Slashdot Mirror
Cisco Patents NAT RFC?
rageout noted that
Cisco seems to have filed
patent US5793763, which looks remarkably like
RFC 1631 (the RFC that defines NAT).
This came from this story on freebsddiary.
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
I was at slashdot the other day and they were talking about a patent on clicking on things to buy stuff online! Slashdot's patentening online shopping! Those bastards!
</sarcasm>
Mike
"I would kill everyone in this room for a drop of sweet beer."
Or will this be ignored because the boycott would actually inconvenience you?
Well... it's prior art unless Cisco wrote the RFC, which I believe they did.
I'm sorry, I have to give you credit. I've "borrowed" your post and taken it elsewhere. It's so Beautiful. http://forumsa.nytimes.com/webin/WebX?14@150.I5sTa mR5aIz^446514@.f0d28a2/86152
no no no.
NAT translates internal address into one external address just like masquerading does. (trust me. i'm using it now).
I didn't know Al Gore wrote RFC's
Cisco, not IBM.
Users should read the related material before posting...
--
"It's tough to be bilingual when you get hit in the head."
I'm not terribly familiar with other implementations so I won't speak of those; but in the case of Linux, you're wrong. The NAT that linux 2.2+ does behaves as stated. See the iproute2 IP Command Reference (the link is to the NAT section).
Bill - aka taniwha
--
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
I have seen licencing agreements where the royalties are a percentage of the unit cost. In the case an opensource project, whatever percentage of zero they claim the amount is always $0.
I suppose that would be the case if they were patenting NAT, but they are just patenting a security measure for NAT..... heh read the patent not just what /. posts
Jeremy
That's one way of saying something. I'd like to calmly suggest to Taco (And any other authors who post these stories) that you my want to contact the companies involved before posting these things, to get somewhat of a balanced view, and also give the companies a fighting chance to defend themselves. I'd be willing to bet that any "scoop" time you lose (and really who would /. lose it to?) you would make up for in added discussion.
My reccomendation, try to make a freind or two in either the PR or Marketing (yes, I'm serious) departments, as well as maintain a list of engineers or other geeks you could contact for comment on short notice. If you can't get any information out of them, let them know you're running a story and will state that they have no comment@this time. My bet is you'll either get a response PDQ or you'll have people from the companies actually posting rebuttals/comments back to your users.
Just a small suggestion. For the AC above, it's funny that you verbally rape Taco for posting something inflammatory.
as the verifiable AC that i am, i state unequivalableable that i was using NAT two years prior to the time i knew what NAT was. !
Okay.
I read the patent application. I read the posted comments. I noted that this has been in effect for TWO YEARS NOW without a worry. And I spend 10 hours a day, 5 days a week inside a Cisco router.
The only thing that this patent is doing is allowing Static NAT with NAT pools OR one-to-many NAT a la masquerading to be used without compromising the effectiveness of a firewall; most likely in this case Cisco's Access List filters. What they're doing is patenting a method of applying filters based on internal network addresses from external hosts and not blowing A) System Integrity or B) Efficiency out of the water. And what it does it does very very well. The basic/standard Linux firewall and routing routines currently released - no, I'm not talking about the 2.4.0-test series - can only just barely keep up with what a Cisco 2500 with 4 megs of ram can do with a pair of T-1s and a large network behind it.
Believe me. If we haven't seen it yet, we're not going to. That's because they're NOT PATENTING NAT.
You thought that this sig was what you think that I thought you wanted me to think. I think.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
The first paragraph of the Introduction section in RFC 1631 is:
if you look up the reference [2] at the bottom of the RFC, you will see:
note that this RFC (1631) references RFC 1519 (Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy) which includes personnel from Cisco Systems, Inc. (Tony Li). RFC 1519 was written in 1993.
further note that RFC 1519 itself references RFC 1518 whose authors are from IBM and from Cisco.
Cisco obviously has prior work in this area well before RFC 1631. Cisco employee Tony Li contributed to the two RFCs on which RFC 1631 are based.
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
Unless Cisco (or Microsoft) patents IPv6 or at least one important aspect of it (like method of constructing datagrams from optional headers).
IIRC patent issues are already causing problems with the adoption of IPv6.
Actually, link-local IP addresses can be used for a variety of purposes. For example, say we're in a wireless environment where we wish to configure a device using DHCP. In such an environment, we may not have the ability to broadcast messages to the wireless device (due to limitations at layer 2). So it becomes necessary to provide a valid temporary layer 3 address before requesting configuration parameters from the network.
Stefan.
It takes a lot of brains to enjoy satire, humor and wit-
The truth shall make you fret. (Ankh-Morpork tImes motto)
Uhm, no, technically you can't, and to be fair the original XOR-cursor patent was for blinking-block-cursors so that the letter under them would always be the inverse of the current cursor color. But, algorithms and mathematical formulas and scientific laws are 'natural' and are 'discovered' not 'invented' so you can't patent them. Technically. ... or something.
But you can patent a device consisting of any computer running any software that -implements- the algorithm... d'oh.
Also you "can't" patent an idea that is 'obvious to someone versed in the art' according to the laws, but the patent office seems to interpret this as 'if it isn't obvious to -everyone- who has ever used a computer that in must be non-obvious to -someone- so it's patentable'
So, yes, in the end, you might as well be able to patent obvious algorithms, given the current interpretations, since the 'protections' are worked around with technicalities. But technically you can't. So you just have to say it differently. D'oh.
Anyway, the person you were replying to knows all this, s/he was being ironic.
--Parity
--Parity
'Card carrying' member of the EFF.
What this patent is really about is Cisco's NAT pool technology. Basically it gives the external side of the firewall several external IP addresses rather then just one as seen with most firewalls today. I know that Cisco uses this technology with their PIX Firewall boxes. But I don't know if they use this with any of their other firewalls. -Sean
Have you patented your Hot Grits today?
This patent actually looks more like a NAT/DHCP hybrid rather than a rip of NAT.
However, it irks me that something like this can even be patented at all. This is a fairly simple concept that I am sure many a network tech have considered at one point or another. Its implementation would be fairly simple in a Linux box with a couple of NICs.
It really makes me feel that patents are starting to cause more conflicts than they solve. The patent system either needs some reform, or to be dissolved and replaced by something that fits the times.
What you also meant to say was that these extra IPs (because of a 'shortage') cost lots of money to obtain from an ISP. Which is why NAT saves you vast sums of money.
Actually most companies I know of don't use NAT at all, just proxies.
Fsck cluebie moderators. I'll say what I want, offtopic or not. And fsck having to qualify every bloody statement just
IBM hold many, many, MANY patents. Keep in mind they they have been real innovators in the field of computers, so don't judge them too harshly. While this is obviously a bogus patent and we don't know how many more have made it through, IBM is a large, productive company where things like this might slip through the cracks. I have faith that IBM will drop this patent if it's brought to their attention that it is bogus. Just let them know, and I'm sure they'll be nice :)
:)
I'm off now to write them a polite email
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
This seems add security on top of the RFC and mentions it. The detail description though sounds a lot like the 'IPTABLES' feature in the upcoming Linux 2.4 kernel. I really hope there is enough of a difference that it doesn't cause a conflict because i have really been looking forward to using the IPTABLES it is a huge improvement over the current ipchains setup. On a positive side I havent heard anything from Cisco about trying to enforce this patent yet...
Possibly because the luser that submitted the story saw ibm in the URL (something like www.patents.ibm.com) and made an ASS out of U and ME.
Eric
Erm... what makes you think they are competent to recognize real geeks? I know of a technically unsophisticated organization that hires "technical experts" that just turn out to be more bureaucrats.
Once again, we run into that old problem: you can't manage what you don't understand. If the subject matter is difficult enough to understand, a naive manager won't be able to tell which "experts" are real and which are totally off base. In the experiences I'm familiar with, credentials don't seem to help much -- in either the high level strategic decisions or the lower level technical ones.
Maybe I'm a pessimist, but I don't expect the problems at the PTO to be solved without a near-total replacement of their structure.
Geeky modern art T-shirts
This should really say "Granted a patent". If you bother to read the web page, it says under Legal Status: "Aug. 11, 1998 - A - Patent". This means that the patent was granted and the invention was published on Aug. 11, 1998. It was filed in November of 1995.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
So basically, all you have to do to avoid legal action is say "oh... that's not a device I'm using. It's an algorithm!"
fine... that's a patent I can live with.
So tell it to the USPTO :-)
For the IETF, IPR handling is outlined quite clearly in RFC 2026, section 10.
In short, patents are allowed, as long as they are licensed on non-discriminitory terms. Most standards bodies have similar stipulations.
If they wrote and published the RFC before applying for the patent, they effectively released it into public domain.
Can you provide any documentation for this claim? I'm assuming from your comment that there is some contract somplace that must be signed before releasing an RFC, and that contract specifies that RFC's are in the "public domain" (whatever that means).
Clearly, there are some copyright issues involved with the release of an RFC -- I'm assuming that since RFC's get copied so freely, there is some type of license that allows copying under certain circumstances. But I am intrigued by the idea that in addition to copyright issues, there is some type of patent issue involved.
