The present invention relates to computer network data transmission, and more particularly relates to tools and techniques for communications using disparate parallel networks, such as a virtual private network (xe2x80x9cVPNxe2x80x9d) or the Internet in parallel with a point-to-point, leased line, or frame relay network, in order to help provide benefits such as load balancing across network connections, greater reliability, and increased security.
Organizations have used frame relay networks and point-to-point leased line networks for interconnecting geographically dispersed offices or locations. These networks have been implemented in the past and are currently in use for interoffice communication, data exchange and file sharing. Such networks have advantages, some of which are noted below. But these networks also tend to be expensive, and there are relatively few options for reliability and redundancy. As networked data communication becomes critical to the day-to-day operation and functioning of an organization, the need for lower cost alternatives for redundant back-up for wide area networks becomes important.
Frame relay networking technology offers relatively high throughput and reliability. Data is sent in variable length frames, which are a type of packet. Each frame has an address that the frame relay network uses to determine the frame""s destination. The frames travel to their destination through a series of switches in the frame relay network, which is sometimes called a network xe2x80x9ccloudxe2x80x9d; frame relay is an example of packet-switched networking technology. The transmission lines in the frame relay cloud must be essentially error-free for frame relay to perform well, although error handling by other mechanisms at the data source and destination can compensate to some extent for lower line reliability. Frame relay and/or point-to-point network services are provided or have been provided by various carriers, such as ATandT, Qwest, XO, and MCI WorldCom.
Frame relay networks are an example of a network that is xe2x80x9cdisparatexe2x80x9d from the Internet and from Internet-based virtual private networks for purposes of the present invention. Another example of such a xe2x80x9cdisparatexe2x80x9d network is a point-to-point network, such as a T1 or T3 connection. Although the underlying technologies differ somewhat, for purposes of the present invention frame relay networks and point-to-point networks are generally equivalent in important ways, such as the conventional reliance on manual switchovers when traffic must be redirected after a connection fails, and their implementation distinct from the Internet. A frame relay permanent virtual circuit is a virtual point-to-point connection. Frame relays are used as examples throughout this document, but the teachings will also be understood in the context of point-to-point networks.
A frame relay or point-to-point network may become suddenly unavailable for use. For instance, both MCI WorldCom and ATandT users have lost access to their respective frame relay networks during major outages. During each outage, the entire network failed. Loss of a particular line or node in a network is relatively easy to work around. But loss of an entire network creates much larger problems.
Tools and techniques to permit continued data transmission after loss of an entire frame relay network that would normally carry data are discussed in U.S. patent application Ser. No. 10/034,197 filed Dec. 28, 2001 and incorporated herein. The ""197 application focuses on architectures involving two or more xe2x80x9cprivatexe2x80x9d networks in parallel, whereas the present application focuses on architectures involving disparate networks in parallel, such as a proprietary frame relay network and the Internet. Note that the term xe2x80x9cprivate networkxe2x80x9d is used herein in a manner consistent with its use in the ""197 application (which comprises frame relay and point-to-point networks), except that a xe2x80x9cvirtual private networkxe2x80x9d as discussed herein is not a xe2x80x9cprivate networkxe2x80x9d. Virtual private networks are Internet-based, and hence disparate from private networks, i.e., from frame relay and point-to-point networks. To reduce the risk of confusion that might arise from misunderstanding xe2x80x9cprivate networkxe2x80x9d to comprise xe2x80x9cvirtual private networkxe2x80x9d herein, virtual private networks will be henceforth referred to as VPNs. Other differences and similarities between the present application and the ""197 application will also be apparent to those of skill in the art on reading the two applications.
Various architectures involving multiple networks are known in the art. For instance, FIG. 1 illustrates prior art configurations involving two frame relay networks for increased reliability; similar configurations involve one or more point-to-point network connections. Two sites 102 transmit data to each other (alternately, one site might be only a data source, while the other is only a data destination). Each site has two border routers 105. Two frame relay networks 106, 108 are available to the sites 102 through the routers 105. The two frame relay networks 106, 108 have been given separate numbers in the figure, even though each is a frame relay network, to emphasize the incompatibility of frame relay networks provided by different carriers. An ATandT frame relay network, for instance, is incompatiblexe2x80x94in details such as maximum frame size or switching capacityxe2x80x94with an MCI WorldCom frame relay network, even though they are similar when one takes the broader view that encompasses disparate networks like those discussed herein. The two frame relay providers have to agree upon information rates, switching capacities, frame sizes, etc. before the two networks can communicate directly with each other.
A configuration like that shown in FIG. 1 may be actively and routinely using both frame relay networks A and B. For instance, a local area network (LAN) at site 1 may be set up to send all traffic from the accounting and sales departments to router A1 and send all traffic from the engineering department to router B1. This may provide a very rough balance of the traffic load between the routers, but it does not attempt to balance router loads dynamically in response to actual traffic and thus is not xe2x80x9cload-balancingxe2x80x9d as that term is used herein.
Alternatively, one of the frame relay networks may be a backup which is used only when the other frame relay network becomes unavailable. In that case, it may take even skilled network administrators several hours to perform the steps needed to switch the traffic away from the failed network and onto the backup network, unless the invention of the ""197 application is used. In general, the necessary Private Virtual Circuits (PVCs) must be established, routers at each site 102 must be reconfigured to use the correct serial links and PVCs, and LANs at each site 102 must be reconfigured to point at the correct router as the default gateway.
