Method and apparatus for providing uninterrupted communication over a network link
First Claim
1. A system for use in providing uninterrupted communication between a first network portion and a second network portion, comprising:
- firewall device which regulates user information between the first network portion and the second network portion, said firewall device receiving an input related to the user information and providing an output related to the user information;
a communications line associated with said firewall device that transmits firewall device operations-related information, different from said input and said output, including information related to at least a first type of failure when present associated with said firewall device, said firewall device operations-related information including at least one of the following;
output-related information from said firewall device and performance characteristics associated with said firewall device; and
a control subsystem, including a multi-port switch, operatively communicating with said communication line that responds to said firewall device operations-related information and uses said firewall device operations-related information to control said multi-port switch to be in at least one of a first state and a second state, wherein said multi-port switch is controlled to be in said first state when user information is communicated to said firewall device and a second state when user information is not communicated to said firewall device.
12 Assignments
0 Petitions
Accused Products
Abstract
A system for providing uninterrupted communication over a network link includes a multi-port switch that is connected to a first network portion and a second network portion that are communicating with one another. The multi-port switch is also connected to a separate server unit, such as a firewall computer. The switch is configured to direct communication signals flowing between the first network portion and the second network portion through the separate server unit for processing during normal operation. When the separate server unit fails, however, the switch is reconfigured so that communications bypass the separate server unit. In a preferred embodiment, a Ethernet switch having virtual local area network (VLAN) capability is used.
110 Citations
27 Claims
-
1. A system for use in providing uninterrupted communication between a first network portion and a second network portion, comprising:
-
firewall device which regulates user information between the first network portion and the second network portion, said firewall device receiving an input related to the user information and providing an output related to the user information;
a communications line associated with said firewall device that transmits firewall device operations-related information, different from said input and said output, including information related to at least a first type of failure when present associated with said firewall device, said firewall device operations-related information including at least one of the following;
output-related information from said firewall device and performance characteristics associated with said firewall device; and
a control subsystem, including a multi-port switch, operatively communicating with said communication line that responds to said firewall device operations-related information and uses said firewall device operations-related information to control said multi-port switch to be in at least one of a first state and a second state, wherein said multi-port switch is controlled to be in said first state when user information is communicated to said firewall device and a second state when user information is not communicated to said firewall device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
said firewall device operations-related information includes detection of said first type of failure associated with said firewall device by said control subsystem.
-
-
3. The system, as claimed in claim 1, wherein:
said control subsystem includes a controller having a monitor for monitoring said firewall device to determine whether said first type of failure has occurred within said firewall device.
-
4. The system, as claimed in claim 1, wherein:
said multi-port switch includes an Ethernet switch having virtual local access network (VLAN) functionality.
-
5. The system, as claimed in claim 1, wherein:
said control subsystem includes a digital processing unit.
-
6. The system, as claimed in claim 1, wherein:
said control subsystem includes a controller that is integrally associated with said multi-port switch.
-
7. The system, as claimed in claim 6, wherein:
said controller is located within a housing of said multi-port switch.
-
8. The system, as claimed in claim 1, further comprising:
a backup firewall device coupled to a port of said multi-port switch.
-
9. The system, as claimed in claim 8, wherein:
said control subsystem reconfigures said multi-port switch so that user information between the first network portion and the second network portion is input into said backup firewall device.
-
10. The system, as claimed in claim 1, wherein:
said control subsystem reconfigures said multi-port switch so that communications between the first network portion and the second network portion are transferred without processing within said system.