Like I say, please provide some references to this "public domain" idea. Thanks.
Slashdot is jumping the shark. I'm just driving the boat.
Next they will try to patent Internet SCSI. http://www.ece.cmu.edu/~ips/ Just watch...
Down with GNU. Long live the ENL.
FreeBSD's ipfw/natd does as well. It was merged into the tree around 2.1.x. Sorry but netfilter isn't BSD, you couldn't have been farther off there. It's being worked on but won't make it into 2.4.x for a while yet. Netfilter is going to blow away the crappy masq/ipchains but it'll still fall short of ipfw/natd and ipf/ipnat.
No, i believe the reason people use the IPs set aside for private networks is b/c they are running a private network. I'm sure a company does not want all of thier computers to be acessible to the entire internet. Those ranges were set aside just for that purpose, and so that a company with 10,000 computers would not suck 10,000 real ips out of the pool. It also adds a layer of security, since packets with such internal IP numbers are not routed to the internet.
It's about time that the patent office hires a group of geeks to consult with whenever there's a pending technology patent. If we're going to have people running the patent office who know nothing about existing technology, this problem is only going to get worse.
IIRC patent issues are already causing problems with the adoption of IPv6.
I didn't know that, but I expected something like this - it is a logical consequence of current approach to patent law in the US. The problem is: how far will it get?
"Applicant: Cisco Technology Systems."
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
And then give the proceeds to OSS projects. Man, the BS is getting thick in this business.
You try to make a joke and you get moderated as offtopic. Sheesh!
I know, I know, this is offtopic too. Screw it.
EMUSE.NET
"We're sorry, but the website you're trying to reach has been disconnected."
Yes, -do- read the actual patent; in particular, claim 1. Translated,
'A method wherein: if someone on the intranet sends out a packet, we translate their address to one that the internet accepts, and remember who they are. If a packet comes back for that exact translated address, and we haven't timed out the connection yet, then pass it through to the appropriate intranet host.'
If that isn't a patent on 'NAT implemented as device consisting of software on a computer' I don't know what is.
Please remember that each -claim- stands on its own as separate invention, put together in one patent for convenience and relatedness, but Cisco is claiming claim 1 all by itself as an invention regardless of other complexities in the claims.
Real text for reference, but it's more readable on the database page:
1. A method for translating network addresses on packets destined for local hosts on a private network from hosts on an external network, the method comprising the following steps:
identifying a global IP destination address on an inbound packet arriving at the private network;
determining whether the global IP destination address corresponds to any local host on the private network by determining if a translation slot data structure exists for the global IP destination address, which translation slot associates the global IP destination address to a corresponding local IP address for a particular local host which has sent an outbound packet to an external network host on the external network within a defined time period;
if the inbound packet is found to be intended for the particular local host on the private network which has sent the outbound packet to the external network host within said defined time period, determining whether the inbound packet meets defined security criteria;
if the inbound packet meets said security criteria, replacing the inbound packet's global IP destination address with the corresponding local IP address for the particular local host to which the inbound packet was addressed; and
forwarding the inbound packet to the particular local host to which the inbound packet was addressed.
--Parity
--Parity
'Card carrying' member of the EFF.
The original posting by Cmdr Taco said IBM. He changed it to CISCO later.
EMUSE.NET
"We're sorry, but the website you're trying to reach has been disconnected."
You should check out the slashdot FAQ (Tech section) if you wonder about the hardware slashdot is running on...
(5 load balanced Web servers dedicated to pages
3 load balanced Web servers dedicated to images
1 SQL server
1 NFS Server)
--
Ner lbh sebz gur HFN? Gura lbh'ir whfg ivbyngrq gur QZPN!
Actually the patent referenced by that link is for a Cisco patent, not IBM. The IBM patenets seems todeal with classified information sent via email or something similar. That said, the RFC itself dates to 1994, the patent's inital date is Nov 1995. Looks like prior art to me if they push this one.
this space for rent
Pay up. I noticed the change at 1132 AM EDT. Send money order to ... dont_mail@me.com!
Eric
The patent even specifies RFC 1631 in its references section, so anything in RFC 1631 would obviously be prior art... so it seems rather unclear what exactly the patent is about.
With prior art as easy as that and seen by millions this should be a snap.
Respond to s
I see no reason to involve the Office of the Vice President of the United States.
Just found this one out yesterday.
If you've got a Windows 2000 machine running DHCP and it can't find a DHCP server, it just makes up a number, and then pings to see if anyone else is using it. It's an interesting idea for people who just bought a use-at-home hub without a server or any networking knowledge.
