`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ABSTRACT
`
`
`The address space of IP, a standard Internet Protocol, is being exhausted by explosively increasing the
`
`number of demands and the inefficient address allocation scheme based on the network class partitions. Among the
`short-term solutions that have been suggested so far, IP address reuse through automatic translation between local
`and global addresses is considered as an appropriate solution prior to adopting a new protocol.
`
`In this paper, we suggest a translator which improves the one-to-one translation of local-global address
`translator by enabling several local nodes to share a globally unique address, and to discuss various problems and
`solutions that we have encountered in designing and implementing the translator. Also, the problems and the
`effectiveness of IP address reuse by the automatic address translation are investigated.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` Seoul National University College of Natural Science Department of Computational Statistics
`Thesis Number: 95139-0407
`Date Received: April 7, 1995
`
` *
`
`
`
`3277
`
`Google Ex. 1504, pg. 1
`
`
`
`36 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`For example, in a situation in which 150
`addresses from among 255 addresses within one C
`class local area network are used and only 50 of those
`addresses communicate through external network
`circuits, the amount of IP addresses that this local
`area network must have, from the perspective of an
`Internet wide area network, is only 50. The 100
`addresses, which do not communicate externally,
`only need to be identifiable within that local area
`network. In this case, the 100 or so addresses that are
`left after using 150 from the 255 addresses cannot be
`used by a different local area network and are thus
`wasted unnecessarily.
`
`Thus, the division of addresses based on
`class units and the unnecessary assignment of global
`addresses can be considered the two main sources of
`wasted IP address space.
`
`2. Studies Regarding Address Reuse
`local area
`
`In building private TCP/IP
`networks such as corporate enterprise networks, a
`method was previously proposed for a method that
`assigns duplicate addresses within that local area
`network that are not globally exclusive.
`
`[RM94] points out as seen in the previous
`paragraphs of this paper, that the number of nodes
`within a unit local area network that connects
`externally and requires being assigned as globally
`exclusive is relatively small. This document states
`that the IP addresses, which can be used in duplicates
`when building a private TCP/IP network, are
`reserved as follows by the Internet management
`agency.
`
` Class 10.0.0.0 – 10.255.255.255, 1x
`B Class 172.16.0.0 – 172.31.255.255, 16x
`C Class 192.168.0.0 – 192.168.255.255, 255x
`
`Also, [FLYV93] suggests that the address
`
`space being wasted due to network division based on
`class can be prevented by realizing a CIDR (Classless
`Inter-Domain Routing) between B class domains.
`
`3. Proxy Server
`
`When operating a private network that
`requires stringent security, there are cases in which a
`firewall is built so that access from the outside is
`completely blocked. Usually, communication
`to
`within the network is blocked using a Packet
`Filtering Gateway wherein selective filtering of
`packets takes place. At this time, since many users
`within the private network wish to receive Internet
`services from various external servers, providing a
`method for accessing outside networks from inside
`the local area network is just as important as blocking
`communications
`from
`the
`outside.
`
` A
`
`
`
`I. Overview
`
`One of the biggest problems with the
`Internet is the lack of IP addresses. IP addresses,
`which are 4 bytes in length, are being consumed
`more quickly than what was expected when it was
`designed due to the use of Inter-Domain routing for
`each class unit and the very fast expansion of the
`Internet [TE93]. Compared to the United States
`where even elementary schools are assigned an IP
`address, the amount of IP addresses assigned in our
`country is insufficient, and a method for using the
`insufficient IP space more effectively is desperately
`needed.
`
`While new communication protocols, which
`will replace IP as a more fundamental and long-term
`solution, are currently in the process of being
`established, the increase in the speed of consumption
`for address space due to the distribution of the
`commercial Internet, educational network expansion,
`etc. are making the lack of IP addresses a problem
`that must be desperately solved now. Thus, a few
`short-term solutions are being proposed that can be
`utilized with the existing Internet easily and at low
`cost in parallel with research being conducted for a
`more long-term solution.
`In Chapter 2 of this paper, we’ll talk about
`the structural problem of insufficient IP addresses
`and
`introduce a solution
`that
`reuses existing
`addresses. In Chapter 3, we’ll discuss the reuse of
`address space using port-address translation. Creation
`of the 1st prototype of the aforementioned port-
`address translator has been completed and thus, the
`problems with its design and implementation as well
`as the solutions will be explained in Chapter 4. Lastly,
`in Chapter 5, we’ll summarize the feasibility and
`characteristics of the method proposed in this paper.
`
`
`II. Problems of IP Address Assignments and
`Short-Term Solutions
`
`
`1. IP Address Space Being Wasted
`
`An IP address is comprised of 4 bytes and
`may, in theory, be accessed by 232 different nodes.
`However, there is a tendency for this address space to
`be wasted for the following two reasons:
`
`1. IP addresses are divided into class units, and one
`local area network has one or more A/B/C class
`network addresses. The same network address is
`never shared among different local area networks.
`2. The amount of simultaneous communication with
`an external network from within one local area
`network is relatively small compared with the
`corresponding local area network.
`
`
`3278
`
`Google Ex. 1504, pg. 2
`
`
`
`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`
` 37
`
`
`
`
`
`
`
`
`
`Using this socket server allows to form
`
`packets to be relayed between local area networks
`and global networks
`regardless of UDP/TCP.
`However, while the socket server method provides a
`transparent environment to the user, revisions to the
`client program are required and are only applicable to
`the UNIX operating system, which is a disadvantage.
`
`
`5. Network Address Translator
`
`As was described earlier, in a local area
`network in which duplicate addresses are used,
`access to the global network is not possible unless a
`special method is used. The above presented methods
`for allowing access to the global network, regardless
`of whether it’s a transparent method or not, inevitably
`require a process for translating a reused local
`address to a globally unique address.1
`
`P. Francis of Bellcore has previously
`discussed a method for realizing the reuse of IP
`addresses and B class unit routing through the use of
`a transparent bi-directional network address translator
`that is joined to the DNS (Domain Name System)
`[TE93] [EF94]. A conceptual network composition of
`local access networks, with duplicate addresses,
`being connected to a global network by using an
`address translator is provided in Figure 2.
`
`A NAT (Network Address Translator) that
`reserves a few global addresses is located at the
`border between the local area network, which uses
`duplicate addresses, and the global network. This
`network address translator dynamically assigns a
`global address whenever a globally unique address is
`needed in order for a node, which is within the local
`area network
`that
`the
`translator manages,
`to
`communicate with the outside. Once an address has
`been assigned, it is used until that node’s external
`connection is completely terminated, and the network
`address translator automatically translates the local
`address and the global address while the connection
`is maintained. This translation occurs by searching
`the TCP/IP header information of all packets that
`pass through the border to the external network and
`revising the header by referencing the mapping table
`between the global address and the local address.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Figure 1. External connection using a proxy server
`
`The simplest way of achieving this is by
`
`connecting to the outside using a proxy server. This
`is a method of assigning a global address to a proxy
`server, for which security can be fully maintained, so
`that the proxy server must be passed through first if
`connection to an external network is needed (refer to
`Figure 1).
`
`
`In this case, the local area network user must
`know the settings for the local area network that the
`user is using, and the proxy server must prepare an
`account for the local area network user. In addition,
`since the proxy server serves as a bridge from the
`local area network to the outside, resources and users
`will become centralized.
`
`
`4. Socket Server
`
`In most UNIX operating systems, network
`connections by application programs usually occur
`through a socket. While this socket is usually
`managed by a host kernel that runs the application
`program, a study was done previously regarding a
`method for providing transparent external service to
`users by having a separate server manage/assign the
`socket.
`that
`[KK92] presents a socket server
`
`provides a relay to an external network through
`remotely managing a socket when the number of
`nodes inside one local area network, able to directly
`connect to the outside, has been limited to just a few.
`The sockets that can communicate with the outside
`must be assigned through Rconnect() from socket
`servers with external addresses, and internal nodes
`that cannot connect directly must connect with the
`outside only through external sockets assigned in this
`way. The socket server assigns its IP port number to
`each socket client and relays the communication
`between the internal and external nodes using this.
`
`
`
`
`
`1) In actuality, inter-domain routing is achieved through address translation. Consider the translation of Ethernet interface address based on
`routing.
`
`3279
`
`Google Ex. 1504, pg. 3
`
`
`
`38 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3280
`
`Figure 2. Configuration of a network with duplicate addresses
`
`Figure 3. Transparent address translation (connection from the inside to the outside)
`
`Google Ex. 1504, pg. 4
`
`
`
`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`
` 39
`
`of sockets simultaneously required by one node, the
`connections to external networks by multiple local
`nodes by using one global address can be provided by
`translating many local sockets to one global address
`and unused port number.
`From this point on, the sockets in each node
`will be marked as (IP address, TCP port number),
`and all TCP packets will be expressed as (srcIP,
`srcPORT, dstIP, dstPORT).
