Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
2000-10-20
2004-09-14
Winder, Patrice (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
C709S203000, C709S218000
Reexamination Certificate
active
06792463
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to the Internet and more particularly applies to gateways and proxies used by Internet Service Providers (ISPs) and enterprise networks administrators at the boundary of their networks.
BACKGROUND OF THE INVENTION
The Internet is actually a worldwide IP network that links many different organizations. The Internet is not a centralized organization but a collection of different networks from various sources, governmental, educational and commercial. Internet routing is done by many Internet providers, government departments and private service companies who establish connections among themselves and build the base of the network. Organizations and individuals connected to the Internet are usually bound to one provider and so may communicate with any other connected organization and individual across the inter-provider routes that are made of expensive communications lines often referred to as ‘peer lines’.
To cope with the explosion of the Internet over the past years, a rapid expansion in bandwidth and other resources deployed by the ISPs was required. Then, to contain their operational costs, ISPs and administrators of enterprise networks have largely used proxy caching which can significantly reduce bandwidth costs by retaining, locally, highly used information rather than accessing it from a remote content-server, through an expensive link (i.e., long-distance and sometimes transatlantic lines), each time it is requested by an end-user (ISP's customers and users). The caching proxy function is also beneficial to the end-user who may thus enjoy good response time. The function is carried out by a proxy-server which is a Web server that takes over the responsibility of retrieving Internet data for multiple browser clients. Client requests are sent to the servers through the proxy server. Typically, European ISPs have their network built around this scheme. They have installed cache farms in Europe to better serve Web pages from the local cache farms rather than retrieving the pages from US content-server since it is observed that a very high percentage of the requested Web pages in Europe (up to 9 out 10) are hosted in servers located in the USA.
However, the use of proxy-servers does not go without posing its own set of problems. A first example of the problems created by the use of a proxy-server is when each user interface (i.e., client browsers) needs to be explicitly configured to recognize the proxy at the gateway of a network. This becomes rapidly an administration nightmare when proxy-servers are moved, or when proxy-server farms need to grow since all user interface need to be reconfigured. This also introduces a flaw in the main objective of such a deployment. Some users, sometimes many, which are well aware of the advantages and disadvantages of using a proxy-server on their way to the content-server, purposely disable the default proxy-server setup on their system by the network administrator. As a consequence the proxy server becomes less efficient since it handles only part of the traffic and the statistical benefit expected from the use of a proxy-server may be highly impaired by the numerous users attempting to bypass it.
However, solutions to this first type of problem have been brought by implementing “transparent proxying” techniques which do not require that each user be explicitly configured to recognize a proxy. A transparent proxy manages to catch anyway all outbound traffic irrespective of the end user attempts to bypass it. A discussion on this and more can be found in a publication by the International Technical Support Organization of IBM Corporation, P.O. Box 12195, Research Triangle Park, N.C. 27709 U.S.A, under the title ‘
Web Caching and Filtering with IBM Websphere Performance Pack
’, dated March 1999.
A second type of problems encountered when using proxy-servers occurs on the path from the proxy-server to the content-server when the proxy-server is not able to provide the requested service e.g., because it does not have the requested Web page yet. In such a case, a proxy-server normally issues a request to the content-server with its own identification, utilizing its own IP address. However, prior to the installation of a proxy-server by an ISP or an enterprise network manager, some specialized hardware and software may have preexisted that were performing filtering and shaping function between clients and content-servers and more likely in front of the most expensive lines. This, in an attempt to regulate the traffic and prevent some users or some group of users from over-utilizing network resources (i.e., bandwidth) beyond what has been negotiated. Thus, the insertion of proxy-servers between clients and content-servers, which hides the identification of the actual users, does not permit those shaping and filtering functions to operate properly since their algorithms were essentially based on the real addresses of the users having issued the requests.
This second type of problems is solved in new proxy-servers that are capable of issuing requests to content-servers on behalf of the end users by borrowing (spoofing) their identification i.e., the proxy server uses user IP addresses instead of their own; hence, insuring that all downstream functions that were previously put in place, such as shaping and filtering, still operate as expected. Unfortunately, by doing so, this has introduces a further problem, especially for the case of these new proxy-servers which are in fact implemented as clusters of servers fed, on client side, from load balancing functions. This way of organizing servers has become very popular because of all its advantages in terms of maintainability, availability and scaleability. Much more on load balancing over a cluster of servers can be found e.g., in a ‘Redboook’ by IBM published by the Austin, Texas center of the International Technical Support Organization (ITSO) and untitled “Load-Balancing Internet Servers” under the reference SG24-4993 on December 1997.
Therefore, in this case i.e., when the proxy-server is actually a cluster of servers (and in other similar situations where the proxy is not a single entity through which responses to all inbound traffic must return), spoofing the end user address in requests destined to remote content-servers cannot guarantee that responses will return to the particular proxy server, within the cluster of proxy severs, that originated the request. This is because, it is the end-user client address that has been used in lieu of the server address (for the reasons mentioned herein above).
This problem of the unpredictable return path to the originating individual proxy server in effect, foils the use of spoofing when the proxy-server is a cluster of servers. It would be highly desirable that both techniques (i.e., spoofing of the user address and proxy-servers implemented as a cluster of servers) be used simultaneously to implement a very effective solution for proxy-servers, a key component of all ISP and enterprise networks.
FIG. 1
illustrates prior art and discusses the problem solved by the invention when a proxy-server [
100
] to an ISP or enterprise network [
110
] is made of a cluster of individual servers comprising three servers [
101
], [
102
] and [
103
] in this particular example. Individual servers, within the cluster, are fed from a load balancer [
120
] aimed at dispatching the workload resulting from requests issued from the users (e.g., [
111
]) connected on the ISP/enterprise network [
110
]. Because this way of organizing a server is very effective and very flexible it is widely used to implement servers. Among the numerous advantages a cluster of servers fed through a load balancer offer, the possibility of upgrading server performances by adding extra individual servers any time to cope with the increase of the traffic on one hand and the redundancy provided by the multiplicity of servers and the load balancing function (
Lamberton Marc
Levy-Abegnoli Eric
Thubert Pascal
Campbell John E.
Gonzalez Floyd A.
International Business Machines - Corporation
Lazaro David
Winder Patrice
LandOfFree
System, method and program product for providing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and program product for providing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and program product for providing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3195188