Invention relates to electronic networking, and particularly to techniques for tunnel redirection in Virtual Private Networks (VPN).
Conventional digital networks use VPNs to achieve improved performance between network nodes. In large-scale VPN environments, tunneling devices may handle large number of tunnels and sessions. Hence, network scalability may be achieved through load sharing, e.g., wherein multiple tunnel terminators cooperate to balance load among themselves.
Prior load-sharing mechanism is implemented in tunnel initiators. In particular, such mechanisms are often statically configured or perform look-ups through preconfigured database for tunnel terminator according to incoming user information. Thus, when tunnel terminator is overloaded or unreliable and cannot handle more sessions, then such mechanisms have no way to accept and process incoming call. Accordingly, known mechanisms use tunnel initiators which generally do not properly manage resources or load-sharing and reliability of tunnel terminators, and, furthermore, cannot easily scale for multiple corporate sites. Thus, there is a need for solution to improve scalability and stackability of VPN servers.
Invention resides in VPN tunnel redirection scheme, wherein tunnel initiator is redirected to another tunnel terminator according to traffic load, resource availability, and system reliability in VPN environment.
Preferably, pointed terminator redirects call by sending special call clear message to tunnel initiator with IP address of recommended terminator in pool during PPP authentication. Initiator terminates current session with pointed terminator, establishes tunnel and/or session with recommended terminator, and starts session again without terminating incoming call.