`If you assume that there are no nodes that
`have the same IP address in all of the paths through
`which
`packets
`pass
`through,
`the
`primary
`communication agents within each node can be
`uniquely
`identified within
`the unit
`local area
`network—or in the entire Internet if there is no IP
`the (srcIP,
`address duplication at all—through
`srcPORT) sockets. Therefore, the sockets pairs of
`((srcIP, srcPORT), (dstIP, dstPORT)) allow for the
`transmitter and the receiver to be uniquely identified
`[TCP81].
`
`1. One-to-one packet transmission when
`using a proxy server
`First, let’s take a look at the minimum
`information absolutely required in the process of
`delivering packets between the TCP connection’s
`peer entities using a proxy server.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`By using telnet G from S, which has a local address, to
`remotely log-in to G and then using telnet D again from G,
`an indirect telnet connection is made between S and D. S is
`connected to an external global network, without having a
`unique global address, and the packets being exchanged
`with D, a normal node, is being relayed through proxy
`server G.
`Figure 4. Telnet session using a proxy server
`
`3281
`
`As can be seen in Figure 3, the network
`address translator has a very close relationship with
`the DNS and inter-domain router/gateway. We’ll use
`this figure to look at the operating process of the
`network address translator.
`When Node I, which wants to connect to the
`outside, attempts to send the packet out, the network
`address translator grabs that packet and assigns it to
`an external address. All packets go through the
`network address translator, and each time a packet
`passes through the border between the inside and the
`outside, the network address translator translates
`Node I’s local address and the global address
`assigned earlier and relays the revised packet. In
`addition, if there is a connection request from the
`outside to Node I, which is inside this local access
`network, the DNS notifies the network address
`translator of the situation so that the network address
`translator can prepare a global address for [Node] I.
`Thus, a transparent bi-directional address translation
`occurs. At this time, the maximum number of local
`network nodes that can connect to the outside
`simultaneously is equal to the number of global
`addresses reserved in advance by the network address
`translator.
`This method
`disadvantages:
`
`
`
`in connectionless
`
` Does not apply to applications that do not
`use DNS.
`to apply
` Difficult
`communications such as UDP.
` There may be insufficient global addresses
`if a large number of nodes within one local area
`network connects to the outside.
` Separate considerations must be made for
`the application which include the IP address inside
`the packet (FTP, ICMP, etc.).
`
`This method allows for transparent address
`translations to occur by installing a network address
`translator at the border between networks without
`making any special revisions to the nodes inside the
`local area network. In addition, the problem of
`inbound request is solved by joining with the DNS.
`This thesis will be published again using the
`Internet standardized document RFC format [EF94].
`
`III. Transparent Port-Address Translator
`
`In this paper, we’ll discuss a method for re-
`using addresses by using a new network address
`translator called
`the port-address
`translator. By
`focusing on the fact that there are significantly more
`actual UDP and TCP ports compared to the number
`
`has
`
`the
`
`following
`
`Google Ex. 1504, pg. 5
`
`
`
`40 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`If you look at Figure 4, you’ll see that the
`packet going from (S, 1000) to (D, 23) is relayed by
`G, changed to (G, 3000), and then sent to (D, 23) and
`that the packet sent from (D, 23) to (G, 3000) is
`relayed to (S, 1000) by G so that a one-to-one
`connection can be made between S and D.
`The role of the port-address translator is to
`automate this process so that a transparent translation
`and relay can be made.
`
`2. Relay through a port-address automatic
`translation
`As was seen previously, all packets received
`by D were packets called (S, 1000, G, 23) that were
`converted by G to (G, 3000, D, 23), and all packets
`received by S were converted by G from (D, 23, G,
`3000) to (G, 23, S, 1000). These translations were the
`result of the user explicitly using a proxy server, and
`the inability to provide transparency is due to reasons
`mentioned above. In this case, we can see that in
`order for perfect transparency to be guaranteed to the
`user and for the same effect to be obtained while
`minimizing revisions to the existing system, a
`method that allows for G to complete the above
`translation automatically must be utilized.
`If a local area network node, which does not
`use an address that is globally unique, wants to send a
`packet out, the method for converting the sender’s
`address to a globally unique address using local
`address translator G has already been discussed
`[TE93]. In this case, the translation between the
`global address and the local address that occurs at the
`border between the local network and the global
`network allows the packet receiver within the global
`network to be uniquely identified through the (dstIP,
`dstPORT) pair, guaranteeing their uniqueness within
`each unit network.
