Method and architecture for logical aggregation of multiple servers
First Claim
1. A system for terminating tunnel connections, the system comprising:
- a first network;
a plurality of network devices, each network device having a network interface coupled to the first network and having a local address that is unique on the first network, where each network device is configured to receive a connection request message having a source address field, a destination address field, and a source tunnel identification field and, responsive thereto, construct a connection reply message having a source address field set to the local address of the network device, a destination address field set to the value of the source address field of the connection request message, a source tunnel identification field set to a value selected by the network device, and a destination tunnel identification field set to the value of the source tunnel identification, the connection reply message then being transmitted onto the first network;
a master network device having a first interface coupled to the first network and a second interface for communicating with a second network, the master network device having a first global address that is unique on the second network, where the master network device is configured to receive tunnel connection request messages having the first global address in the destination field from the second network and, for each connection request message received, select one of the plurality of network devices, insert the local address for the selected network device into the destination field of the received connection request message, and forward the received connection request message to the selected network device over the first network; and
a network address translation device having a first network interface coupled to the first network and a second network interface for communicating with the second network, the network address translation device having a second global address that is unique on the second network, where the network address translation device is configured to receive the connection reply messages and, responsive thereto, create a table entry for each connection reply message that includes the value of the destination address field and the value of the source address field for the received connection reply message, insert the second global address into the source address field of the connection reply message and transmit the connection reply message onto the second network.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method are shown for multiple network devices to operate as a single logical entity for serving tunnel connections. A cluster master device is connected to a multiple network devices through a local area network (LAN). The cluster master device is also connected to a wide area network (WAN) and has a master address that is unique on the WAN. The cluster master device receives a tunnel connection set-up request (SCCRQ) from the WAN that is addressed to the master address. The cluster master device selects one of the multiple network devices and forwards the SCCRQ message over the LAN to the selected network device. The selected network device selects a tunnel identification number that is unique for the tunnel connection on the selected network device and places the tunnel identification number into a source tunnel identification field of a connection set-up reply (SCCRP). The selected network device also places its own global address on the WAN into a source address field of the SCCRP, a value from a source address field of the SCCRQ into a destination address field of the SCCRP, and a value from a source tunnel identification field of the SCCRQ into a destination tunnel identification field of the SCCRP. The selected network device then transmits the SCCRP message onto the WAN. Alternatively, the multiple network devices do not have global addresses on the WAN and the SCCRP is transmitted over the LAN to a network address translation (NAT) server that substitutes its own address into the source address field of the SCCRP and retransmits the SCCRP onto the WAN. The NAT creates a table from the information in the SCCRP that it uses to translate and route subsequent packets between the selected network device and the device that requested the tunnel connection.
248 Citations
16 Claims
-
1. A system for terminating tunnel connections, the system comprising:
-
a first network;
a plurality of network devices, each network device having a network interface coupled to the first network and having a local address that is unique on the first network, where each network device is configured to receive a connection request message having a source address field, a destination address field, and a source tunnel identification field and, responsive thereto, construct a connection reply message having a source address field set to the local address of the network device, a destination address field set to the value of the source address field of the connection request message, a source tunnel identification field set to a value selected by the network device, and a destination tunnel identification field set to the value of the source tunnel identification, the connection reply message then being transmitted onto the first network;
a master network device having a first interface coupled to the first network and a second interface for communicating with a second network, the master network device having a first global address that is unique on the second network, where the master network device is configured to receive tunnel connection request messages having the first global address in the destination field from the second network and, for each connection request message received, select one of the plurality of network devices, insert the local address for the selected network device into the destination field of the received connection request message, and forward the received connection request message to the selected network device over the first network; and
a network address translation device having a first network interface coupled to the first network and a second network interface for communicating with the second network, the network address translation device having a second global address that is unique on the second network, where the network address translation device is configured to receive the connection reply messages and, responsive thereto, create a table entry for each connection reply message that includes the value of the destination address field and the value of the source address field for the received connection reply message, insert the second global address into the source address field of the connection reply message and transmit the connection reply message onto the second network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for terminating tunnel connections, the system comprising:
-
a first network;
a plurality of network devices, each network device having a first network interface coupled to the first network and having a local address that is unique on the first network and each network device having a second network interface for communicating with a second network and having a global address that is unique on the second network, where each network device is configured to receive a connection request message on the first network interface having a source address field, a destination address field, and a source tunnel identification field and, responsive thereto, construct a connection reply message having a source address field set to the global address of the network device, a destination address field set to the value of the source address field of the connection request message, a source tunnel identification field set to a value selected by the network device, and a destination tunnel identification field set to the value of the source tunnel identification field of the connection request message, each network device being further configured to transmit the connection reply message over the second network interface onto the second network; and
a master network device having a first interface coupled to the first network and a second interface for communicating with the second network, the master network device having a master global address that is unique on the second network, where the master network device is configured to receive tunnel connection request messages having the master global address in the destination field from the second network and, for each connection request message received, select one of the plurality of network devices, insert the local address for the selected network device into the destination address field of the received connection request message, and transmit the received connection request message as modified over the first network interface onto the first network. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for terminating tunnel connections, the method comprising the steps of:
-
transmitting a tunnel connection set-up request from a first network device having a first global address value to a second global address value, the tunnel connection set-up request including a source address field containing the first global address value, a source tunnel identifier field containing a first tunnel identifier value assigned by the first network device, and a destination address field containing the second global address value;
receiving the tunnel connection set-up request at a second network device corresponding to the second global address value;
selecting one of a plurality of tunnel endpoint servers coupled to the second network device;
forwarding the tunnel connection set-up request to the selected tunnel endpoint server;
receiving the tunnel connection set-up request in the selected tunnel endpoint server;
forming a tunnel set-up reply by inserting the value from the source address field of the tunnel set-up request into a destination address field of the tunnel set-up reply, inserting the value from the source tunnel identifier field of the tunnel set-up request into a destination tunnel identifier field of the tunnel set-up reply, selecting a second tunnel identifier value for the tunnel connection, inserting the second tunnel identifier value into a source tunnel identifier field of the tunnel set-up reply, and inserting an address value for the selected tunnel endpoint server into a source address field of the tunnel set-up reply; and
transmitting the tunnel set-up reply to the first network device over the first network. - View Dependent Claims (12, 13, 14, 15, 16)
transmitting the tunnel set-up reply to a network address translation (NAT) server over a second network;
replacing the address of the selected tunnel endpoint server in the source address field of the tunnel set-up reply with a third global address for the NAT server;
storing a table entry accessible to the NAT server that relates the first global address to the address of the selected tunnel endpoint server; and
transmitting the tunnel set-up reply onto the first network.
-
-
13. The method of claim 11, where the step of selecting one of a plurality of tunnel endpoint servers further comprises selecting one of a plurality of tunnel endpoint servers based upon a traffic load on each of the tunnel endpoint servers.
-
14. The method of claim 11, where the tunnel connections are Layer 2 Tunneling Protocol (L2TP) connections.
-
15. The method of claim 14, where the tunnel connection set-up request is a SCCRQ message and the tunnel set-up reply is a SCCRP message.
-
16. The system of claim 11, where the source address field and destination address field of the tunnel set-up request, the tunnel set-up reply and the table entry each comprise both a network address portion and a channel identifier portion.
Specification