The wierd thing is that instead of using a 10. or 192.168. address from RFC 1918, they actually bought a class B subnet at 169.254. aren't using it on the internet(try tracerouting to an address), and assign a random number from that subnet when you don't get a response from a DCHP server.
Why? I don't get it? Any conspiracy theories?
Trolls throughout history:
Jonathan Swift
Have any of you gone and read the patent? What is says is that they translate outgoing request to a group (pool) of addresses, instead of coming from just one, which is typical for NAT under linux. Would this be useful? Off hand I can think of one: Persistent connections. When you are behind a firewall/NAT and go to a site that is using Linux Virtual Server (LVS) or similar products, all connnections coming from that sight will get mapped to the same real server, possibly under the same session (Cookies are generally issued to maintain session identity). This loads a single server with a site of users. By NAT/routing via a unique IP address, connections would most likely be routed to another real server.
Come on and now Ciscos moving in on the Nate action.
I think we should ask Nate to GPL himeself
Stop microsoft from slurping him up.
Theres one problem with reflecting your reality, sometimes your reality starts to reflect you.
It seems that they're too busy "empowering the internet generation" to see that other companies have already used NAT (I'm using it right now on my Linksys 4-port DSL router). I'm sure not going to pay the Cisco router tariff unless they manage to string OC3 to my doorstep.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
I just read this story about 5 minutes ago and
could swear it said IBM not Cisco. Now the link
goes to IBM's site, but the story and title say
cisco? Anyone else see this or am I loosing it?
(My officemate saw it too! Yippie)
"as plurdled gabbleblotchits on a lurgid bee" - Prostetnic Vogon Jeltz. (One man's humorous is another mans flamebait)
uh oh, we better switch over to IPv6 before cisco starts enforcing the patent! :)
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
NAT devices just have to use different NAT security devices or license the patented security device. Unless there's only one way to perform the "security check" (ie, TCP sequence number or port number), in which case it's obvious to any expert and not patentable.
NAT devices just have to use different NAT security devices or license the patented security device. Unless there's only one way to perform the "security check" (ie, TCP sequence number or port number), in which case it's obvious to any expert and not patentable. IANAL, but this should FAIL PATENT requirements because it is obvious/logical, let alone the prior NAT process itself. (and NAT and proxies are prior art? hmm. art). The process of not allowing something through that doesn't have a 'slot' or originating IP address is OBVIOUS/LOGICAL. Reasoning?: if using NAT, unless you have the originating host ip address information, the device performing the NAT CANNOT determine where to forward the packet, ie, what address to put in the header. This is pure obvious logic for NAT in general. In the case of FTP, you have to proxy if you want it to work corrrectly in instances where the 'called' device is opening a port to the originating caller. This needs something like a proxy.. little lighter in 'obvious', but should be to anyone with a grain of salt. My first thought was they were back-door trying to patent H.323 for telephony... but that doesn't work, since the packets have to be scanned to determine the ports required to connect between inside/outside hosts, since ports and address can't only be determined from the header. (BTW, make note: i'm patenting process of proxying h.323 scanning disassembling / reassembling and addressing packet contents with appropriate addresses. If not already patented, it's MINE, and free to the world. Then again, if one simply knows the contents/requirements of H.323, it's obvious. the cicso NAT patent is a LOT more obvious than that.
This sounds like NAT + firewall even in claim #1.
Hal Duston
hald@sound.net
Extremely anal moderators on the loose.
:P
At least when I mod, I try to do a good job at it
What I don't understand is that Cisco have
patented something they didn't necessarily design.
The real credit surely should go to the original proposers of the idea (Cray communications?). The release date of the RFC preceeds that of the Cisco patent, so how come this was awarded, considering that it is based on a technology that is already widely implemented, and proof exists that the idea was publicly filed prior to Cisco's claims. Somebody please clarify this?
If this is true, then why wasn't Fraunhofer smacked down on their MP3 patent? As I recall, it was originally submitted as an ISO standard. Several free players and encoders (Blade, 8hz, and more...) based their work on the ISO source.
The point wasn't who'se site it was, the point /. front page.
was how the story changed on
"as plurdled gabbleblotchits on a lurgid bee" - Prostetnic Vogon Jeltz. (One man's humorous is another mans flamebait)
Never mind!! Stupid me, I mis-read the post. Duh.
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Umm... no! There are MANY other uses for NAT. For instance, I have a DSL account with Verizon (they suck, but are my only option). I can either A) pay lots of cash for multiple accounts and addresses, as the account specifically states it can only be used for 1 PC, or B) set up my spare Linux box to do IP Masquerading (NAT), which makes all my PC's look like one.
