Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
2002-06-27
2004-06-01
Jung, Min (Department: 2661)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C709S242000
Reexamination Certificate
active
06744774
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to telecommunications networks. More particularly, the invention concerns systems and methods for dynamically routing packets on a network.
BACKGROUND OF THE INVENTION
Dynamic Routing is used on the Internet backbone (core and edge) routers. With the coming of Virtual Private Networks and overlay secure networks using VPN, semantics of dynamic routing shall be affected. Current methods for dynamic routing will lead to various issues and difficulties as virtual private networks become more common. Issues related to running dynamic routing on virtual private networks need to be addressed.
IPsec is the Internet Engineering Task Force (IETF) standards protocol for providing security over the Internet at the network (IP) level. It provides authentication and encryption with the help of manual or automatic key exchange via IKE protocol. IPsec can be implemented via transport or tunnel mode. For the application of virtual private networks and secure overlay networks, tunnel mode of IPsec is typically used. Many implementations implement IPsec tunnels as logical virtual interfaces overlaying the physical interfaces. These logical virtual interfaces can be used as with other interfaces to run dynamic protocols on top of them. In such a setup, the tunnel endpoints will be considered as neighbors and the tunnel will be considered as a point-to-point link.
Running a dynamic protocol, such as Open Shortest Path First (OSPF), Routing Information Protocol (RIP), or Border Gateway Protocol (BGP) on a tunnel interface would mean that routing information like adjacency, distance vector, and link state of the nodes behind one tunnel end point are shipped to the remote tunnel endpoint. As such, the routes at one end (local and private) are learned by the remote tunnel endpoint.
For example,
FIG. 1
shows a tunnel link between endpoints A and B via the Internet. After enabling a dynamic protocol on the tunnel link interfaces on A and B, the routes to hosts in protected network A shall be visible to B as well as to hosts in protected network B. Similarly, the routes in protected network B shall be visible to A as well as to hosts in protected network A. The routing information conveyed in the dynamic routing protocol shall go out encrypted from A to B and B to A.
After the new routes are learned, for traffic from A or hosts in protected network A destined to B, or for hosts in protected network B, the tunnel interface can be chosen. As such, packets will go through IPsec processing, thereby coming out of the tunnel encrypted for destinations in B. Difficulties may arise, however, such as difficulties related to conflicts in routing between the virtual nature of the link between A and B and the physical links on which it is overlaid. Other difficulties may also arise, such as related to routing decisions between virtual paths and physical paths, between more than one virtual path, or between IPsec processing and routing procedures.
SUMMARY OF THE INVENTION
The present invention overcomes many routing difficulties that may arise in relation to dynamic routing and virtual paths. As such, the present invention provides methods for updating a routing table and routing packets on a network having virtual links overlaying physical links. One embodiment of the invention includes updating a routing table using interface information shared by a neighboring router. Other embodiments include making routing decisions based on interface information from a neighboring router. Further embodiments include making routing decisions based on priorities established according to interface information. Yet other embodiments include making routing decisions based on local interface information.
In one embodiment of the invention, a method of updating a routing table on a first gateway includes the steps of receiving data disclosing interface information on a neighboring second gateway, and updating a routing table based on the interface information. The interface information for the neighboring second gateway includes identification of communication interfaces on the second gateway, a neighbor for each one of the interfaces, an interface type for each one of the interfaces, and a physical type interface on which each virtual type interface is overlaid.
In another embodiment of the invention, a gateway is provided that routes packets based on data provided in an interface message from neighboring gateways. The steps involved in routing a packet at the gateway includes receiving the data packet, choosing a first route based on a routing protocol, determining an interface on the second gateway corresponding to a second next hop in the route, identifying a third gateway based on the interface, and if the third gateway matches the first gateway, choosing another route.
In other embodiments of the invention, computer-executable instructions for implementing the disclosed methods are stored on computer-readable media. Other features and advantages of the invention will become apparent with reference to the following detailed description and figures.
REFERENCES:
patent: 5602839 (1997-02-01), Annapareddy et al.
patent: 5867666 (1999-02-01), Harvey
patent: 5923854 (1999-07-01), Bell et al.
patent: 6067574 (2000-05-01), Tzeng
patent: 6101188 (2000-08-01), Sekine et al.
patent: 6115362 (2000-09-01), Bosa et al.
patent: 6330599 (2001-12-01), Harvey
patent: 6510159 (2003-01-01), Noriyuki
patent: 6611872 (2003-08-01), McCanne
patent: 6615273 (2003-09-01), Pan
patent: 6625658 (2003-09-01), Oguchi et al.
J. Touch et al., “Use of IPsec Transport Mode for Virtual Networks”, Internet Draft: http://search.ietf.org/internet-drafts/draft-touch-ipsec-vpn-03.txt, Mar. 2002, Expires: Sep. 1, 2002.
IP Security Protocol (ipsec), IPsec mailing lists: ipsec@lists.tislabs.com (with copies of e-mails from the mail list) May 16, 2002.
J. Moy, “OSPF Version 2”, Internet Official Protocol Standards, Network Working Group, Request for Comments: 2328, STD: 54, Obsoletes: 2178, Category: Standards Track, Apr. 1998, pp. 1-204.
G. Malkin, “RIP Version 2”, Internet Official protocol Standards, Network Working Group, Request for Comments: 2453, Obsoletes: 1723, 1388, STD: 56, Category: Standards Track, Nov. 1998, pp. 1-37.
S. Kent et al., “Security Architecture for Internet Protocol”, Internet Official Protocol Standards, Network Working Group, Request for Comments: 2401, Obsoletes: 1825, Category: Standards Track, Nov. 1998, pp. 1-62.
Banner & Witcoff , Ltd.
Jung Min
Nokia Inc.
LandOfFree
Dynamic routing over secure networks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Dynamic routing over secure networks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Dynamic routing over secure networks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3329055