[go: up one dir, main page]

WO2005008368B1 - Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules - Google Patents

Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules

Info

Publication number
WO2005008368B1
WO2005008368B1 PCT/US2004/021136 US2004021136W WO2005008368B1 WO 2005008368 B1 WO2005008368 B1 WO 2005008368B1 US 2004021136 W US2004021136 W US 2004021136W WO 2005008368 B1 WO2005008368 B1 WO 2005008368B1
Authority
WO
WIPO (PCT)
Prior art keywords
network
private
service
tunnel
secured
Prior art date
Application number
PCT/US2004/021136
Other languages
French (fr)
Other versions
WO2005008368A2 (en
WO2005008368A3 (en
Filing date
Publication date
Priority claimed from US10/614,909 external-priority patent/US7237260B2/en
Application filed filed Critical
Publication of WO2005008368A2 publication Critical patent/WO2005008368A2/en
Publication of WO2005008368A3 publication Critical patent/WO2005008368A3/en
Publication of WO2005008368B1 publication Critical patent/WO2005008368B1/en

Links

Abstract

Distributed modules in a network dynamically select communication protocols to communicate in a secure or firewall-protected network. Applications register with a lookup service. The lookup service maintains a lookup table including registration information for multiple applications. Registration information may include, but is not limited to, IP address, firewall restrictions, tunnel protocol, port information, and proxy queue capabilities. An application seeking to communicate acquires the registration information for a desired recipient from the lookup table. The application uses the registration information to select communication protocols necessary to communicate with the recipient.

