A. Field of the Invention
The present invention relates to a method and device for switching network tunnel connections.
B. Description of the Related Art
A tunnel connection allows a user to access a destination network via an intermediate network such as the public Internet. For example, as seen in FIG. 1, a remote user 10 traveling in San Diego, Calif. wishes to connect to a destination network 20 at his home in Chicago, Ill. Typically, the remote user 10 would place a long distance telephone call over the public switched telephone network to Chicago to directly access the destination network 20 on a dial up access connection.
If the destination network has an Internet access 22, however, a tunnel connection through the Internet 40 may be used to access the destination network 20. To initiate a tunnel connection, the remote user 10 places a local telephone call 12 through the public switched telephone network (“PSTN”) 30 and Internet Service Provider (“ISP”) 42 local point-of-presence in San Diego. In this example, the remote user 10 would be a subscriber to a national ISP 42 with a local dial up access in San Diego. Upon being accessed by the remote user 10, the ISP 42 searches its subscriber database to identify the destination network 20 associated with the remote user 10. To reach the destination network 20, the ISP 42 recognizes the remote user 10 requires a connection or “tunnel” over the Internet 40 to the destination network 20. The ISP 42 forms a tunnel connection 50 to the destination network 20 by sending data from remote user 10 to the Internet access point address of the destination network 20. Data sent to the remote user 10 is thus tunneled across the Internet 40 to the destination network 20. The tunnel connection 50 across the Internet 40 thus allows remote access to the destination network 20 by placing a local telephone call.
Such a tunnel connection 50 over the public Internet 40, however, typically requires the destination network 20 to allow public Internet access. In order for the tunnel connection to be established from the ISP 42 to the destination network 20, the destination network 20 usually must typically have a Internet address that is accessible from the ISP 42. The destination network 20 is therefore publicly accessible, without the ability to control access and maintain information secure and protected during tunneling access. Thus, information that the destination network 20 wishes to maintain protected is typically not made accessible to tunnel connections over the public Internet 40.
In addition, the destination network 20 may have a number of resources 22, 24, 26 to accommodate a large number of incoming remote users. The ISP 42 creating tunnels to the destination network 20, however, typically controls the establishing of tunnels to the destination network 20. The destination network has no control over which of its resources 22, 24, 26 are used to handle the incoming tunnel traffic. Thus, a number of ISPs 42, 44, 46 may be directing incoming tunnels to only one of a destination network's available resources 22, 24, 26. This busy resource may suffer from congestion, while the destination network's other resources are underutilized.
Accordingly, it is desirable to have the ability to consolidate the control of tunnel access to a destination network for security reasons, as well as, to direct the routing of incoming tunnels to a particular access point of the network. Consolidating control of tunnel access to a destination network also provides other benefits as will be apparent.