VPN failure recovery

US 7,647,422 B2
Filed: 08/16/2002
Issued: 01/12/2010
Est. Priority Date: 11/06/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing remote access to a server system over a data network comprising:

maintaining a plurality of communication paths through the data network between each of one or more client systems and the server system,each path being associated with one of a plurality of gateway devices coupled between the data network and the server system, wherein each path is maintained as an active transport layer session;

for each of the client systems, the paths between said client system and the server system being associated with different of the gateway devices;

routing communication between a first of the client systems and the server system over a first of the communication paths passing through a first of the gateway devices;

monitoring communications associated with the first gateway device; and

re-routing the communication between the first client system and the server system to a second of the communication paths through a second of the gateway devices, before a transport layer timeout, in the event of a communication failure associated with the first gateway device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach to rapid failover of a communication path between computers that are linked by redundant virtual links in a virtual private network (VPN) features detection of communication link and device failures through an active monitoring approach and re-routing of communication through a redundant link of the VPN when a failure is detected.

295 Citations

30 Claims

1. A method for providing remote access to a server system over a data network comprising:
- maintaining a plurality of communication paths through the data network between each of one or more client systems and the server system,each path being associated with one of a plurality of gateway devices coupled between the data network and the server system, wherein each path is maintained as an active transport layer session;
  
  for each of the client systems, the paths between said client system and the server system being associated with different of the gateway devices;
  
  routing communication between a first of the client systems and the server system over a first of the communication paths passing through a first of the gateway devices;
  
  monitoring communications associated with the first gateway device; and
  
  re-routing the communication between the first client system and the server system to a second of the communication paths through a second of the gateway devices, before a transport layer timeout, in the event of a communication failure associated with the first gateway device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The method of claim 1 wherein maintaining the communication paths includes maintaining paths through geographically distributed of the gateway devices, and coupling said geographically distributed gateway devices through a trusted data network.
  - 3. The method of claim 1 wherein maintaining the communication paths includes maintaining a separate virtual communication link between each of the client systems and multiple of the gateway devices.
  - 4. The method of claim 3 wherein at least some of the client systems include a client computer coupled to an access device, and wherein maintaining a virtual link between said client systems and the gateway devices includes maintaining virtual links between the access devices and the gateway devices.
  - 5. The method of claim 3 wherein maintaining each of the virtual links includes maintaining a communication tunnel between the client system and the gateway device coupled by said link.
  - 6. The method of claim 5 wherein maintaining the communication tunnels includes maintaining a PPTP tunnel.
  - 7. The method of claim 5 wherein maintaining the communication tunnels includes maintaining a L2TP tunnel.
  - 8. The method of claim 5 wherein maintaining the communication tunnels includes maintaining a IPSec tunnel.
  - 9. The method of claim 8 wherein maintaining the IPSec tunnel includes passing network layer communication through said tunnel.
  - 10. The method of claim 9 wherein passing network layer communication through the tunnel includes passing network layer communication in a Point-to-Point Protocol (PPP) session and passing the PPP session through the tunnel.
  - 11. The method of claim 1 wherein routing communication between the client system and the server system includes transmitting data from the client system over the data network to a first network addressed of the first gateway device.
  - 12. The method of claim 11 wherein re-routing the communication includes transmitting data from the client system over the data network to a network address of the second gateway device, said address of the second gateway address being different than the address of the first gateway device.
  - 13. The method of claim 1 wherein monitoring communication associated with the first gateway device includes monitoring communication characteristics between the first gateway device and one or more devices of the server system.
  - 14. The method of claim 13 wherein monitoring communication characteristics between the first gateway device and the one or more devices includes polling said devices from the first gateway device and detecting responses at the first gateway device from said devices.
  - 15. The method of claim 14 wherein polling the devices includes transmitting ICMP echo requests.
  - 16. The method of claim 1 wherein monitoring communication associated with the first gateway device includes monitoring communication characteristics between the first gateway device and the data network.
  - 17. The method of claim 16 wherein monitoring communication characteristics between the first gateway device and the data network includes monitoring a device coupled between the first gateway device and the data network.
  - 18. The method of claim 16 wherein monitoring communication characteristics between the first gateway device and the data network includes monitoring communication characteristics between the first gateway device and a network Point of Presence (POP) of the data network.
  - 19. The method of claim 1wherein monitoring communication associated with the first gateway device includes monitoring communication characteristics between the first gateway device and one or more devices accessible over the data network.
  - 20. The method of claim 19 wherein monitoring communication characteristics between the first gateway device and one or more devices accessible over the data network includes monitoring communication characteristics between the gateway device and the client system.
  - 21. The method of claim 19 wherein monitoring communication characteristics between the first gateway device and the one or more devices includes transmitting heartbeat messages from the first gateway device to said devices and detecting responses at the first gateway device from said devices.
  - 22. The method of claim 21 wherein transmitting heartbeat messages includes transmitting ICMP echo requests.
  - 23. The method of claim 21 wherein transmitting heartbeat messages includes transmitting LCP echo requests.
  - 24. The method of claim 1 wherein re-routing the communication includes terminating the communication paths passing through the first gateway device.
  - 25. The method of claim 1 wherein re-routing the communication includes updating routing data to indicate the second gateway device provides a path between the first client system and the server system.
  - 26. The method of claim 25 wherein updating the routing data includes passing routing data from the second gateway device to the first client system.
  - 27. The method of claim 25 wherein updating the routing data includes passing routing data from the second gateway device to one or more devices of the server system.
  - 28. The method of claim 27 wherein passing the routing data to the one or more devices of the server system includes passing said data to routers of said system.
  - 29. The method of claim 27 wherein passing the routing data to the one or more devices of the server system includes passing said data to host computers of said system.

30. A communication system comprising:
- a plurality of gateway devices, each programmed to maintain a communication path between each of one or more client systems and the server system;
  
  the gateway devices being programmed to route communication between a first of the client systems and the server system over a first of the communication paths passing through a first of the gateway devices, communication associated with the first gateway device being monitored, and to re-route the communication between the first client system and the server to a second of the communication paths via an active transport layer session through a second of the gateway devices, before a transport layer timeout, in the event of a communication failure associated with the first gateway device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Inventors
McCann, Benjamin, Singh, Inderpreet
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US10/222,531
Publication Number

US 20030088698A1
Time in Patent Office

2,706 Days
Field of Search

None
US Class Current

709/238
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/00   Routing or path finding of ...

H04L 45/22   Alternate routing

H04L 45/28   using route fault recovery

VPN failure recovery

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

295 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

VPN failure recovery

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

295 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links