This application is a divisional of U. Provisional Application Ser. Gil, et al. Biswas, et al. Gil et al.
|Published (Last):||6 December 2019|
|PDF File Size:||10.59 Mb|
|ePub File Size:||1.84 Mb|
|Price:||Free* [*Free Regsitration Required]|
This application is a divisional of U. Provisional Application Ser. Gil, et al. Biswas, et al. Gil et al. Wireless mesh networks include at least one node that connects to a wide area network WAN and one or more wireless access points comprising nodes of the mesh network that communicate with each other, at least one of which communicates with the wide area network node.
The WAN can comprise, for example, the Internet, and the WAN node typically comprises a cable interface cable modem or DSL interface or the like, and the wireless access points typically comprise wireless routers and the like. Wireless mesh networks are convenient because they can be implemented with little or no effort to provide infrastructure.
For example, it is generally not necessary to install additional cabling for access to the wide area network. Once a connection to the WAN is provided, the additional wireless access points can be configured to communicate and thereby provide network access whose geographic coverage is theoretically limited only by the distribution of the wireless access points of the mesh network.
Once a network is established, client devices can communicate over the network through the nodes. The nodes can comprise servers, routers, and other like devices for network access, which will be collectively referred to as network endpoints.
Administrators of large network systems need to monitor the health of these network endpoints and attend to maintenance tasks, such as device configuration, update installation, and the like. Typically, administrators must login to each device and individually perform monitoring and control tasks for the device to which they are logged. Such tasks can be extremely time consuming and tedious, especially for networks of any size.
In practice, initiating network connections directly to network endpoints connected to the Internet is impossible or very difficult because many network endpoints are not directly addressable from the public Internet as a result of being located behind network address translators NATs or firewalls.
NATs allow multiple devices to connect to the Internet using a single IP address by rewriting all outgoing packets so they appear to originate from a single IP and by demultiplexing all incoming packets according to which device initiated the connection.
In general, network devices outside of a NAT cannot initiate network connections to devices located within or behind a NAT. Such centralized monitoring and control would be especially advantageous in a wireless network, such as one in which an Internet Service Provider ISP provides Internet access to wireless routers through which client devices gain access to the Internet. Administrators of such wireless networks must be able to verify that the routers are operating correctly.
It would also be advantageous for administrators of such wireless networks to have the ability to remotely make configuration changes to the routers in real-time. From the discussion above, it should be apparent that there is a need for centralized real-time monitoring and control over network endpoints that may be located behind a NAT. The present invention satisfies this need. Described herein is a managed network of network devices that communicate using a network communication protocol, wherein messages received from a network gateway at a host include message information for verifying a message as coming from the managed network.
If a received message is determined to be a data message, a data packet is extracted, wherein the data packet comprises a data payload encapsulated within a message of the network communication protocol. If the received message is not a data message, then identification information in the received message is located that identifies a network node of the managed network and the identification information is inserted into a node mapping table, wherein the identification information includes an internal address of the network node for an address space within the managed network, and the internal address is not valid outside of the address space.
A persistent network connection is maintained with the network node in accordance with the network communication protocol such that a response message directed to the network gateway can be received at the network node. In the managed network, unique network addresses are assigned to the nodes such that no two nodes will have the same address in the managed network and such that each node will always have the same network address regardless of changing its location or changing the network to which it is joined.
The nodes, communicating together, comprise a mesh network. This provides remote management and control of the nodes from the host server, which is located outside of the mesh network, even if a node is located behind a firewall or network address translator NAT , because server management messages are encapsulated within headers so that a persistent connection between the node and the external host server is maintained once the node sends a message to the host. Other features and advantages of the present invention should be apparent from the following description of the preferred embodiments, which illustrate, by way of example, the principles of the invention.
A managed network of communicating devices includes a host server and nodes wherein unique network addresses are assigned to the nodes such that no two nodes will have the same address in the managed network and such that each node will always have the same network address regardless of changing its location or changing the network to which it is joined.
The nodes, also referred to as network endpoints, generally communicate with each other by wireless techniques and thereby comprise a wireless mesh network. The nodes of the mesh network communicate with the host server over a network such as the Internet, using Internet protocol IP addressing techniques. Although the Internet will be referenced in the discussion that follows, it should be understood that the invention applies as well to network configurations generally.
The hosted network includes a host that communicates over a network infrastructure , such as the Internet, with multiple communication devices , The communication devices include network traffic devices , such as access points or routers, and client devices , such as laptop computers, desktop computers, and portable computing devices, all of which are capable of communicating with each other using a network communications protocol specification. In FIG. Particular devices will be referenced by their respective suffix a , b , c and a , b ,.
References to the devices , without their particular suffix will be understood to be a reference to the group collectively. All of the devices , are capable of communicating with each other over a wireless network communications protocol specification, such as the The devices , define a managed network whose member devices communicate with the host computer , also referred to as the backend server.
When it is necessary to refer to a particular local network a , b , the suffix identifier will be used. The traffic devices in FIG. That is, the interface device is upstream of the gateway.
Those skilled in the art will understand details of such devices, which may comprise cable modems, DSL interfaces, and the like. Alternatively, the interface may be incorporated into the gateway device rather than being a separate component. Each gateway provides an interface between its respective mesh network and the Internet.
For example, the gateway a is the Internet interface for the mesh network a comprising a and client c , client d , client e , and client f. The gateway b is the Internet interface for the mesh network b comprising gateway b , node c , client a , and client b. The gateways a , b communicate with the host of the managed network and perform network address translation NAT functions for the devices , within their respective managed networks a , b.
