VPN device clustering using a network flow switch and a different mac address for each VPN device in the cluster
First Claim
Patent Images
1. A method of routing message traffic on a virtual private network (VPN) between a first plurality of users and a second plurality of users, the method comprising:
- creating a cluster containing a plurality of VPN devices each having a different Media Access Control (MAC) address, the cluster being addressed by a logical Internet protocol (IP) address that is distinct from the unique IP addresses of VPN devices contained within the cluster; and
distributing traffic between the first plurality of users and the second plurality of users via a VPN device selected from among the VPN devices contained in the cluster, the VPN device being selected on the basis of both a packet destination IP address and a VPN device MAC address.
14 Assignments
0 Petitions
Accused Products
Abstract
A VPN device clustering system connects two or more VPN devices on one side of a virtual private network to a similarly clustered system of two or more VPN devices on the other side of a virtual private network. The VPN device clustering system typically includes a plurality of clustering units for redundancy that avoids difficulties that arise with a single point of failure. For example two clustering units may be used in an active-passive high-availability configuration. A VPN device cluster creator creates or configures a VPN device cluster. To create a VPN device cluster, an administrator assigns to the cluster a logical Internet protocol (IP) address IPvpn and specifies VPN devices that are members of the cluster.
140 Citations
15 Claims
-
1. A method of routing message traffic on a virtual private network (VPN) between a first plurality of users and a second plurality of users, the method comprising:
-
creating a cluster containing a plurality of VPN devices each having a different Media Access Control (MAC) address, the cluster being addressed by a logical Internet protocol (IP) address that is distinct from the unique IP addresses of VPN devices contained within the cluster; and
distributing traffic between the first plurality of users and the second plurality of users via a VPN device selected from among the VPN devices contained in the cluster, the VPN device being selected on the basis of both a packet destination IP address and a VPN device MAC address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
assigning a single MAC address to the VPN device cluster;
whereindistributing traffic comprises;
replacing the single MAC address of traffic addressed to the single MAC address with the MAC address of the selected VPN device.
-
-
3. A method according to claim 1 wherein the creating operation further comprises:
-
assigning a unique MAC address to each VPN device cluster of a plurality of VPN device clusters;
whereindistributing traffic comprises selecting one of the VPN device clusters on the basis of the packet destination IP address, and replacing the unique MAC address of traffic addressed to the unique MAC address of the selected VPN device cluster with the MAC address of the selected VPN device of the selected VPN device cluster.
-
-
4. A method according to claim 1 wherein the creating operation further comprises:
-
assigning a different said logical IP address to each VPN device cluster; and
distributing traffic comprises selecting a VPN device cluster to forward the traffic based on a destination cluster IP address of the traffic.
-
-
5. A method according to claim 1 further comprising:
-
monitoring the operational health of the VPN devices, and in response to detecting failure of a VPN device in a cluster, rewriting a MAC destination address of traffic addressed to the failed VPN device with the MAC address of another VPN device in same said cluster.
-
-
6. A method according to claim 1 wherein the distributing traffic operation further comprises:
selecting a VPN device from among the plurality of VPN devices contained within the cluster for distributing outbound traffic from one VPN user to another VPN user, based on the packet IP destination address and a VPN device MAC address to select the cluster and to effect traffic-load balancing among the VPN devices contained in the cluster.
-
7. A method according to claim 1 wherein the distributing traffic operation further comprises:
selecting a VPN device from among the plurality of VPN devices contained within the cluster for distributing outbound traffic from one VPN user to another VPN user so that for any given VPN user-to-user connection flow the same VPN device is used for every outbound packet so long as the flow remains operational.
-
8. A method according to claim 1 wherein the distributing traffic operation further comprises:
selecting a VPN device from among the plurality of VPN devices contained within the cluster for distributing outbound traffic from one VPN user to another VPN user so that the probability of any particular VPN device being selected for a VPN user-to-user connection flow forwarding is the same.
-
9. A computer readable storage medium comprising an encoding for execution on a processor for routing message traffic on a virtual private network (VPN) between a first plurality of users and a second plurality of users via VPN devices, the medium comprising:
-
the encoding defining a cluster containing a plurality of VPN devices, the cluster being addressed by a logical Internet protocol (IP) address that is distinct from the unique IP addresses of VPN devices contained within the cluster;
a list of the VPN devices contained within the cluster and their respective unique Media Access Control (MAC) addresses; and
a redirecting VPN device adapted for redirecting traffic from an active VPN device of the cluster to another VPN device of the cluster when the active VPN device fails, by rewriting a MAC address of traffic addressed to the failed active VPN device with the MAC address of the other VPN device in a same said cluster. - View Dependent Claims (10)
the encoding defining a traffic distributor that is adapted to distribute traffic between a user of the first plurality of VPN users and a user of the second plurality of VPN users via a VPN device selected from among the VPN devices contained in the cluster, the VPN device being selected on the basis of both a packet destination IP address and a VPN device MAC address.
-
-
11. A computer readable storage medium comprising an encoding for execution on a processor for routing message traffic on a virtual private network (VPN) between a first plurality of users and a second plurality of users via VPN devices, the medium comprising:
-
the encoding defining a cluster containing a plurality of VPN devices each having a different Media Access Control (MAC) address, the clustered being addressed by a logical Internet protocol (IP) address that is distinct from the unique IP addresses of VPN devices contained within the cluster; and
a traffic distributor that is adapted to distribute traffic between the first plurality of users and the second plurality of users via a VPM device selected from, among the VPN devices contained in the cluster on the basis of both a packet destination IP address and a VPN device MAC address. - View Dependent Claims (12, 13, 14, 15)
the encoding further defining a list of the VPN devices contained within the cluster and their respective unique MAC addresses; and
a redirecting VPN device adapted or redirecting traffic from an active VPN device of the cluster to another VPN device of the cluster when the active VPN device fails, by changing a MAC address of traffic addressed to the failed active VPN device to the MAC address of the other VPN device in a same said cluster.
-
-
13. A computer readable storage medium according to claim 12 further comprising:
-
a single MAC address assigned to the cluster; and
the encoding defining a traffic distributor adapted to replace the single MAC address of traffic addressed to the single MAC address with a MAC address of whichever VPN device of the cluster is selected to transmit said traffic.
-
-
14. A computer readable storage medium according to claim 12 further comprising:
-
a unique MAC address, assigned to each cluster of a plurality of clusters; and
the encoding defining a traffic distributor that is adapted to select one of the VPN device clusters on the basis of a packet destination IP address and that is adapted to replace a MAC address of traffic addressed to the unique MAC address of the selected cluster with the MAC address of whichever VPN device of the selected cluster is selected to transmit said traffic.
-
-
15. A computer readable storage medium according to claim 12 further comprising:
-
the encoding defining an operational health probe manager that is adapted to determine health of the VPN devices in the cluster, and to rewrite a MAC destination address of traffic addressed to a failed VPN device in the cluster with the MAC address of another VPN device in same said cluster in response to detecting failure of the failed VPN device.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
Original AssigneeAvaya Technology Corporation Miami Lakes FLA US
-
InventorsChaganty, Srinivas, Kale, Makarand, Bommareddy, Satish
-
Primary Examiner(s)Maung, Zarni
-
Application NumberUS09/638,351Time in Patent Office1,449 DaysField of Search709/245, 709/250, 709/230, 709/223, 709/224, 709/238, 709/239, 709/227US Class Current709/245CPC Class CodesH04L 12/4641 Virtual LANs, VLANs, e.g. v...H04L 61/00 Network arrangements, proto...H04L 69/40 for recovering from a failu...
