1. Field of the Invention
The invention relates to methods for transmission of data, more particularly for transmission of data in clustered structures in IP networks. Especially, the invention is related to such a method as specified in the preamble of the independent method claim.
2. Description of Related Art
A gateway is typically understood as a device, which connects a first network to a second network. A server is typically understood as a device, which receives requests from a client, performs the requested act and sends results back to the client. Typically, a gateway is used to connect the local area network (LAN) of a company to the public Internet. The gateway typically acts as a firewall, i.e. screens incoming traffic according to a certain set of rules to protect the local area network and data stored therein. Servers provide services to individual computers within the local area network, such as database services, disk services, and so on.
Gateway clusters and server clusters are used, when the capacity of a single device is not sufficient. Compared to a single device, gateway or server clusters provide high availability and increased throughput. FIG. 1 illustrates the structure of a gateway cluster. FIG. 1 shows client computers 10 connected to a switch 20. The client computers 10, the switch 20, and form a local area network (LAN). The LAN is connected to an external network 50 through a gateway cluster consisting in this example of five gateways 30. The gateways 30 may for example function as firewall devices. The gateways 30 are connected to the external network 50 through a switch 20 and a router 40. The client computers are in FIG. 1 divided into three subnetworks A, B, and C.
FIG. 2 illustrates a server cluster. FIG. 2 shows client computers 10 connected to a switch 20, which together form a local area network (LAN). The switch connects the local area network to the server cluster, which in this example comprises five server computers 30. FIG. 2 further illustrates mass storage units 60 connected to the server computers 30. The client computers are in FIG. 2 divided into three subnetworks A, B, and C.
In general, there are two basic methods to construct server and gateway clusters in a TCP/P network. According to the first basic method, each server or gateway has a distinct P address, and an external device redirects the requests or packets to different servers or gateways. The external device has a certain set of rules for controlling the redirection of data packets. For example, the external device can redirect data packets on the basis of current load on the cluster devices. In the example of FIGS. 1 and 2, the external device can be the switch 20 connecting the LAN to the cluster. The main drawback of this solution is asymmetric routing: because routing in P networks is usually based only on the destination P address, outgoing and incoming packets can be routed to different gateways. This is a problem when the gateways also serve as firewalls, since firewalls typically do not accept any incoming messages, which are not a reply to a previous outgoing request. When the incoming packets are routed to a second gateway which is a different gateway than the first gateway which sent the original outgoing request, they will be discarded since the second gateway does has no knowledge about the previous request.
According to the second basic method, all units of the cluster share a common IP address and MAC (media access control) address, and therefore receive all traffic in both directions. The units of the cluster have filter functions at their inputs and outputs, which according to certain rules allow the processing of a packet by only one of the gateways, while the others ignore the packet. The rules are constructed in such a way that the same gateway processes the packets in both directions of a single connection, which allows normal firewall operation. The benefit of this solution is transparency and scalability. New servers or gateways can be added to the cluster without changing routing, i.e. unnoticed by the clients.
However, even the second basic method has its drawbacks. Connecting multiple servers or gateways sharing a common MAC address to a switch requires usually usage of a multicast MAC address for the cluster, i.e. a hardware layer address which is recognized and processed by the network interface of every unit of the cluster. The network interfaces of the gateways always have individual MAC addresses as well, but in this solution, the interfaces are arranged to recognize the multicast MAC address selected for the cluster. The IP address of the server or gateway cluster is mapped to a multicast MAC address in the ARP (Address Resolution Protocol) tables of the nodes of the IP network. When a client wishes to send a data packet to the cluster, it addresses the packet to the IP address of the cluster. The network translates the IP address to a MAC address for transportation on the physical layer, and in this case the MAC address is a multicast address. The problem with multicast MAC addresses is that switches typically flood packets having a multicast address as destination to all ports of the switch by default, wherefore the packet ends up in all other subnetworks connected to other ports of the switch. This effect causes an unnecessary loading of other subnetworks connected to other ports of the switch than the gateways/servers of the cluster. This is a severe problem, if the LAN is divided into virtual LAN networks (VLAN).
Virtual LANs (VLAN) can be created using switches to segment networks. A single segment is a broadcast domain, i.e. broadcast, multicast and unknown unicast frames are sent to all stations in the segment. Port-based virtual LAN networks are groups of switch ports and attached segments (subnetworks) which belong to the VLAN.