US20070195807A1 - Methods and Systems for Establishing Communications Through Firewalls and Network Address Translators - Google Patents
Methods and Systems for Establishing Communications Through Firewalls and Network Address Translators Download PDFInfo
- Publication number
- US20070195807A1 US20070195807A1 US11/741,084 US74108407A US2007195807A1 US 20070195807 A1 US20070195807 A1 US 20070195807A1 US 74108407 A US74108407 A US 74108407A US 2007195807 A1 US2007195807 A1 US 2007195807A1
- Authority
- US
- United States
- Prior art keywords
- communications
- computing device
- nat
- devices
- peer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2567—NAT traversal for reachability, e.g. inquiring the address of a correspondent behind a NAT server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2578—NAT traversal without involvement of the NAT server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/663—Transport layer addresses, e.g. aspects of transmission control protocol [TCP] or user datagram protocol [UDP] ports
Definitions
- the present invention relates generally to computer communications, and, more particularly, to communications flowing through a firewall or a Network Address Translator.
- a firewall is a first example of a communications blocker.
- IP Internet Protocol
- Ports are often used to differentiate messages intended for separate processes running on a single computing device.
- NAT Network Address Translator
- the packet is then sent along to the outside device with the public address.
- the NAT stores a mapping between the private address of the device behind the NAT and the public address of the device outside the NAT.
- the NAT refers to this mapping and replaces its own public address in the packet header with the private address of the device behind the NAT.
- the device behind the NAT can both send communications to and receive communications from a device in the public address space.
- the NAT translation scheme is based on the premise that communications are initiated by the computing device behind the NAT.
- the NAT must first set up the translation mapping before it can know how to handle communications coming from the public network address space. Were a device in the public address space to attempt to initiate peer-to-peer communications by sending a message to the public address of the NAT, then, upon receiving the message, the NAT would search for a translation mapping for the sender's public address but would not find one. The NAT would discard the message, and the communications would fail.
- This problem is compounded when each device is behind its own NAT. In this case, neither device can initiate communications: while the NAT of the communications initiator sets up its translation mapping, the NAT of the recipient does not have an appropriate mapping and discards the incoming message. Communications never start. As NATs proliferate, this shortcoming impedes the spread of any application based on direct peer-to-peer communications.
- firewall and “NAT” refer to services, not necessarily to specific devices. These services may be provided on separate hardware boxes, may be combined into one box, and may even be instantiated as software running on the computing device itself.
- a known approach to the problem of NATs sets up a signaling exchange between a computing device behind a NAT and the NAT. (The discussion of the current paragraph applies as well to firewalls as it does to NATs, but only NATs are discussed to avoid repetition or having to repeatedly write “NAT/firewall.”)
- the device sends a message directly to the NAT.
- the message directs the NAT to allow the communications channel needed for a peer-to-peer application.
- this approach has its drawbacks. First, it forces the device to discover its NAT and to take the NAT's presence into account. Traditionally, devices did not need to know whether they sat behind a NAT: the NAT's operation was completely transparent.
- NATs operate automatically by intercepting communications and then discarding them or passing them along, no standard protocol exists to facilitate the signaling exchange. Adding that capability greatly alters the architecture of a NAT, which has often been an uncomplicated, firmware-based device. These considerations are compounded if the device sits behind a chain of multiple NATs or firewalls, some of which may be located far from it, such as at the facilities of the device's Internet Service Provider (ISP). The device may not be aware of all of these NATs and firewalls and may not have any means or permissions to communicate directly with them.
- ISP Internet Service Provider
- What is needed is a method for establishing communications that operates transparently to any communications blockers, e.g., firewalls, NATs, or what have you, in the communications path between peer computing devices.
- any communications blockers e.g., firewalls, NATs, or what have you, in the communications path between peer computing devices.
- two computing devices each establish communications with a rendezvous service.
- Each device can communicate with the rendezvous service regardless of the presence of communications blockers, such as firewalls or NATs, in the communications path between the device and the service.
- the two computing devices signal each other and coordinate their activities in setting up direct, peer-to-peer communications between the two devices.
- the signaling mechanism through the rendezvous service allows either computing device to attempt to establish communications. If both devices fail to establish direct, peer-to-peer communications, then they invoke the services of a relay service that provides the illusion of direct communications.
- an originating computing device attempts to establish communications with a recipient computing device.
- the originating device uses an address and port number associated with the recipient computing device. If that attempts fails, possibly because a firewall is blocking communications, then the originating device retries using a port normally held open by firewalls. If this attempt also fails, then the originating device invokes the services of a proxy to negotiate a port acceptable for use by the recipient device and by any intervening firewalls.
- the present invention through its diverse aspects, enables communications to be established regardless of the presence of communications blockers in the path between two computing devices.
- FIG. 1 a is a network schematic from the prior art showing one computing device behind a NAT and another computing device outside the NAT;
- FIG. 1 b is a network flow diagram from the prior art showing the computing device behind the NAT of FIG. 1 a initiating communications with the computing device outside the NAT;
- FIG. 1 c is a data table diagram from the prior art showing the NAT's translation mapping that facilitates the communications of FIG. 1 b;
- FIG. 1 d is a network flow diagram from the prior art showing that the computing device outside the NAT of FIG. 1 a cannot initiate communications with the computing device behind the NAT;
- FIG. 2 is a network flow diagram from the prior art showing how a firewall blocks communications on addresses and ports not specifically allowed;
- FIG. 3 is a block diagram generally illustrating an exemplary computer system that supports the present invention
- FIGS. 4 a , 4 b , and 4 c are network flow diagrams of scenarios in which two computing devices attempt to establish peer-to-peer communications with the aid of a rendezvous service;
- FIGS. 5 a , 5 b , and 5 c are combination flow charts and data flow diagrams of exemplary methods usable by the computing devices and rendezvous service in the scenarios of FIGS. 4 a , 4 b , and 4 c , respectively;
- FIG. 6 is a network flow diagram of a scenario in which a computing device attempts to establish communications with its peer device in the presence of a firewall;
- FIGS. 7 a , 7 b , and 7 c are a combination flow chart and data flow diagram of an exemplary method for a computing device to use in the scenario of FIG. 6 .
- Section I presents devices that often stymie attempts to establish direct, peer-to-peer communications between two computing devices.
- Section II presents an exemplary computing environment in which the invention may run.
- Section III describes exemplary embodiments of the invention's methods.
- FIG. 1 a shows a prior art networking arrangement that is the basis for the following discussion of NATs and of the invention.
- a computing device 100 is connected via a local area network (LAN) 102 to a NAT 104 .
- the NAT also has a connection to a public address space, here represented by the Internet 110 .
- the network address 106 used on the LAN is a private address, that is to say, it is not valid in the public address space beyond the NAT. Because of this, device 100 cannot communicate with a computing device 112 in the public address space unless the private address 106 of device 100 is first translated.
- the NAT is responsible for this translation, and the mechanism of translation is described below with respect to FIG. 1 b .
- device 112 has a public network address 114 that needs no translation.
- IP addresses are a standard for the industry, the example addresses ( 106 , 108 , and 114 ) are intentionally shown in a non-IP format to indicate that the invention is not limited to any particular addressing format.
- FIG. 1 b shows how NAT 104 facilitates computing device 100 in setting up communications with the computing device 112 .
- Device 100 addresses an initial message to the public network address 114 of device 112 .
- the initial message follows the path 116 .
- the NAT intercepts it and reads the “to address” field in the message's header. Because that field contains public network address 114 , the NAT knows to send the message out on its connection to the Internet 110 .
- the message as written by device 100 is not valid for the public address space because the “from address” field in the message's header contains the private network address 106 of device 100 .
- the NAT replaces this private address with its own public address 108 .
- the NAT also creates an address translation mapping that correlates the private network address 106 of device 100 with the public network address 114 of device 112 .
- FIG. 1 c shows this mapping in the translation table 118 .
- the NAT sends the altered initial message on its way. The initial message travels via the Internet 110 and is received by the destination device 112 .
- the message path 116 has an arrowhead at one end to indicate that it is the path for initiating communications between computing devices 100 and 112 . That same path is traversed in the opposite direction by a response sent from device 112 to device 100 (although the exact path through the Internet 110 is immaterial).
- Device 112 addresses its response to the “from address” found in the header of the message it received. Because of the NAT's earlier translation, that address is actually the NAT's public address 108 .
- the NAT searches its translation table 118 for the message's “from address” in the column pertaining to the interface over which the NAT received the message. The response message comes over the NAT's external network connection.
- the NAT removes its own external network address from the “to address” field of the message's header and substitutes for it the internal network address indicated by the mapping. In this case, that is (1.2.3), the address of device 100 . In this manner, the NAT's address translation allows devices 100 and 112 to communicate with each other.
- Computing devices 100 and 112 can communicate as long as the translation entry exists in the NAT's address translation table 118 .
- the NAT does not store the translation mapping forever.
- Some NATs remove the translation after a period of inactivity. This timeout period may depend upon the type of the communications and is typically on the order of hours for Transmission Control Protocol (TCP) communications and minutes or seconds for User Datagram Protocol (UDP) communications.
- TCP Transmission Control Protocol
- UDP User Datagram Protocol
- Other NATs may monitor the communications flow and discard the translation when one side or the other indicates that the conversation is over.
- FIG. 1 d shows what happens when, instead, the computing device 112 attempts to initiate communications with device 100 .
- the private network address 106 of device 100 is invalid in the public address space of the Internet 110
- device 112 addresses its initial message to the public address 108 of NAT 104 .
- This initial message follows the path 120 .
- the NAT looks for an address translation mapping in its table 118 .
- the mapping shown in FIG. 1 d the mapping shown in FIG.
- 1 c does not exist because device 100 never sent a message through the NAT to device 112 . Without the mapping, the NAT cannot translate the “to address” field in the message's header to a private network address on LAN 102 . The message is discarded. Thus, in the prior art, a computing device outside of a NAT cannot initiate communications directly with a device behind the NAT. The problem is exacerbated when each computing device is behind its own NAT: then neither device can initiate communications with the other.
