1. Field of the Invention
The invention relates to Internet communications. More particularly, the invention relates to the establishment of Transport Layer Security (TLS) sessions in a large switch.
2. Brief Description of the Prior Art
The Internet is quickly becoming the main line of communications for business and industry. Faxes and telexes have been replaced by email. More recently, voice and video communications via a Public Switched Telephone Network (PSTN) have been replaced by Voice over Internet Protocol (VoIP), instant messaging, and Internet video conferencing.
Traditionally, large enterprises managed telecommunications services via Private Branch Exchange (PBX) switches. These switches were coupled to PSTN offices via Time Division Multiplexed Lines (Trunks) and to hundreds or thousands of individual telephone sets, fax machines, etc. However, more recently, many enterprises have introduced devices that have come to be known as an Internet Protocol (IP PBX) or “soft switch”. A high end example of such a device is the Siemens HiPath 8000. It is a high-end enterprise IP PBX that can host more than 100,000 Internet Protocol telephones from a single data center. The HiPath 8000 IP PBX is targeted at very large companies that want to consolidate VoIP deployments into a large data center.
One of the presently preferred protocols for implementing VoIP is TLS. The TLS protocol provides communications security over the Internet. This protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. Implementing TLS in a soft switch requires that each TLS session be provided a unique Transmission Control Protocol (TCP) socket. These sockets are a limited resource. For example, in the Linux operating system, a maximum of 64,000 unique TCP sockets may be established. As indicated above, some soft switches are designed to host more than 64,000 telephone sets. Those skilled in the art will appreciate that it is highly unlikely that all of the hosted telephone sets will be in use simultaneously. Therefore, it is possible to share a limited number of TCP sockets among a larger number of telephone sets. Unfortunately, establishing a socket for a particular telephone set requires a certain amount of time. If a socket is only established upon detecting an off-hook condition in a telephone set, the caller may experience an unacceptable delay before a call may be placed.