Also, what about load balancing?? Load Balancing devices (HydraWEB, F5 BigIP, Cisco LocalDirector, etc.) rely on NAT to make multiple web servers look like one. I'm pretty sure Slashdot has a load balancing pool... it would be pretty expensive to buy a single webserver that could handle the load Slashdot deals with.
"Evil beware: I'm armed to the teeth and packing a hampster!"
Lex orandi, lex credendi.
Summary: It may be tossed out because of the RFC/standards process. (besides prior art)
From: Darren Reed
To: ipfilter@coombs.anu.edu.au
Subject: Those turds over at (1$(0.
Someone has unfortunately brought to my attention the fact that certain
parts of NAT have been patented by the company which lovingly likes to
think it "runs the internet" (puke, spew, vomit). #5793763 patents a
complete implementation of what is essentially described in RFC 1631.
The patent was filed a whole 8 days prior to the first public release
(beta) of IPFilter with NAT.
If anyone can provide a legal opinion on whether or not that particular
patent would stand up in court, please let me know. That's legal opinions,
not personal opinions (they're dime a dozen). I'd be especially interested
to know of there are other NAT implemtenations which date back to prior to
that patent being filed and how complete they are/were.
And the non-legal reply:
From: Nigel Dyson-Hudson
To: ipfilter@coombs.anu.edu.au
Subject: Re: Those turds over at (1$(0.
folks,
Apparently you can not patent material from working with a standards body.
Dell was smacked down on this in 1996. You might want to look at what is
happening with RAMBUS memory, www.tomshardware.com has a number of
articles, since RAMBUS was a member of JEDC and has patented stuff from
those meetings.
So, if said company was anywhere near the RFC process, they would be trying
to patent stuff from an open standards body.
If it was said on slashdot, it MUST be true!
Linux IP masquerade predates the NAT RFC, and includes behaviour that is definitely the equivalent of stateful filtering, due to its masquerading of FTP and HTTP sessions from one IP number. This is done by using lookup tables based on the TCP sessions port numbers, and special case reverse TCP session mapping for the FTP (I believe this also uses mathing based on port numbers). Check out the 1.1? dvelopment kernels, and some of the 1.2.x ones. This was about 1994/1995. There are also probably patches that predate this.
Then there is also the BSD netfilter which maybe precedes this work.
Please correct me if I am wrong.
You aren't going to get geeks to stay in a patent office job--it takes them away from working in their field, so in a few years they'll be behind the times, just like the present employees. And no matter how good the patent office employees are, there will be questionable points that wind up in court. So what is needed is a technologically literate judge (draft a geek and force him to attend law school???) and a jury pool drawn only from those who can understand complex issues. (Needless to say, modern jury selection works oppositely--first, anyone who can figure out a way to get out of it does, so your in 2-digit IQ's and fluff-heads already. Then the judge by policy tosses out most professionals for fear their superior knowledge will overawe the rest of the jury. Finally, if somehow there still is a juror that looks likely to understand the case, you can bet that one side or the other will throw him out.)
Your absolutly correct. To quote the patent: "Security system for" NAT. The patent applies to the use of NAT as a security measure, not to NAT alone.
Actually, despite the "science-fictioness" of the patent, the gentleman who submitted it appears to know what he is doing.
He even works at Cern on the largest particle accelerator/collider in the world on a project involving crashing electrons and positrons into each other at very high speed and seeing what happens. Cool stuff. Off topic, but cool nonetheless.
Still, the patent itself may be a joke.
Going on means going far
Going on means going far
Going far means returning
The first patent claim alone clearly claims NAT in general, not some specific variant. Even later claims do not seem to stray beyond what is (and was) standard practice: the "adaptive security algorithm" refers to the obvious methods needed to make ping, traceroute, and ftp work.
I was going to post this same bit of tidbit but the AC beat me to it. Man, it's been issued over two years ago, filed four years ago. It's ancient news, already, people.
/. will stop overreacting when "big bad corp." patents something, even when they patent it a long time ago.
If you're yelling at the USPTO regarding lack of previous art, remember that this may precede the actual RFC. Patents aren't filed on the first day of concept, either, so this may be a very ancient item.
Please, moderators, moderate this up! Then maybe
Dragon Magic
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
A careful reading of the patent reveals that it is not NAT itself that is being patented; rather a security add-on algorithm to the existing NAT system that disallows dangerous packets.
What it actually sounds like is a patent on masquerading with a pool of possable outbound addresses rather than a single address.
The difference is that Masq makes an internal network appear as one address to the world; NAT takes internal addresses and translates them to external addresses one for one.
And Cisco aren't patenting NAT, infact they even reference the RFC in their application.