`Since the port number of the TCP packet is
`comprised of 16 bits, up to 216 different nodes can
`exist within one IP node. This means that up to 216
`different receivers can exist per one IP address.
`
`
`Table 1. Example of a Port-Address
`Translation Table
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3282
`
`the
`
`The well-known ports used in most applications are
`reserved to the number 10000 and below, and in
`many cases, the number of ports used by one mode is
`much less than 216. Therefore, a method wherein the
`address of a different node can be corresponded to an
`unused port so that a node, which has a global
`address, handles the connection between an external
`global network and a node with a local address can
`be considered.
`
`Take a look at Table 1. This table shows the
`sockets (IPaddr, PORT) created from the Node 1
`(inner nodes) of the stub B class network with the
`address of 172.16.0.0 being corresponded with the
`port number of G (Gateway node) with a global
`address. This act of corresponding is dynamically
`allocated as follows:
`
`1. Through the DNS as in [TE93] and
`2. Through detection of a SYN flag in the TCP
`header information
`
`is CLOSED,
`the STATUS
`Once
`
`corresponding port is deallocated.
`
`Each time a packet, requiring translation of
`the address, is discovered, G refers to this table to
`revise the header information before relaying the
`packet. This relay process occurs by monitoring
`inbound and outbound packets.
`
`The transmitter header of an outbound
`packet is revised from (I. Addr. I. PORT) to (G. Addr.
`G. PORT) in accordance with the port-address
`translation table and then relayed to an external
`global network. In addition, the receiver header of a
`packet, received by G from outside, is revised from
`(G. Addr. G. PORT) to (I. Addr. I. PORT) and
`delivered to an internal local area network.
`
`Since an outbound TCP packet has a reused
`IP, it must not leave the local area network without
`being revised. While only dynamic allocation based
`on external request has been discussed thus far, relay
`of internal connection requests based on a static
`allocation method, which will be discussed below, is
`also possible.
`
`
`3. Effectiveness of Address Reuse
`A port-address translator allows IP address
`
`space to be used efficiently.
`
`For example, let’s say that a globally
`available B Class network address is used to re-
`configure C Class local area networks and the
`number of global sockets required simultaneously in
`one local area network is 10,000. (This number is not
`completely without warrant. While a maximum of
`255 nodes can exist within a C Class, since the
`number of nodes that simultaneously connects to the
`outside will not exceed 50, it’s possible that up to a
`
`Google Ex. 1504, pg. 6
`
`
`
`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`
`41
`
`maximum of 200 sockets that connect with the
`outside can exist simultaneously for every one node.2)
`Since up to 216 TCP Ports can be used in each node,
`one global address can be used to handle all global
`sockets. Thus, the reused exclusive address presented
`in [RM94] can be allocated to a general node, and
`one global address can be allocated to each C Class
`local area network.
`
`In this way, the reuse of addresses can
`reduce the waste of IP address space and alleviate the
`lack of IP addresses to a certain degree. In this case, a
`port-address translator can be used at a very low cost
`to provide transparent service to users without having
`to revise
`the existing applications or network
`configurations.
`
`IV. Considerations for Designing and Implementing a
`Port-Address Translator
`
`[KK92] using a socket server as described above
`where information is explicitly provided by Rbind(),
`the transparent address translator faces significant
`difficulty since it must perform the relay by only
`using information contained in the packet header.
`
`Since the calculation of TCP/IP checksum is
`very simple, revision to the header checksum can be
`performed efficiently by combing additions and
`subtractions
`[EF94]
`[TE93]. The port-address
`translator in this paper solved the checksum problem
`by implementing the algorithm presented in [TE93].
`
`the Port-Address
`1. Point based on
`Translation Table Allocated/Deallocated
`In regard to the point at which a port is
`allocated/deallocated, two methods were mentioned
`above.
`
`First, selecting the method of dynamic
`address allocation from the DNS has the advantage of
`clarifying the point of the address allocation and
`providing internal service. However, the decision for
`the point of deallocation becomes significantly
`complex as a separate method such as monitoring the
`session or explicitly returning an address that must be
`implemented. In addition, the benefits of this method
`are weak since all nodes must be pre-registered to the
`DNS, and DNS queries may result in mismatches of
`names and addresses due to caching.
`If the second method of monitoring the
`header and content of packets
`is used,
`the
`implementation of a TCP STATE tracking algorithm
`for local area sockets may be significantly difficult.
`This information can be obtained through TCP
`header flags such as SYN, FIN, etc. Figure 5 shows a
`table of TCP STATE tracking status based on
`detection of header flags. The pseudo code of the
`algorithm used
`to
`implement
`the port-address
`translator in this paper is included in Appendix A.
`
`
`The above proposed port-address translator
`
`was implemented on IBM PC compatible machines
`and packet drivers. Since more secondary functions,
`such as address translations, are required compared to
`the widely used PC bridge, more hardware resources
`are required compared to a standard bridge. When
`tested on a 386SX machine, no performance decrease
`was found compared to other bridges. A detailed
`performance evaluation should be performed in the
`future.
`The biggest problems with implementation
`
`are as follows:
`
`
`
` An adequate revision to the checksum is
`needed in accordance with the revision to the TCP/IP
`header.
`the point of allocation and
` How
`
`deallocation for the internal local socket will be
`decided.
`
` If UDP is supported, it is difficult to
`decide
`the point at which
`the port will be
`allocated/deallocated.
`
` Separate considerations must be made for
`relay of inbound requests to servers with only local
`addresses.
`
` If a packet, containing an IP address, is
`generated from an application layer such as FTP or
`ICMP, it must be handled from the application layer.
`
`Such problems are attributable to the fact
`
`that information that the port-address translator can
`obtain from a packet is limited. This is similar to the
`problems that occur when establishing a Packet
`Filtering Gateway in order to enhance security
`[CB94]. Compared with the case of translations
`
`
`2) In order to actually implement an address translator, a quantitative analysis of activity characteristics of local area network nodes must be
`performed.
`
`
`
`
`3283
`
`Google Ex. 1504, pg. 7
`
`
`
`42 Journal of Korea Information and Communications Society ’95-12 Vol. 20 No. 12
`
`
`
`
`
`
`
`For example, if a HTTP server is waiting at
`
`(www.our.domain. 80), all packets that come into
`(gateway.our.domain.
`80)
`are
`translated
`to
`(www.our.domain. 80) and relayed. In this case,
`www.out.domain is registered as the address of
`gateway.our.domain in the DNS that will be serviced
`externally for
`the convenience of
`the service
`requester.
`for
`trend
`there has been a
`
`Lately,
`information search services to be configured using
`server pools, which provide the same service, for the
`purpose of load balancing. By expanding on the
`above service relay method, it’s possible that it can
`be utilized for dynamic load balancing in which one
`of these servers is selected to perform a relay each
`time there is a request.3
`
`4. Considerations per Application Protocol
`
`For certain application protocols, an
`
`additional function must be added to the port-address
`translator for relay to be possible. Let’s take a look at
`FTP, an application that has been around a long time
`and is used most often in TCP/IP networks.
`
`Data connection in a FTP is generated
`separately from the control connection. When a data
`connection needs to be created, a FTP client notifies
`the server through a control connection its IP address
`and the TCP port number, that is required for a data
`connection, along with the PORT command and then
`waits (LISTEN) at that port [PR85]. Next, a FTP
`server that has received a PORT command sends a
`SYN to the specified address and port number to
`create a new data connection.
`
`If a node with a duplicated local address
`connects to an external FTP server using a port-
`address translator, the FTP client of this node is
`allocated with an address of its own, which is
`duplicated and cannot be known externally, and an
`unused port number within the node after which it
`creates and sends a TCP packet along with a PORT
`command and goes into a LISTEN state at that port.
`Accordingly, in order to create a correct data
`connection,
`the
`port-address
`translator must
`recognize
`that
`the connection,
`in which
`it
`is
`maintaining itself in place of the internal node, is a
`FTP session and apply an appropriate revision to the
`FTP packet each
`time a PORT command
`is
`discovered before performing a relay.
`
`At this time, the IP Address and PORT
`number that follows the PORT command is displayed
`in ASCII text. Accordingly, if the address/port
`
`
`
`
`
`
`
`Figure 5. TCP STATE transition diagram based on
`header flag detection
`
`
`2. UDP Support
`
`If the port-address translator is expanded in
`
`order to support UDP, deciding on the point of
`allocation/deallocation
`is much more difficult
`compared with TCP. Since UDP uses a stateless
`protocol unlike TCP and doesn’t have a sequence
`number, accurately tracking a session is not possible.
`In this case, while an idle time threshold based
`algorithm may be used, in which idle time is
`measured and a UDP session is determined to have
`terminated and deallocation takes place if there is no
`communication to the same socket for a fixed period
`of time, it is difficult to select a threshold, and exact
`operation, as with TCP, cannot be expected due to the
`UDP session’s characteristic of not having a clear
`start and end.
