A number of techniques are known in the art for identifying the location of connectivity problems in a network. For example, the well-known “traceroute” utility allows a network administrator to determine an exact point of failure in a situation in which network connectivity is broken. However, a serious problem with conventional traceroute applications is that they do not provide complete router hop information in a given network path when run in a Virtual Private Network (VPN).
Consider an arrangement in which a VPN operating in tunnel mode is configured between security gateways each associated with a corresponding private network. An Internet Protocol (IP) packet sourced from one of the private networks and destined to the other will typically be encapsulated using IP Encapsulating Security Payload (ESP). IP, ESP and the related IP Authentication Header (AH) are described in RFC 791, RFC 2406 and RFC 2402, respectively, of the Internet Engineering Task Force (IETF), said RFCs being incorporated by reference herein. If the source security gateway detects a break in network connectivity, it can automatically initiate transmission of a traceroute packet for a previously known IP address in its associated private network. However, after the encapsulation, the new IP header will not reflect the time to live (TTL) value of the original traceroute packet. Typically, the TTL of the encapsulating IP header is set to some default high number, such as 64 or 128. Reply packets from the other security gateway are encapsulated in a similar manner. Encapsulation in this situation thus introduces a discontinuity in TTL values which prevents the traceroute application from determining router hop information for any network routers between the security gateways. As a result, the traceroute application may be unable to determine the location of the connectivity problem in these and other encapsulated protocol situations.
Accordingly, what is needed is an improved approach to determination of connectivity problem locations, or other types of network-characterizing information, in networks which utilize encapsulation protocols.