The mesh network is operated under the control of a network owner , who can access management tools through a network portal interface of the host Therefore, the network owner is illustrated in FIG. The gateway devices a , b are also capable of network communications via a wired connection, such as Ethernet. The clients can also have this dual capability. Thus, the managed networks a , b can include devices that are capable of communicating over both wired connections and wireless connections.
In this discussion, the traffic devices will also be referred to as routers or nodes of the managed networks. Thus, nodes as used herein comprise devices that can communicate over the managed networks and can send data messages from other nodes toward destinations outside of the managed network, such as over the Internet toward the host Thus, a dotted line represents a connection from the second gateway b to an external network The external connection between the two b , can comprise a wired connection or a wireless connection.
Therefore, the gateway b is acting as a bridge from the managed network b to the uplink external network and performs a network address translation NAT function for the managed network relative to the uplinked network. The connection from the managed network gateway b to the external network can be either a wireless connection or a wired Ethernet connection. Any one of the traffic devices constructed in accordance with the invention can perform the uplink function, as described more fully below, including the gateway devices a , b and the node c.
That is, all of the traffic devices a , b , c have a similar construction and therefore have similar operational capabilities. These two operations are described further below. For proper communications, the assigned IP address should be a private address that is unused elsewhere on the Internet.
In the mtunnel system, this address assignment is accomplished by agreeing on a one-to-one, repeatable mapping between the media access control MAC hardware address of each node and the IP address that will be assigned to it. MAC addresses are six bytes and the first three bytes are unique to each manufacturer, leaving three bytes of varying MAC address per node device. IP addresses are four bytes, so picking a class A address block e. The system implements mapping using the low three bytes of the MAC address for a given node as the low three bytes of that node's IP address.
For example, if using the Those skilled in the art will recognize that MAC addresses are written in hexadecimal notation and IP addresses are written in decimal notation, hence the low three bytes of the MAC address are rewritten in the IP address format 1. One advantage of this simple and repeatable mapping between MAC addresses and IP addresses is that no state information needs to be stored in order to determine the IP address for a node, and as new nodes are manufactured their IP addresses can be easily determined by any part of the system without any communication taking place.
This technique permits communications to occur directly between server and nodes, even if the nodes are behind a NAT. This is because devices behind a NAT such as the nodes in the mesh network described herein can send outgoing UDP datagrams to the server at any time, and the NAT will allow incoming datagrams that are in response to datagrams sent by a given device behind the NAT.
Similarly, the node router includes a processor that provides an operating environment in which an mtunnel-client process executes. Additional details of construction and operation for the server and router nodes will occur to those skilled in the art in view of the description herein. The mtunnel server provides an address space bridge between the nodes and any software running on the server computer that wishes to reach the nodes. Recall that the nodes are behind a NAT and have IP addresses that are not publicly routable from the Internet, so without this address space bridge, the nodes cannot be reached from outside of the NAT.
Let us suppose that nodes all have addresses in the The result is that any IP packets sent by any program on the mtunnel server to a The mtunnel-server program maintains a data structure that keeps the state information necessary to reach all nodes of the network being managed by the host.
The data structure comprises a table that maps a node IP address to the IP address and UDP port of the externally routable network device behind which the node is located. The node mapping table can have the exemplary structure illustrated below in Table Thus, the node IP address comprises an internal address of the network node for an address space within the managed network such that the node IP address is not valid outside of the managed network address space.
Following is a list of events that are processed by the mtunnel-server program and the actions that the program takes to respond to each event. This helps to keep the size of the table fairly small, and saves time and system resources by avoiding attempts to forward packets to nodes that are no longer checking in and therefore must not be connected to the Internet. The periodic timestamp checking is optional behavior that is not necessary for basic functioning of the system, but can achieve increased efficiency of operation.
For example, we might wish to determine the performance of the network by measuring average latency between our server and one of our nodes routers.
With the mtunnel system in place we can do this very easily; we simply have a program on the mtunnel server computer send ping packets to the given node's Without the mtunnel technique, these ping packets could not reach the actual node from the server recall that the node is behind a NAT.
However, with the mtunnel technique, the ping packet makes the following trip:. The end result is that we are able to measure round-trip latency to the node. In a similar way, we can initiate arbitrary network connections from our server to the node, such as an SSH connection allowing us to log into the node and configure it. The data provided by the host in data messages to the nodes can comprise scripts or applications, or portions of scripts and applications, that can be sent to the nodes via the mtunnel technique described herein, such that the receiving node will properly collect the data messages and install or execute such scripts and applications in accordance with instructions contained in the host data messages.
In this way, the resulting installed scripts and applications can comprise processes that are executed by the node and that perform monitoring and control functions as dictated by the host instructions. One alternative to an active monitoring and control system such as the mtunnel technique described herein is a passive monitoring and control system, where all connections are initiated by the network endpoints themselves rather than the central server.
For example, we could arrange so that each node periodically sends a message to our central server with key information about its health and operation, and the nodes could periodically download new configuration information. The main downside of this approach is that it does not allow for any real-time operations; everything must be coordinated ahead of time and initiated by the node itself, not by the central server.
Consume the Net: The Internationalisation of an Idea (chapter 2, part 1, draft)
Big data is a data set that is big in size. It is much complicated so traditional data processing application software is not capable to handle them. In our research we have provide security to data as well as we have saved data from being destroyed by attacker. In some research the security key to encrypt data was not much strong and delay was increased in data transmission due to security reasons. Here we have reduce the transmission delay by reducing size of packet and made the security key more strong.