Dynamic network tunnel endpoint selection
First Claim
1. A system for establishing a network tunnel across an untrusted network environment, comprisinga computer comprising a processor;
- andinstructions which are executable, using the processor, to implement functions comprising;
dynamically selecting, from among a plurality of selectable tunnel endpoints through which a destination host located in an enterprise network is reachable from a client located outside the enterprise network, a particular one of the selectable tunnel endpoints to serve as a gateway for tunneling into the enterprise network, wherein the particular one has a lowest cost for reaching the destination host, according to cost metric information associated with reaching the destination host from each of the selectable tunnel endpoints; and
establishing the network tunnel from the client to the particular one of the selectable tunnel endpoints.
2 Assignments
0 Petitions
Accused Products
Abstract
Dynamically selecting an endpoint for a tunnel into an enterprise computing infrastructure. A client dynamically selects a gateway (which may alternatively be referred to as a boundary device or server) as a tunnel endpoint for connecting over a public network (or, more generally, an untrusted network) into an enterprise computing infrastructure. The selection is made, in preferred embodiments, according to least-cost routing metrics pertaining to paths through the enterprise network from the selected gateway to a destination host. The least-cost routing metrics may be computed using factors such as the proximity of selectable tunnel endpoints to the destination host; stability or redundancy of network resources for this gateway; monetary costs of transmitting data over a path between the selectable tunnel endpoints and destination host; congestion on that path; hop count for that path; and/or latency or transmit time for data on that path.
-
Citations
20 Claims
-
1. A system for establishing a network tunnel across an untrusted network environment, comprising
a computer comprising a processor; - and
instructions which are executable, using the processor, to implement functions comprising; dynamically selecting, from among a plurality of selectable tunnel endpoints through which a destination host located in an enterprise network is reachable from a client located outside the enterprise network, a particular one of the selectable tunnel endpoints to serve as a gateway for tunneling into the enterprise network, wherein the particular one has a lowest cost for reaching the destination host, according to cost metric information associated with reaching the destination host from each of the selectable tunnel endpoints; and establishing the network tunnel from the client to the particular one of the selectable tunnel endpoints. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- and
-
10. A computer program product for establishing a network tunnel, the computer program product comprising at least one non-transitory computer-usable storage media storing computer-usable program code, wherein the computer-usable program code, when executed on a computer, causes the computer to:
-
dynamically select, from among a plurality of selectable tunnel endpoints through which a destination host located in an enterprise network is reachable from a client located outside the enterprise network, a particular one of the selectable tunnel endpoints to serve as a gateway for tunneling into the enterprise network, wherein the particular one has a lowest cost for reaching the destination host, according to cost metric information associated with reaching the destination host from each of the selectable tunnel endpoints; and establish the network tunnel from the client to the particular one of the selectable tunnel endpoints. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification