The subject matter which is regarded as the invention is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The foregoing and other objects, features, and advantages of the invention are apparent from the following detailed description taken in conjunction with the accompanying drawings in which:
The detailed description explains the preferred embodiments of the invention, together with advantages and features, by way of example with reference to the drawings.
Turning now to
Laptop 2 is connectable via connection line 13 to server 3 via Internet 21. It will be appreciated that connection line 12 may be any suitable connection such as wireless or wired. It will also be appreciated that Internet 21 contains any suitable resources and logic for establishing communications between PDA 1 and server 3.
Computer server 3 is connectable to enterprise firewall 4 via Internet 21 and connection line 11A. It will be appreciated that connection line 11A may be any suitable connection such as wireless or wired. It will also be appreciated that Internet 21 contains any suitable resources and logic for establishing communications between server 3 and enterprise firewall 4.
Enterprise firewall 4 is connectable via connection line 11B to gateway 5. It will be appreciated that connection line 11A may be any suitable connection such as wireless or wired. It will also be appreciated that gateway 5 may be any suitable gate way such as IBM's Websphere Everywhere Connection Manager™. Gateway 5 is connectable to end user server 2 via connection line 11C to Internet 21A. It will be understood that connection line 11C may be any suitable connection such as wireless or wired. It will also be understood that Internet 21A contains any suitable resources and logic for establishing communications between gateway 5 and server 2.
Still referring to
It will be appreciated by those skilled in the art that once a physical connection is made between PDA 1 and server 2, and/or between laptop 2 and server 2, then a virtual private network (VPNs) may exist.
It will also be understood by those skilled in the art that a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses “virtual” connections routed through the Internet from the company's private network to the remote site or employee.
There are two common types of VPN. The first, is Remote-access VPN. RA is also called a virtual private dial-up network (VPDN), and is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network.
The next type of VPN is site-to-site VPN. Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet.
It will further appreciated by those skilled in the art that most VPNs rely on tunneling to create a private network that reaches across the Internet. In short, tunneling is the process of placing an encrypted data packet within another data packet and sending the hybrid data packet over a network. The protocol of the outer packet is understood by the network and both points, called tunnel interfaces, where the packet enters and exits the network. VPN tunneling is well known in art and will not be discussed here.
Turning also to
It will be appreciated that embodiments of the invention may be hosted by any appropriate network device. For example, referring still to
Still referring to
Presentation layer 51A2 provides independence from differences in data representation, for example, encryption, by translating from application to network format. This layer formats and encrypts data to be sent across a network.
Session layer 51A3 establishes, manages and terminates connections between applications.
VPN monitor layer 51A4 inspects all existing persistent VPN connections to endpoints within the VPN network. Once a VPN network is identified 21A, the VPN monitor layer monitors data from the application layer 51A1 destined for the identified VPN network 21A via the VPN connection 7. If a physical connection is lost, (
Network layer 51AB provides switching and routing logic and resources necessary for creating virtual circuits for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing and error handling. Thus, if the duration of a network outage or roam is longer than that of the maximum time-out of the application and protocol in use, the persistent VPN connection is lost. For example, in the event of a TCP protocol, the time-out can be as little as a few seconds over a very fast network if the Round Trip Time (RTT) of each data packet is a few milliseconds.
Transport layer 51A6, Data Link layer 51A7, and Physical layer 51A8 are well known in the art and need not be discussed further.
Referring now to
As shown, data from the application layer 51B1 is first passed to a transport layer 51B2 consisting of several protocols used for various purposes. The TCP portion 51B23 of the transport layer organizes data into packets and provides reliable packet delivery across a network through the IP layer 51B3. (TCP is said to be “connection oriented” in that TCP checks to see if the data arrived at its destination and will re-send if it did not.) UDP 51B222 or User Datagram Protocol also moves data to the IP layer 51B3, but unlike TCP 51B23 does not guarantee reliable packet delivery. Lastly, the Internet Control Message Protocol or ICMP 51B21 is used to report network errors and if a computer is available on the network.
From the transport layer 51B2 data is passed to the Internet Protocol (IP) Layer 51B3 responsible for delivering TCP 51B23 and UDP 51B22 packets across a network. IP 51B3 transfers the data packets to the data link 51B5 and physical layer 51B6, i.e., network interface card (NIC) through VPN monitor layer 51B4.
VPN monitor layer 51B4 operates similarly to the earlier described VPN monitor layer 51A4 in the OSI network model. VPN monitor layer 51B4 inspects all existing persistent VPN connections to endpoints within the VPN network. Once a VPN network is identified 21A, the VPN monitor layer 51B4 monitors data from the application layer 51B1 destined for the identified VPN network 21A via the VPN connection 7. If a physical connection is lost, (
Turning also to
If a network outage occurs, e.g., during a roam or driving through a tunnel with a mobile device and if an embodiment of the present invention determines the VPN network is not available 34 and if the data matches the network or networks residing within the VPN network, the layer injected into the OSI model above the network stack would temporarily queue 35 the traffic from entering the network layer until network connectivity returns.
The capabilities of the present invention can be implemented in software, firmware, hardware or some combination thereof.
As one example, one or more aspects of the present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media. The media has embodied therein, for instance, computer readable program code means for providing and facilitating the capabilities of the present invention. The article of manufacture can be included as a part of a computer system or sold separately.
Additionally, at least one program storage device readable by a machine, tangibly embodying at least one program of instructions executable by the machine to perform the capabilities of the present invention can be provided.
The diagrams depicted herein are just examples. There may be many variations to these diagrams described therein without departing from the spirit of the invention. The flow diagrams depicted herein are also just examples. There may be many variations to these diagrams or the steps (or operations) described therein without departing from the spirit of the invention. For instance, the steps may be performed in a differing order, or steps may be added, deleted or modified. All of these variations are considered a part of the claimed invention.
While the preferred embodiment to the invention has been described, it will be understood that those skilled in the art, both now and in the future, may make various improvements and enhancements which fall within the scope of the claims which follow. For example, any suitable IP protocol may be used. Such as, for example, Ipv4 or Ipv6. In addition, the previously described WECM or any suitable connection manager may be used. These claims should be construed to maintain the proper protection for the invention first described.