Large enterprises often rely on private networks for internal data communication. Such internal data communication includes internal e-mail, internal web access, and internal database access as well as internal streaming media, file sharing, and file transferring. Data communication which uses the private networks is protected from external security attacks, including eavesdropping and tampering. Data communication over private networks is expected to increase as large enterprises place more activities on-line and as new applications such as streaming media develop and mature.
Private networks are built from physically private communication channels such as leased lines, Frame Relay links, and ATM (asynchronous transfer mode) links. A private network is dedicated to an enterprise's traffic. It has dependable and guaranteed performance characteristics including predictable transmission time (i.e., delay) and bandwidth. The private network also has a low loss rate provided that traffic does not approach the bandwidth for an extended period of time or that the traffic does not exceed the bandwidth. However, the private network is expensive. In many cases, an enterprise must pay for bandwidth regardless of whether it is used. Due to limited budgets, an enterprise will normally choose to not purchase significantly more capacity than the enterprise expects to use. For such an enterprise, flash traffic or a sudden large bandwidth flow can cause congestion which results in increased delays as packet queues grow and lost packets as the packet queues overflow.
Typically, a private network will include gateways to the Internet via ISPs (Internet service providers), which provide connectivity between the private network and the Internet. Such connectivity exists for many reasons including providing employees with quick access to resources and services on the Internet. Generally, the private network will have multiple gateways to the Internet with each gateway providing connectivity to the Internet for a locale. This provides lower delays when accessing the Internet. This also conserves bandwidth along the private network since traffic bound for and returning from the Internet does not travel along significant portions of the private network.
A VPN (virtual private network) includes two or more sites coupled together by IP (Internet protocol) tunnels. An IP tunnel between two sites encrypts packets at the first site, transmits the packets over the Internet to the second site, decrypts the packets at the second site, and utilizes authentication to detect packet tampering between the first and second sites. Private networks are inherently secure. In contrast, Internet-based VPNs provide security through encryption and authentication. Relative to private networks, VPNs are inexpensive. However, VPNs provide lower quality of service compared to private networks. Because the VPNs make use of the Internet and because the Internet is shared among many users, it is not possible to guarantee loss rate, delay, or bandwidth. Even within a single communication session, it is possible to experience a wide range of delays and bandwidths. Because of these limitations, large enterprises use private networks for internal traffic and make use of VPNs when connecting home users, small isolated offices, or partners to their private networks.
Because flash traffic or a sudden large bandwidth flow on a private network can cause increased delays and can result in lost packets, it would be desirable to be able to use an Internet-based VPN to route some private network traffic. However, because of the Internet's shifting delay and bandwidth characteristics, a technique for assuring efficient use of the private network and the VPN is needed. More generally, there is a need for a routing protocol which routes some network traffic over an internal network and other network traffic over an external network.
What is needed is a method of routing a packet between nodes of a network by routing the packet at least partly over an external network.