Claims

AMENDED CLAIMS
[received by the International Bureau on 29 November 2005 (29.11.05); original claims 1 - 36 replaced by amended claims 1 - 57; (12 pages)]
What is claimed is:
1. An application tunneling method for establishing communication between distributed application modules in different private networks without requiring modification and administration of communication protocols of existing security protection network devices, including one or more firewall, network address translation protocol, or proxy servers, comprising: employing a distributed communication architecture, the architecture including:
(a) at least one tunnel registration and look up service module supporting dynamic registration and access of communication data including one or more of the following types of information: (i) logical name; (ii) unique identifier; (iii) communication address; (iv) port; or (v) a service capability link pointing to a data type descriptor describing one or more of the following types of data: direct or indirect tunneling; security information; tunnel protocol type; or address mapping information for distributed application modules;
(b) at least one tunnel service software module that is independent from the existing security protection network devices to relay communication data for a local application module to an external network; (c) at least one tunnel session that is independent from the security network protection devices and can be dynamically configured to receive messages from and send messages to different ones of the application modules and a tunnel module co-located with a session control module; and (d) at least one tunnel message switching service supporting indirect tunneling specified in capability descriptors of tunnel sessions established between two or more remote tunnel services behind private networks; wherein employing the distributed communication architecture results in multiple application tunnel networks over multiple private networks that have the following properties:
(a) without requiring design or configuration changes of the existing security protection network devices, the tunnel networks only require that one or more of the private networks allow for outgoing web access to one or more commonly accessible and secure web servers using a most common HTTP protocol;
(b) the tunnel networks allow dynamic selection of additional tunneling methods based on allowable inbound and outbound filtering policies of the private networks; and
(c) the tunnel networks only feed application communication module IP address, port number, and application data to tunnel service servers, thereby rendering a tunneling operation of an application independent and protected from administration of existing private networks.
2. The method of claim 1 wherein: the communication data further comprises at least one of a firewall restrictions, a tunnel protocol, or port mapping information obtained by a discovery module which observes the firewall restriction, interacts with an external UDP brokerage service (UBS) to allocate a port in a Network Address Translator (NAT) by sending a message to the UBS through the
NAT, discovers the port mapping from the NAT through UPnP protocol and register the mapping to Look-up service; a registration service in a public network accepts registration requests from at least one tunneling service in a private/secured network, which is connected to the public network via a firewall or network address translating device, the registration service authenticating the registering
17 tunneling service, using certificates for processing the registration requests, and issuing registration responses to the requests; a lookup service accepts lookup requests from at least one tunneling service in the private/secured network, and sends lookup results in response to the requests.
3. The method of claim 1 further comprising authenticating the communication request at a lookup service independently from private and secure network devices for at least two tunnel services to establish a secure tunnel session so that multiple communication peers can use one or more secure tunnel sessions to exchange messages through an external tunnel switching service or directly send messages to one or more ports specified in a look-up service to achieve secure tunneling of application data with dynamic selection of a tunnel switching service for indirect communication, or without tunnel switching services for direct communication to the tunnel service independent from the existing network devices.
4. The method of claim 3 wherein the communication request includes a certificate indicative of a network peer to allow a tunnel switching server to authenticate a message sent from a sender independently from any existing private security network devices.
5. The method of claim 4 wherein authenticating the communication request includes providing a tunnel identifier to the second network peer in response to a certificate, wherein the tunnel identifier is used by the tunnel switching service to associate with a message queue and communication data specified in look-up services.
6. The method of claim 5 wherein the architecture further includes a tunnel module requesting an external tunnel switching server to create a message queue with associated session ID and certificate for one of the network peers to allows for another of the network peers to authenticate and
18 send messages through the tunnel module to the message queue in an external tunnel switching service server in a dynamic fashion.
7. The method of claim 6 further comprising adding the communication request to the message queue.
8. The method of claim 7 wherein the message queue is a proxy queue that is created by the tunnel switching service for one remote tunnel service to receive message from another remote tunnel service asynchronously.
9. The method of claim 7 wherein creating the message queue includes creating the message queue at a server remotely located from the tost one of the network peers.
10. The method of claim 7 wherein creating the message queue includes creating the message queue in a tunnel switching service based on data specified in the lookup service, the tunnel services send and receive messages to and from message queues through the tunnel switching service using HTTP, SOAP or a proprietary message protocol based on a local private network security policy and firewall restrictions, and size of the messages can be reduced to support real-time traffic or increased to support large batched traffic.
11. The method of claim 7 further comprising tracking the location of the message queue at the lookup service so that tunnel services can use more than one message queues to receive messages to support high performance and reliability.
12.-13. (cancelled)
19 14. The method of claim 2, further comprising dynamically registering and selecting a tunnel protocol in a network.-including: employing a tunneling service in a private/secured network to accept data from at least one application in its local network, and forward data accepted from local applications to a tunnel switching service in an external public network through a firewall or network address translating router that connects the external public network and the private/secured network, wherein a tunneling service in the private/secured network accepts data from the tunnel switching service in a public network via a local firewall or network address translating router, forwards the data to at least one application in its local network, and, based on content specified in the look-up service, allows two or more of the following alternatives to be selected dynamically:
(a) using HTTP to get a message from the tunnel switching server;
(b) receiving data directly from the UDP ports that is used to sent out UDP set up packet through interaction with UBS;
(c) using TCP to send and receive data;
(d) using UDP for sending and HTTP for receiving messages from a message queue in a tunnel switch;
(e) using encryption for IP address and port;
(f) using encryption for data;
(g) using new communication protocols as supported by private networks on an individual basis; or (h) combinations of the above as supported by private networks on an individual basis.
15. (cancelled)
16. A lookup service in a network comprising: a first tunnel service module that acquires communication data of an associated network peer that is connected to a first network, wherein the
20 first tunnel service module facilitates communication between the network peer and an internetwork; a registration table that stores the communication data and that is accessible via the internetwork; and a second tunnel service module that sends a communication request to the registration table, acquires the communication data from the registration table, and sends a communication attempt to the first tunnel based on the communication data, wherein said look-up service does not limit a number of entries for each communication session between two tunnel services, thereby allowing applications to group multiple message queues to create parallel communication channels between a pair of tunnel services.
17. The lookup service according to claim 16 further comprising a discovery module that acquires the communication data at least one of during start up of the tunnel service or based on predetermined conditions resulting in or resulting from a change of the communication data.
18. The lookup service according to claim 16 further comprising a registration module that registers the communication data with the registration table.
19. The lookup service according to claim 16 wherein the communication data includes at least one of a logic name, a unique identifier, a communication address, a port, a communication protocol, and service capabilities.
20. The lookup service according to claim 16 wherein the communication request includes a certificate indicative of the second tunnel module.
21 21. The lookup service according to claim 20 wherein the registration table sends a tunnel identifier to the second tunnel in response to the certificate.
22. The lookup service according to claim 21 wherein the communication attempts includes the tunnel identifier.
23. The lookup service according to claim 22 wherein the first tunnel verifies the tunnel identifier with the registration table and accepts the communication attempt.
24. The lookup service according to claim 16 wherein the first and second tunnels include a cache to store communication data to support fast access needed for dynamic selection of direct and indirect tunneling with different protocols.
25. The lookup service according to claim 24 wherein the cache stores the communication data.
26. The lookup service according to claim 25 wherein the cache retrieves the communication data from the registration table.
27. The lookup service according to claim 16 further comprising a message queue.
28.-36. (cancelled)
37. A method for establishing communications between applications in different secured or private networks comprising: employing an application independent (web-based) tunneling service in each of the private networks, which are connected to a public network through firewall or network address translating routers;
22 employing a tunnel registration and lookup service in the public network; and employing a tunnel switching service in the public network.
38. The method of claim 37, further comprising tunneling different application data from a first private/secured network to at least one second private/secured network.
39. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a tunneling service in a private/secured network accepting data from at least one application in its local network.
40. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a tunneling service in the first private/secured network forwarding data accepted from local applications to the tunnel switching service in the external public network through a firewall or network address translating router that connects the external public network and the private/secured network.
41. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a first tunneling service in the first private/secured network forwarding data accepted from local applications to at least one second tunneling service in the second private/secured network via a first local firewall/network address translating router, the tunnel switching service in the public network to which the first local router is connected, and a second firewall/network address translating router that connects the public network to the at least one second private/secured network.
23 42. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a first tunneling service in the first private/secured network forwarding data accepted from local applications to at least one second tunneling service in the second private/secured network via its local firewall/network address translating router, the public network to which the local router is connected, and a firewall/network address translating router that connects the public network to the second private/secured network.
43. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a tunneling service in the second private/secured network accepting data from the tunnel switching service in the public network via a local firewall or network address translating router.
44. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a first tunneling service in the first private/secured network accepting data from a second tunneling service in the at least one second private/secured network via a firewall/network address translating router of the at least one second private/secured network, the tunnel switching service in the public network, and a firewall/network address translating router of the first private/secured network.
45. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a first tunneling service in the first private/secured network accepting data from at least one second tunneling service in the at least one second private/secured network, via a firewall/network address translating router of the at least one second private/secured network, the public network connecting the private networks,
24 and a firewall/network address translating router of the first private/secured network.
46. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a tunneling service in the at least one second private/secured network forwarding data that is accepted from the tunneling switching service in the public network to at least one application in its local network.
47. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a first tunneling service in the first private/secured network forwarding to at least one application in its local network data that is accepted from a second tunneling service in the at least one second private/secured network, via a firewall/network address translating router of the at least one second private/secured network, the tunnel switching service in the public network, and a firewall/network address translating router of the first private/secured network.
48. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a first tunneling service in a first private/secured network forwarding to at least one application in its local network data that is accepted from a second tunneling service in the at least one second private/secured network, via a firewall/network address translating router of the at least one second private/secured network, and the firewall/network address translating router of the first private/secured network.
49. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a technique wherein at least one
25 tunnel service in one of the private/secured networks, registers itself to a registration service in a public network, which is connected to the private/secured network by a firewall/network address translating device/router.
50. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a technique wherein at least one tunnel service in one of the private/secured networks registers at least one tunnel to a registration service in the public network, which is connected to the private/secured network by a firewall/network address translating device/router.
51. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a technique wherein a first tunnel service in the first private/secured network accesses a registration service, which is connected to the first private/secured network by a firewall/network address translating device/router and the at least one second private/secured network by a firewall/network address translating device/router, to look up for a second tunnel service in the at least one second private/secured network.
52. The method of claim 38, wherein tunneling different application data from the first private/secured network to the at least one second private/secured network includes employing a technique wherein a first tunnel service in the first private/secured network accesses a registration service, which is connected to the first private/secured network by a firewall/network address translating device/router and at least one second private/secured network by a firewall/network address translating device/router, to look up for a tunnel provided by a second tunnel service in the second private/secured network.
26 53. The method of claim 37, further comprising employing a technique to switch tunnels between different private/secured networks.
54. The method of claim 53, wherein employing the technique to switch tunnels between different private/secured networks includes employing a lookup table in the tunnel switching service in the public network that maps at least one tunnel from at least one tunneling service in at least one private/secured network, which is connected to the public network via a firewall/network address translating device/router.
55. The method of claim 53, wherein employing the technique to switch tunnels between different private/secured networks includes employing the tunnel switching service that accepts data from at least one tunnel service in at least one of the private/secured networks, which is connected to the public network via a firewall/network address translating device/router.
56. The method of claim 53, wherein employing the technique to switch tunnels between different private/secured networks includes employing the tunnel switching service that looks up in a lookup table for a destination tunnel service for data accepted from at least one tunnel service in at least one of the private/secured networks, which is connected to the public network via a firewall/network address translating device/router.
57. The method of claim 56, wherein employing the technique to switch tunnels between different private/secured networks includes employing a tunnel switching service that forwards data accepted from at least one first tunnel service in at least one first private/secured network, which is connected to the public network via a firewall/network address translating device/router, to at least one second tunnel service in at least one second private/secured network, which is connected to the public network via a firewall/network address translating device/router, according to the results of lookup
27
PCT/US2004/021136 2003-07-08 2004-06-30 Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules WO2005008368A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/614,909 2003-07-08
US10/614,909 US7237260B2 (en) 2003-07-08 2003-07-08 Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules

Publications (3)

Publication Number Publication Date
WO2005008368A2 WO2005008368A2 (en) 2005-01-27
WO2005008368A3 WO2005008368A3 (en) 2005-12-01
WO2005008368B1 true WO2005008368B1 (en) 2006-02-23

Family

ID=33564448

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/021136 WO2005008368A2 (en) 2003-07-08 2004-06-30 Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules

Country Status (2)

Country Link
US (1) US7237260B2 (en)
WO (1) WO2005008368A2 (en)

Families Citing this family (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6928463B1 (en) * 2001-07-06 2005-08-09 Nortel Networks Limited Broadband content delivery via personal content tunnel
KR100830940B1 (en) * 2002-07-10 2008-05-20 엘지전자 주식회사 Remote control system of home network using UFNP
US7478427B2 (en) * 2003-05-05 2009-01-13 Alcatel-Lucent Usa Inc. Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs)
JP4069388B2 (en) * 2003-09-16 2008-04-02 ソニー株式会社 Server device and content server device
KR100940813B1 (en) * 2003-10-11 2010-02-05 엘지전자 주식회사 UPnP AV device interworking method of UPnP based network system
US7716338B1 (en) * 2003-10-24 2010-05-11 Avaya, Inc. Rehoming via tunnel switching
KR20050090263A (en) * 2004-03-08 2005-09-13 삼성전자주식회사 Method for communicate with server having flexible address
JP4465353B2 (en) * 2004-06-07 2010-05-19 日本電信電話株式会社 Home network setting method, home gateway device, home gateway program, recording medium
US8261341B2 (en) * 2005-01-27 2012-09-04 Nokia Corporation UPnP VPN gateway configuration service
JP4672405B2 (en) * 2005-03-17 2011-04-20 パナソニック株式会社 Communication system, information processing system, connection server, processing server, information processing apparatus, and information processing method
US8205013B2 (en) * 2005-05-02 2012-06-19 Samsung Electronics Co., Ltd. Method and system for aggregating the control of middleware control points
JP4421517B2 (en) * 2005-06-07 2010-02-24 株式会社東芝 Information processing server, remote operation system, and remote operation method
US7983254B2 (en) * 2005-07-20 2011-07-19 Verizon Business Global Llc Method and system for securing real-time media streams in support of interdomain traversal
US20070022289A1 (en) * 2005-07-20 2007-01-25 Mci, Inc. Method and system for providing secure credential storage to support interdomain traversal
US8566298B1 (en) * 2005-07-28 2013-10-22 Symantec Operating Corporation Method and apparatus for sharing resource locks amongst applications
US20070074283A1 (en) * 2005-09-26 2007-03-29 Marian Croak Method and apparatus for activating alternative virtual private network protocols
JP4585479B2 (en) * 2006-03-30 2010-11-24 株式会社東芝 Server apparatus and video distribution method
US8605730B2 (en) * 2006-04-13 2013-12-10 Directpacket Research, Inc. System and method for multimedia communication across disparate networks
US8122492B2 (en) * 2006-04-21 2012-02-21 Microsoft Corporation Integration of social network information and network firewalls
US20070254634A1 (en) * 2006-04-27 2007-11-01 Jose Costa-Requena Configuring a local network device using a wireless provider network
US8079073B2 (en) * 2006-05-05 2011-12-13 Microsoft Corporation Distributed firewall implementation and control
US8176157B2 (en) * 2006-05-18 2012-05-08 Microsoft Corporation Exceptions grouping
US7954143B2 (en) * 2006-11-13 2011-05-31 At&T Intellectual Property I, Lp Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
US7836150B2 (en) * 2006-12-30 2010-11-16 Arcsoft (Shanghai) Technology Company, Ltd Point-to-point communication using UPnP protocol
US20080244723A1 (en) * 2007-03-27 2008-10-02 Microsoft Corporation Firewall Restriction Using Manifest
US20090129301A1 (en) * 2007-11-15 2009-05-21 Nokia Corporation And Recordation Configuring a user device to remotely access a private network
TWI441493B (en) * 2007-11-27 2014-06-11 Ind Tech Res Inst System and method for connection of hosts behind nats
US8171541B2 (en) * 2007-12-18 2012-05-01 Nokia Corporation Enabling provider network inter-working with mobile access
US8407346B2 (en) * 2008-11-14 2013-03-26 Microsoft Corporation Service facade design and implementation
WO2010054471A1 (en) 2008-11-17 2010-05-20 Sierra Wireless, Inc. Method and apparatus for network port and network address translation
US8228848B2 (en) * 2008-11-17 2012-07-24 Sierra Wireless, Inc. Method and apparatus for facilitating push communication across a network boundary
US8924486B2 (en) * 2009-02-12 2014-12-30 Sierra Wireless, Inc. Method and system for aggregating communications
KR101423743B1 (en) * 2010-10-29 2014-08-01 한국전자통신연구원 Method for supporting network-based mobility in virtual network environment that can be direct communication based on virtual IP
US8649275B2 (en) * 2011-01-19 2014-02-11 Ixia Fast SSL testing using precalculated cryptographyc data
WO2012106820A1 (en) 2011-02-08 2012-08-16 Sierra Wireless, Inc. Method and system for forwarding data between network devices
US8549579B2 (en) 2011-07-06 2013-10-01 International Business Machines Corporation Dynamic data-protection policies within a request-reply message queuing environment
US10044841B2 (en) 2011-11-11 2018-08-07 Pismo Labs Technology Limited Methods and systems for creating protocol header for embedded layer two packets
US9369550B2 (en) * 2011-11-11 2016-06-14 Pismo Labs Technology Limited Protocol for layer two multiple network links tunnelling
US8635448B2 (en) * 2011-12-06 2014-01-21 Cisco Technology, Inc. Secure prefix authorization with untrusted mapping services
US9825759B2 (en) * 2013-07-08 2017-11-21 Alcatel Lucent Secure service management in a communication network
GB2532227B (en) * 2014-11-12 2021-10-27 Arm Ip Ltd Methods of communication between a remote resource and a data processing device
US9608959B2 (en) * 2015-03-23 2017-03-28 Quest Software Inc. Non RFC-compliant protocol classification based on real use
US10187446B2 (en) 2015-03-23 2019-01-22 Sonicwall Inc. Firewall multi-level security dynamic host-based sandbox generation for embedded URL links
US9485231B1 (en) 2015-05-26 2016-11-01 Dell Software Inc. Securing internet of things communications across multiple vendors
US9888011B2 (en) 2015-07-31 2018-02-06 Sonicwall Inc. Social media login and interaction management
US9614917B1 (en) 2016-10-24 2017-04-04 Signiant Inc. System and method of providing secure data transfer
US12238076B2 (en) * 2018-10-02 2025-02-25 Arista Networks, Inc. In-line encryption of network data
US10798183B2 (en) * 2018-12-13 2020-10-06 Sap Se Tunneling protcol and gateway for distributed computing environments
CN113938531B (en) 2021-09-23 2023-10-31 北京车和家信息技术有限公司 Data transmission method, device, equipment and medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182141B1 (en) * 1996-12-20 2001-01-30 Intel Corporation Transparent proxy server
US5805803A (en) * 1997-05-13 1998-09-08 Digital Equipment Corporation Secure web tunnel
US6055236A (en) * 1998-03-05 2000-04-25 3Com Corporation Method and system for locating network services with distributed network address translation
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
US6963982B1 (en) * 1999-10-28 2005-11-08 Lucent Technologies Inc. Method and apparatus for application-independent end-to-end security in shared-link access networks
US6993037B2 (en) * 2001-03-21 2006-01-31 International Business Machines Corporation System and method for virtual private network network address translation propagation over nested connections with coincident local endpoints
US6992037B2 (en) * 2001-09-17 2006-01-31 Engelhard Corporation Precious metal catalyst for debenzylation
US7480737B2 (en) * 2002-10-25 2009-01-20 International Business Machines Corporation Technique for addressing a cluster of network servers