- FIG. 2 portrays another common communications blocker.
- the NAT 104 of FIG. 1 a is replaced by a firewall 200 .
- a firewall may be thought of as blocking all communications, based on their addresses and port numbers, that have not been specifically allowed.
- the firewall is set up to allow communications between the computing device 100 and all devices, such as device 112 , in the public address space of the Internet 110 .
- the firewall only allows traffic directed to ports 80 and 443 .
- device 100 sends communications 202 directed to port 80 , address (12.9.7), the public address of device 112 .
- the firewall passes these communications unaltered.
- Firewalls present problems for real-time, peer-to-peer applications because, although a port can almost always be found that is open for communications through the firewall (e.g., port 80 is usually open), that port may be handling so much traffic from other sources that real-time response requirements cannot be met.
- FIG. 3 is a block diagram generally illustrating an exemplary computer system that supports the present invention.
- Computing device 100 is only one example of a suitable environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Neither should computing device 100 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in FIG. 3 .
- the invention is operational with numerous other general-purpose or special-purpose computing environments or configurations.
- computing device 100 typically includes at least one processing unit 300 and memory 302 .
- the memory 302 may be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.), or some combination of the two. This most basic configuration is illustrated in FIG. 3 by the dashed line 304 .
- the computing device may have additional features and functionality.
- computing device 100 may include additional storage (removable and non-removable) including, but not limited to, magnetic and optical disks and tape.
- additional storage is illustrated in FIG. 3 by removable storage 306 and non-removable storage 308 .
- Computer-storage media include volatile and non-volatile, removable and non-removable, media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.
- Memory 302 , removable storage 306 , and non-removable storage 308 are all examples of computer-storage media.
- Computer-storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory, other memory technology, CD-ROM, digital versatile disks (DVD), other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage, other magnetic storage devices, and any other media that can be used to store the desired information and that can be accessed by device 100 . Any such computer-storage media may be part of device 100 .
- Device 100 may also contain communications connections 310 that allow the device to communicate with other devices. Communications connections 310 are examples of communications media. Communications media typically embody computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and include any information delivery media.
- modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
- communications media include wired media, such as wired networks (including LAN 102 of FIG. 1 a ) and direct-wired connections, and wireless media such as acoustic, RF, infrared, and other wireless media.
- computer-readable media includes both storage media and communications media.
- Computing device 100 may also have input devices 312 such as a keyboard, mouse, pen, voice-input device, touch-input device, etc.
- Output devices 314 such as a display, speakers, printer, etc., may also be included. All these devices are well know in the art and need not be discussed at length here.
- FIGS. 4 a , 4 b , and 4 c present example scenarios in which two computing devices, 100 and 112 , attempt to establish direct, peer-to-peer communications with each other.
- FIGS. 5 a , 5 b , and 5 c respectively, illustrate exemplary methods that the devices may use in these scenarios.
- a rendezvous service 400 is provided. Computing devices can freely establish communications with the rendezvous service, typically by logging on to it. The devices can then discover other devices with which they wish to communicate and can send connection information to other devices by way of the service. This is made clearer by the examples described below.
- MICROSOFT'S “MSN MESSENGER” is an example of a rendezvous service.
- the communications blocker in front of computing device 100 is labeled “NAT/Firewall”: this represents any type of communications blocker, be it a NAT, a firewall, a combination of the two, or something else entirely. The particulars of the blocker's operation are not relevant to these examples.
- computing devices 100 and 112 establish communications flows, 402 and 404 , respectively, with the rendezvous service 400 . While the corresponding steps, 500 and 502 , of FIG. 5 a are shown as occurring simultaneously, that need not be the case.
- device 112 decides to communicate with device 100 .
- device 112 invites device 100 to establish communications. The invitation is sent to the rendezvous service rather than directly to device 100 .
- the rendezvous service attempts (after possible translations not relevant to the present discussion) to pass the invitation along to device 100 .
- the already established communications flow 402 allows the invitation to reach device 100 .
- device 100 in step 508 attempts to establish communications with device 112 . Because there is no communications blocker in front of device 112 , the attempt succeeds and devices 100 and 112 establish communications flow 406 with one another. In the parallel steps 510 and 512 , devices 100 and 112 use communications flow 406 to communicate directly with one other. Note the importance of the directness of communications flow 406 : it does not pass through the rendezvous service. That service is used only for signaling during establishment of the direct, peer-to-peer connection.
- the example scenario of FIG. 4 a is not symmetric because computing device 100 is behind a communications blocker 104 / 200 while device 112 is not.
- the second scenario of FIGS. 4 b and 5 b shows what may happen when, opposite to the example of FIGS. 4 a and 5 a , device 100 invites device 112 to establish communications.
- the procedure begins as before in steps 500 and 502 with the two devices establishing communications with rendezvous service 400 . This time, device 100 sends, via the rendezvous service, an invitation to device 112 to establish communications (steps 514 and 516 ).
- device 112 attempts to establish communications flow 408 , its attempt fails because of the communications blocker 104 / 200 in front of device 100 .
- step 518 Device 100 becomes aware of device 112 's failure. That awareness may arise when the rendezvous service uses communications flow 402 to pass on a failure message sent to it from device 112 . Alternately, device 100 may time how long it takes device 112 to establish communications. If the timer goes off before communications are established, device 100 decides that device 112 failed. In any case, device 100 now attempts, in step 520 , to establish communications flow 410 with device 112 . Just as in the scenario of FIGS. 4 a and 5 a , this attempt succeeds because there is no communications blocker in front of device 112 . In the parallel steps 522 and 524 , devices 100 and 112 use communications flow 410 to communicate directly with one other.
- a communications blocker 412 sits in front of computing device 112 . It is clear that because a blocker sits in front of each device, neither device may be able to establish direct, peer-to-peer communications, that is, the procedures of both FIGS. 5 a and 5 b may fail. In this case, the devices settle for a second best solution.
- step 526 presumably after attempting the procedures of FIGS. 5 a and 5 b , one of the two devices (shown as device 100 but that is not significant) establishes communications flow 414 with a relay service 416 .
- the relay service is designed just for such situations: it accepts communications from each device and passes them on to the other.
- the relay service sends to device 100 a session identifier.
- device 100 invites, via the rendezvous service 400 , device 112 to use the relay service to communicate with it.
- the invitation includes the session identifier.
- Device 112 establishes, in step 532 , communications flow 418 with the relay service and gives the relay service the session identifier. With this, the relay service knows to pass communications between devices 100 and 112 .
- devices 100 and 112 use their communications flows 414 and 418 , respectively, to the relay service to communicate with one other.
- the arrow between these two steps has a dashed outline to indicate that the communications are indirect, being mediated by the relay service.
- two computing devices can use a rendezvous service to establish direct, peer-to-peer communications even if either one of the two devices sits behind a communications blocker. If communications blockers prevent both devices from establishing direct communications with the other, then the devices can use a relay service to communicate indirectly with each other, providing the illusion of direct communications.
- FIG. 6 presents a scenario of communications blocking specific to firewalls.
- a firewall may be configured to block all communications, based on their addresses and port numbers, that have not been specifically allowed.
- Computing device 112 attempts to establish communications flow 600 through firewall 200 to device 100 , but the firewall is not configured to accept the port number that device 112 is using and so discards the message.
- FIGS. 7 a , 7 b , and 7 c portray a method that device 112 can use to establish communications in spite of the blocking firewall.
- step 700 device 112 attempts to establish communications flow 600 as it normally would, addressing the flow to device 100 and using a port usually open to communications. For example, port 80 is often open.
- devices 100 and 112 can communicate directly with one another. Else, device 112 move to step 702 and again attempts to establish communications flow 600 . This time, however, device 112 uses a different port number, perhaps one often open on firewalls. Some firewalls open port 443 for encrypted communications, but will allow anything to pass through. If this attempt succeeds, the procedure is complete. Otherwise, device 112 proceeds to step 704 in which it establishes communications flow 602 with a proxy service 604 . The proxy may have privileges beyond those of device 112 and may be able to establish communications flow 606 with device 100 .
- the proxy may use the port originally attempted by device 112 (e.g., port 80 ), may use port 443 , or may negotiate with the firewall to use another port. This is reflected in steps 706 , 708 , and 710 of FIG. 7 b . If the proxy succeeds, then as shown in parallel steps 712 and 714 , devices 112 and 100 can communicate with each other through the proxy. There is nothing special about the order of steps 700 , 702 , 704 , and 708 : device 112 may attempt these steps in any order. Note that this procedure may be used whenever device 112 is having difficulty establishing direct communications with device 100 . In particular, it may be useful in conjunction with the procedures of FIGS. 5 a , 5 b , and 5 c.
- FIGS. 5 a , 5 b , 5 c , 7 a , 7 b , and 7 c may be implemented in any number of ways. They may be incorporated into network communications drivers running on the computing devices 100 and 112 . That way, the procedures become transparent to users of and applications running on the devices. In many cases, users and applications need not know whether they are using direct, peer-to-peer communications or a relay service, the originally chosen port number, another port number, or a proxy service. Of course, this information can be provided to users and application if desired.
Abstract
Disclosed are methods that enable communications to be established regardless of the presence of communications blockers, e.g., firewalls and NATs, in the path between two computing devices. Two devices each establish communications with a rendezvous service. Through the service, the devices signal each other to set up direct, peer-to-peer communications between themselves. If the devices fail to establish direct communications, then they invoke a relay service that provides the illusion of direct communications. In another aspect, an originating device attempts to establish communications with a recipient, using an address and port number associated with the recipient. If that attempts fails, possibly because a firewall is blocking communications, then the originating device retries using a port normally held open by firewalls. If this attempt also fails, then the originating device invokes the services of a proxy to negotiate a port acceptable for use by the recipient and by any intervening firewalls.
