System and method to verify availability of a back-up secure tunnel

US 6,915,436 B1
Filed: 08/02/2000
Issued: 07/05/2005
Est. Priority Date: 08/02/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for verifying the availability of a back-up secure tunnel between a pair of network elements in a communications network, comprising:

a first network element for originating and transmitting a back-up tunnel verification test message to a second network element using the back-up secure tunnel in response to the receipt of a back-up tunnel verification test command;

a second network element for receiving the backup tunnel verification test message and transmitting a response back to the first network element using the back-up secure tunnel; and

a backup tunnel verification function logic module in the first network element for accumulating a number of failures to respond by the second network element to the backup tunnel verification tests performed during an active verification period and determining if the accumulated number of failures is less than a threshold value specified in the backup tunnel verification test command.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for verifying the availability of a back-up virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements. The first network element transmits a backup tunnel verification test message to the second network element over the back-up secure tunnel upon receipt of a backup tunnel verification test command. The back-up secure tunnel includes two unidirectional tunnels. The second network element receives the back-up tunnel verification test message over the first back-up unidirectional secure tunnel and transmits a response back to the first network element over the second back-up unidirectional secure tunnel. The number of failures to respond by the second network element to the backup tunnel verification tests performed during an active verification period specified in the backup tunnel verification test command are reported back to the source that initiated the back-up secure tunnel verification test.

91 Citations

View as Search Results

37 Claims

1. A system for verifying the availability of a back-up secure tunnel between a pair of network elements in a communications network, comprising:
- a first network element for originating and transmitting a back-up tunnel verification test message to a second network element using the back-up secure tunnel in response to the receipt of a back-up tunnel verification test command;
  
  a second network element for receiving the backup tunnel verification test message and transmitting a response back to the first network element using the back-up secure tunnel; and
  
  a backup tunnel verification function logic module in the first network element for accumulating a number of failures to respond by the second network element to the backup tunnel verification tests performed during an active verification period and determining if the accumulated number of failures is less than a threshold value specified in the backup tunnel verification test command.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system for verifying the availability of a back-up secure tunnel of claim 1 wherein the backup tunnel verification function logic module further determines the number of successful responses to the back up tunnel verification tests performed.
  - 3. The system for verifying the availability of a back-up secure tunnel of claim 1 further comprising a computer connected to the communications network and running a network management application that transmits the backup tunnel verification test command to the first network element.
  - 4. The system for verifying the availability of a back-up secure tunnel of claim 1 further comprising a console interface on the first network element for generating the backup tunnel verification test command.
  - 5. The system for verifying the availability of a back-up secure tunnel of claim 1 wherein the back-up tunnel verification function is initiated by a configuration of a network element that forms an endpoint of the back-up secure tunnel.
  - 6. The system for verifying the availability of a back-up secure tunnel of claim 1 further comprising two unidirectional tunnels that form the back-up secure tunnel.
  - 7. The system for verifying the availability of a back-up secure tunnel of claim 1 wherein the communications network is a virtual private network (VPN).
  - 8. The system for verifying the availability of a back-up secure tunnel of claim 1 wherein the back-up secure tunnel is an Internet Protocol Security (IPSec) tunnel.
  - 9. The system for verifying the availability of a back-up secure tunnel of claim 8 wherein the back-up tunnel verification test message is an IPSec tunnel ping.
  - 10. The system for verifying the availability of a back-up secure tunnel of claim 1 further comprising a primary secure tunnel for handling data traffic between the pair of network elements.
  - 11. The system for verifying the availability of a back-up secure tunnel of claim 1 wherein the backup tunnel verification test command includes an identification of the secure tunnel to test, and a time interval during which a number of backup tunnel verification tests are performed.
  - 12. The system for verifying the availability of a back-up secure tunnel of claim 11 wherein the backup tunnel verification test command further comprises a time to wait between each backup tunnel verification test and a payload size of a backup tunnel verification test packet.
  - 13. The system for verifying the availability of a back-up secure tunnel of claim 6 wherein a first back-up unidirectional tunnel is used to send an Internet Protocol Security (IPSec) tunnel ping from the first network element to the second network element, and a second back-up unidirectional tunnel is used to send a response IPSec tunnel ping from the second network element to the first network element.
  - 14. The system for verifying the availability of a back-up secure tunnel of claim 1 further comprising a plurality of back-up secure tunnels between the pair of network elements.

