1. Technical Field
The present invention relates in general to data communication and in particular to data communication over a virtual private network (VPN) within a public network such as the Internet. Still more particularly, the present invention relates to a method and system for testing characteristics, such as connectivity and responsiveness, of a Layer 2 tunnel in a VPN.
2. Description of the Related Art
Over the past several years, there has been explosive growth in the Internet, which is a decentralized collection of interconnected networks and gateways that utilize the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol suite to communicate. These networks include governmental, educational, commercial, and other networks, which include numerous servers, routers, and other network devices that store information and route data packets between end stations. The Internet is a public network, meaning that access to the Internet is unregulated and is available to anyone with an Internet Service Provider (ISP) dial-up account or dedicated line. Because of the absence of access regulation and inconsistent security enforcement across its constituent networks, data communication over the Internet is vulnerable to interception, redirection, and other forms of tampering.
In order to provide an enhanced level of security for communication conducted over the Internet (or other public network), Virtual Private Networks (VPNs) were developed. A VPN is a set of devices that communicate over a public network utilizing a common encryption scheme that protects communication between the devices from being easily intercepted or otherwise tampered with. Thus, a VPN advantageously permits authenticated users belonging to the VPN to communicate over the public network as if they had a dedicated line.
Often the ultimate end stations for which communication over a VPN within the Internet is to be established belong to networks (e.g., local area networks (LANs)) that do not utilize the TCP/IP protocol suite, but instead utilize other network and transport protocols such as the SPX/IPX (Sequenced Packet exchange/lnternetwork Packet eXchange) protocol employed by Novell NetWare or the NetBIOS protocol developed by International Business Machines (IBM) Corporation of Armonk, New York. As a result, if VPNs are to be supported for such end stations, some mechanism is required to transport the data packets built utilizing these non-IP protocols over the IP protocol networks comprising the Internet. This mechanism is known in the art as tunneling.
Tunneling simply means that a data packet from a first protocol (e.g., a non-IP protocol) is encapsulated in a data packet of a second protocol (e.g., the IP protocol) in order to transport the data packet over a network utilizing the second protocol. VPNs support four types of tunnels: (1) an IPSec tunnel implemented at Layer 3 and defined by the Internet Engineering Task Force (IETF) IPSec standard; (2) a Layer 2 Tunneling Protocol (L2TP) tunnel implemented at Layer 2 and defined by IETF Standards Track Internet draft; (3) a Layer-2 Forwarding (L2F) tunnel that is commercially used by Cisco Systems and defined by Informational RFC 2341; and (4) a Point-to-Point Tunneling Protocol (PPTP) tunnel that is implemented at Layer 2, utilized by products of Microsoft Corporation of Redmond, Washington, and defined by the PPTP Informational Internet draft. All of the above-listed standards are incorporated herein by reference. Of these standards, the L2TP, L2F, and PPTP are all similar in that they are all Layer 2 tunnels that utilize the Point-to-Point Protocol (PPP) defined by RFC 1661.
A variety of network problems may arise that can prevent the proper establishment and/or operation of a Layer 2 tunnel. The present invention recognizes that network administrators currently have no tools to test the connectivity and responsiveness of Layer 2 tunnels and therefore experience difficulty in diagnosing and correcting such problems. The present invention addresses the shortcomings in the art as described below.
The present invention provides a method and system for testing a Layer 2 tunnel in a data communication network including a network device and a network manager. According to the method of the present invention, a test invocation is received from the network manager at the network device. In response to receipt of the test invocation at the network device, a Layer 2 tunnel within the data communication network is tested, and a result of the test is reported to the network manager. The tests that may be conducted include a connectivity test to determine if a Layer 2 tunnel can be established and a responsiveness test to determine the propagation time of a Layer 2 tunnel. Advantageously, both compulsory and voluntary Layer-2 tunnels can be tested, thereby enabling all Layer 2 protocols (e.g., L2TP, L2F, and PPTP) to be supported.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.