Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1999-02-25
2001-05-29
Le, Dieu-Minh T. (Department: 2184)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C713S152000
Reexamination Certificate
active
06240533
ABSTRACT:
FIELD OF THE INVENTION
The invention relates generally to communication networks and, more specifically, to devices for ensuring uninterrupted service in a communication network.
BACKGROUND OF THE INVENTION
Communication networks generally comprise a number of communication nodes that are interconnected using some form of communication medium. For example, a local area network (LAN) is a communication network that includes a number of user terminals in a relatively localized area that are interconnected amongst each other by a network medium such as a twisted pair or coaxial cable. Communication networks can also be connected to other communication networks so that users of one connected network can communicate with users of another connected network. An example of this is the Internet which consists of a large number of individual networks that are connected to one another through a high capacity backbone medium. Individual communication networks can also be subdivided into a number of subnetworks that each consist of a subgroup of the total nodes in the network. For example, a large corporation having many different buildings may maintain a different subnetwork for each building. The subnetworks are then interconnected to form the corporate network. The individual subnetworks are often separately addressable entities that can be individually managed.
Oftentimes, it is desirable to insert a server or other type of network device within an individual link in the network so that all communications through that link pass through the server. An example of this would include the insertion of a firewall device within the connection path between two networks or subnetworks, such as between a private network and the Internet. A firewall device is essentially a filter that controls the type of information that can flow into or out of an individual network. For example, a corporation whose corporate network is connected to the Internet may install a firewall within the connection to prevent external entities from having access to the corporation's internal files. The corporation's firewall can also be used to control which extra-corporate resources the corporations employees will have access to.
A network server that is located within an individual link of a network can create a problem if the server fails during network operation. That is, the failure will generally sever the connection between the nodes on either side of the network link. If a firewall device fails, for example, the two networks attached thereto will no longer be able to communicate with one another. Many times, such network links are critical to an entity's business activities and must operate without interruption. For this reason, many businesses are reluctant to install servers within these critical links. Failure to install such servers (such as, for example, a firewall) may compromise network security, which can produce equal or greater harm to the entity.
Therefore, a need exists for a method and apparatus that allows uninterrupted service through a network link having a server, even if the server fails.
SUMMARY
The present invention relates to a method and apparatus for providing uninterrupted communication over a network link that includes in-line processing functionality, such as a firewall device. The system includes a switch that can be used to bypass the in-line processing functionality should the functionality fail. In one embodiment, backup functionality is provided to perform the in-line processing when a failure of the original processing functionality is detected. The system also includes a controller for monitoring the in-line processing functionality and for reconfiguring the switch when a failure is detected. The invention can be advantageously implemented, for example, to provide uninterrupted, secure access to a private communications network using a firewall device or similar apparatus.
In a preferred embodiment of the invention, the switch is an Ethernet switch having virtual local access network (VLAN) capabilities. VLAN capabilities allow port groups to be defined that control how external entities connected to the switch will be interconnected with one another. In addition, switching modes can generally be defined that each include a different combination of port groupings. In accordance with the present invention, the mode of the Ethernet switch is changed when a failure of an in-line processing unit has been detected. This mode change effectively bypasses the failed unit so that communications is substantially uninterrupted.
REFERENCES:
patent: 5287461 (1994-02-01), Moore
patent: 5432907 (1995-07-01), Picazo, Jr. et al.
patent: 5473599 (1995-12-01), Li et al.
patent: 5745754 (1998-04-01), Lagarde et al.
patent: 5778174 (1998-07-01), Cain
patent: 5781715 (1998-07-01), Sheu
patent: 5790548 (1998-08-01), Sistanizadeh et al.
patent: 5802320 (1998-09-01), Baehr et al.
patent: 5867667 (1999-02-01), Butman et al.
patent: 6088796 (2000-07-01), Cianfrocca et al.
patent: 6134591 (2000-10-01), Nickles
patent: 6134662 (2000-10-01), Levy et al.
Le Dieu-Minh T.
LodgeNet Entertainment Corporation
Sheridan & Ross P.C.
LandOfFree
Method and apparatus for providing uninterrupted... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for providing uninterrupted..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for providing uninterrupted... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2539607