Description
- This application in a continuation of U.S. patent application Ser. No. 10/024,090 filed on Dec. 17, 2001.
- The present invention relates generally to computer communications, and, more particularly, to communications flowing through a firewall or a Network Address Translator.
- The growth of networks, specifically the Internet, is spurring a proliferation of applications based on peer-to-peer computer communications. In the older host-sever paradigm, a user took advantage of services provided by a more or less centralized corporate entity. In peer-to-peer communications, a user at one computing device communicates in real time directly with a user at another device. Computer telephony, teleconferencing, interactive games, and remote collaboration are just a few examples of increasingly popular applications that take advantage of inexpensive peer-to-peer communications.
- It has long been possible to provide the illusion of peer-to-peer communications by means of a relay service. When two users wish to communicate, each logs on to the relay service and directs its communications to the relay service. The relay service receives the communications and forwards them on to their intended recipient. This approach is very useful as long as the amount of data transferred is small and the latency requirements are lax, but in cases that demand large bandwidth and real-time response, the relay service quickly becomes a traffic bottleneck. In addition, setting up and running a large relay service are quite expensive in terms of money and resources. Ideally, peer-to-peer applications can operate without the mediation of a relay service, but relays are still useful in providing connectivity when, for some reason, direct peer-to-peer communications are not possible.
- Direct communications may not be possible if a “communications blocker” sits on the path between the peer computing devices. A firewall is a first example of a communications blocker. For security's sake, many users install firewalls between their computing devices and communications networks. Most firewalls protect computing devices by blocking incoming and outgoing communications except that which comes over specifically allowed addresses and ports. (Modern communications protocols, such as the Internet Protocol (IP), allow for the specification of source and destination fields called “ports,” in association with the source and destination addresses. Ports are often used to differentiate messages intended for separate processes running on a single computing device.) If a peer-to-peer application attempts to reach a computing device behind a firewall, the firewall may prevent communications from ever reaching the device. Even for communications directed to an open port on the firewall (e.g., port 80 is usually open), the port may be handling so much traffic from other sources that real-time response requirements cannot be met.
- Another potential blocker of peer-to-peer communications is the Network Address Translator (NAT). Ideally, each computing device connected to the Internet is assigned a unique network address within the public address space. The growth of Internet connectivity, however, has rapidly depleted the supply of public addresses. To compensate, many computing devices today do not have public addresses but are, rather, assigned private addresses outside the public address space. Having disparate address spaces leads to complications, however. For example, a device with a private address cannot send a message to a device with a public address unless the private address is first translated to some public address. NATs automatically perform this translation by intercepting packets from the device with the private address and then replacing the device's private address in the packet header with the NAT's own public address. The packet is then sent along to the outside device with the public address. The NAT stores a mapping between the private address of the device behind the NAT and the public address of the device outside the NAT. When communications arrives from the outside device addressed to the public address of the NAT, the NAT refers to this mapping and replaces its own public address in the packet header with the private address of the device behind the NAT. By way of this mapping, the device behind the NAT can both send communications to and receive communications from a device in the public address space.
- The NAT translation scheme is based on the premise that communications are initiated by the computing device behind the NAT. The NAT must first set up the translation mapping before it can know how to handle communications coming from the public network address space. Were a device in the public address space to attempt to initiate peer-to-peer communications by sending a message to the public address of the NAT, then, upon receiving the message, the NAT would search for a translation mapping for the sender's public address but would not find one. The NAT would discard the message, and the communications would fail. This problem is compounded when each device is behind its own NAT. In this case, neither device can initiate communications: while the NAT of the communications initiator sets up its translation mapping, the NAT of the recipient does not have an appropriate mapping and discards the incoming message. Communications never start. As NATs proliferate, this shortcoming impedes the spread of any application based on direct peer-to-peer communications.
- Note that in the context of this application, “firewall” and “NAT” refer to services, not necessarily to specific devices. These services may be provided on separate hardware boxes, may be combined into one box, and may even be instantiated as software running on the computing device itself.
- A known approach to the problem of NATs sets up a signaling exchange between a computing device behind a NAT and the NAT. (The discussion of the current paragraph applies as well to firewalls as it does to NATs, but only NATs are discussed to avoid repetition or having to repeatedly write “NAT/firewall.”) The device sends a message directly to the NAT. The message directs the NAT to allow the communications channel needed for a peer-to-peer application. However, this approach has its drawbacks. First, it forces the device to discover its NAT and to take the NAT's presence into account. Traditionally, devices did not need to know whether they sat behind a NAT: the NAT's operation was completely transparent. Second, because NATs operate automatically by intercepting communications and then discarding them or passing them along, no standard protocol exists to facilitate the signaling exchange. Adding that capability greatly alters the architecture of a NAT, which has often been an uncomplicated, firmware-based device. These considerations are compounded if the device sits behind a chain of multiple NATs or firewalls, some of which may be located far from it, such as at the facilities of the device's Internet Service Provider (ISP). The device may not be aware of all of these NATs and firewalls and may not have any means or permissions to communicate directly with them.
- What is needed is a method for establishing communications that operates transparently to any communications blockers, e.g., firewalls, NATs, or what have you, in the communications path between peer computing devices.
- The above problems and shortcomings, and others, are addressed by the present invention, which can be understood by referring to the specification, drawings, and claims. According to a first aspect of the present invention, two computing devices each establish communications with a rendezvous service. Each device can communicate with the rendezvous service regardless of the presence of communications blockers, such as firewalls or NATs, in the communications path between the device and the service. Through the rendezvous service, the two computing devices signal each other and coordinate their activities in setting up direct, peer-to-peer communications between the two devices. The signaling mechanism through the rendezvous service allows either computing device to attempt to establish communications. If both devices fail to establish direct, peer-to-peer communications, then they invoke the services of a relay service that provides the illusion of direct communications.
- According to another aspect of the invention, usable separately or in conjunction with the first aspect, an originating computing device attempts to establish communications with a recipient computing device. The originating device uses an address and port number associated with the recipient computing device. If that attempts fails, possibly because a firewall is blocking communications, then the originating device retries using a port normally held open by firewalls. If this attempt also fails, then the originating device invokes the services of a proxy to negotiate a port acceptable for use by the recipient device and by any intervening firewalls.
- The present invention, through its diverse aspects, enables communications to be established regardless of the presence of communications blockers in the path between two computing devices.
- While the appended claims set forth the features of the present invention with particularity, the invention, together with its objects and advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawings of which:
-
FIG. 1 a is a network schematic from the prior art showing one computing device behind a NAT and another computing device outside the NAT; -
FIG. 1 b is a network flow diagram from the prior art showing the computing device behind the NAT ofFIG. 1 a initiating communications with the computing device outside the NAT; -
FIG. 1 c is a data table diagram from the prior art showing the NAT's translation mapping that facilitates the communications ofFIG. 1 b; -
FIG. 1 d is a network flow diagram from the prior art showing that the computing device outside the NAT ofFIG. 1 a cannot initiate communications with the computing device behind the NAT; -
FIG. 2 is a network flow diagram from the prior art showing how a firewall blocks communications on addresses and ports not specifically allowed; -
FIG. 3 is a block diagram generally illustrating an exemplary computer system that supports the present invention; -
FIGS. 4 a, 4 b, and 4 c are network flow diagrams of scenarios in which two computing devices attempt to establish peer-to-peer communications with the aid of a rendezvous service; -
FIGS. 5 a, 5 b, and 5 c are combination flow charts and data flow diagrams of exemplary methods usable by the computing devices and rendezvous service in the scenarios ofFIGS. 4 a, 4 b, and 4 c, respectively; -
FIG. 6 is a network flow diagram of a scenario in which a computing device attempts to establish communications with its peer device in the presence of a firewall; and -
FIGS. 7 a, 7 b, and 7 c are a combination flow chart and data flow diagram of an exemplary method for a computing device to use in the scenario ofFIG. 6 . - Turning to the drawings, wherein like reference numerals refer to like elements, the invention is illustrated as being implemented in a suitable computing environment. The following description is based on embodiments of the invention and should not be taken as limiting the invention with regard to alternative embodiments that are not explicitly described herein. Section I presents devices that often stymie attempts to establish direct, peer-to-peer communications between two computing devices. Section II presents an exemplary computing environment in which the invention may run. Section III describes exemplary embodiments of the invention's methods.
- In the description that follows, the invention is described with reference to acts and symbolic representations of operations that are performed by one or more computing devices, unless indicated otherwise. As such, it will be understood that such acts and operations, which are at times referred to as being computer-executed, include the manipulation by the processing unit of the computing device of electrical signals representing data in a structured form. This manipulation transforms the data or maintains them at locations in the memory system of the computing device, which reconfigures or otherwise alters the operation of the device in a manner well understood by those skilled in the art. The data structures where data are maintained are physical locations of the memory that have particular properties defined by the format of the data. However, while the invention is being described in the foregoing context, it is not meant to be limiting as those of skill in the art will appreciate that various of the acts and operations described hereinafter may also be implemented in hardware.
- Although the present invention does not involve changes to NAT or firewall functionality, it is important to understand those functionalities in order to understand the invention.
