The present invention and its advantages are now described in conjunction with the accompanying drawings.
It is to be noted, however, that the appended drawings illustrate only example embodiments of the invention, and are therefore not considered limiting of its scope, for the invention may admit to other equally effective embodiments.
Connection-oriented sequential data-stream channels, such as of the globally established TCP/IP protocol used in the internet, are generally intrinsically reliable. Nevertheless, network complexity and intervening barrier hosts sometimes create obstructions that prevent native TCP from offering the reliability of connections that it was designed to guarantee. In these cases, an additional pair of midpoint hosts, building a TCP Persistent Straddle (TPS), provides to overcome these obstacles that native TCP cannot. Below, the TPS, its fundamental principles, its design, and some scenarios under which a TPS configuration might be employed, are described.
As such, TCP tunnels and TCP gateways are known. For instance, the very common Secure Shell (SSH) natively provides tunnelling over TCP. As described in the introduction, some protocol implementations exist to improve the reliability of object delivery over TCP.
As a first overview, the main principles of a TPS system according to the present invention are illustrated in
Now referring to both
Now, in step S140, data from the TCP stream of connection 1 is reliably transmitted until the connection is regularly closed by a user or application. If the connection 2 is detected to be broken in step S150 (details below), TPS hosts 5 and 6 establish a new connection 2 in step S160 and resend packets that have been sent but not arrived in step S170. Normal reliable data transmission continues in step S140.
The details of data transmission and resending are now described referring to
In step S70, with the exception of a packet being complete, no further test on data integrity of the received packet is needed before sending the acknowledgement signal, since connection 2 guarantees the consistency and sequence of the data that is received. Here, a significant benefit from sending the data packets over an connection-oriented sequential data-stream channel, such as TCP, becomes clear. To verify that a packet that has arrived is complete, the length indicator mentioned above can be used.
In a specific embodiment, the acknowledgement signal for the received data packet that has the largest identifier value is embedded in a data packet of regular data traffic that is sent from TPS host 6 to TPS host 5 in the opposite direction.
On receipt of the acknowledgement signal for a packet, TPS host 5 discards the respective copy of the successfully sent packet in step S90. This process is shown in further detail in
If, however, a failure of connection 2 is detected, all packet copies residing in the sent cache 532, i.e. packets which were sent but have not been deleted because no corresponding acknowledgement signal has arrived, are moved to the send queue 531 for regular (re-)transmission as soon as a new connection 2 is established.
To detect if connection 2 is still up, TPS hosts 5 and 6 send heartbeat packets at regular intervals when the data send direction is idle. Either TPS host not receiving any packet (data or heartbeat) after a specified interval has detected a failure of connection 2. In this case, the TPS host drops the connection 2 and establishes a new connection 2 by, in the case of TCP, one TPS host listening for a new connection on an agreed port number while the other TPS host initiates a new connection. Once the connection 2 is re-established, transmission continues normally. In a specific embodiment where acknowledgements are attached to data packets sent in the other direction, it may be desirable to send an additional acknowledgement with the largest successful packet received if there is no other packet to send.
Regarding the use of send queue 531, it may be desirable to perform flow-control via send/receive-matching, since the three TCP connections (1, 2 and 3 in
Although only described in detail in one direction, namely the transmission of data from local endpoint 4 over connection 1 via TPS host 5 and connection 2 and TPS host 6 to foreign host 7 over connection 3, it should be clear that the system would typically be configured full duplex to allow data transmission be performed in the opposite way.
A single TPS host 5 to TPS host 6 connection 2 can service any number of connections between local hosts and foreign hosts by multiplexing the “packets” from all local hosts over a the single TPS host 5 to TPS host 6 connection 2 to all respective foreign hosts.
The TPS system can be adapted to work in a variety of application scenarios. Further configurations are described in the following examples.
For instance, a reliable connection can be established between an intranet and the Internet over a proxy server of the local site. In this case, the local TPS host residing on the intranet establishes a connection to the local proxy server first. The TPS host then sends a connection request to the proxy (http-connect, socks, etc.) to establish a connection to the TPS host residing on the internet.
Such a local TPS host can also provide proxy services to local hosts in the local network. In this case, the configuration can be referred to as proxy over proxy. In fact, the proxy service (http, socks, etc.) need not be of the same type as the proxy service over which the TPS host has established its connection to its peer.
In another application scenario, TPS local port to foreign host mapping (Port Mapping) can be implemented. Here, a local TPS host can be configured to accept connections from local hosts on a specific TCP port which is assigned to a respective connection to a foreign host.
When a local host wishes to establish a connection to a foreign host, the local host would simply connect to the specified port of the TPS host instead. The remote TPS host would subsequently establish a connection to the foreign host.
In another configuration, TPS midpoint 5 is not necessarily accessed via a local network but is itself running on a local host, such as host 4, as a TPS engine running in a separate process or in a thread embedded in an application. In this case, the TPS engine would be accessed by the application code either directly via API or via sockets provided by the TPS engine. For such an implementation, a single conventional socket can be provided to the application by a dedicated library function. The socket can be a TCP socket to which a second conventional socket, owned by the TPS process or thread, is locally connected. Alternatively, the socket can be a UNIX domain socket to which another UNIX domain socket is connected. During operation, the TPS engine runs in its separate process or thread and reads to and/or writes from one end of the socket pair while the application writes to and reads from the other end, respectively.
In another scenario, security of communication is enhanced by using authentication and encryption technology for communication between TPS hosts. One example is using TPS midpoints for providing general encrypted virtual private network (VPN) service. An encrypted channel between TPS hosts over Secure Socket Layer (SSL) could be produced in two ways:
In one implementation, a TPS host uses SSL sockets when communicating to its TPS peer on connection 2. Each time connection 2 is broken, a new SSL channel is established.
In another implementation, TPS hosts use conventional non-secure sockets when communicating to their TPS peers. A TPS host, e.g., a TPS engine as described above, provides a conventional but “reliable” socket, and SSL communicates over this socket. In terms of network service layers, the secure session is thus established “on top of” the reliable connection. In this way, expensive key negotiation would not take place each time the connection between TPS hosts is re-established.
The two-point Persistent Straddle (TPS) is introduced. A TPS provides reliable end-to-end communications across an unreliable TCP network. A TPS configuration consists of two intermediary servers, deemed TPS hosts or midpoints. One TPS host resides in each of two locations between which a persistent and reliable connection is to be established.
When a practically unreliable TCP connection can be established between networks A and B either directly or over gateways, and a persistent and reliable connection between networks A and B is desired, it is proposed to equip each of both networks with one of two TPS hosts. The TPS host in network A is the local TPS host for other clients in network A and the TPS host in network B is the foreign TPS host for all clients in network A (and vice-versa).
In some embodiments, at least one TPS host provides TCP proxy services via http-proxy, socks, port routing, or similar. This TPS host is the proxy destination for connections destined for the foreign network. In an alternative configuration, a TPS midpoint can be embedded within an application as described.
Local TPS hosts accept TCP connections from local hosts and foreign TPS hosts establish connections to foreign hosts as though the local hosts established direct connections to the foreign hosts. Connections between TPS hosts and local hosts are maintained even if the connection between TPS hosts is interrupted. Most importantly, endpoints connected to the TPS are always under the impression that a connection is established between them, independent of the state of the connection between the TPS midpoints.
Local TPS hosts accept data for foreign hosts on the foreign network. Received data is encapsulated in enumerated packets, cached and forwarded to foreign TPS host as conditions permit. For this purpose, TPS hosts perform a stream-to-packet conversion before forwarding the packets to the foreign TPS host over the streamed connection between the TPS hosts. Upon receiving integral packets, foreign TPS hosts send the contents to the associated foreign host over the persistent stream that exists between them.
TPS hosts keep connections to local hosts persistent. Established connections of local hosts to a TPS host are held open even when the connection between TPS hosts is broken. Both local and foreign hosts (endpoints) are continuously under the impression that a connection exists between them. So is the TCP protocol stack on all hosts. Without the intervening TPS, the respective local hosts would consider the connections to their respective partners lost when the TCP connection between networks was to break down.
The invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In an embodiment, the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
Furthermore, the invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W) and DVD.
A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
Input/output or I/O devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening I/O controllers.
Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
To avoid unnecessary repetitions, explanations given for one of the various embodiments are intended to refer to the other embodiments as well, where applicable. In and between all embodiments, identical reference signs refer to elements of the same kind. Moreover, reference signs in the claims shall not be construed as limiting the scope. The use of “comprising” in this application does not mean to exclude other elements or steps and the use of “a” or “an” does not exclude a plurality. A single unit or element may fulfil the functions of a plurality of means recited in the claims.
Number | Date | Country | Kind |
---|---|---|---|
06115138.7 | Jun 2006 | DE | national |