Although two private networks are shown in FIG. 1, three or more such networks could be employed, with similar considerations coming into play as to increased reliability, limits on load-balancing, the efforts needed to switch traffic when a network fails, and so on. Likewise, for clarity of illustration FIG. 1 shows only two sites, but three or more sites could communicate through one or more private networks.
FIG. 2 illustrates a prior art configuration in which data is normally sent between sites 102 over a private network 106. A failover box 202 at each site 102 can detect failure of the network 106 and, in response to such a failure, will send the data instead over an ISDN link 204 while the network 106 is down. Using an ISDN link 204 as a backup is relatively easier and less expensive than using another private network 106 as the backup, but generally provides lower throughput. The ISDN link is an example of a point-to-point or leased line network link.
FIG. 3 illustrates prior art configurations involving two private networks for increased reliability, in the sense that some of the sites in a given government agency or other entity 302 can continue communicating even after one network goes down. For instance, if a frame relay network A goes down, sites 1, 2, and 3 will be unable to communicate with each other but sites 4, 5, and 6 will still be able to communicate amongst themselves through frame relay network B. Likewise, if network B goes down, sites 1, 2, and 3 will still be able to communicate through network A. Only if both networks go down at the same time would all sites be completely cut off. Like the FIG. 1 configurations, the FIG. 3 configuration uses two private networks. Unlike FIG. 1, however, there is no option for switching traffic to another private network when one network 106 goes down, although either or both of the networks in FIG. 3 could have an ISDN backup like that shown in FIG. 2. Note also that even when both private networks are up, sites 1, 2, and 3 communicate only among themselves; they are not connected to sites 4, 5, and 6. Networks A and B in FIG. 3 are therefore not in xe2x80x9cparallelxe2x80x9d as that term is used herein, because all the traffic between each pair of sites goes through at most one of the networks A, B.
FIG. 4 illustrates a prior art response to the incompatibility of frame relay networks of different carriers. A special xe2x80x9cnetwork-to-network interfacexe2x80x9d (NNI) 402 is used to reliably transmit data between the two frame relay networks A and B. NNIs are generally implemented in software at carrier offices. Note that the configuration in FIG. 4 does not provide additional reliability by using two frame relay networks 106, because those networks are in series rather than in parallel. If either of the frame relay networks A, B in the FIG. 4 configuration fails, there is no path between site 1 and site 2; adding the second frame relay network has not increased reliability. By contrast, FIG. 1 increases reliability by placing the frame relay networks in parallel, so that an alternate path is available if either (but not both) of the frame relay networks fails. Someone of skill in the art who was looking for ways to improve reliability by putting networks in parallel would probably not consider NNIs pertinent, because they were used for serial configurations rather than parallel ones, and adding networks in a serial manner does not improve reliability.
Internet-based communication solutions such as VPNs and Secure Sockets Layer (SSL) offer alternatives to frame relay 106 and point-to-point leased line networks such as those using an ISDN link 204. These Internet-based solutions are advantageous in the flexibility and choice they offer in cost, in service providers, and in vendors. Accordingly, some organizations have a frame relay 106 or leased line connection (a.k.a. point-to-point) for intranet communication and also have a connection for accessing the Internet 500, using an architecture such as that shown in FIG. 5.
But better tools and techniques are needed for use in architectures such as that shown in FIG. 5. In particular, prior approaches for selecting which network to use for which packet(s) are coarse. For instance, all packets from department X might be sent over the frame relay connection 106 while all packets from department Y are sent over the Internet 500. Or the architecture might send all traffic over the frame relay network unless that network fails, and then be manually reconfigured to send all traffic over a VPN 502.
Organizations are still looking for better ways to use Internet-based redundant connections to backup the primary frame relay networks. Also, organizations wanting to change from frame relay and point-to-point solutions to Internet-based solutions have not had the option of transitioning in a staged manner. They have had to decide instead between the two solutions, and deploy the solution in their entire network communications system in one step. This is a barrier for deployment of Internet-based solutions 500/502, since an existing working network would be replaced by a yet-untested new network. Also, for organizations with several geographically distributed locations a single step conversion is very complex. Some organizations may want a redundant Internet-based backup between a few locations while maintaining the frame relay network for the entire organization.
It would be an advancement in the art to provide new tools and techniques for configuring disparate networks (e.g., frame relay/point-to-point WANs and Internet-based VPNs) in parallel, to obtain benefits such as greater reliability, improved security, and/or load-balancing. Such improvements are disclosed and claimed herein.
The present invention provides tools and techniques for directing packets over multiple parallel disparate networks, based on addresses and other criteria. This helps organizations make better use of frame relay networks and/or point-to-point (e.g., T1, T3, fiber, OCx, Gigabit, wireless, or satellite based) network connections in parallel with VPNs and/or other Internet-based networks. For instance, some embodiments of the invention allow frame relay and VPN wide area networks to co-exist for redundancy as well as for transitioning from frame relay/point-to-point solutions to Internet-based solutions in a staged manner. Some embodiments operate in configurations which communicate data packets over two or more disparate WAN connections, with the data traffic being dynamically load-balanced across the connections, while some embodiments treat one of the WANs as a backup for use mainly in case the primary connection through the other WAN fails.
Other features and advantages of the invention will become more fully apparent through the following description.