Unless Cisco (or Microsoft) patents IPv6 or at least one important aspect of it (like method of constructing datagrams from optional headers).
(OK, I do know that it's probably impossible to patent the IP protocol, but someone might just try)
Pay close attention to this, people. Someone has to thrash this patent by coughing up the RFC in court. The USPTO is overworked and understaffed. The average patent gets, what? Two, three man-hours of review? It used to be days were spent on a patent. The problem is twofold: 1. The people in there are not experts. 2. The experts don't want to be in there because government pay scales.. suck.. compared to corporate America. (Living near DC ain't too good either. DC taxes suck, and the murder rate is rather unhealthy.) The people in charge of the USPTO should figure out some way for there to be experts. Remember that the guideline for a patent is "something which is not immediately obvious to an expert in the field"? The USPTO thugs ain't agreeing with that anymore.
I used to be someone else. Now I'm someone better.
Real life is underrated.
You certainly can patent (the most absurdly simple) algorithms -- how about using XOR on bitmaps to move a mouse cursor across a screen? Also, just because it's 'obvious to any expert' doesn't mean it's not patentable (one click shopping, anyone?)
My experience in studying Cisco is that they patent just about everything. They try and patent all of their protocols (i.e. EIGRP, PAgP, etc.) I was working on implementing Fast EtherChannel at a startup and we wanted to support Cisco's PAgP (Port Aggregation Protocol). I reverse engineered the protocol, which was surprisingly simple, only to find that Cisco received a patent on it a month prior.
Cisco would patent the IP address if they could. Also, Cisco is great at taking work done by others. It seems that very little "innovation" comes out of Cisco. Cisco must buy all of their innovation and spend all their time porting it to IOS.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
If you're using the non RFC1918 address of 123.123.123.123 and you try to contact the real 123.123.123.123, the packet's going to go to Localhost. In fact, that entire subnet (whatever it may be) will be a black hole to you, as packets are sent to your local network instead of out your default gateway. Nothing Cisco can do will change that.
Unless that's not what you meant.
If you meant that this lets you translate for non RFC1918 addresses, then you can do that with most any NAT implementation I've seen.
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
You FOOLS will all have to pay me now for doing IP over carrier pigeon! I'm also patenting pigeons too. Anyone fucking with my patented invention will be SUED into LITIGATION HELL! Muhahahahah!
I think a lot of these problems could be solved by an outside organization. The way I think it should work is you file your patent. Then it gets reviewed if they find any prior art you get fined $5000 which would go to this outside organization. So companies would have an incentive to look for prior art and not to file patents with broad claims. Thats all I have to say about that
Visit http://www.techcomedy.com/for a few good laughs
This is not a patent on NAT. This is a patent on "Security system for network address translation systems".
You are guilty of stupit copy and plaster. With the obmission of a couple of words you have changed the meaning of the topic. You have now become equal to the Star or the National Enquire. Whats next? Altered photo's to make your flame bait?
You should know by now there are people in the world that have not a clue. They are unable to make a rational, logical thought processes. They can read one line and make a leap to what is said is the truth. They are unable to read anything else to see if there is any truth.
This is the uninformed masses that the polical leaders have figured out how to handle. It seem Mr Taco, you to have figured out how to be a polical figure. You are leading your army of stupit people into some sort of battle. Were are you leading them?
And if they all have to jump to IPv6, would not Ci$co benefit there, too?
It's all true! ±5%
A feeling of having made the same mistake before: Deja Foobar
IP Masquerading in linux isn't exactly the same thing as NAT. It is similar, but different. *BSD implements NAT.
True, but if it has already been introduce to the public, it is highly unethical to patent it. It's really intellectual property theft.
This is definitely not cool. If this goes through every Linux admin out there should declare war on Cisco.
OK so at first this looks like a bad thing but *gasp* could there be a positive aspect?
The real reasion we have NAT at the moment is due to the limits of IPv4 addresses which causes many people, including many companies, to masqurade their private networks. If all of a sudden people have to pay vast sums of money to do this there will be an incredable amount of pressure to move to IPv6.
IMHO anything that speeds the uptake of IPv6 is a very good thing.
SLiRP also did TIA-like things. IIRC, it was release the summer of 1995. So there's an OPEN SOURCE release prior to CISCO's patent being filed. I don't know if it predates their internal first use, which may be a wash here.
I'd be happy to testify to these facts in a court of law, should it come to that, assuming that I can convince the folks that bought Cyberspace Developement to allow me to do so.
Warner Losh
I don't think Cisco is trying to patent NAT here, but there's little doubt in my mind that they could.