`
`The current prototype port-address translator
`uses an idle time threshold based algorithm with the
`threshold fixed at 2 minutes. This value is sufficiently
`longer than the time out threshold used by application
`layers, with internal time out, such as NIS (Network
`Information System) and NFS (Network File System).
`
`Additional consideration
`is needed
`to
`support the applications that do not have time out or
`use a different threshold.
`
`3. Inbound Request Support
`
`While the port-address translation table for
`
`the address translator in this paper is dynamically
`allocated/deallocated based on detection of packet
`flags, a static address allocation method, which
`always allocates a specific address to a port, can also
`be selected so that inbound connection requests to a
`server within the local area network can also be
`handled.
`
`This static allocation is designated when the
`port-address translator is activated and is always
`available. Since servers such as FTP, HTTP, and
`TELNET are known as well-known ports, relays of
`inbound connection requests are also possible if the
`addresses of servers that must be exposed to external
`networks are allocated to the corresponding ports in
`
`advance.
`
`3) The selection of this load balancing is under consideration in the development of a balanced WWW system.
`
`
`3284
`
`Google Ex. 1504, pg. 8
`
`
`
`Thesis/IP Address Reuse Through Transparent Port-Address Translator
`
`43
`
`numbers of the PORT command are revised, a
`mismatch of the TCP sequence number will occur
`depending on the difference in character count. This
`mismatch will prevent TCP communication, and so
`the difference
`in sequence numbers for each
`connection must be managed and revised so that
`future mismatches in sequence numbers do not occur.
`In addition, the acknowledgement number of the
`ACK packet must also be revised. The current
`prototype port-address
`translator maintains
`the
`difference in the original sequence number and the
`revised packet’s sequence number and revises the
`acknowledge number and sequence number for all
`packets afterwards in order to allow the FTP service
`to perform relays smoothly.
`
`There are cases when applications such as
`SNMP encrypt addresses and ports before sending
`them. In such cases when packet information has
`been encrypted, it’s almost impossible for the port-
`address translator to respond. However, since there
`are almost no cases where a SNMP packet must be
`sent over a local area network border, it was excluded
`from consideration for implementation.
`
`As can be seen, in order to implement a
`transparent port-address translator, packets must be
`categorized based on each application and a
`translation method suitable for each application must
`be applied. Testing and applying the prototype will
`be necessary to discover what special processes will
`be required for applications other than those that have
`been presented here.
`
`
`
`V. Conclusion
`
`
`The port-address translator can be used for
`
`reusing IP addresses along with the address-address
`translators and CIDR
`(Classless
`Inter-Domain
`Routing) for a low cost without having to revise the
`existing applications or network configuration, and it
`is believed that it may be able to alleviate the
`problem of insufficient IP address space to a certain
`degree before the study and adoption of a new
`TCP/IP is completed. The port-address translator,
`which allows for a one-to-many response as opposed
`to the address-address translation method which
`requires a one-to-one response between a globally
`unique address and a reused address, provides for
`increased address reuse. This ultimately means that
`one C Class local area network can be built by being
`assigned just one global address.
`
`The reuse of IP addresses through a port-
`address translator is thought to be a realistic proposal
`based on the following reasons, and it is thought that
`it may be a short-term solution to the problem of
`insufficient IP addresses.
`
`
`a port-address
`Implementation of
`
`
`translator and the reconfiguration of a network can be
`done at a cost similar to the installation of a Packet
`Filtering Gateway.
`
` A Port-Address Translator provides a
`transparent service to the user without revising the
`existing
`application
`program
`or
`network
`configuration.
`
` Relaying UDP applications is possible by
`implementing a suitable time based algorithm.
`
` Relaying inbound service requests is
`possible by implementing a port static reservation
`and server pool method.
`
` Relay for widely used services, such as
`FTP, is generally possible by adding a function.
`
` By fundamentally controlling inbound
`requests, a security effect that is provided by the
`firewall system can be obtained.
`
`translator
`the port-address
`In addition,
`presented in this paper has the following limitations.
`Unless these problems are solved in the future, it will
`be difficult for it to be fully adopted as a long-term
`solution.
`
`special
`require
`applications
` Some
`
`treatment, and the port-address translation method
`cannot be applied on some applications.
`
` Considerations are needed for a variety of
`protocols including ICMP, SNMP, and RIP.
`
`