USH2065H1 - Proxy server - Google Patents

Proxy server Download PDF

Info

Publication number
USH2065H1
USH2065H1 US09/221,742 US22174298A USH2065H US H2065 H1 USH2065 H1 US H2065H1 US 22174298 A US22174298 A US 22174298A US H2065 H USH2065 H US H2065H
Authority
US
United States
Prior art keywords
local
proxy server
port
outgoing
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/221,742
Inventor
Kevin Hong
Vidyasagaran Parameswaran Nair
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Multi Tech Systems Inc
Original Assignee
Multi Tech Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Multi Tech Systems Inc filed Critical Multi Tech Systems Inc
Priority to US09/221,742 priority Critical patent/USH2065H1/en
Assigned to MULTI-TECH SYSTEMS, INC. reassignment MULTI-TECH SYSTEMS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NAIR, VIDYASAGARAN PARAMESWARAN, HONG, KEVIN
Application granted granted Critical
Publication of USH2065H1 publication Critical patent/USH2065H1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1008Server selection for load balancing based on parameters of servers, e.g. available memory or workload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/163Interprocessor communication
    • G06F15/173Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Abstract

A proxy server shares a plurality of modems connected to a wide area network among multiple client computers connected to a local area network. Each of the client computers on the local area network is assigned a local address while each of the plurality of modems is assigned a modem port address valid on the wide area network. In one embodiment, a processor controls address substitution allowing multiple client computers to share modems when communicating to host computers in a wide area network. The processor creates a descriptor list to keep track of the connections between the client computer and host computers on the wide area network and uses the descriptor list to determine to which client computer an incoming data packet should be sent. The processor also creates a proxied application list to determine if an outgoing data packet, received from one of the client computers, is one to be proxied through the proxy server.

Description

COPYRIGHT NOTICE/PERMISSION
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. The following notice applies to the software and data as described below and in the drawing hereto: Copyright © 1997, Multi-Tech Systems, Inc., All Rights Reserved.
FIELD OF THE INVENTION
The present invention is related to network servers and in particular to a proxy server.
BACKGROUND OF THE INVENTION
Traditionally, connecting networked computers to the Internet required establishing a dial-up connection for each network computer, or a dedicated line or frame relay connection shared by all network computers. Individual dial-up connections optimize bandwidth and connection time while a dedicated connection provides the easy extension of Internet resources to newly added network computers. Each approach has major drawbacks, however.
Each networked computer using an individual dial-up connection requires an unique account with an Internet Service Provider (ISP), its own phone line, and a modem, in addition to the hardware necessary to connect the computer to the network. The cost of the modems, phone lines, and ISP accounts quickly becomes prohibitive in a small to medium sized network.
A dedicated connection eliminates the cost burdens of individual dial-up connections since the dedicated connection utilizes the hardware necessary to connect the computer to the network. The drawbacks to a dedicated connection are the cost of the dedicated connection, the cost of the equipment necessary to connect the network to the dedicated connection, and the additional overhead associated with managing the network and securing the network from unauthorized, external access.
Therefore, there is a need to connect network computers to the Internet without incurring the cost burdens associated with either individual dial-up accounts or a dedicated connection while incorporating the benefits of both approaches.
SUMMARY OF THE INVENTION
A proxy server shares a plurality of modems connected to a wide area network among multiple client computers connected to a local area network. The proxy server comprises the plurality of modems, a local port connected to the local area network, and a processor connected to the local port and to the modems. Each of the client computers on the local area network is assigned a local address while each of the modems is assigned a modem port address. The local port receives outgoing local packets destined for the wide area network from the client computers and sends incoming local packets from the wide area network to the client computers. The modems transmit outgoing remote packets and receive incoming remote packets to and from the wide area network. When the processor receives an outgoing local packet from one of the client computers through the local port, the processor selects one of the modems and substitutes the modem port address of the selected modem for the local address of the client computer in the outgoing local packet to create an outgoing remote packet. The processor transmits the outgoing remote packet to the selected modem for transmission to the wide area network. When the processor receives an incoming remote packet from a modem, the processor determines a destination client computer for the incoming remote packet, and substitutes the local address of the destination client computer for the modem port address of the modem in the incoming remote packet to create an incoming local packet. The processor transmits the incoming local packet to the destination client computer through the local port. The processor creates a descriptor list to keep track of the connections between the client computer and host computers on the wide area network and uses the descriptor list to determine to which client computer an incoming remote packet should be sent. The processor also creates a proxied application list to determine if an outgoing local packet is one to be proxied through the proxy server.
The structure of the descriptor list and the proxied application list are described in detail as are the processes performed by proxy server software which causes the processor to perform as summarized above. Additionally, various algorithms used to select a modem are also described.
Because the proxy server shares multiple modems among the computer of a local area network, the number of phone lines, modems, and ISP accounts are greatly reduced while maintaining the benefits of using only the amount of bandwidth needed at one time associated with dial-up Internet accounts. Furthermore, the proxy server allows easy connections of new client computers to the Internet but without the overhead associated with a dedicated connection. Additionally, because the proxy server translates between non-registered local area network addresses and valid Internet addresses, the local area network is secured against unauthorized, external access.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1A is a block diagram of one embodiment of a proxy server of the present invention.
FIG. 1B is a block diagram of communications flow in the proxy server shown in FIG. 1A.
FIG. 2 is diagram of one embodiment of a packet header used by the proxy server of FIG. 1A.
FIG. 3 is a diagram of one embodiment of a proxied application list used by the proxy server of FIG. 1A.
FIG. 4 is a diagram of one embodiment of a descriptor list used by the proxy server of FIG. 1A.
FIG. 5A is a flow chart of processes performed by the proxy server of FIG. 1A in response to receiving an outgoing packet.
FIG. 5B is a flow chart of processes performed by the proxy server of FIG. 1A in response to receiving an incoming packet.
FIG. 5C is a flow chart of process performed by the proxy server of FIG. 1A to select a port for outgoing packets.
FIG. 6 is a diagram of one embodiment of a status list used by the proxy server of FIG. 1A.
DESCRIPTION OF THE EMBODIMENTS
In the following detailed description of the embodiments, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that structural, logical and electrical changes may be made without departing from the spirit and scope of the present inventions. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present inventions is defined only by the appended claims.
The leading digit(s) of reference numbers appearing in the Figures corresponds to the Figure number, with the exception that the same reference number is used throughout to refer to an identical component which appears in multiple Figures. Signals and connections may be referred to by the same reference number or label, and the actual meaning will be clear from its use in the context of the description.
An overview of one embodiment of the proxy server hardware and software is first described in reference to FIGS. 1A and 1B. The particular methods performed by an exemplary embodiment of the proxy server software are next described in detail by reference to data structure diagrams in FIGS. 2, 3 and 4, and a series of flowcharts shown in FIGS. 5x. The methods to be performed by the proxy server software constitute computer programs made up of computer-executable instructions. Describing the methods by reference to a flowchart enables one skilled in the art to develop such programs including such instructions to carry out the methods on suitable computerized servers (the processor of the server executing the instructions from computer-readable media).
Proxy Sever Overview
The embodiment of the proxy server 100 shown in FIG. 1A has a local area network (LAN) port 101, three modems 103, 104, 105 serving as wide area network (WAN) ports, a command port 107, a microprocessor 109, and memory 111. The LAN (local) port 101 connects the proxy server 100 to a local area network 121 of client computers 121, 122, 123. The modems 103-105 connect the proxy server 100 to the Internet 131 through an Internet Service Provider (ISP). The ISP assigns a valid Internet address (modem port address) to each WAN port 103-105. Proxy server software 113 (shown in FIG. 1B) executing in the microprocessor 109 manages the transfer of data packets between the client computers on the LAN 121 and host computers 133, 134, 135 on the Internet 131. The command port 107 is used to configure the proxy server through a non-network computer 141.
In an alternate embodiment, one of the WAN ports 103-105 serves as a dial-in connection so that a remote computer can connect to the proxy server 100 without being connected to the Internet. In yet another embodiment, one of the WAN ports 103-105 alternates between a dial-in connection and an ISP connection depending on predetermined parameters such as time of day and/or communication traffic.
Further alternate embodiments having more or fewer than three modems are contemplated as within the scope of the invention and the applicability of the following descriptions to such alternate embodiments will be readily apparent to one of skill in the art.
FIG. 1B illustrates a single client computer 123 on the LAN 121 connected to a host computer 133 on the Internet 121 through the WAN port 103 on the proxy server 493 100. The following descriptions are also applicable to the alternate embodiments in which the WAN port 103 serves as a dial-in connection.
When a user invokes an Internet application 125 on the client computer 123, the application 125 sends a data stream 126 to a corresponding communications protocol stack 127 on the client computer 123. For example, data streams from a World Wide Web browser or a FTP/TFTP (File Transport Protocol/Trivial File Transport Protocol) session are directed to a TCP/IP stack. The protocol stack 127 creates outgoing LAN (local) packets 128 from the data and places the LAN packets 128 on the LAN 121 for routing to their destination.
The proxy server 100 receives the LAN packets 128 on the LAN port 101 and the proxy server software 113 determines if the data in each LAN packet 128 is to be transferred to the Internet (“proxied”). Packets which are not to be proxied are discarded. Because the client computer 123 is assigned a unique LAN address which is not a valid Internet address, the proxy server 100 must translate between the LAN address of the client computer 123 and the valid Internet address of the WAN port 103 for outgoing local packets which will be proxied. After converting the outgoing LAN packet 128 to an outgoing Internet (WAN) packet 137, the proxy server software transfers the outgoing Internet (remote) packet 137 to the Internet using modem (WAN port) 103 for delivery to the host computer 133. The proxy server software 113 performs the reverse process when it receives an incoming Internet packet through WAN port 103 to create an incoming LAN packet for transmission to the appropriate client computer.
The proxy server software supports multilink operation if the ISP supports a suitable protocol such as ML-PPP (Multi Link Point to Point Protocol). The goal of multilink operation (“channel bonding”) is to coordinate multiple independent communications links between a pair of systems, thus providing a virtual link with greater bandwidth than any of the constituent members. ML-PPP protocol is used to split, recombine and sequence datagrams across the multiple logical data links to bond the multiple links into a single data transmission channel.
The processes performed by the proxy server software 113 and supporting data structures are described next.
Proxy Server Software
The proxy server software 311 of FIG. 1B is next described in the general context of computer-executable instructions, such as program modules, being executed by the microprocessor 109 of proxy server 100 as shown in FIG. 1A. Although no particular structure or arrangement of program modules is required by the invention, generally the program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
Each packet 200 received by the proxy server software from either the LAN 121 or the Internet 131 contains a header 201 that specifies addresses for the source 203 and destination 205 computers, and an application port, or service, number 207, 209 for the source and destination applications that will service the data in the packet. The header 201 also contains the transport protocol 211 used to transfer the packet, such as TCP (Transmission Control Protocol) for a browser or UDP (User Datagram Protocol) for FTP/TFTP. Headers for packets containing systems messages delivered between the client and source computers using the Internet Control Messaging Protocol (ICMP) do not contain source and destination port numbers as the messages are independent of any particular application.
For an outgoing TCP/IP LAN packet, the source of a packet is uniquely identified by the LAN address 203 for the originating, source, client computer, such as computer 123 in FIG. 1B, and the application source port number 207 for the application that created the packet. The destination for an outgoing TCP/UDP LAN packet is uniquely identified by an Internet destination address 205 for a host computer on the Internet, such as host computer 133 in FIG. 1B, and a application destination port number 209 on the host computer. The destination address 205, destination port number 209, LAN address 203, and source port number 207 together identify a particular application connection between the client and host computers. Similarly, the source of an ICMP LAN packet is the LAN address of the client computer, the destination is the Internet address of the host computer, and the ICMP connection is identified by the destination address and the LAN address.
The proxy server software maintains three data structures: a proxied application list 300, a descriptor list 400 of open connections, and a status list 600. Although the data structures are described as lists, one of skill in the art will readily recognize that the data structures can be embodied as relational data base tables, file records, operating system registry entries, or other well-known arrangements of data, and stored on computer-readable media of various types including random access memory, fixed disk, or CDROM.
One embodiment of the proxied application list 300 is illustrated in FIG. 3. The application list 300 created when the proxy server software is initialized. Each entry 301 in the application list 300 contains the transport protocol 303 and the application port number 304 for an application which will be proxied through the proxy server.
One embodiment of the descriptor list 400 is illustrated in FIG. 4. The descriptor list 400 contains an entry 401 for each open TCP/UDP connection. Each entry 401 is keyed on the destination port 406, transport protocol 407, destination address 408, and LAN address 409. The destination port 406, transport protocol 407, destination address 408, LAN address 409, and the source port 410, are collectively referred to as a connection descriptor 405. The descriptor list 400 also contains an entry 411 keyed on the transport protocol 416, destination address 417, and LAN address 418 for each ICMP connection, collectively shown as connection descriptor 415. The mapped port number 403 and identifier 413 shown in FIG. 4 are explained below.
One embodiment of the status list 600 is illustrated in FIG. 6 and explained in conjunction with FIGS. 5A, 5B and 5C which describe the methods or processes performed by the proxy server software. Beginning with FIG. 5A, when an outgoing LAN packet, such as packet 128 in FIG. 1B, is received by the proxy server 100, the proxy server software determines if the packet is to be proxied (step 501). For TCP/UDP LAN packets, the determination is based on comparing the entries 301 in the application list 300 against the corresponding information in the packet header 200. A match indicates that the TCP/UDP LAN packet is to be proxied. In the case of ICMP LAN packets, only packets having a message type of “echo request” will be proxied. LAN packets which are not to be proxied are ignored by the proxy server.
Once the determination is made that a LAN packet is to be proxied at step 501, the proxy server software determines whether the connection requested by a packet is an existing open connection (step 503) using the descriptor list 400 and the information contained in the packet header 200. If the corresponding information in the packet header 200 does not match a entry 401 in the descriptor list 400, the connection has not yet been opened and, therefore, must be created. However, because the combination of application port number and the LAN address in a LAN packet is valid only within the local area network, those values cannot be used to open a new connection.
Therefore, the proxy server software selects an application port number which is not reserved or in use by the proxy server (step 505). For a new TCP/UDP connection (which is not a FTP/TFTP connection), the software creates an new entry 401 in the descriptor list 400, stores the appropriate information the LAN packet header 200 as the connection descriptor 405, and inserts the selected application port number into the mapped port 403 (step 507).
If the application is FTP/TFTP, the proxy server software creates one entry 401 in the descriptor list 400 that corresponds to the connection between the client computer and the FTP/TFTP application port on the host computer, and a second entry 401 in the descriptor list 400 for the connection between the client computer and the data transfer port on the host computer.
The proxy server software also creates an entry 601 in the status list 600 for a newly opened connection. The entry 601 contains an open connection identifier 603 for the open connection, a physical port identifier 605 which identifies the physical port on which the open connection communications, and an idle timer 607.
When the appropriate entry 401 is created or matched, the LAN packet converted to an Internet packet by the proxy server software (step 509). The mapped port 403 in the entry 401 is used as the source port 207 in the packet header 200. Similarly, the proxy server software replaces the LAN address of the client computer with the Internet address of one of the WAN port 103-105 on the proxy server 100. The WAN port used for the communication is specified by the physical port identifier 605. The selection process for a WAN port is described in more detail below.
If the FTP/TFTP LAN packet contains a “PORT” command, the proxy server software also replaces the port number specified in the data portion of the packet. As will be readily apparent to one of skill in the art, such a modification can result in a change of the packet size, so the software modifies appropriate sections of the header of each packet transferred through the FTP/TFTP connection accordingly.
In the case of an ICMP packet, the proxy server software creates a new entry 411 in the descriptor list 400, stores a unique identifier 413 for the ICMP connection and the connection descriptor 415 information from the packet header 200. The identifier 413 is included in the ICMP packet at step 509. An exemplary ICMP packet is shown in Table 1 below. The identifier field shown in Table 1 is mapped before forwarding the ICMP packet to the Internet.
TABLE 1
Figure USH0002065-20030506-C00001
Once the LAN packet has been converted to a valid Internet packet as described above, the proxy server software recomputes the appropriate checksums to complete step 509. The proxy software then transfers the converted packet to the Internet through the selected WAN port (step 511).
Because an outgoing TCP/UDP Internet packet specifies the mapped port 403 as the source port 207 in its header 200, an incoming Internet packet on the same connection will specify the mapped port 403 as the destination port 209 in its header 200. As shown in FIG. 5B, the proxy server software matches the mapped port 403 and the protocol 211 specified in the header 200 of the incoming Internet to the corresponding entry 401 in the descriptor list 400 (step 521). The proxy server software then replaces the destination address 205 and destination port 209 in the header 200 of the incoming packet with the LAN address 409 and application port 410 from the entry 401 (step 523). Similarly, the identifier in an incoming ICMP packet is used to find the corresponding entry 411 in the descriptor list 400 at step 521, and the destination address 205 in the incoming packet is replaced by the LAN address 418 from the entry 401 at step 523. The software recomputes the checksums for the packet to complete the conversion between Internet and LAN packets at step 523 and transfers the converted packet to the LAN for routing to the specified client computer (step 525).
The WAN port selection process is illustrated in FIG. 5C. In order to balance the load on the proxy's server's physical WAN ports, i.e., the modems, the proxy server software only permanently assigns a physical port to a new connection if the application, such as ICMP, requires the same source address for the life of the connection (step 533). For an ICMP connection (step 535), the proxy server software selects the first active port (step 537). For other applications that require the use of the same physical port, the proxy server selects the port with the least amount of load when the connection is initially established (step 539).
For applications that do not require the same physical port (steps 553 and 545), the proxy server software dynamically selects a port each time a packet is to be sent to the Internet (step 543). The software will select the active port with the least amount of load. A physical port which is currently not active is selected when all active ports are equally loaded. A WAN port can be inactive because, for example, it is both a dial-in and Internet connection. If all ports are active and equally loaded, the software selects the first active port.
The idle timer 607 is set to an initial value when the connection is opened (step 557). Each timer 607 is decremented by foreground process (not illustrated) each minute there is no activity on the corresponding connection. Activity on the connection resets the appropriate timer 607 to the initial value (step 555) while a TCP “close” command (step 551) sets the timer to an amount pre-determined to be adequate for the closing operations (step 553). In the case of an ICMP echo request message, the timer 607 is set to zero (step 550) when the response (step 549) is received. When a timer 607 reaches zero, the corresponding connection is closed and the descriptor entry 411 and status entry 601 are freed (not illustrated).
A physical port can be closed by either the proxy server, the ISP, or due to a failed communications link between the proxy server and the ISP. When a physical port is closed, all connections using that physical port are closed and the corresponding descriptors and status entries freed.
As described above, each client computer is assigned a unique LAN address. In one embodiment, such addresses are permanently assigned external to the proxy server. In an alternate embodiment, the proxy server software acts as a DHCP (Dynamic Host Configuration Protocol) to dynamically assign an address to a client computer when the client computer requests a connection. As the operations of a DHCP server are well known to one skilled in the art, no detailed functional description is provided.
The proxy server software also provides monitoring and management of the proxy server using a browser or Telnet program on a computer connected through the LAN port, the command port, or a WAN port. User input is received in the form of Telnet, HTTP, or FTP commands. When the microprocessor 109 recognizes that a command is addressed to the proxy server 100, not to a client or host computer, a security check is performed to ensure that the user is permitted access to the monitoring and management facilities of the proxy server software. Any results from the command are returned through the port on which the command arrived. Telnet, HTTP, and FTP commands, and the software required to support their operations, are well-known to one of skill and are, therefore, not discussed in further detail.
Proxy Server Summary
The proxy server has been described in terms of its hardware and software components, from an overview of the operation of the hardware and software, through detailed descriptions of the processes performed by the software and the data structures employed by the processes. It is to be understood that the above description is intended to be illustrative, and not restrictive. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
Because the proxy server shares multiple modems among the computer of a local area network, the number of phone lines, modems, and ISP accounts are greatly reduced while maintaining the benefits of using only the amount of bandwidth needed at one time associated with dial-up Internet accounts. Furthermore, the proxy server allows easy connections of new LAN computers to the Internet but without the overhead associated with a dedicated connection. Additionally, because the proxy server translates between non-registered LAN addresses and valid Internet addresses, the LAN is secured against unauthorized, external access.

Claims (21)

What is claimed is:
1. A proxy server for use in connecting a wide area network with a plurality of client computers each having a local address, the proxy server comprising:
a local port connected to a local area network and operative for sending a plurality of incoming local packets and for receiving a plurality of outgoing local packets to and from the plurality of client computers;
a plurality of modems each having a modem port address and each connected to the wide area network, and operative for transmitting a plurality of outgoing remote packets and receiving a plurality of incoming remote packets; and
a processor connected to the local port and connected to the plurality of modems, and operative for receiving one of the plurality of outgoing local packets from one of the plurality of client computers, for executing a load balancing algorithm and selecting one of the plurality of modems, for modifying the one of the plurality of outgoing local packets by substituting the modem port address of the selected modem for the local address of the one of the plurality of client computers to produce one of the plurality of outgoing remote packets, and for transmitting the one of the plurality of outgoing remote packets to the selected modem for transmission to the wide area network.
2. The proxy server according to claim 1, wherein the processor is further operative for receiving one of the plurality of incoming remote packets from one of the plurality of modems, for determining a destination client computer, for substituting the local address of the destination client computer for the modem port address of the one of the plurality of modems specified in the one of the plurality of incoming remote packets to create one of the plurality of incoming local packets, and for transmitting the one of the plurality of incoming local packets to the destination client computer through the local port.
3. The proxy server of claim 1, wherein the processor selects one of the plurality of modems based on a protocol specified in the one of the plurality of outgoing local packets.
4. The proxy server of claim 2, wherein the processor determines the destination client computer using a descriptor table, the descriptor table comprising an entry for each of the plurality of client computers having an open connection to the wide area network through the proxy server.
5. The proxy server of claim 1, wherein the processor is further operative for selecting an application port, for substituting the selected application port for a client computer application source port specified in the one of the plurality of outgoing remote packets, for determining an application destination port on a destination client computer, and for substituting the application destination port on the destination client computer for a destination port specified in one of the plurality of incoming local packets.
6. The proxy server of claim 5, wherein the processor selects the application port from a group of unused remote application ports.
7. The proxy server of claim 5, wherein the processor determines the application destination port using a descriptor table, the descriptor table comprising an entry for each open application port on each client computer having an open connection to the wide area network through the proxy server.
8. The proxy server of claim 1, wherein the processor is further operative for classifying the one of the plurality of outgoing local packets and for ignoring the one of the plurality of outgoing local packet if the classification does not match an entry in a proxied application list.
9. The proxy server of claim 1, wherein the processor is further operative for monitoring packet activity on an open connection between one of the plurality of client computers and the wide area network and for closing the open connection if there is no packet activity for a specified time period.
10. The proxy server of claim 1, wherein the processor is further operative for dynamically assigning a local address to one of the plurality of client computers.
11. The proxy server of claim 1, wherein each of the plurality of modems operates in dial-out only mode.
12. The proxy server of claim 1, wherein one of the plurality of modems operates in dial-out and dial-in mode.
13. The proxy server of claim 12, wherein the one of the plurality of modems operates in dial-in mode until packet activity through the proxy server reaches a pre-determined amount.
14. The proxy server of claim 1, wherein at least two of the plurality of modems form a bonded channel in a coordinated multilink operation.
15. The proxy server of claim 1, wherein the processor is further operative for determining if an incoming remote packet contains a proxy server management command, processing the proxy server management command, and sending any resulting information in an outgoing remote packet.
16. A method of sharing a plurality of modems connected to a wide-area network among client computers of a local area network comprising:
creating a first entry in a descriptor list for each open connection between a client computer and a host computer on the wide area-network, the first entry including a first mapped port number;
generating an outgoing packet from the client computer, the outgoing packet including a first portion of data, corresponding to the first entry, and a source address, the first portion of data having a source port number;
comparing the first portion of data with each first entry in the descriptor list to find a first corresponding first entry;
if the first corresponding first entry is found, substituting the first mapped port number of the first corresponding first entry for the source port number;
selecting a modem from the plurality of modems using a load balancing algorithm;
substituting an address of the selected modem for the source address ; and
transmitting the outgoing packet using the selected modem.
17. The method of claim 16, further comprising:
generating an incoming packet from the host computer, the incoming packet including a second portion of data, corresponding to the first entry, and a destination address, the second portion of data having a second mapped port number;
comparing the second portion of data with each first entry in the descriptor list to find a second corresponding first entry;
if the second corresponding first entry is found, substituting a client computer port number of the second corresponding first entry for the second mapped port number;
substituting a client computer address included in the second corresponding first entry for a destination address; and
transmitting the incoming packet to the local area network.
18. The method of claim 16, further comprising:
creating a second entry in a proxied application list for each application in the local area network which originates data to be transmitted to the wide area network, the second entry including the source port number and a transport protocol;
inserting the transport protocol in the first portion of data; comparing the first portion of data with each second entry in the proxied application list to find a corresponding second entry; and
if the corresponding second entry is found, proxying the outgoing packet.
19. A communication system, comprising;
a plurality of client computers on a local area network, each client computer having a unique local address to differentiate from other client computers ; and
a proxy server comprising:
a local port connected to the local area network and operative for sending a plurality of incoming local packets to the plurality of client computers and for receiving a plurality of outgoing local packets from the plurality of client computers;
a plurality of modems connected to a wide area network, and operative for transmitting a plurality of outgoing remote packets and receiving a plurality of incoming remote packets, each modem having a unique modem port address to differentiate from other modems; and
a processor connected to the local port and connected to the plurality of modems, and operative for receiving one of the plurality of outgoing local packets from one of the plurality of client computers, for executing a load balancing algorithm and selecting one of the plurality of modems, for modifying the one of the plurality of outgoing local packets by substituting the modem port address of the selected modem for the local address of the one of the plurality of client computers, to produce one of the plurality of outgoing remote packets, and for transmitting the one of the plurality of outgoing remote packets to the selected modem for transmission to the wide area network.
20. A method of communication, comprising:
receiving a request from a client computer to establish a connection to a remote server having a remote server address;
selecting a modem from a plurality of modems in response to the request using a load balancing algorithm;
receiving a local data packet from the client computer;
combining the remote server address and the local data packet to create a remote data packet; and
sending the remote data packet to the remote server through the selected modem.
21. The method according to claim 20, further including:
creating an entry in a descriptor list for each open connection between a client computer on the local area network and a host computer on the wide area-network;
matching data in an outgoing packet from a client computer against the descriptor list;
substituting a mapped port in the matched entry for a source port in the outgoing packet;
selecting one of the modems;
substituting an address for the selected modem for a source address in the outgoing packet; and
transmitting the outgoing packet to the modem.
US09/221,742 1998-12-28 1998-12-28 Proxy server Abandoned USH2065H1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/221,742 USH2065H1 (en) 1998-12-28 1998-12-28 Proxy server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/221,742 USH2065H1 (en) 1998-12-28 1998-12-28 Proxy server

Publications (1)

Publication Number Publication Date
USH2065H1 true USH2065H1 (en) 2003-05-06

Family

ID=22829173

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/221,742 Abandoned USH2065H1 (en) 1998-12-28 1998-12-28 Proxy server

Country Status (1)

Country Link
US (1) USH2065H1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099827A1 (en) * 2001-01-22 2002-07-25 Shah Hemal V. Filtering calls in system area networks
US20030112823A1 (en) * 2001-12-17 2003-06-19 Microsoft Corporation Methods and systems for establishing communications through firewalls and network address translators
US20030208531A1 (en) * 2002-05-06 2003-11-06 Todd Matters System and method for a shared I/O subsystem
US20030208633A1 (en) * 2002-05-06 2003-11-06 Todd Rimmer System and method for implementing LAN within shared I/O subsystem
US20030208631A1 (en) * 2002-05-06 2003-11-06 Todd Matters System and method for dynamic link aggregation in a shared I/O subsystem
US20030229809A1 (en) * 1999-04-15 2003-12-11 Asaf Wexler Transparent proxy server
US20040001469A1 (en) * 2002-07-01 2004-01-01 Melco Inc. Wireless lan device
US20050198302A1 (en) * 2003-12-29 2005-09-08 Microsoft Corporation Multi-client support
US7328284B2 (en) 2002-05-06 2008-02-05 Qlogic, Corporation Dynamic configuration of network data flow using a shared I/O subsystem
US7752333B1 (en) * 2000-01-18 2010-07-06 Avaya Inc. Methods and apparatus for local network address acquisition, analysis and substitution
US20100202442A1 (en) * 1999-05-05 2010-08-12 William Allan Telephony and data network services at a telephone
CN103731680A (en) * 2012-03-11 2014-04-16 美国博通公司 Audio/video channel transbonding in a network device
US9325676B2 (en) 2012-05-24 2016-04-26 Ip Ghoster, Inc. Systems and methods for protecting communications between nodes
US9348927B2 (en) 2012-05-07 2016-05-24 Smart Security Systems Llc Systems and methods for detecting, identifying and categorizing intermediate nodes
US10382595B2 (en) 2014-01-29 2019-08-13 Smart Security Systems Llc Systems and methods for protecting communications
US10778659B2 (en) 2012-05-24 2020-09-15 Smart Security Systems Llc System and method for protecting communications

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371852A (en) * 1992-10-14 1994-12-06 International Business Machines Corporation Method and apparatus for making a cluster of computers appear as a single host on a network
US6035020A (en) * 1997-08-26 2000-03-07 Nec Usa, Inc. Modem data call bypass of a telephone network voice switch
US6038594A (en) * 1998-02-02 2000-03-14 Loral Cyberstar, Inc. Internet communication system and method with asymmetric terrestrial and satellite links
US6091737A (en) * 1996-11-15 2000-07-18 Multi-Tech Systems, Inc. Remote communications server system
US6115755A (en) 1998-04-09 2000-09-05 Novaweb Technologies, Inc. Integrated apparatus for interfacing several computers to the internet through a single connection
US6157950A (en) * 1997-12-05 2000-12-05 Encanto Networks, Inc. Methods and apparatus for interfacing a computer or small network to a wide area network such as the internet
US6182141B1 (en) * 1996-12-20 2001-01-30 Intel Corporation Transparent proxy server
US6185625B1 (en) * 1996-12-20 2001-02-06 Intel Corporation Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object
US6243379B1 (en) 1997-04-04 2001-06-05 Ramp Networks, Inc. Connection and packet level multiplexing between network links
US6253247B1 (en) 1996-11-21 2001-06-26 Ragula Systems System and method for transmitting a user's data packets concurrently over different telephone lines between two computer networks
US6282193B1 (en) 1998-08-21 2001-08-28 Sonus Networks Apparatus and method for a remote access server

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371852A (en) * 1992-10-14 1994-12-06 International Business Machines Corporation Method and apparatus for making a cluster of computers appear as a single host on a network
US6091737A (en) * 1996-11-15 2000-07-18 Multi-Tech Systems, Inc. Remote communications server system
US6253247B1 (en) 1996-11-21 2001-06-26 Ragula Systems System and method for transmitting a user's data packets concurrently over different telephone lines between two computer networks
US6182141B1 (en) * 1996-12-20 2001-01-30 Intel Corporation Transparent proxy server
US6185625B1 (en) * 1996-12-20 2001-02-06 Intel Corporation Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object
US6243379B1 (en) 1997-04-04 2001-06-05 Ramp Networks, Inc. Connection and packet level multiplexing between network links
US6035020A (en) * 1997-08-26 2000-03-07 Nec Usa, Inc. Modem data call bypass of a telephone network voice switch
US6157950A (en) * 1997-12-05 2000-12-05 Encanto Networks, Inc. Methods and apparatus for interfacing a computer or small network to a wide area network such as the internet
US6038594A (en) * 1998-02-02 2000-03-14 Loral Cyberstar, Inc. Internet communication system and method with asymmetric terrestrial and satellite links
US6115755A (en) 1998-04-09 2000-09-05 Novaweb Technologies, Inc. Integrated apparatus for interfacing several computers to the internet through a single connection
US6282193B1 (en) 1998-08-21 2001-08-28 Sonus Networks Apparatus and method for a remote access server

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030229809A1 (en) * 1999-04-15 2003-12-11 Asaf Wexler Transparent proxy server
US8964727B2 (en) * 1999-05-05 2015-02-24 Rockstar Consortium Us Lp Telephony and data network services at a telephone
US20100202442A1 (en) * 1999-05-05 2010-08-12 William Allan Telephony and data network services at a telephone
US7752333B1 (en) * 2000-01-18 2010-07-06 Avaya Inc. Methods and apparatus for local network address acquisition, analysis and substitution
US7024479B2 (en) 2001-01-22 2006-04-04 Intel Corporation Filtering calls in system area networks
US20020099827A1 (en) * 2001-01-22 2002-07-25 Shah Hemal V. Filtering calls in system area networks
US20030112823A1 (en) * 2001-12-17 2003-06-19 Microsoft Corporation Methods and systems for establishing communications through firewalls and network address translators
US7227864B2 (en) * 2001-12-17 2007-06-05 Microsoft Corporation Methods and systems for establishing communications through firewalls and network address translators
US20030208531A1 (en) * 2002-05-06 2003-11-06 Todd Matters System and method for a shared I/O subsystem
US20030208633A1 (en) * 2002-05-06 2003-11-06 Todd Rimmer System and method for implementing LAN within shared I/O subsystem
US20030208631A1 (en) * 2002-05-06 2003-11-06 Todd Matters System and method for dynamic link aggregation in a shared I/O subsystem
US7328284B2 (en) 2002-05-06 2008-02-05 Qlogic, Corporation Dynamic configuration of network data flow using a shared I/O subsystem
US7356608B2 (en) 2002-05-06 2008-04-08 Qlogic, Corporation System and method for implementing LAN within shared I/O subsystem
US7404012B2 (en) 2002-05-06 2008-07-22 Qlogic, Corporation System and method for dynamic link aggregation in a shared I/O subsystem
US7447778B2 (en) * 2002-05-06 2008-11-04 Qlogic, Corporation System and method for a shared I/O subsystem
US8194625B2 (en) * 2002-07-01 2012-06-05 Buffalo Inc. Wireless LAN device
US20040001469A1 (en) * 2002-07-01 2004-01-01 Melco Inc. Wireless lan device
US8477753B2 (en) 2002-07-01 2013-07-02 Buffalo Inc. Wireless LAN device
US20050198302A1 (en) * 2003-12-29 2005-09-08 Microsoft Corporation Multi-client support
US9088807B2 (en) 2012-03-11 2015-07-21 Broadcom Corporation Audio/video channel transbonding in a network device
KR101469824B1 (en) * 2012-03-11 2014-12-05 브로드콤 코포레이션 Audio/video channel transbonding in a network device
US8819755B2 (en) 2012-03-11 2014-08-26 Broadcom Corporation Audio/video channel transbonding in a network device
CN103731680A (en) * 2012-03-11 2014-04-16 美国博通公司 Audio/video channel transbonding in a network device
US9241177B2 (en) 2012-03-11 2016-01-19 Broadcom Corporation Audio/video channel transbonding in a network device
CN103731680B (en) * 2012-03-11 2017-12-19 安华高科技通用Ip(新加坡)公司 Network equipment sound intermediate frequency/video channel Translation bindings
US9348927B2 (en) 2012-05-07 2016-05-24 Smart Security Systems Llc Systems and methods for detecting, identifying and categorizing intermediate nodes
US9325676B2 (en) 2012-05-24 2016-04-26 Ip Ghoster, Inc. Systems and methods for protecting communications between nodes
US9992180B2 (en) 2012-05-24 2018-06-05 Smart Security Systems Llc Systems and methods for protecting communications between nodes
US10637839B2 (en) 2012-05-24 2020-04-28 Smart Security Systems Llc Systems and methods for protecting communications between nodes
US10778659B2 (en) 2012-05-24 2020-09-15 Smart Security Systems Llc System and method for protecting communications
US10382595B2 (en) 2014-01-29 2019-08-13 Smart Security Systems Llc Systems and methods for protecting communications

Similar Documents

Publication Publication Date Title
US6101549A (en) Proxy-based reservation of network resources
US7739384B2 (en) System and method for load balancing
CN101296238B (en) Method and equipment for remaining persistency of security socket layer conversation
US6032193A (en) Computer system having virtual circuit address altered by local computer to switch to different physical data link to increase data transmission bandwidth
USH2065H1 (en) Proxy server
US6999998B2 (en) Shared memory coupling of network infrastructure devices
US8260887B2 (en) Method for automatic configuration of an access router compatible with the DHCP protocol, for specific automatic processing of IP flows from a client terminal
US7991914B2 (en) Technique for addressing a cluster of network servers
JP3372455B2 (en) Packet relay control method, packet relay device, and program storage medium
US6600743B1 (en) IP multicast interface
EP2357570A1 (en) System and method for network access without reconfiguration
US20020075878A1 (en) Ip multicast interface
US20040153858A1 (en) Direct peer-to-peer transmission protocol between two virtual networks
US6389027B1 (en) IP multicast interface
US6327621B1 (en) Method for shared multicast interface in a multi-partition environment
US20060268863A1 (en) Transparent address translation methods
US20020194353A1 (en) Method for distinguishing clients in a communication system, a communication system, and a communication device
US20080049765A1 (en) Method and system for inter working a point-to-point link and a LAN service
US6819673B1 (en) Method and system for establishing SNA sessions over wide area networks
JP3614006B2 (en) COMMUNICATION SYSTEM USING Asymmetrical Route and Communication Method Utilizing Asymmetrical Route
Cisco Bridging and IBM Networking Overview
Cisco Bridging and IBM Networking Overview
Cisco Bridging and IBM Networking Overview
Cisco Bridging and IBM Networking Overview
Cisco Bridging and IBM Networking Overview

Legal Events

Date Code Title Description
AS Assignment

Owner name: MULTI-TECH SYSTEMS, INC., MINNESOTA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HONG, KEVIN;NAIR, VIDYASAGARAN PARAMESWARAN;REEL/FRAME:009686/0775;SIGNING DATES FROM 19981207 TO 19981215

STCF Information on status: patent grant

Free format text: PATENTED CASE