A few years ago, Cisco bought a company called Network Translation, which had one product: the now-famous PIX. This was a very interesting box, with a custom OS-9-like operating system, and was legitimately, so far as I know, the first implementation of any kind of network address translation. I know Network Translation had some patents pending back years ago, we may just be seing these now. If so, they have a legitimate claim, since I was following NAT pretty closely back then (this was the time leading up to the "we're running out of IP addresses!" paranoia), and there was *no one* else doing NAT at that time. Cisco watched, and then, wisely, bought them.
I doubt they could enforce the patent, due to the later IETF work (we were in the RFC 1200-1300 range when I was looking at this stuff), but having the patent issue may be entirely appropriate, even if it is for the basic concept of NAT.
"The future's good and the present is nothing to sneeze at." - Roblimo's last
See "Other References", at the bottom. Presumably their patent adds some value to 1631, and isn't just a restatement of it.
ipchains / ipfilter aren't "patent pending". :)
Actually, after reading the request, it sounds like they're trying to patent the use of NAT for security. They're not doing anything special, they've no special formula, they're just describing the "use" of ipfwadm that's been on my 486 DX4/120 with a modem since I bought it with the exact purpose of providing security and connection sharing about 4 years ago.
Hey, maybe I should file a patent for "connection sharing through NAT"...
"What it actually sounds like is a patent on masquerading with a pool of possable outbound addresses rather than a single address."
Which is exactly what NAT is. 'Masquerading' is a Linuxism for a small subset of the a full NAT implementation.
[i]A system and method are provided for translating local IP addresses to globally unique IP addresses. This allows local hosts in an enterprise network to share global IP addresses from a limited pool of such addresses available to the enterprise. The translation is accomplished by replacing the source address in headers on packets destined for the Internet and by replacing destination address in headers on packets entering the local enterprise network from the Internet.[/i]
That is RFC1631 in a nutshell
[i]Packets arriving from the Internet are screened by an adaptive security algorithm.[/i]
Ok, I'm interested now. Explain.
[i]According to this algorithm, packets are dropped and logged unless they are deemed nonthreatening. DNS packets and certain types of ICMP packets are allowed to enter local network. In addition, FTP data packets are allowed to enter the local network, but only after it has been established that their destination on the local network initiated an FTP session.[/i]
Uhm, NAT does this already. This description of Cisco's 'NAT' is inherent in the design of traditional RFC1631 NAT. If a packet is going to an internal computer, where the internal computer did not initiate the connection, then drop it, otherwise let it through. Exceptions are made where the NAT proxy cannot determine if a connection was initiated (like DNS or ICMP).
Can you say 'Prior Art'? I knew you could.....
Feed The Need[goatse.cx]
The way I understood it, it would prevent a malicious external traffic source from sneaking their evil packets past the NAT using the source/destination port numbers that the NAT was sending out on its outbound packets. So FTP packets get through only if an internal host initiated an FTP session, DNS packets get through, certain ICMP packets, etc.
--Ford Prefect
Check out the list of 10 patents that reference this one, especially 6006272 "Method for Network Address Translation", by Lucent. That one sounds like a more general one, and a lot more like the RFC.
True (I did see that), but one should read the actual source material... the authors here have a increasing tendency to not read it themselves...
--
"It's tough to be bilingual when you get hit in the head."
the Hyper Light Speed Antenna. Woo, we can communicate faster than the speed of light! This is about the equivilent of a perpetual motion machine, just not nearly as famous. It's empty techie-gizmo gee-whiz terminology that convinced some shoe horn to grab the wrong stamp. This has got to be someone playing a joke on the pto. Sure, they do employ a lot of trained engineers but there's definitely something amiss with the amount of applictions slipping thru the cracks and getting approved - they need geeks who know whats going on - not the current crop of Al Gore wannabe airheads who've no concept of objective, verifiable facts. I sure hope the NIST doesn't turn into this kind of political swamp.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
For example of what's in the database that IBM couldn't have possibly had *anything* to do with, check this patent out. Do you really think IBM patented this one? ;-)
Maybe Cisco patented it, after all, they are a bunch of w@nkers ;-)
Oolite: Elite-like game. For Mac, Linux and Windows
Isn't there a difference between encrypting IP headers & screening packets (such as state, port filtering, etc.)? If the IP headers are encrypted you can't do much screening.
One could argue that any NAT system screens packets with an adaptive algorithm. They keep state. They must keep state so that they can translate the inbound packets.
No, but it looks a shitload like what Linux ipchains does (which does NAT and firewallling at the same time). The key here is how do they determine what is "non-threatening". Are they talking about simple port filtering, or is it somehow able to detect it as some exotic security threat that would get past even the tightest firewall?
