Wireless mesh networks include at least one node that connects to a wide area network (WAN) and one or more wireless access points comprising nodes of the mesh network that communicate with each other, at least one of which communicates with the wide area network node. The WAN can comprise, for example, the Internet, and the WAN node typically comprises a cable interface (cable modem) or DSL interface or the like, and the wireless access points typically comprise wireless routers and the like. Wireless mesh networks are convenient because they can be implemented with little or no effort to provide infrastructure. For example, it is generally not necessary to install additional cabling for access to the wide area network. Once a connection to the WAN is provided, the additional wireless access points can be configured to communicate and thereby provide network access whose geographic coverage is theoretically limited only by the distribution of the wireless access points of the mesh network.
Once a network is established, client devices can communicate over the network through the nodes. The nodes can comprise servers, routers, and other like devices for network access, which will be collectively referred to as network endpoints. Administrators of large network systems need to monitor the health of these network endpoints and attend to maintenance tasks, such as device configuration, update installation, and the like. Typically, administrators must login to each device and individually perform monitoring and control tasks for the device to which they are logged. Such tasks can be extremely time consuming and tedious, especially for networks of any size.
It would be advantageous if such monitoring and control operations could be performed remotely through a central point of control that can initiate network connections, such as TCP/IP connections, to each of the network endpoints in turn, as needed, and exchange messages to monitor and configure the devices. In practice, initiating network connections directly to network endpoints connected to the Internet is impossible or very difficult because many network endpoints are not directly addressable from the public Internet as a result of being located behind network address translators (NATs) or firewalls. NATs allow multiple devices to connect to the Internet using a single IP address by rewriting all outgoing packets so they appear to originate from a single IP and by demultiplexing all incoming packets according to which device initiated the connection. In general, network devices outside of a NAT cannot initiate network connections to devices located within or behind a NAT.
Such centralized monitoring and control would be especially advantageous in a wireless network, such as one in which an Internet Service Provider (ISP) provides Internet access to wireless routers through which client devices gain access to the Internet. Administrators of such wireless networks must be able to verify that the routers are operating correctly. It would also be advantageous for administrators of such wireless networks to have the ability to remotely make configuration changes to the routers in real-time.
From the discussion above, it should be apparent that there is a need for centralized real-time monitoring and control over network endpoints that may be located behind a NAT. The present invention satisfies this need.