FIG. 1 a shows a prior art networking arrangement that is the basis for the following discussion of NATs and of the invention. In the Figure, acomputing device 100 is connected via a local area network (LAN) 102 to aNAT 104. The NAT also has a connection to a public address space, here represented by theInternet 110. Thenetwork address 106 used on the LAN is a private address, that is to say, it is not valid in the public address space beyond the NAT. Because of this,device 100 cannot communicate with acomputing device 112 in the public address space unless theprivate address 106 ofdevice 100 is first translated. The NAT is responsible for this translation, and the mechanism of translation is described below with respect toFIG. 1 b. Unlike thefirst device 100,device 112 has apublic network address 114 that needs no translation. Note that while IP addresses are a standard for the industry, the example addresses (106, 108, and 114) are intentionally shown in a non-IP format to indicate that the invention is not limited to any particular addressing format. -
FIG. 1 b, also from the prior art, shows howNAT 104 facilitatescomputing device 100 in setting up communications with thecomputing device 112.Device 100 addresses an initial message to thepublic network address 114 ofdevice 112. The initial message follows thepath 116. Although the message is not addressed to the NAT, the NAT intercepts it and reads the “to address” field in the message's header. Because that field containspublic network address 114, the NAT knows to send the message out on its connection to theInternet 110. However, the message as written bydevice 100 is not valid for the public address space because the “from address” field in the message's header contains theprivate network address 106 ofdevice 100. The NAT replaces this private address with its ownpublic address 108. The NAT also creates an address translation mapping that correlates theprivate network address 106 ofdevice 100 with thepublic network address 114 ofdevice 112.FIG. 1 c shows this mapping in the translation table 118. Then, the NAT sends the altered initial message on its way. The initial message travels via theInternet 110 and is received by thedestination device 112. - The
message path 116 has an arrowhead at one end to indicate that it is the path for initiating communications betweencomputing devices device 112 to device 100 (although the exact path through theInternet 110 is immaterial).Device 112 addresses its response to the “from address” found in the header of the message it received. Because of the NAT's earlier translation, that address is actually the NAT'spublic address 108. When the NAT receives the response message, it searches its translation table 118 for the message's “from address” in the column pertaining to the interface over which the NAT received the message. The response message comes over the NAT's external network connection. In the “External Network Address” column of table 118 is an entry corresponding to the “from address” in the response message. Having found the appropriate address translation entry, the NAT removes its own external network address from the “to address” field of the message's header and substitutes for it the internal network address indicated by the mapping. In this case, that is (1.2.3), the address ofdevice 100. In this manner, the NAT's address translation allowsdevices -
Computing devices - Note that the success of the NAT's translation scheme depends upon the fact that the computing device behind the NAT, here
device 100, sends the initial message to initiate communications.FIG. 1 d, again from the prior art, shows what happens when, instead, thecomputing device 112 attempts to initiate communications withdevice 100. Because theprivate network address 106 ofdevice 100 is invalid in the public address space of theInternet 110,device 112 addresses its initial message to thepublic address 108 ofNAT 104. This initial message follows thepath 120. Just as when the NAT received the response message in the scenario ofFIG. 1 b, the NAT looks for an address translation mapping in its table 118. However, in the scenario ofFIG. 1 d the mapping shown inFIG. 1 c does not exist becausedevice 100 never sent a message through the NAT todevice 112. Without the mapping, the NAT cannot translate the “to address” field in the message's header to a private network address onLAN 102. The message is discarded. Thus, in the prior art, a computing device outside of a NAT cannot initiate communications directly with a device behind the NAT. The problem is exacerbated when each computing device is behind its own NAT: then neither device can initiate communications with the other. -
FIG. 2 portrays another common communications blocker. TheNAT 104 ofFIG. 1 a is replaced by afirewall 200. For purposes of the present discussion, a firewall may be thought of as blocking all communications, based on their addresses and port numbers, that have not been specifically allowed. For example, assume that the firewall is set up to allow communications between thecomputing device 100 and all devices, such asdevice 112, in the public address space of theInternet 110. However, the firewall only allows traffic directed to ports 80 and 443. In the Figure,device 100 sendscommunications 202 directed to port 80, address (12.9.7), the public address ofdevice 112. The firewall passes these communications unaltered. Ifdevice 112 were to attempt to communicate withdevice 100 on port 1234, as in communications flow 204, however, the firewall would prevent the communications from reachingdevice 100. Firewalls present problems for real-time, peer-to-peer applications because, although a port can almost always be found that is open for communications through the firewall (e.g., port 80 is usually open), that port may be handling so much traffic from other sources that real-time response requirements cannot be met. - The similarity in the icons for
NAT 104 introduced inFIG. 1 a and thefirewall 200 ofFIG. 2 is suggestive: these two services are often provided by the same piece of hardware. In some cases, that hardware may be part ofcomputing device 100. - The
computing devices FIG. 1 a may be of any architecture.FIG. 3 is a block diagram generally illustrating an exemplary computer system that supports the present invention.Computing device 100 is only one example of a suitable environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Neither shouldcomputing device 100 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated inFIG. 3 . The invention is operational with numerous other general-purpose or special-purpose computing environments or configurations. Examples of well-known computing systems, environments, and configurations suitable for use with the invention include, but are not limited to, personal computers, servers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, and distributed computing environments that include any of the above systems or devices. In its most basic configuration,computing device 100 typically includes at least oneprocessing unit 300 andmemory 302. Thememory 302 may be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.), or some combination of the two. This most basic configuration is illustrated inFIG. 3 by the dashedline 304. The computing device may have additional features and functionality. For example,computing device 100 may include additional storage (removable and non-removable) including, but not limited to, magnetic and optical disks and tape. Such additional storage is illustrated inFIG. 3 byremovable storage 306 andnon-removable storage 308. Computer-storage media include volatile and non-volatile, removable and non-removable, media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.Memory 302,removable storage 306, andnon-removable storage 308 are all examples of computer-storage media. Computer-storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory, other memory technology, CD-ROM, digital versatile disks (DVD), other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage, other magnetic storage devices, and any other media that can be used to store the desired information and that can be accessed bydevice 100. Any such computer-storage media may be part ofdevice 100.Device 100 may also containcommunications connections 310 that allow the device to communicate with other devices.Communications connections 310 are examples of communications media. Communications media typically embody computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and include any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communications media include wired media, such as wired networks (includingLAN 102 ofFIG. 1 a) and direct-wired connections, and wireless media such as acoustic, RF, infrared, and other wireless media. The term “computer-readable media” as used herein includes both storage media and communications media.Computing device 100 may also haveinput devices 312 such as a keyboard, mouse, pen, voice-input device, touch-input device, etc.Output devices 314 such as a display, speakers, printer, etc., may also be included. All these devices are well know in the art and need not be discussed at length here. -
FIGS. 4 a, 4 b, and 4 c present example scenarios in which two computing devices, 100 and 112, attempt to establish direct, peer-to-peer communications with each other.FIGS. 5 a, 5 b, and 5 c, respectively, illustrate exemplary methods that the devices may use in these scenarios. In an attempt to forestall the connection problems illustrated inFIGS. 1 d and 2, arendezvous service 400 is provided. Computing devices can freely establish communications with the rendezvous service, typically by logging on to it. The devices can then discover other devices with which they wish to communicate and can send connection information to other devices by way of the service. This is made clearer by the examples described below. MICROSOFT'S “MSN MESSENGER” is an example of a rendezvous service. - Note that in the examples of
FIGS. 4 a, 4 b, and 4 c, the communications blocker in front ofcomputing device 100 is labeled “NAT/Firewall”: this represents any type of communications blocker, be it a NAT, a firewall, a combination of the two, or something else entirely. The particulars of the blocker's operation are not relevant to these examples. - In the first example, illustrated by
FIGS. 4 a and 5 a,computing devices rendezvous service 400. While the corresponding steps, 500 and 502, ofFIG. 5 a are shown as occurring simultaneously, that need not be the case. Possibly using a discovery or naming service provided by the rendezvous service,device 112 decides to communicate withdevice 100. In step 504,device 112 invitesdevice 100 to establish communications. The invitation is sent to the rendezvous service rather than directly todevice 100. Instep 506, the rendezvous service attempts (after possible translations not relevant to the present discussion) to pass the invitation along todevice 100. Even thoughdevice 100 is behind thecommunications blocker 104/200, the already established communications flow 402 allows the invitation to reachdevice 100. Upon receiving the invitation,device 100 instep 508 attempts to establish communications withdevice 112. Because there is no communications blocker in front ofdevice 112, the attempt succeeds anddevices parallel steps 510 and 512,devices - The example scenario of
FIG. 4 a is not symmetric becausecomputing device 100 is behind acommunications blocker 104/200 whiledevice 112 is not. The second scenario ofFIGS. 4 b and 5 b shows what may happen when, opposite to the example ofFIGS. 4 a and 5 a,device 100 invitesdevice 112 to establish communications. The procedure begins as before insteps rendezvous service 400. This time,device 100 sends, via the rendezvous service, an invitation todevice 112 to establish communications (steps 514 and 516). When instep 518,device 112 attempts to establishcommunications flow 408, its attempt fails because of thecommunications blocker 104/200 in front ofdevice 100. (Note that the presence of a communications blocker need not doom this attempt to fail. The blocker may allow the communications in which case this attempt successfully establishes the communications flow as in the previous scenario. The procedures ofFIG. 5 b only proceeds ifstep 518 fails.)Device 100 becomes aware ofdevice 112's failure. That awareness may arise when the rendezvous service uses communications flow 402 to pass on a failure message sent to it fromdevice 112. Alternately,device 100 may time how long it takesdevice 112 to establish communications. If the timer goes off before communications are established,device 100 decides thatdevice 112 failed. In any case,device 100 now attempts, in step 520, to establish communications flow 410 withdevice 112. Just as in the scenario ofFIGS. 4 a and 5 a, this attempt succeeds because there is no communications blocker in front ofdevice 112. In theparallel steps devices - Comparing the two scenarios presented so far, one may be tempted to think that the procedure of
FIG. 5 b is extraneous because devices would simply choose to use the procedure ofFIG. 5 a and have the device behind the communications blocker always be the one to attempt to establish the communications. The situation is not so straightforward, however, because a device cannot always know whether or not it is behind a communications blocker. The invention is designed to work regardless of whether either or both devices are behind blockers. - In the third example scenario of
FIGS. 4 c and 5 c, acommunications blocker 412 sits in front ofcomputing device 112. It is clear that because a blocker sits in front of each device, neither device may be able to establish direct, peer-to-peer communications, that is, the procedures of bothFIGS. 5 a and 5 b may fail. In this case, the devices settle for a second best solution. Instep 526, presumably after attempting the procedures ofFIGS. 5 a and 5 b, one of the two devices (shown asdevice 100 but that is not significant) establishescommunications flow 414 with arelay service 416. The relay service is designed just for such situations: it accepts communications from each device and passes them on to the other. It is optimized for low delay and high throughput. The relay service sends to device 100 a session identifier. Instep 528,device 100 invites, via therendezvous service 400,device 112 to use the relay service to communicate with it. The invitation includes the session identifier.Device 112 establishes, in step 532, communications flow 418 with the relay service and gives the relay service the session identifier. With this, the relay service knows to pass communications betweendevices parallel steps devices communications flows - In sum, by proceeding through the procedures of
FIGS. 5 a and 5 b, two computing devices can use a rendezvous service to establish direct, peer-to-peer communications even if either one of the two devices sits behind a communications blocker. If communications blockers prevent both devices from establishing direct communications with the other, then the devices can use a relay service to communicate indirectly with each other, providing the illusion of direct communications. -
FIG. 6 presents a scenario of communications blocking specific to firewalls. As discussed with reference toFIG. 2 , a firewall may be configured to block all communications, based on their addresses and port numbers, that have not been specifically allowed.Computing device 112 attempts to establish communications flow 600 throughfirewall 200 todevice 100, but the firewall is not configured to accept the port number thatdevice 112 is using and so discards the message.FIGS. 7 a, 7 b, and 7 c portray a method thatdevice 112 can use to establish communications in spite of the blocking firewall. In step 700,device 112 attempts to establish communications flow 600 as it normally would, addressing the flow todevice 100 and using a port usually open to communications. For example, port 80 is often open. If the attempt succeeds, thendevices device 112 move to step 702 and again attempts to establishcommunications flow 600. This time, however,device 112 uses a different port number, perhaps one often open on firewalls. Some firewalls open port 443 for encrypted communications, but will allow anything to pass through. If this attempt succeeds, the procedure is complete. Otherwise,device 112 proceeds to step 704 in which it establishescommunications flow 602 with aproxy service 604. The proxy may have privileges beyond those ofdevice 112 and may be able to establish communications flow 606 withdevice 100. In so doing, the proxy may use the port originally attempted by device 112 (e.g., port 80), may use port 443, or may negotiate with the firewall to use another port. This is reflected insteps FIG. 7 b. If the proxy succeeds, then as shown inparallel steps 712 and 714,devices steps 700, 702, 704, and 708:device 112 may attempt these steps in any order. Note that this procedure may be used wheneverdevice 112 is having difficulty establishing direct communications withdevice 100. In particular, it may be useful in conjunction with the procedures ofFIGS. 5 a, 5 b, and 5 c. - The methods of
FIGS. 5 a, 5 b, 5 c, 7 a, 7 b, and 7 c may be implemented in any number of ways. They may be incorporated into network communications drivers running on thecomputing devices - In view of the many possible embodiments to which the principles of this invention may be applied, it should be recognized that the embodiments described herein with respect to the drawing figures are meant to be illustrative only and should not be taken as limiting the scope of the invention. Therefore, the invention as described herein contemplates all such embodiments as may come within the scope of the following claims and equivalents thereof.
Claims (16)
1. A method for a first computing device to establish communications with a second computing device, the method comprising:
sending a first invitation for the second computing device to a rendezvous service;
receiving a failure message from the rendezvous service indicating a failed attempt to establish communications by the second computing device with the first computing device, the failed attempt responsive to the first invitation; and
sending a second invitation for the second computing device to the second computing device.
2. The method of claim 1 further comprising accepting an attempt to establish communications by the second computing device.
3. The method of claim 1 wherein the second invitation is sent to the second computing device using an address, the address including a port number wherein the port number is 443 or 80.
4. The method of claim 1 wherein the second computing device is behind a communications blocker.
5. The method of claim 1 further comprising:
sending a third invitation for the second computing device to a rendezvous service, the third invitation specifying a relay service; and
accepting an attempt to establish communications by the second computing device via the relay service.
6. The method of claim 5 wherein the first computing device is behind a communications blocker and the second computing device is behind a communications blocker.
7. The method of claim 5 wherein the communications passes through a port 80 or a port 443.
8. The method of claim 5 wherein the communications passes through at least a portion of the public Internet.
9. A computer-readable medium whereon is stored computer-executable instructions sufficient to perform a method for a first computing device to establish communications with a second computing device, the method comprising:
sending a first invitation for the second computing device to a rendezvous service;
receiving a failure message from the rendezvous service indicating a failed attempt to establish communications by the second computing device with the first computing device, the failed attempt responsive to the first invitation; and
sending a second invitation for the second computing device to the second computing device.
10. The computer-readable medium of claim 9 , the method further comprising accepting an attempt to establish communications by the second computing device.
11. The computer-readable medium of claim 9 , the method wherein the second invitation is sent to the second computing device using an address, the address including a port number wherein the port number is 443 or 80.
12. The computer-readable medium of claim 9 wherein the second computing device is behind a communications blocker.
13. The computer-readable medium of claim 9 , the method further comprising:
sending a third invitation for the second computing device to a rendezvous service, the third invitation specifying a relay service; and
accepting an attempt to establish communications by the second computing device via the relay service.
14. The computer-readable medium of claim 13 wherein the first computing device is behind a communications blocker and the second computing device is behind a communications blocker.
15. The computer-readable medium of claim 13 wherein the communications passes through a port 80 or a port 443.
16. The computer-readable medium of claim 13 wherein the communications passes through at least a portion of the public Internet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/741,084 US20070195807A1 (en) | 2001-12-17 | 2007-04-27 | Methods and Systems for Establishing Communications Through Firewalls and Network Address Translators |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/024,090 US7227864B2 (en) | 2001-12-17 | 2001-12-17 | Methods and systems for establishing communications through firewalls and network address translators |
US11/741,084 US20070195807A1 (en) | 2001-12-17 | 2007-04-27 | Methods and Systems for Establishing Communications Through Firewalls and Network Address Translators |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/024,090 Continuation US7227864B2 (en) | 2001-12-17 | 2001-12-17 | Methods and systems for establishing communications through firewalls and network address translators |
Publications (1)
Publication Number | Publication Date |
---|---|
US20070195807A1 true US20070195807A1 (en) | 2007-08-23 |
Family
ID=21818816
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/024,090 Expired - Fee Related US7227864B2 (en) | 2001-12-17 | 2001-12-17 | Methods and systems for establishing communications through firewalls and network address translators |
US11/741,084 Abandoned US20070195807A1 (en) | 2001-12-17 | 2007-04-27 | Methods and Systems for Establishing Communications Through Firewalls and Network Address Translators |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/024,090 Expired - Fee Related US7227864B2 (en) | 2001-12-17 | 2001-12-17 | Methods and systems for establishing communications through firewalls and network address translators |
Country Status (1)
Country | Link |
---|---|
US (2) | US7227864B2 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060203749A1 (en) * | 2005-03-09 | 2006-09-14 | Plustek Inc | Multimedia conference system and method which enables communication between private network and Internet |
US20070019631A1 (en) * | 2005-07-21 | 2007-01-25 | Yun-Seok Jang | Apparatus and method for managing data transfer in VoIP gateway |
US20090287829A1 (en) * | 2008-05-14 | 2009-11-19 | Nokia Corporation | Methods, apparatuses, and computer program products for facilitating establishing a communications session |
US20090319674A1 (en) * | 2008-06-24 | 2009-12-24 | Microsoft Corporation | Techniques to manage communications between relay servers |
US20100169442A1 (en) * | 2008-12-31 | 2010-07-01 | Industrial Technology Research Institute | Apparatus and method for providing peer-to-peer proxy service with temporary storage management and traffic load balancing in peer-to-peer communications |
US20100169964A1 (en) * | 2008-12-31 | 2010-07-01 | Industrial Technology Research Institute | Apparatus and method for providing peer-to-peer proxy services in peer-to-peer communications |
KR101058275B1 (en) | 2009-08-12 | 2011-08-22 | 주식회사 엘지유플러스 | Communication terminal and its control method, P2P server system and its control method |
Families Citing this family (127)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2362482A (en) * | 2000-05-15 | 2001-11-21 | Ridgeway Systems & Software Lt | Direct slave addressing to indirect slave addressing |
GB2365256A (en) | 2000-07-28 | 2002-02-13 | Ridgeway Systems & Software Lt | Audio-video telephony with port address translation |
GB2369746A (en) | 2000-11-30 | 2002-06-05 | Ridgeway Systems & Software Lt | Communications system with network address translation |
US7227864B2 (en) * | 2001-12-17 | 2007-06-05 | Microsoft Corporation | Methods and systems for establishing communications through firewalls and network address translators |
US20030126213A1 (en) * | 2002-01-02 | 2003-07-03 | International Business Machines Corporation | Establishing direct instant messaging communication between wireless devices |
US20030221009A1 (en) * | 2002-05-21 | 2003-11-27 | Logitech Europe S.A. | Dual mode peer-to-peer link establishment for instant message video |
US7937471B2 (en) | 2002-06-03 | 2011-05-03 | Inpro Network Facility, Llc | Creating a public identity for an entity on a network |
US20040162637A1 (en) | 2002-07-25 | 2004-08-19 | Yulun Wang | Medical tele-robotic system with a master remote station with an arbitrator |
US8234358B2 (en) * | 2002-08-30 | 2012-07-31 | Inpro Network Facility, Llc | Communicating with an entity inside a private network using an existing connection to initiate communication |
US7756956B2 (en) * | 2002-11-14 | 2010-07-13 | Canon Development Americas, Inc. | Mimic support address resolution |
US7694018B2 (en) * | 2002-11-19 | 2010-04-06 | Hewlett-Packard Development Company, L.P. | Method and system for communication between two devices by editing machine specific information at a proxy server |
WO2004063843A2 (en) | 2003-01-15 | 2004-07-29 | Matsushita Electric Industrial Co., Ltd. | PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATOR (NATs) AT BOTH ENDS |
US7899932B2 (en) * | 2003-01-15 | 2011-03-01 | Panasonic Corporation | Relayed network address translator (NAT) traversal |
FR2853187B1 (en) * | 2003-03-28 | 2006-01-13 | At & T Corp | SYSTEM FOR ALL NETWORK APPLICATION TO OPERATE TRANSPARENTLY THROUGH A NETWORK ADDRESS TRANSLATION DEVICE |
US20040249974A1 (en) * | 2003-03-31 | 2004-12-09 | Alkhatib Hasan S. | Secure virtual address realm |
US7949785B2 (en) * | 2003-03-31 | 2011-05-24 | Inpro Network Facility, Llc | Secure virtual community network system |
US20040249973A1 (en) * | 2003-03-31 | 2004-12-09 | Alkhatib Hasan S. | Group agent |
JP4115354B2 (en) * | 2003-07-04 | 2008-07-09 | 富士フイルム株式会社 | Peer-to-peer communication system |
US7978716B2 (en) | 2003-11-24 | 2011-07-12 | Citrix Systems, Inc. | Systems and methods for providing a VPN solution |
DE10353253A1 (en) * | 2003-11-13 | 2005-06-23 | Endress + Hauser Process Solutions Ag | Method for servicing field devices of process automation technology with a maintenance computer of the device manufacturer |
US7813836B2 (en) | 2003-12-09 | 2010-10-12 | Intouch Technologies, Inc. | Protocol for a remotely controlled videoconferencing robot |
US8156175B2 (en) * | 2004-01-23 | 2012-04-10 | Tiversa Inc. | System and method for searching for specific types of people or information on a peer-to-peer network |
US7761569B2 (en) * | 2004-01-23 | 2010-07-20 | Tiversa, Inc. | Method for monitoring and providing information over a peer to peer network |
US20050229243A1 (en) * | 2004-03-31 | 2005-10-13 | Svendsen Hugh B | Method and system for providing Web browsing through a firewall in a peer to peer network |
US8234414B2 (en) | 2004-03-31 | 2012-07-31 | Qurio Holdings, Inc. | Proxy caching in a photosharing peer-to-peer network to improve guest image viewing performance |
US7757074B2 (en) | 2004-06-30 | 2010-07-13 | Citrix Application Networking, Llc | System and method for establishing a virtual private network |
US8739274B2 (en) | 2004-06-30 | 2014-05-27 | Citrix Systems, Inc. | Method and device for performing integrated caching in a data communication network |
US8495305B2 (en) | 2004-06-30 | 2013-07-23 | Citrix Systems, Inc. | Method and device for performing caching of dynamically generated objects in a data communication network |
US8077963B2 (en) | 2004-07-13 | 2011-12-13 | Yulun Wang | Mobile robot with a head-based movement mapping scheme |
EP1771979B1 (en) | 2004-07-23 | 2011-11-23 | Citrix Systems, Inc. | A method and systems for securing remote access to private networks |
CA2574776A1 (en) | 2004-07-23 | 2006-02-02 | Citrix Systems, Inc. | Systems and methods for optimizing communications between network nodes |
US8990311B2 (en) * | 2004-07-27 | 2015-03-24 | International Business Machines Corporation | Enhanced instant message connectivity |
JP2008510232A (en) | 2004-08-13 | 2008-04-03 | サイトリックス システムズ, インコーポレイテッド | How to maintain process consistency across multiple remote access servers |
US7502806B2 (en) * | 2004-08-23 | 2009-03-10 | Quiro Holdings, Inc. | Method and system for providing image rich web pages from a computer system over a network |
US7719971B1 (en) | 2004-09-15 | 2010-05-18 | Qurio Holdings, Inc. | Peer proxy binding |
JP4480535B2 (en) * | 2004-09-30 | 2010-06-16 | 株式会社アドイン研究所 | Tunnel device, relay device, terminal device, call control system, IP telephone system, conference device, control method and program thereof |
US7734799B1 (en) * | 2004-11-15 | 2010-06-08 | LogMeln, Inc. | Method and system for performing a server-assisted file transfer |
US7698386B2 (en) * | 2004-11-16 | 2010-04-13 | Qurio Holdings, Inc. | Serving content from an off-line peer server in a photosharing peer-to-peer network in response to a guest request |
US7558862B1 (en) * | 2004-12-09 | 2009-07-07 | LogMeln, Inc. | Method and apparatus for remotely controlling a computer with peer-to-peer command and data transfer |
US8700695B2 (en) | 2004-12-30 | 2014-04-15 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP pooling |
US8706877B2 (en) | 2004-12-30 | 2014-04-22 | Citrix Systems, Inc. | Systems and methods for providing client-side dynamic redirection to bypass an intermediary |
US8549149B2 (en) | 2004-12-30 | 2013-10-01 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing |
US8954595B2 (en) | 2004-12-30 | 2015-02-10 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP buffering |
US7810089B2 (en) | 2004-12-30 | 2010-10-05 | Citrix Systems, Inc. | Systems and methods for automatic installation and execution of a client-side acceleration program |
US8255456B2 (en) | 2005-12-30 | 2012-08-28 | Citrix Systems, Inc. | System and method for performing flash caching of dynamically generated objects in a data communication network |
CN102104632B (en) | 2005-01-24 | 2012-08-22 | 茨特里克斯系统公司 | Systems and methods for performing caching of dynamically generated objects in a network |
US8589514B2 (en) * | 2005-05-20 | 2013-11-19 | Qualcomm Incorporated | Methods and apparatus for providing peer-to-peer data networking for wireless devices |
US8190773B2 (en) * | 2005-06-03 | 2012-05-29 | Nokia Corporation | System and method for accessing a web server on a device with a dynamic IP-address residing behind a firewall |
US7627681B2 (en) * | 2005-07-20 | 2009-12-01 | Microsoft Corporation | Relaying messages through a firewall |
US8688801B2 (en) | 2005-07-25 | 2014-04-01 | Qurio Holdings, Inc. | Syndication feeds for peer computer devices and peer networks |
US20070073878A1 (en) * | 2005-09-23 | 2007-03-29 | Qurio Holdings, Inc. | System and method for lowering proxy bandwidth utilization |
US9198728B2 (en) | 2005-09-30 | 2015-12-01 | Intouch Technologies, Inc. | Multi-camera mobile teleconferencing platform |
US8005889B1 (en) | 2005-11-16 | 2011-08-23 | Qurio Holdings, Inc. | Systems, methods, and computer program products for synchronizing files in a photosharing peer-to-peer network |
US8788572B1 (en) | 2005-12-27 | 2014-07-22 | Qurio Holdings, Inc. | Caching proxy server for a peer-to-peer photosharing system |
US8296437B2 (en) * | 2005-12-29 | 2012-10-23 | Logmein, Inc. | Server-mediated setup and maintenance of peer-to-peer client computer communications |
US7921184B2 (en) | 2005-12-30 | 2011-04-05 | Citrix Systems, Inc. | System and method for performing flash crowd caching of dynamically generated objects in a data communication network |
