Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
2000-01-18
2002-10-08
Rinehart, Mark H. (Department: 2152)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
C370S389000
Reexamination Certificate
active
06463475
ABSTRACT:
COPYRIGHT NOTICE
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
BACKGROUND OF THE INVENTION
A. Field of the Invention
The present invention relates to a method and device for switching network tunnel connections.
B. Description of the Related Art
A tunnel connection allows a user to access a destination network via an intermediate network such as the public Internet. For example, as seen in
FIG. 1
, a remote user
10
traveling in San Diego, Calif. wishes to connect to a destination network
20
at his home in Chicago, Ill. Typically, the remote user
10
would place a long distance telephone call over the public switched telephone network to Chicago to directly access the destination network
20
on a dial up access connection.
If the destination network has an Internet access
22
, however, a tunnel connection through the Internet
40
may be used to access the destination network
20
. To initiate a tunnel connection, the remote user
10
places a local telephone call
12
through the public switched telephone network (“PSTN”)
30
and Internet Service Provider (“ISP”)
42
local point-of-presence in San Diego. In this example, the remote user
10
would be a subscriber to a national ISP
42
with a local dial up access in San Diego. Upon being accessed by the remote user
10
, the ISP
42
searches its subscriber database to identify the destination network
20
associated with the remote user
10
. To reach the destination network
20
, the ISP
42
recognizes the remote user
10
requires a connection or “tunnel” over the Internet
40
to the destination network
20
. The ISP
42
forms a tunnel connection
50
to the destination network
20
by sending data from remote user
10
to the Internet access point address of the destination network
20
. Data sent to the remote user
10
is thus tunneled across the Internet
40
to the destination network
20
. The tunnel connection
50
across the Internet
40
thus allows remote access to the destination network
20
by placing a local telephone call.
Such a tunnel connection
50
over the public Internet
40
, however, typically requires the destination network
20
to allow public Internet access. In order for the tunnel connection to be established from the ISP
42
to the destination network
20
, the destination network
20
usually must typically have a Internet address that is accessible from the ISP
42
. The destination network
20
is therefore publicly accessible, without the ability to control access and maintain information secure and protected during tunneling access. Thus, information that the destination network
20
wishes to maintain protected is typically not made accessible to tunnel connections over the public Internet
40
.
In addition, the destination network
20
may have a number of resources
22
,
24
,
26
to accommodate a large number of incoming remote users. The ISP
42
creating tunnels to the destination network
20
, however, typically controls the establishing of tunnels to the destination network
20
. The destination network has no control over which of its resources
22
,
24
,
26
are used to handle the incoming tunnel traffic. Thus, a number of ISPs
42
,
44
,
46
may be directing incoming tunnels to only one of a destination network's available resources
22
,
24
,
26
. This busy resource may suffer from congestion, while the destination network's other resources are underutilized.
Accordingly, it is desirable to have the ability to consolidate the control of tunnel access to a destination network for security reasons, as well as, to direct the routing of incoming tunnels to a particular access point of the network. Consolidating control of tunnel access to a destination network also provides other benefits as will be apparent.
SUMMARY OF THE INVENTION
The present invention provides switched tunnel connections from a user to a destination or a multiple number of destinations. The present invention determines the appropriate destination for switching incoming tunnel connections based on information relating to the user originating the incoming tunnel. A switched tunnel is then initiated to switch tunnel traffic to the appropriate destination. For example, the present invention may determine from the information relating to the originating user that a switched tunnel connection should be initiated to a destination associated with the originating user.
The present invention provides the ability to impose a security verification on users before initiating a switched tunnel connection to access to the destination. Before allowing access, the originating user of the incoming tunnel is verified to have the proper permission to access the destination. If the user does not have the proper permission, access is denied and the switched tunnel connection is not initiated. The ability to grant either public or private access can be achieved by verification of permissions before switching a tunnel to the destination. Authentic users can be switched to the private access point by initiating a switched tunnel connection. Unauthenticated users are terminated at the public access point and not switched to the destination. By verifying users, controlled access to protected information can be provided by switching tunnels over the public Internet.
The present invention also provides load-balancing to a destination having a multiple number of access points by intelligent switching. Load balancing is achieved by intelligently determining the access points to which switched tunnels are initiated. For example, if the destination has a multiple number of access points, the present invention may switch switched tunnel connections to one of the destination access points based on round robin selection between the available access points. The present invention may also switch switched tunnel connections to one of the destination access points based on the traffic load at the access points. Intelligently switching switched tunnel connections to share traffic load among multiple access points can reduce congestion at the destination.
The present invention also allows the switching of a plurality of tunnels from a user to bundle together a plurality of tunnels from the same user to the destination. The term “bundle”, as used herein, is intended to mean a collection of connections or links used collectively for a communication session. To achieve the high bandwidth bundling offered by protocols such as Multi-link PPP, tunnels from the same user must be routed to the same destination. If the switch has already established a switched tunnel to the destination for that user, subsequent incoming tunnel traffic to that destination can be switched over the existing switched tunnel. Thus, a plurality of incoming tunnel connections are bundled together over a switched tunnel connection.
In the described embodiment, a method is provided for establishing a communication link from an originating user to a destination by receiving an incoming tunnel connection, and based on information about the originating user, initiating a switched tunnel connection for switching traffic from the incoming tunnel connection to the destination over the switched tunnel. A database of information or user profiles relating to the originating users is provided and queried for information relating to establishing the communication link to the appropriate destination. Also provided is a tunnel switching device having a process for terminating an incoming tunnel connection, a dispatch process for determining whether a switched tunnel connection is to be made, and an initiation process to initiate a switched tunnel connection for switching traffic between the user and the destination. The tunnel switching device switches
3Com Corporation
McDonnell & Boehnen Hulbert & Berghoff
Rinehart Mark H.
Thompson Marc D.
LandOfFree
Method and device for tunnel switching does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and device for tunnel switching, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and device for tunnel switching will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2984280