch of the TCP sequence number will occur
`depending on the difference in character count. This
`mismatch will prevent TCP communication, and so
`the difference
`in sequence numbers for each
`connection must be managed and revised so that
`future mismatches in sequence numbers do not occur.
`In addition, the acknowledgement number of the
`ACK packet must also be revised. The current
`prototype port-address
`translator maintains
`the
`difference in the original sequence number and the
`revised packet’s sequence number and revises the
`acknowledge number and sequence number for all
`packets afterwards in order to allow the FTP service
`to perform relays smoothly.
`
`There are cases when applications such as
`SNMP encrypt addresses and ports before sending
`them. In such cases when packet information has
`been encrypted, it’s almost impossible for the port-
`address translator to respond. However, since there
`are almost no cases where a SNMP packet must be
`sent over a local area network border, it was excluded
`from consideration for implementation.
`
`As can be seen, in order to implement a
`transparent port-address translator, packets must be
`categorized based on each application and a
`translation method suitable for each application must
`be applied. Testing and applying the prototype will
`be necessary to discover what special processes will
`be required for applications other than those that have
`been presented here.
`
`
`
`V. Conclusion
`
`
`The port-address translator can be used for
`
`reusing IP addresses along with the address-address
`translators and CIDR
`(Classless
`Inter-Domain
`Routing) for a low cost without having to revise the
`existing applications or network configuration, and it
`is believed that it may be able to alleviate the
`problem of insufficient IP address space to a certain
`degree before the study and adoption of a new
`TCP/IP is completed. The port-address translator,
`which allows for a one-to-many response as opposed
`to the address-address translation method which
`requires a one-to-one response between a globally
`unique address and a reused address, provides for
`increased address reuse. This ultimately means that
`one C Class local area network can be built by being
`assigned just one global address.
`
`The reuse of IP addresses through a port-
`address translator is thought to be a realistic proposal
`based on the following reasons, and it is thought that
`it may be a short-term solution to the problem of
`insufficient IP addresses.
`
`
`a port-address
`Implementation of
`
`
`translator and the reconfiguration of a network can be
`done at a cost similar to the installation of a Packet
`Filtering Gateway.
`
` A Port-Address Translator provides a
`transparent service to the user without revising the
`existing
`application
`program
`or
`network
`configuration.
`
` Relaying UDP applications is possible by
`implementing a suitable time based algorithm.
`
` Relaying inbound service requests is
`possible by implementing a port static reservation
`and server pool method.
`
` Relay for widely used services, such as
`FTP, is generally possible by adding a function.
`
` By fundamentally controlling inbound
`requests, a security effect that is provided by the
`firewall system can be obtained.
`
`translator
`the port-address
`In addition,
`presented in this paper has the following limitations.
`Unless these problems are solved in the future, it will
`be difficult for it to be fully adopted as a long-term
`solution.
`
`special
`require
`applications
` Some
`
`treatment, and the port-address translation method
`cannot be applied on some applications.
`
` Considerations are needed for a variety of
`protocols including ICMP, SNMP, and RIP.
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket