Method for updating middleware-level names
The invention relates to a method according to the preamble of claim 1 for updating the dynamic network-level bound addresses of middleware-level names in a name resolution system, whereby the method performs the update of at least one binding between a middleware-level name and its network-level bound address in a name resolution system.
In communications networks, the data flow there through is divided into hierarchical levels. Traffic at a given level of the hierarchical system is transparent to the elements of the other under/overlying hierarchical levels. In the context of the present application, the term middleware level is used when reference is made to levels 4-7 of the OSI (Open System Interconnection) model defined by ISO (International Organization for Standardization), said levels including the transport, session, presentation and application layers. Hence, middleware must be understood to represent the software that is capable of implementing the functionality of said layers.
In conventional techniques, the purpose of the name resolution system, e.g., the DNS in the Internet, is to facilitate referencing an Internet resource by its DNS name without knowing the location of the resource. In DNS, the resource most generally is a so-called host which is a computer communicating with the Internet. The DNS name is a name at the middleware level. In the case the DNS is applied, the network location of the resource is its location in the Internet which is denoted by an IP address assigned the resource as its network-level address. The ability to refer to a resource without knowing its location is important, since if the resource names and locations were not independent from each other, a change in the location of a given resource would lead to a cumbersome reconfiguration in each of the systems that refer to the dynamic resource in concern. Should the movable resource happen to be a server, the task can become very demanding. For this reason, an Internet application or client is not generally allowed to use a direct reference to, e.g., an IP address,
when sending messages, but rather, the target must be addressed in a manner that is so highly location-independent as ever possible.
In the prior art, when terminals are connected to communications networks such as the Internet, using dynamic addresses which are addresses that are defined separately at the network level for each session, today typically being IP addresses, the terminal initiates communications with an access router of the operator system providing a connection for information communications, whereby the router assigns the dynamic network-level address that is valid for the ongoing session. Next, the terminal takes care of updating the dynamic network-level address to the name resolution system, which today typically is DNS.
It is a disadvantage of the prior art that the terminal is made responsible for the task of updating its dynamic network-level address to the name resolution system. Herein, the terminal software must at all times be retained updated to a level capable of performing such an address update. The storage and running of the address update software consumes terminal storage capacity and processor time. The arrangement also puts additional traffic load on the data transfer path between the access router of the service provider and the terminal inasmuch the dynamic network-level address must be submitted from the access router to the terminal and, vice versa, the dynamic network-level address must be retransmitted from the terminal to the access router, wherefrom the address is passed over an information network, today typically an IP network, to a name resolution system, today typically DNS. The excess traffic puts an extra load on the data transfer path, particularly in cases when the dynamic IP addresses are assigned frequently. The latter case may be typically encountered on connections established from portable terminals. Hence, it is an important mission, particularly in the case of portable terminals, to minimize the portion of control information in the data flow transmitted over a data transfer path. For the operator, it is difficult to offer services based on binding information to a middleware-level name of the network terminal stored in the name resolution system when the network terminal performs changes in the information content bound to the terminal's
middleware-level name.
It is an object of the invention to provide an entirely novel type of method capable of overcoming the problems of the above-described prior art.
The goal of the invention is achieved according to the invention by virtue of transferring the responsibility of updating the network-level bound address of the terminal's middleware-level name from the terminal to the operator's system.
More specifically, the method according to the invention for updating the dynamic network-level bound addresses of middleware-level names in a name resolution system, in which method is performed the update of at least one binding between a middleware-level name and its network-level bound address in a name resolution system, is characterized by what is stated in the characterizing part of claim 1.
The invention offers significant benefits. The terminal is freed from the need to update its network-level address to the name resolution system, whereby there is no more any need to update the terminal software such that is capable of performing the update operation required in the prior art. Hence, the terminal storage capacity and processor time need not be used in the storage and running of the address update software. Moreover, the data transfer path between the access router and the terminal is relieved from task of transmitting the terminal's network-level address from the access router to the terminal and, vice versa, from the terminal back to the access router. Resultingly, the portion of control information transmission over the data transfer path between the access router and the terminal is reduced. For the operator, it is also easier to provide services based on binding information to the network terminal's middleware-level name that is stored in the name resolution system when the network terminal is prevented from making changes in the information content bound to the terminal's middleware-level name.
In the following, the invention is examined in detail with the help of an exemplifying
embodiments by making reference to the attached drawing wherein
FIG. 1 shows a block diagram representing an embodiment of the method according to the invention, in which method under the control of the operator's system is per- formed the update of the dynamic network-level bound address of a middleware- level name in a name resolution system, and the binding between the middleware- level name and its dynamic network-level name is canceled from the name resolution system. The example is taken from TCP/IP protocol environment and it uses the DNS. The method according to the invention may be applied in a respective manner also in other types of communications networks and/or using other type of name resolution system.
The example illustrated in the block diagram of FIG. 1 uses elements denoted by reference numerals as follows:
A given subscriber connection 10 is a connection to a circuit-switched or packet- switched communications network.
An operator system 11 comprises hardware that allows the operator to provide a connection to an IP network from said given subscriber connection 10 communicating with said operator system 11.
A user profile 12 includes the definition of services provided from the operator system 11 to said given subscriber connection 10, a network terminal device, a user person, application software or an instance of the user identity of the application software, said services being offered via the said operator system 11.
A first DNS name is such a DNS name that is used in order to identify said given subscriber connection 10, network terminal device, user person, a network terminal connected to said given subscriber connection 10 or application software and/or an instance of the application software running on said network terminal.
A first DNS server 13 is a name server of the DNS. The first DNS server 13 either has stored or is capable of storing therein a first DNS name.
A second DNS server 14 is such a DNS name server wherein the operator system 11 is privileged to perform update operations. The second DNS server 14 either has stored or is capable of storing therein a second DNS name.
A dynamic IP address is such an IP address that the operator system 11 is capable of allocating by means of, e.g., its access router, to a given subscriber connection presently communicating with the operator system 11.
The method is implemented by way of the steps described below. Steps 101 - 103 are carried out to determine and define the service to be provided and to establish a communications connection between said subscriber connection 10 and said operator system 11 :
101) Into user profile 12 stored in operator system 1 1 is embedded a definition of the responsibility of the operator system 11 to perform in a name resolution system the update of the dynamic IP address that is assigned the network resource communicating under the identity of said user profile with said operator system.
102) A communications connection is established between said operator system 11 and said subscriber connection 10, and a given dynamic IP address is assigned said subscriber connection 10.
103) In said operator system is identified an attempt to establish a communications connection from said subscriber connection 10 to said operator system, or alternatively, an already established communications connection between said subscriber connection 10 and said operator system 11 under the identity of said
user profile 12, whereupon said operator system 11 retrieves the first DNS name and or the second DNS name corresponding to the identity of said user profile 12.
Next step 104 is carried out to store into the name resolution system the logical binding of the given dynamic IP address assigned said subscriber connection 10 to the first DNS name:
104) Into the name resolution system is updated a given dynamic IP address serving thereupon as a return response to a request pertaining to the first DNS address.
The operator system may perform the update operation directly to a first DNS server 13, wherein the first DNS name is stored or is storable, with the provision that the operator system is privileged to the update operation, or alternatively, to a second DNS server 14. In the latter alternative, however, it is mandatory to ensure that the requests pertaining to the first DNS name 13 are defined to be redirected to the second DNS server 14. Additionally, the expiration time of the binding of the first DNS name 13 to the given dynamic IP address is defined and linked with the given dynamic IP address as information pertaining thereto that is then submitted to the first DNS server 13 or the second DNS server 14. In a practical implementation, the update operation is carried out so that the operator system 1 1 is controlled to communicate with said first name server 13 or said second name server 14 or a name server located in a recursion chain therebetween, and update information is generated in the operator system 11 as response to information retrieved on the basis of definitions in the user profile 12 and to other possible messages received from the name server as authentication, authorization and name server status signals. Next, the update information data packet is sent to the name server, wherefrom new data packets in turn may be received in an interactive manner. Under this kind of control based on information exchange, the name resolution system creates a logical binding of a given IP address to said first DNS name.
In the case that step 104 is not carried out by way of directly updating the binding of a given dynamic IP address to said first DNS name, but rather, the binding of said first DNS name to the given dynamic IP address is formed via a recursive search chain, it is necessary to ensure that request messages pertaining to said first DNS name are directed to said second DNS server 14 containing the given dynamic IP address. The control of such a redirection may be implemented by way of, e.g., storing at said first DNS server 13 the second DNS name in the CNAME-RR field that is associated with the first DNS name. Then, a request pertaining to the first DNS name returns a message containing the second DNS name, whereupon it is evident that a request pertaining to the second DNS name will be directed to the second name server, wherein the given dynamic IP address bound to the second DNS name is stored in an updated form.
If after step 104 is followed by a message which is sent to the name resolution system in the form of a request on the IP address bound to the first DNS name, the DNS returns the given dynamic IP address either directly or as a response to at least one additional search performed by the requesting system, whereupon the DNS names pertaining to the additional search(es) will be evident from the return message pertaining to the first DNS name or, recursively, from the subsequent return messages. Step 105 is carried out to disconnect the communications connection, while step 106 is carried out to cancel the binding of the first DNS name to the given dynamic IP address, thus freeing the given dynamic IP address for later use:
105) Request to disconnect the communications connection is received at the opera- tor system 11 from the subscriber connection 10 and/or the communications connection between the operator system 11 and the subscriber connection breaks up.
106) Operator system 11 is controlled to communicate with said first name server 13 or said second name server 14 or a name server located in a recursion chain therebetween, and update information is generated in the operator system 11 as
response to information retrieved on the basis of definitions embedded in the user profile 12 and to other possible messages received from the name server as authentication, authorization and name server status signals. The update information data packets are sent to the name server, wherefrom in turn may be received new data packets in an interactive manner. Under the control of such information exchange, the binding of the first DNS name established directly or via a recursive search chain to the given dynamic IP address is canceled, thus freeing the given dynamic IP address for later use:
The dynamic IP address will not be assigned another subscriber connection by the operator system until the expiration time stored in the name resolution system indicating the duration of the binding of the given dynamic IP address to the first DNS name or the second DNS name has passed. In the above-described embodiment, the expiration time is originally defined by the operator system and submitted to the name resolution system.
In a similar fashion as is described above for Example 1, it is possible to cancel the binding of the first or second DNS name to the given dynamic IP address from the name resolution system also in the case that the binding is not initially formed by the operator system 11. Hence, this kind of binding can be formed according to the present method even when the binding is canceled by other techniques.
After the binding of the first DNS address to the given dynamic IP address has been canceled and it is still desirable to bar traffic directed to the given dynamic IP address that is formed on the basis of the first DNS name, monitoring of the outgoing traffic to the subscriber connections may be arranged by means of an automatic traffic control system, such as a programmable active node for instance, that is situated in the operator system 11. Herein, the automatic monitoring system is located so that data packets directed to at least one subscriber connection can be passed via the automatic monitoring system. The return message data packets directed to said subscriber connection from the name resolution system are then first
received at the operator system 1 1 and the network-level bound addresses of the DNS names in the return messages are bound to the dynamic IP addresses assigned said subscriber connection(s) so that the respective static bound IP addresses contained in the return messages directed to the given dynamic IP address are translated so as to be bound to the given dynamic IP address.
When the binding of the first DNS name to the given dynamic IP address is canceled from the DNS, the static IP addresses bound to the given dynamic IP address and thus stored in the operator system 11 can be activated in the automatic monitoring system, whereby the automatic monitoring system becomes capable of barring the transmission of such data packets that have any of such static IP addresses as their source address and the given dynamic IP address as their target address. The arrangement also permits monitoring of the return messages sent from the DNS and, at the detection of binding of the given dynamic IP address to any other name but the first DNS name, the automatic monitoring system is instructed to cancel the given dynamic IP address from the barring list.
In the method according to the invention, it is possible to direct messages that are sent toward a name server system from a single subscriber connection or a group of predetermined subscriber connections to a traffic controller which then directs the messages sent from said single subscriber connection or group of predetermined subscriber connections forward to a name resolution system so that the number of messages directed from the subscriber connection(s) to the name resolution system or, respectively, the number of messages directed from the name resolution system to the single subscriber connection or group of predetermined subscriber connections is not allowed to exceed a predetermined limit during a given interval, thus accomplishing a reduction in the operating rate required from the automatic monitoring system.
The following definitions are given to clarify the meaning of certain terms used in the present application and particularly in the appended claims.
Generation of data packets in the operator system for updates in the name resolution system takes place without control received from the subscriber connection. This is based on providing the operator system with a software facility that makes the system capable of generating the data packets needed for updates in the name resolution system.
The term name is used in communications systems when reference is made to a symbolic identifier, such as the URN (Uniform Resource Name) for instance, which has no location-dependent portion. The term name also used in the present context when reference is made to, e.g., the DNS host name that on one hand represents the name of a resource location inasmuch a host is seen by abstract resources as a location and, on the other hand, is also required to have a name that is independent from the network-level address, such as the IP address.
Name server is a system capable of submitting information assigned to a middleware-level name at the receipt of the middleware-level name with the provision that said middleware-level name is stored in the name server in concern. Herein, the assigned information may include, e.g., the network-level bound name corresponding to a given middleware-level name.
Name resolution system is a system that at the receipt of a middleware-level name can resolve information assigned the middleware-level name with the provision that said middleware-level name is stored in the name resolution system in concern. The name resolution system may comprise a plurality of name servers that may be updated by different parties, whereby name servers contain middleware-level name sets, or group of names, that are at least partially different from each other.
The term resource refers to an information network resource, whereby generally the term information network resource refers to a subscriber connection communicating with an information network, application software or an instance thereof running in
an information network.
Network-level bound address is a bound address that at the network level represents a given middleware-level name to which the network-level address is assigned at a given instant of time; in other words, an information network resource having said given middleware-level name is at said given instant of time capable of receiving information at said network-level address and/or sending information from said network-level address that in the context of the present application and particularly in the claims appended thereto is called the network-level bound location or simply, the network-level bound address.
Subscriber connection is any connection to a circuit-switched or packet-switched data network.
Operator system comprises the framework that makes the operator capable of providing a connection into a data network, such as an IP network, from a subscriber connection communicating with the operator system over a communications path, as well as some types of services that can be provided over said communications path to said subscriber connection, an information network resource connected to said data network or, respectively, an information network resource that communicates via said subscriber connection with an information network resource also communicating with said data network.
Updating refers to information storage, deletion or changing in the system subject to updating.
User profile includes definitions that are stored in the operator system or are available to the operator system and serve to define the services offered to a given data network user, user group or data network resource. As a response to a query posed by said data network user to the user profile are offered tailored information network services such as the update of binding of the network-level address of the user's
information network resource to a given middleware-level name in the operator system.
Information network resource is a subscriber connection, a network terminal connected thereto, application software or an instance thereof runnable on said terminal.
Recursive search chain is a sequence of requests placed to name servers on the basis of a given keyword, e.g., a given middleware-level name, whereby said given keyword generates in response another keyword, whose response is the desired resolution information or, possibly, a third keyword. The response to the third keyword may be the desired resolution information or a fourth keyword. The chain may be continued up to an nth keyword, where n is a natural number.
In the context of the present application and particularly in the claims appended thereto, the term dynamic network-level address is used when reference is made to a network-level address that may be assigned by the operator system to a subscriber connection communicating with the operator system over a communications path. A different dynamic network-level address may be allocated for the use of the subscriber connection during different connection sessions and the same dynamic network-level address may be allocated to another subscriber connection when the address is free from its binding to a previous subscriber connection.