Similar Documents

Publication Publication Date Title
WO2005008368B1 (en) Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules
US7237260B2 (en) Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules
US12107827B2 (en) Unified network service that connects multiple disparate private networks and end user client devices operating on separate networks
US7693056B2 (en) Method and system for a communication node with a plurality of network interfaces
US8868757B1 (en) Two-way web service router gateway
US7366894B1 (en) Method and apparatus for dynamically securing voice and other delay-sensitive network traffic
EP2547047A1 (en) Centralized system for routing ethernet packets over an internet protocol network
US20050238034A1 (en) System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client
US20070233844A1 (en) Relay device and communication system
US7283534B1 (en) Network with virtual “Virtual Private Network” server
WO2011032450A1 (en) Implement method and system for networks interworking
CN117439815B (en) Intranet penetration system and method based on reverse transparent bridging
EP1694034B1 (en) Method to establish a peer-to-peer connection between two user agents located behind symmetric NATs
US9154571B2 (en) Publish/subscribe networks
US9088542B2 (en) Firewall traversal driven by proximity
Albuquerque et al. Global information grid (GIG) edge network interface architecture
WO2007053029A1 (en) A system and method for establishing a connection between a client in a first network and a web service server in another network
KR100660123B1 (en) Vpn server system and vpn terminal for a nat traversal
Liu et al. Target: Two-way web service router gateway
Bellovin Security concerns for IPng
Yang et al. Building a secure and reliable network via multi-homed vpn
Rahman et al. CoRE Working Group A. Castellani Internet-Draft University of Padova Intended status: Informational S. Loreto Expires: January 12, 2012 Ericsson
Peters Analysis of NAT approaches and explicit signaling for NAT traversal
Valverde IPv6 Multihoming Using Map-n-Route
Bonaventure MPTCP Working Group B. Peirens Internet-Draft Proximus Intended status: Informational G. Detal Expires: January 6, 2017 S. Barre