In modern computing environments, there is often a need to connect remote computing systems together using a network. For example, organizations such as corporations often have branch offices, employees, or contractors spread across multiple locations both within a country and worldwide. Current networking technologies allow communication between these disparate computing environments through both public and private computer networks. Often, separate computing environments are connected to each other using the Internet. By allowing offices and employees to connect to each other, an organization can create a unified computing environment.
Connecting an organization across both publicly and privately linked networks can pose a security risk for sensitive data. As data passes across the Internet or other public networks, it becomes vulnerable to many different kinds of electronic attacks. While individual applications or connections can utilize protections such as encryption, organizations have an interest in providing a secure link between offices or employees for all network traffic. A variety of techniques can be used to provide such a link. For example, organizations may purchase or lease a direct physical connection between two locations that is not open to the public. Additionally, organizations can employ applications that encrypt data. Or organizations can utilize traditional Virtual Private Networks to allow for secure communication.
In addition to protecting sensitive data against security vulnerabilities, organizations must ensure that connections between remote computing environments are reliable and efficient. Organizations can improve reliability in a number of ways including utilizing multiple connections across different internet service providers or networks in order to ensure that if one connection fails, other connections are available to maintain the network. Connections can traverse public networks, such as the Internet, or directly connect two endpoints on a private link. Organizations can increase efficiency by spreading their network traffic across multiple connections to increase overall bandwidth or by employing specific networking protocols that can increase efficiency when used on direct, private links. In some instances, organizations might also utilize specific types of connections for specific applications or purposes that are separate from their general network traffic.
While organizations can utilize various technologies to address security and reliability issues separately, addressing both issues simultaneously can present technical challenges. Organizations can use technologies like Internet Protocol Security (“IPsec”), described in more detail below and in the Internet Engineering Task Force (“IETF”) Request For Comment (“RFC”) 4301, to create a secure connection for all network traffic on a specific connection. IPsec, however, requires creating a shared set of credentials between a source and destination to allow for the secure communication. These credentials must be negotiated using a technology, such as Internet Key Exchange (“IKE”). The credentials and other security parameters that define an IPsec connection are referred to as a Security Association (“SA”). Anytime a link disconnects, a new SA must be established when the link returns, thereby adding to the overhead of maintaining the link. Further, each one-way connection requires its own SA. When both encryption and authentication are utilized, a common approach to ensure proper security, one or two SAs are necessary for each one-way link depending on the specific variation of IPsec that is utilized. Accordingly, every two-way connection between endpoints requires the negotiation of either two or four SAs to setup. Maintaining an IPsec setup across a typical two-way link can be fairly simple. But as the number of redundant or additional links grows, so does the number of SAs that must be negotiated and maintained. Maintaining multiple simultaneous IPsec connections to ensure reliable and secure communication in modern computing networks results in significant networking overhead and managerial challenges.