Field of the Invention
The present invention relates to the routing of messages from a client computer to one or more resources through a network. Various aspect of the invention may be used to ensure that messages sent from a client computer through a virtual private network (VPN) channel to a network are correctly routed to the appropriate resources.
Description of the Related Art
In the last decade, the use of electronic computer networks has greatly increased. Electronic computer networks may be found in businesses, schools, hospitals, and even residences. With these networks, two or more computing devices communicate together to exchange packets of data according to one or more standard protocols, such as the TCP/IP protocols. Usually, one computer, often referred to as a “client,” requests that a second computer perform a service. In response, the second computer, often referred to as a “server,” performs the service and communicates the resulting data back to the first computer.
As reliance on computers has increased, the demand to access computer resources from a variety of locations has increased as well. Conventionally, for example, a business user may have accessed resources on a corporate server through a desktop computer connected to the corporate server by a private, secure corporate network. Now, however, that user may wish to access the same corporate resources from a remote location over a public network, such as the Internet. For example, a user may need to access resources through a corporate network from a personal computer while at home or from a laptop computer while traveling. In order to securely access the resources, the user will typically employ an encrypted communication technique. The network formed by the remote computer and the network using encrypted communications are typically referred to as a Virtual Private Network (VPN).
A virtual private network can be formed using a plurality of different encrypted communication techniques. For example, a remote computer may implement a temporary or permanent dedicated communication software application to securely communicate with the network. The dedicated communication software application will then encrypt and send and messages to the network, and receive and decrypt messages received from the network. Some examples of this type of dedicated communication software application may embed encrypted messages in conventionally formatted data packets, so that the encrypted messages are invisible from outside of the secure communication channel. The virtual private networks that employ these embedded communication techniques are sometimes referred to as “tunneling” virtual private networks, as their communications may “tunnel” through a public network. Alternately, a remote computer may communicate with a network using a conventional browser application enhanced with additional “plug-in” software. With this type of virtual private network, the resources may be used by the network rather than the remote computer. The information obtained from using the resources will then be visible through the browser.
It also should be appreciated that, with some implementations of a virtual private network, the remote computer can communicate point-to-point with some or all of the nodes within the network. With still other implementations of a virtual private network, however, the remote computer may directly communicate with only a proxy software application. The proxy software application will then decrypt communications from the remote computer, and route them to the appropriate node within the network. With this type of virtual private network, the proxy software application will be hosted on a computer (or computing node) outside of a firewall protecting the network. The proxy software application will then communicate with network nodes through the firewall. Different types of virtual private networks may employ any desired encryption technique. For example, a virtual private network may implement communication channels secured using the Secure Socket Layers (SSL) protocol, the Hypertext Transfer Protocol Secure (HTTPS) protocol (which employs the Secure Socket Layers (SSL) protocol), or the Internet Protocol Security (IPSec) protocol.
While a virtual private network can provide a remote computer with secure access to resources through a network, it may be desirable for the virtual private network to ignore some resource access requests. For example, a user or software application running on the remote computer may request access to a resource that is simply unavailable to the network. Alternately, a user or software application running on the remote computer may request access to a resource that is available through the public network. For example, a company may maintain a network with the hostname “mycompany.com.” While this network may include several private resources, it also may include various portions that are publicly accessible, such as World Wide Web pages available through the domain name “www.mycompany.com.” Accordingly, it may be a waste of valuable bandwidth on a secure communication channel to access resources that can otherwise be obtained through the public network. If a resource cannot or should not be accessed through the virtual private network, then it may be preferable for the virtual private network to ignore a request to access the resource, and instead have the resource access request handled locally at the remote computer via a different network mechanism.
Also, virtual private networks will conventionally access resources through a network using specific addresses for the resource locations, such as Internet Protocol (IP) addresses. This access regimen allows the resource to be more easily identified. It would be desirable, however, to allow resources to be accessed using name identifiers, such as hostnames and domain names. A name may be consistently employed to access a resource, for example, even if the specific IP address changes.