Microsoft has documented the process they use to automatically allocate an ipv4 address, and suggested it as an internet-draft (not quite rfc):
d hc-ipv4-autoconfig-05.txt
http://www.ietf.org/internet-drafts/draft-ietf-
They also include a reference to the draft at the UPNP (universal plug and play) site
http://www.upnp.org
it looks like a method for re-using normal IP addresses
No, it isn't. Claim2 is just ordinary many-to-many NAT (many private internal can be translated to many public external).
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Heh.. umm.. am i the only one that notice this patent was issued over 2 years ago? how does this rate as being 'current' news?
Shit, now that I have to take down my 486/Linux firewall doing NAT, each of my workstations at home is going to need an IP. Let's see. My ISP charges $5 per IP times 3 workstations, that's $15 smackeroos. Thanks IBM. Heh.
EMUSE.NET
"We're sorry, but the website you're trying to reach has been disconnected."
But it doesn't seem like this combination is anything to write home about.
--
This doesn't look like plain NAT to me. Look at Claim 2 -- it looks like a method for re-using normal IP addresses. So if I'm at 123.123.123.123 behind the Cisco-patented router, I think this would allow me to talk to a different address at 123.123.123.123 *outside* the router.
:-)
I'm not real good at lawyer-speak though
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
Scroll all the way to the bottom of the page, and you'll see the patent does, in fact, reference RFC 1631. They're not patenting NAT, they're patenting "an adaptive security algorithm" for use with NAT.
If the tech is impossible, there's no way the guy could possibly get any royalties off of it. Let the man have his vanity patent.
---
Zardoz has spoken!
Oper on the Nightstar
The patent then, only applies to a version of NAT that uses an adaptive security algorithm.
You mean, like an ipmasq ftp-module that does some sanity checks to see if the incoming packets are not forged? (claim35)
Or a NAT implementation where you can choose which ICMP packets you want to let through? (claim29/30)
I'm not an experienced patent reader, but to my reading it seems like many firewalls that include NAT would be covered by this.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
However, Checkpoint's Firewall-1 product has been doing this for years now- even before Cisco bought the PIX and started adding firewall features (the PIX initially was just a NAT device). It wouldn't surprise me one bit to find out that other vendors (including IPChains) have been doing this for a while either.
Of course with the patent office being apparently run buy a bunch of idiots, it wouldn't surprise me one bit that this gets through.
they filed it in 1995... They received it in late 1998. Have they chase after anyone for doing NAT? No... this is the first we've heard of it, by someone doing searches through patents.ibm.com.
Frankly, if this patent is going to be filed and granted, i'm much happier to see that it's in the hands of a company that so far sees to have filed it as a means of protection rather than a means of harrassment.
Now, if they start going after other router manufacturers, maybe it'll be time to get up in arms. But overall, this is old news, and in almost 2 years they've yet to pull any manueering with this patent...
Never knock on Death's door:
The Anti-Blog
Maybe cisco is just trying to force people to use IPv6. In this case it could be a good (or not so bad) thing....
Adaptive Security Algorithm or (ASA) is the marketing name for the stateful packet filtering that the Cisco PIX Firewall does. Nothing more, nothing less. Info at Cisco on ASA can be found here.
"Any sufficiently advanced technology is indistiguishable from magic." - Arthur C. Clarke
From the patent:
Issued/Filed Dates: Aug. 11, 1998 / Nov. 3, 1995
Alert Ted Koppel!
After the day-long error of the itolympics.org link, I place a bet of $10 that the IBM->Cisco won't be fixed before noon EST. Another $5 that it won't be fixed by 5PM!
As far as I can make out, the difference in the patent and the RFC seems to me to be that the patent specifies that the packets are filtered by a security algorithm, where the RFC states that it has no security algorithm.
The patent then, only applies to a version of NAT that uses an adaptive security algorithm.
Anything less than this would definately hit the prior art. And it's quite likely that even this will hit the prior art bin too.
From the Patent:
Packets arriving from the Internet are screened by an adaptive security algorithm
From the RFC:
Unfortunately, NAT reduces the number of options for providing security. With NAT, nothing that carries an IP address or information derived from an IP address (such as the TCP-header checksum) can be encrypted. While most application-level encryption should be ok, this prevents encryption of the TCP header.
...and it would appear that it extends NAT functionality in a (presumably) propietary way, adding security aspects and enabling transparency to DNS and ICMP packets. The embodiment also suggests that it's a way of doing it rather than the actual NAT process.
I would have paid to watch the Patent Officer's eyes glaze over as he read it though.