-
11. A system for use in providing uninterrupted communication between a first network portion and a second network portion, said system comprising:
-
a switch having a plurality of ports, wherein a first of said plurality of ports is coupled to the first network portion and a second of said plurality of ports is coupled to the second network portion, said first port receiving an input related to user information to be transferred between the first and second network portions and said second port providing an output related to the user information, said switch permitting port groups to be defined that each includes a subset of said plurality of ports, wherein two external entities are only capable of directly communicating with each other through said switch if the two external entities are each connected to respective ports of said switch that are within a common port group, said switch having a first configuration comprising first and second port groups and a second configuration comprising a third port group, wherein said third port group is different from said first and second port groups;
a server unit having a first server port and a second server port, said first server port being connected to a third of said plurality of ports and said second server port being connected to a fourth of said plurality of ports, wherein said server unit is operative for processing signals propagating between said first server port and said second server port;
a communications line carrying at least one of the following of server unit related information that is different from said input and said output;
server unit performance characteristics and server unit output-related information; and
a controller, coupled to said switch, that receives said server unit related information and changes said switch from said first configuration to said second configuration when said server unit related information is indicative of at least a first type of failure associated with said firewall device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
said first port group includes said second port and said third port of said switch and said second port group includes said first port and said fourth port of said switch.
-
-
13. The system, as claimed in claim 12, wherein:
said third port group includes said first port and said second port of said switch.
-
14. The system, as claimed in claim 12, further comprising:
-
a backup server unit having a third server port and a fourth server port, said third server port being connected to a fifth of said plurality of ports and said fourth server port being connected to a sixth of said plurality of ports, wherein said backup server unit is operative for processing signals propagating between said third server port and said fourth server port;
wherein said third port group includes said second port and said fifth port of said switch, said second configuration further comprising a fourth port group including said first port and said sixth port of said switch.
-
-
15. The system, as claimed in claim 11, wherein:
said switch includes an Ethernet switch having virtual local area network (VLAN) capability.
-
16. The system, as claimed in claim 15, wherein:
each of said port groups comprises an individual VLAN grouping.
-
17. The system, as claimed in claim 11, wherein:
said controller determines said first type of failure of said server unit using said at least one of said server unit performance characteristics and said server unit output-related information.
-
18. The system, as claimed in claim 11, wherein:
said server unit includes a firewall machine for use in filtering signals flowing therethrough.
-
19. The system, as claimed in claim 11, wherein:
said controller is not accessible from at least one of said first network portion and said second network portion.
-
20. The system, as claimed in claim 11, wherein:
said third port group further comprises said third port of said switch.
-
21. A method for use in providing secure access to a first network portion from a second network portion, comprising:
-
providing a firewall device in communication with the first network portion and the second network portion;
providing a control subsystem in communication with said firewall device;
controlling firstly user information between the first and second network portions using said firewall device;
receiving by said control subsystem firewall device operations-related information that includes information related to at least one of;
output-related information from said firewall device and performance characteristics associated with said firewall device; and
controlling secondly user information between the first network portion and the second network portion independently of said firewall device after said firewall device operations-related information includes said information related to said at least one of output-related information from said firewall device and performance characteristics associated with said firewall device. - View Dependent Claims (25, 26, 27)
providing a backup firewall device and said step of controlling secondly includes controlling communications flowing between the first and second network portions so that they are directed through said backup firewall device for processing.
-
-
26. A method, as claimed in claim 21, wherein:
said step of receiving includes sending said firewall device operations-related information using a sense line operatively associated with said firewall device.
-
27. A method, as claimed in claim 21, wherein:
said control subsystem includes a multi-port switch having at least first and second states and in which said step of controlling firstly includes having said multi-port switch in said first state and said step of controlling secondly includes having said multi-port switch in said second state.
-
22. The method, as claimed in 21, wherein:
-
said control subsystem includes an Ethernet switch comprising a first port, a second port, a third port and a fourth port and having virtual local area network (VLAN) functionality, wherein said first port being connected to the first network portion, said second port being connected to the second network portion and said third port and said fourth port being connected to said firewall machine; and
said step of controlling firstly includes enabling a first VLAN grouping and a second VLAN grouping, wherein said first VLAN grouping includes said second port and said third port and said second VLAN grouping includes said first port and said fourth port. - View Dependent Claims (23, 24)
said step of controlling secondly includes enabling a third VLAN grouping including said first port and said second port of said Ethernet switch.
-
-
24. The method, as claimed in claim 23, wherein:
said third VLAN grouping includes at least one of said third port and said fourth port.
Specification