1. Field of the Invention
The present invention relates generally to computer network traffic management and more specifically to intelligent sorting of datagrams for sending through appropriate branches of an N-way split virtual private network (VPN) tunnels.
2. Description of the Related Art
Networking devices at remote locations often create secure virtual private network (VPN) tunnels to a central location, a headquarters (HQ) location, for example. Note that a VPN is a computer network in which some of the links between nodes are carried by open or unsecured connections or virtual circuits in some larger network, such as the Internet, instead of running across a single private network. The link-layer protocols of a VPN are said to be “tunneled” through the larger network. These “tunnels” can carry all network traffic to and from the remote location through the central location—this is known as a “non-split” tunnel. Alternatively, these tunnels can carry only the traffic actually destined to servers at the central location—known as a “split” tunnel since the traffic for the broader Internet is “split” from the traffic destined specifically to the central location. Split tunnels have the advantage of offloading the central location from conveying traffic that has nothing to do with servers at that central location, but they have a big disadvantage in that client computers serviced by the remote networking device may be exposed to viruses, malware and other threats as the traffic is not “filtered” or “scrubbed” by the central location. Filtering may also include enforcement of company policies regarding which Internet sites are “off-limits”, such as sites focused on violence or other objectionable material.
Companies typically either use non-split tunnels, causing a heavy load on the central location, or deploy split tunnels with relatively expensive networking devices at the remote location to perform the scrubbing and filtering.
There is a need for better solutions for handling network traffic to and from remote network locations.