15. A method for verifying the availability of a back-up secure tunnel between a pair of network elements in a communications network, comprising the acts of:
- originating and transmitting a backup tunnel verification test message from a first network element to a second network element using the back-up secure tunnel in response to the receipt of a backup tunnel verification test command;
  
  receiving the backup tunnel verification test message from a second network element and transmitting a response back to the first network element using the back-up secure tunnel; and
  
  accumulating a number of failures to respond by the second network element to the backup tunnel verification tests performed during an active verification period and determining if the accumulated number of failures is less than a threshold value specified in the backup tunnel verification test command.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The method for verifying the availability of a back-up secure tunnel of claim 15 further comprising determining the number of successful responses to the backup tunnel verification test.
  - 17. The method for verifying the availability of a back-up secure tunnel of claim 15 further comprising transmitting the backup tunnel verification test command from a network management application to the first network element.
  - 18. The method for verifying the availability of a back-up secure tunnel of claim 15 further comprising generating the backup tunnel verification test command at a console interface on the first network element.
  - 19. The method for verifying the availability of a back-up secure tunnel of claim 15 further comprising initiating a back-up tunnel verification function by an initial configuration of a network element that forms an endpoint of the back-up secure tunnel.
  - 20. The method for verifying the availability of a back-up secure tunnel of claim 15 wherein the back-up secure tunnel is formed from two unidirectional tunnels.
  - 21. The method for verifying the availability of a back-up secure tunnel of claim 15 wherein the communications network is a virtual private network (VPN).
  - 22. The method for verifying the availability of a back-up secure tunnel of claim 15 wherein the back-up secure tunnel is an Internet Protocol Security (IPSec) tunnel.
  - 23. The method for verifying the availability of a back-up secure tunnel of claim 22 wherein the backup tunnel verification test message is an IPSec tunnel ping.
  - 24. The method for verifying the availability of a back-up secure tunnel of claim 15 wherein the backup tunnel verification test command includes an identification of the back-up secure tunnel to test, and a time interval during which a number of backup tunnel verification tests are performed.
  - 25. The method for verifying the availability of a back-up secure tunnel of claim 24 wherein the backup tunnel verification test command further comprises a time to wait between each backup tunnel verification test and a payload size of a backup tunnel verification test packet.
  - 26. The method for verifying the availability of a back-up secure tunnel of claim 20 wherein a first unidirectional tunnel is used to send an Internet Protocol Security (IPSec) tunnel ping from the first network element to the second network element, and a second unidirectional tunnel is used to send a response IPSec tunnel ping from the second network element to the first network element.

27. A computer readable medium containing a computer program product for verifying the availability of a back-up secure tunnel between a pair of network elements in a communications network, the computer program product comprising:
- program instructions that originate and transmit a backup tunnel verification test message to a paired network element using the back-up secure tunnel in response to the receipt of a backup tunnel verification test command;
  
  program instructions that receive a backup tunnel verification test message and transmit a response back to a paired network element using the back-up secure tunnel; and
  
  program instructions that accumulate a number of failures to respond by the second network element to the backup tunnel verification tests performed during an active verification period and determine if the accumulated number of failures is less than a threshold value specified in the backup tunnel verification test command.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 28. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 further comprising program instructions that determine the number of successful responses to the backup tunnel verification tests performed.
  - 29. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 further comprising program instructions that receive the backup tunnel verification test command from a network management application.
  - 30. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 further comprising program instructions that generate the backup tunnel verification test command.
  - 31. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 wherein two unidirectional tunnels form the back-up secure tunnel.
  - 32. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 wherein the back-up secure tunnel is an Internet Protocol Security (IPSec) tunnel.
  - 33. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 wherein the communications network is a virtual private network (VPN).
  - 34. The computer program product for verifying the availability of a back-up secure tunnel of claim 32 wherein the back-up tunnel verification test message is an IPSec tunnel ping.
  - 35. The computer program product for verifying the availability of a back-up secure tunnel of claim 27 wherein the backup tunnel verification test command includes an identification of the secure tunnel to test, and a time interval during which a number of back-up tunnel verification tests are performed.
  - 36. The computer program product for verifying the availability of a back-up secure tunnel of claim 35 wherein the backup tunnel verification test command further comprises a time to wait between each back-up tunnel verification test and a payload size of a back-up tunnel verification test packet.
  - 37. The computer program product for verifying the availability of a back-up secure tunnel of claim 31 wherein a first unidirectional tunnel is used to send an Internet Protocol Security (IPSec) tunnel ping from the first network element to the second network element, and a second unidirectional tunnel is used to send a response IPSec tunnel ping from the second network element to the first network element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Booth, III, Earl Hardin, Lingafelt, Charles Steven, Nguyen, Phuong Thanh, Temoshenko, Leo, Wang, Xiaogang
Primary Examiner(s)
Caldwell, Andrew
Assistant Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US09/630,779
Time in Patent Office

1,798 Days
Field of Search

713200-201, 709223-224, 709/227, 709/231
US Class Current

726/3
CPC Class Codes

G06F 21/42   using separate channels for...

H04L 41/0213   Standardised network manage...

H04L 43/50   Testing arrangements

H04L 63/1433   Vulnerability analysis

H04L 69/14   Multichannel or multilink p...

System and method to verify availability of a back-up secure tunnel

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to verify availability of a back-up secure tunnel

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links