US8301839B2 (en) | 2005-12-30 | 2012-10-30 | Citrix Systems, Inc. | System and method for performing granular invalidation of cached dynamically generated objects in a data communication network |
US7746374B2 (en) * | 2006-01-25 | 2010-06-29 | Seiko Epson Corporation | Videoconference data relay server |
US7764701B1 (en) | 2006-02-22 | 2010-07-27 | Qurio Holdings, Inc. | Methods, systems, and products for classifying peer systems |
US7779004B1 (en) | 2006-02-22 | 2010-08-17 | Qurio Holdings, Inc. | Methods, systems, and products for characterizing target systems |
US9021134B1 (en) * | 2006-03-03 | 2015-04-28 | Juniper Networks, Inc. | Media stream transport conversion within an intermediate network device |
EP1858226B1 (en) * | 2006-05-19 | 2010-09-22 | Microsoft Corporation | Content management in peer-to-peer content distribution clouds |
KR100728924B1 (en) * | 2006-06-05 | 2007-06-15 | 삼성전자주식회사 | Front-end device connected network system, communication method thereof on the network system and management system for network devices |
US20070285501A1 (en) * | 2006-06-09 | 2007-12-13 | Wai Yim | Videoconference System Clustering |
US8849679B2 (en) | 2006-06-15 | 2014-09-30 | Intouch Technologies, Inc. | Remote controlled robot system that provides medical images |
US7730414B2 (en) * | 2006-06-30 | 2010-06-01 | Sony Ericsson Mobile Communications Ab | Graphical display |
US7873988B1 (en) | 2006-09-06 | 2011-01-18 | Qurio Holdings, Inc. | System and method for rights propagation and license management in conjunction with distribution of digital content in a social network |
US7801971B1 (en) | 2006-09-26 | 2010-09-21 | Qurio Holdings, Inc. | Systems and methods for discovering, creating, using, and managing social network circuits |
US7925592B1 (en) | 2006-09-27 | 2011-04-12 | Qurio Holdings, Inc. | System and method of using a proxy server to manage lazy content distribution in a social network |
US8554827B2 (en) | 2006-09-29 | 2013-10-08 | Qurio Holdings, Inc. | Virtual peer for a content sharing system |
US7782866B1 (en) | 2006-09-29 | 2010-08-24 | Qurio Holdings, Inc. | Virtual peer in a peer-to-peer network |
EP2082326A4 (en) | 2006-11-07 | 2012-02-15 | Tiversa Inc | System and method for enhanced experience with a peer to peer network |
GB2443889A (en) | 2006-11-20 | 2008-05-21 | Skype Ltd | Method and system for anonymous communication |
GB0623622D0 (en) * | 2006-11-27 | 2007-01-03 | Skype Ltd | Communication system |
GB0623621D0 (en) * | 2006-11-27 | 2007-01-03 | Skype Ltd | Communication system |
US7886334B1 (en) * | 2006-12-11 | 2011-02-08 | Qurio Holdings, Inc. | System and method for social network trust assessment |
US7730216B1 (en) | 2006-12-14 | 2010-06-01 | Qurio Holdings, Inc. | System and method of sharing content among multiple social network nodes using an aggregation node |
JP5174888B2 (en) * | 2007-04-12 | 2013-04-03 | タイヴァーサ・インコーポレーテッド | System and method for creating shared information list of peer-to-peer network related applications |
US9160783B2 (en) * | 2007-05-09 | 2015-10-13 | Intouch Technologies, Inc. | Robot system that operates through a network firewall |
TW200847711A (en) * | 2007-05-31 | 2008-12-01 | Wistron Corp | Method and related system for building up a network connection between clients and servers through a stream fork by utilizing http protocol |
JP5539863B2 (en) * | 2007-06-11 | 2014-07-02 | タイヴァーサ・インコーポレーテッド | System and method for advertising on a P2P network |
US9838365B2 (en) * | 2007-07-10 | 2017-12-05 | Qualcomm Incorporated | Peer to peer identifiers |
JP2009089183A (en) * | 2007-10-01 | 2009-04-23 | Brother Ind Ltd | Information processing device and information processing program |
US7945680B2 (en) * | 2007-10-30 | 2011-05-17 | Motorola Solutions, Inc. | Method and apparatus for peer to peer link establishment over a network |
US10875182B2 (en) | 2008-03-20 | 2020-12-29 | Teladoc Health, Inc. | Remote presence system mounted to operating room hardware |
US8179418B2 (en) | 2008-04-14 | 2012-05-15 | Intouch Technologies, Inc. | Robotic based health care system |
US8170241B2 (en) | 2008-04-17 | 2012-05-01 | Intouch Technologies, Inc. | Mobile tele-presence system with a microphone system |
US9193065B2 (en) | 2008-07-10 | 2015-11-24 | Intouch Technologies, Inc. | Docking system for a tele-presence robot |
US9842192B2 (en) | 2008-07-11 | 2017-12-12 | Intouch Technologies, Inc. | Tele-presence robot system with multi-cast features |
US8340819B2 (en) | 2008-09-18 | 2012-12-25 | Intouch Technologies, Inc. | Mobile videoconferencing robot system with network adaptive driving |
US8996165B2 (en) | 2008-10-21 | 2015-03-31 | Intouch Technologies, Inc. | Telepresence robot with a camera boom |
US8463435B2 (en) | 2008-11-25 | 2013-06-11 | Intouch Technologies, Inc. | Server connectivity control for tele-presence robot |
US9138891B2 (en) | 2008-11-25 | 2015-09-22 | Intouch Technologies, Inc. | Server connectivity control for tele-presence robot |
US7962627B2 (en) * | 2008-12-04 | 2011-06-14 | Microsoft Corporation | Peer-to-peer network address translator (NAT) traversal techniques |
US8849680B2 (en) | 2009-01-29 | 2014-09-30 | Intouch Technologies, Inc. | Documentation through a remote presence robot |
US8897920B2 (en) | 2009-04-17 | 2014-11-25 | Intouch Technologies, Inc. | Tele-presence robot system with software modularity, projector and laser pointer |
US8384755B2 (en) | 2009-08-26 | 2013-02-26 | Intouch Technologies, Inc. | Portable remote presence robot |
US11399153B2 (en) | 2009-08-26 | 2022-07-26 | Teladoc Health, Inc. | Portable telepresence apparatus |
US11154981B2 (en) | 2010-02-04 | 2021-10-26 | Teladoc Health, Inc. | Robot user interface for telepresence robot system |
US8670017B2 (en) | 2010-03-04 | 2014-03-11 | Intouch Technologies, Inc. | Remote presence system including a cart that supports a robot face and an overhead camera |
US8412833B2 (en) | 2010-04-07 | 2013-04-02 | Apple Inc. | Apparatus and method for inviting users to online sessions |
US8769278B2 (en) | 2010-04-07 | 2014-07-01 | Apple Inc. | Apparatus and method for efficiently and securely exchanging connection data |
US10343283B2 (en) | 2010-05-24 | 2019-07-09 | Intouch Technologies, Inc. | Telepresence robot system that can be accessed by a cellular phone |
US10808882B2 (en) | 2010-05-26 | 2020-10-20 | Intouch Technologies, Inc. | Tele-robotic system with a robot face placed on a chair |
US8539028B2 (en) | 2010-11-05 | 2013-09-17 | Logmein, Inc. | Network-based quick connect meeting service |
US9264664B2 (en) | 2010-12-03 | 2016-02-16 | Intouch Technologies, Inc. | Systems and methods for dynamic bandwidth allocation |
WO2012092670A1 (en) | 2011-01-06 | 2012-07-12 | Research In Motion Limited | System and method for enabling a peer-to-peer (p2p) connection |
KR20140040094A (en) | 2011-01-28 | 2014-04-02 | 인터치 테크놀로지스 인코퍼레이티드 | Interfacing with a mobile telepresence robot |
US9323250B2 (en) | 2011-01-28 | 2016-04-26 | Intouch Technologies, Inc. | Time-dependent navigation of telepresence robots |
EP2509265B1 (en) * | 2011-04-08 | 2013-12-04 | Siemens Aktiengesellschaft | Access protection device for an automation network |
US10769739B2 (en) | 2011-04-25 | 2020-09-08 | Intouch Technologies, Inc. | Systems and methods for management of information among medical providers and facilities |
US20140139616A1 (en) | 2012-01-27 | 2014-05-22 | Intouch Technologies, Inc. | Enhanced Diagnostics for a Telepresence Robot |
US9098611B2 (en) | 2012-11-26 | 2015-08-04 | Intouch Technologies, Inc. | Enhanced video interaction for a user interface of a telepresence network |
US8836751B2 (en) | 2011-11-08 | 2014-09-16 | Intouch Technologies, Inc. | Tele-presence system with a user interface that displays different communication links |
CN103227746B (en) * | 2012-01-31 | 2018-03-27 | 珠海德百祺科技有限公司 | Data communications method and system |
US9251313B2 (en) | 2012-04-11 | 2016-02-02 | Intouch Technologies, Inc. | Systems and methods for visualizing and managing telepresence devices in healthcare networks |
US8902278B2 (en) | 2012-04-11 | 2014-12-02 | Intouch Technologies, Inc. | Systems and methods for visualizing and managing telepresence devices in healthcare networks |
EP2852881A4 (en) | 2012-05-22 | 2016-03-23 | Intouch Technologies Inc | Graphical user interfaces including touchpad driving interfaces for telemedicine devices |
US9361021B2 (en) | 2012-05-22 | 2016-06-07 | Irobot Corporation | Graphical user interfaces including touchpad driving interfaces for telemedicine devices |
US10542082B2 (en) * | 2015-01-29 | 2020-01-21 | Ntt Communications Corporation | Communication control apparatus, communication control method and communication control program |
CN106302846B (en) * | 2015-06-12 | 2019-05-28 | 华为技术有限公司 | A kind of communication connection method for building up and device, system |
CN107105014A (en) * | 2017-03-30 | 2017-08-29 | 联想(北京)有限公司 | Communication means and the first equipment and the second equipment |
US11862302B2 (en) | 2017-04-24 | 2024-01-02 | Teladoc Health, Inc. | Automated transcription and documentation of tele-health encounters |
US10483007B2 (en) | 2017-07-25 | 2019-11-19 | Intouch Technologies, Inc. | Modular telehealth cart with thermal imaging and touch screen user interface |
US11636944B2 (en) | 2017-08-25 | 2023-04-25 | Teladoc Health, Inc. | Connectivity infrastructure for a telehealth platform |
US10617299B2 (en) | 2018-04-27 | 2020-04-14 | Intouch Technologies, Inc. | Telehealth cart that supports a removable tablet with seamless audio/video switching |
US11516262B2 (en) * | 2020-12-15 | 2022-11-29 | Dish Network Technologies India Private Limited | Methods and systems for proxy relay implementation for client-server connections over wide area network |
Citations (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6018619A (en) * | 1996-05-24 | 2000-01-25 | Microsoft Corporation | Method, system and apparatus for client-side usage tracking of information server systems |
US6094485A (en) * | 1997-09-18 | 2000-07-25 | Netscape Communications Corporation | SSL step-up |
US6182228B1 (en) * | 1998-08-17 | 2001-01-30 | International Business Machines Corporation | System and method for very fast IP packet filtering |
US6266707B1 (en) * | 1998-08-17 | 2001-07-24 | International Business Machines Corporation | System and method for IP network address translation and IP filtering with dynamic address resolution |
US6330562B1 (en) * | 1999-01-29 | 2001-12-11 | International Business Machines Corporation | System and method for managing security objects |
US6397253B1 (en) * | 1998-10-06 | 2002-05-28 | Bull Hn Information Systems Inc. | Method and system for providing high performance Web browser and server communications |
US20020184533A1 (en) * | 2001-05-30 | 2002-12-05 | Fox Paul D. | System and method for providing network security policy enforcement |
US20030018912A1 (en) * | 2001-07-18 | 2003-01-23 | Boyle Steven C. | Null-packet transmission from inside a firewall to open a communication window for an outside transmitter |
US6615357B1 (en) * | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
US6785713B1 (en) * | 2000-05-08 | 2004-08-31 | Citrix Systems, Inc. | Method and apparatus for communicating among a network of servers utilizing a transport mechanism |
US6785726B1 (en) * | 2000-05-08 | 2004-08-31 | Citrix Systems, Inc. | Method and apparatus for delivering local and remote server events in a similar fashion |
US6789112B1 (en) * | 2000-05-08 | 2004-09-07 | Citrix Systems, Inc. | Method and apparatus for administering a server having a subsystem in communication with an event channel |
US6922724B1 (en) * | 2000-05-08 | 2005-07-26 | Citrix Systems, Inc. | Method and apparatus for managing server load |
US6928076B2 (en) * | 2000-09-22 | 2005-08-09 | Intel Corporation | System and method for controlling signal processing in a voice over packet (VoP) environment |
US6957212B2 (en) * | 2001-04-24 | 2005-10-18 | Innopath Software, Inc. | Apparatus and methods for intelligently caching applications and data on a gateway |
US7003574B1 (en) * | 2000-11-01 | 2006-02-21 | Microsoft Corporation | Session load balancing and use of VIP as source address for inter-cluster traffic through the use of a session identifier |
US7006460B1 (en) * | 1999-02-19 | 2006-02-28 | Robert Bosch Gmbh | Method for the connection-oriented transmission of data packets |
US7154863B2 (en) * | 1997-10-21 | 2006-12-26 | Intel Corporation | Apparatus and method for computer telephone integration in packet switched telephone networks |
US7227864B2 (en) * | 2001-12-17 | 2007-06-05 | Microsoft Corporation | Methods and systems for establishing communications through firewalls and network address translators |
US7260060B1 (en) * | 1997-06-07 | 2007-08-21 | Nortel Networks Limited | Call admission control |
US7281043B1 (en) * | 2001-05-31 | 2007-10-09 | Cisco Technology, Inc. | System for sharing resources among RSVP sessions |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100317443B1 (en) * | 1996-04-24 | 2002-01-16 | 블레이어 에프.모리슨 | Internet protocol filter |
USH2065H1 (en) * | 1998-12-28 | 2003-05-06 | Multi-Tech Systems, Inc. | Proxy server |
US6484257B1 (en) * | 1999-02-27 | 2002-11-19 | Alonzo Ellis | System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment |
-
2001
- 2001-12-17 US US10/024,090 patent/US7227864B2/en not_active Expired - Fee Related
-
2007
- 2007-04-27 US US11/741,084 patent/US20070195807A1/en not_active Abandoned
Patent Citations (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6018619A (en) * | 1996-05-24 | 2000-01-25 | Microsoft Corporation | Method, system and apparatus for client-side usage tracking of information server systems |
US7260060B1 (en) * | 1997-06-07 | 2007-08-21 | Nortel Networks Limited | Call admission control |
US6094485A (en) * | 1997-09-18 | 2000-07-25 | Netscape Communications Corporation | SSL step-up |
US7154863B2 (en) * | 1997-10-21 | 2006-12-26 | Intel Corporation | Apparatus and method for computer telephone integration in packet switched telephone networks |
US6182228B1 (en) * | 1998-08-17 | 2001-01-30 | International Business Machines Corporation | System and method for very fast IP packet filtering |
US6266707B1 (en) * | 1998-08-17 | 2001-07-24 | International Business Machines Corporation | System and method for IP network address translation and IP filtering with dynamic address resolution |
US6301669B2 (en) * | 1998-08-17 | 2001-10-09 | International Business Machines Corporation | System and method for very fast IP packet filtering |
US6397253B1 (en) * | 1998-10-06 | 2002-05-28 | Bull Hn Information Systems Inc. | Method and system for providing high performance Web browser and server communications |
US6330562B1 (en) * | 1999-01-29 | 2001-12-11 | International Business Machines Corporation | System and method for managing security objects |
US6615357B1 (en) * | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
US7006460B1 (en) * | 1999-02-19 | 2006-02-28 | Robert Bosch Gmbh | Method for the connection-oriented transmission of data packets |
US6789112B1 (en) * | 2000-05-08 | 2004-09-07 | Citrix Systems, Inc. | Method and apparatus for administering a server having a subsystem in communication with an event channel |
US6785726B1 (en) * | 2000-05-08 | 2004-08-31 | Citrix Systems, Inc. | Method and apparatus for delivering local and remote server events in a similar fashion |
US6807580B2 (en) * | 2000-05-08 | 2004-10-19 | Citrix Systems, Inc. | Method and apparatus for communicating among a network of servers |
US6826606B2 (en) * | 2000-05-08 | 2004-11-30 | Citrix Systems, Inc. | Method and apparatus for communicating among a network of servers |
US6922724B1 (en) * | 2000-05-08 | 2005-07-26 | Citrix Systems, Inc. | Method and apparatus for managing server load |
US6785713B1 (en) * | 2000-05-08 | 2004-08-31 | Citrix Systems, Inc. | Method and apparatus for communicating among a network of servers utilizing a transport mechanism |
US6928076B2 (en) * | 2000-09-22 | 2005-08-09 | Intel Corporation | System and method for controlling signal processing in a voice over packet (VoP) environment |
US7003574B1 (en) * | 2000-11-01 | 2006-02-21 | Microsoft Corporation | Session load balancing and use of VIP as source address for inter-cluster traffic through the use of a session identifier |
US6957212B2 (en) * | 2001-04-24 | 2005-10-18 | Innopath Software, Inc. | Apparatus and methods for intelligently caching applications and data on a gateway |
US20020184533A1 (en) * | 2001-05-30 | 2002-12-05 | Fox Paul D. | System and method for providing network security policy enforcement |
US7281043B1 (en) * | 2001-05-31 | 2007-10-09 | Cisco Technology, Inc. | System for sharing resources among RSVP sessions |
US20030018912A1 (en) * | 2001-07-18 | 2003-01-23 | Boyle Steven C. | Null-packet transmission from inside a firewall to open a communication window for an outside transmitter |
US7227864B2 (en) * | 2001-12-17 | 2007-06-05 | Microsoft Corporation | Methods and systems for establishing communications through firewalls and network address translators |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060203749A1 (en) * | 2005-03-09 | 2006-09-14 | Plustek Inc | Multimedia conference system and method which enables communication between private network and Internet |
US8767590B2 (en) * | 2005-03-09 | 2014-07-01 | Plustek Inc. | Multimedia conference system and method which enables communication between private network and internet |
US20070019631A1 (en) * | 2005-07-21 | 2007-01-25 | Yun-Seok Jang | Apparatus and method for managing data transfer in VoIP gateway |
US8340089B2 (en) * | 2005-07-21 | 2012-12-25 | Samsung Electronics Co., Ltd. | Apparatus and method for managing data transfer in VoIP gateway |
US20090287829A1 (en) * | 2008-05-14 | 2009-11-19 | Nokia Corporation | Methods, apparatuses, and computer program products for facilitating establishing a communications session |
US8239550B2 (en) * | 2008-05-14 | 2012-08-07 | Nokia Corporation | Methods, apparatuses, and computer program products for facilitating establishing a communications session |
US20090319674A1 (en) * | 2008-06-24 | 2009-12-24 | Microsoft Corporation | Techniques to manage communications between relay servers |
US20100169442A1 (en) * | 2008-12-31 | 2010-07-01 | Industrial Technology Research Institute | Apparatus and method for providing peer-to-peer proxy service with temporary storage management and traffic load balancing in peer-to-peer communications |
US20100169964A1 (en) * | 2008-12-31 | 2010-07-01 | Industrial Technology Research Institute | Apparatus and method for providing peer-to-peer proxy services in peer-to-peer communications |
US8032583B2 (en) * | 2008-12-31 | 2011-10-04 | Industrial Technology Research Institute | Apparatus and method for providing peer-to-peer proxy services in peer-to-peer communications |
KR101058275B1 (en) | 2009-08-12 | 2011-08-22 | 주식회사 엘지유플러스 | Communication terminal and its control method, P2P server system and its control method |
Also Published As
Publication number | Publication date |
---|---|
US7227864B2 (en) | 2007-06-05 |
US20030112823A1 (en) | 2003-06-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7227864B2 (en) | Methods and systems for establishing communications through firewalls and network address translators | |
US7907525B2 (en) | Method of communicating packet multimedia to restricted endpoints | |
Holdrege et al. | Protocol complications with the IP network address translator | |
US8611354B2 (en) | Method and apparatus for relaying packets | |
US20030055978A1 (en) | Methods and systems for enabling outside-initiated traffic flows through a network address translator | |
US7272650B2 (en) | Communication protocols operable through network address translation (NAT) type devices | |
JP4634077B2 (en) | Transport system for instant messaging | |
US8612592B2 (en) | Protected device initiated pinhole creation to allow access to the protected device in response to a domain name system (DNS) query | |
JP5114622B2 (en) | Communication system for traversing firewall and network address translation (NAT) devices | |
US7639668B2 (en) | Method for securing RTS communications across middleboxes | |
US20090157887A1 (en) | Control for the interface for sending an SIP reply message | |
US20050125532A1 (en) | Traversing firewalls and nats | |
US20060168321A1 (en) | System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols | |
US20050033985A1 (en) | Firewall penetration system and method for real time media communications | |
US20040139228A1 (en) | Peer-to-peer (P2P) connection despite network address translators (NATs) at both ends | |
US20020133549A1 (en) | Generic external proxy | |
US20030033418A1 (en) | Method of implementing and configuring an MGCP application layer gateway | |
US20020042832A1 (en) | System and method for interoperability of H.323 video conferences with network address translation | |
US8978126B2 (en) | Method and system for TCP turn operation behind a restrictive firewall | |
US20160219129A1 (en) | Mechanisms for Transparently Converting Client-Server Software Agents to Peer-to-Peer Software Agents | |
US20060053485A1 (en) | Network connection through NAT routers and firewall devices | |
WO2007019809A1 (en) | A method and ststem for establishing a direct p2p channel | |
WO2002071717A2 (en) | Traversing firewalls and nats | |
CA2884382C (en) | Method and system for tcp turn operation behind a restrictive firewall | |
Paulsamy et al. | Network convergence and the NAT/Firewall problems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034766/0001 Effective date: 20141014 |