In wireless data communication networks, such as a General Packet Radio Service (GPRS) based network or a Universal Mobile Telecommunications System (UMTS) based network, a tunneling protocol may be used to set up communication paths between two or more computing devices. One or more tunnels may be established for the duration of the communication time period, such time period generally being referred to as a session. When a session terminates or ends, the one or more tunnels associated with the session are terminated.
Such tunnels may also generally operate in the presence of firewalls. As is known, firewalls are a primary mechanism for keeping a computer secure from remote hackers. In general, a firewall allows, i.e., passes, or blocks, i.e., rejects, traffic into and out of a private network or a computer of a user. Firewalls are widely used to give users access to networks such as the Internet, while blocking unauthorized attempts to access a user's computer or network. A firewall may also be used to separately control access to a public server of an organization as opposed to its internal private network.
In a session with multiple communicating computers, each having their own firewall protection, it is important that certain information associated with the communication session be reliably communicated among the participating firewalls. For example, in the case where the information corresponds to the occurrence of an event causing termination of the session, e.g., tearing down of a tunnel used during the session, occurrence of such termination event needs to be reliably communicated among the firewalls of the computers of the session so that the session can be properly terminated.
One existing solution is provided in the NetScreen™ firewall product available from Juniper Networks of Sunnyvale, Calif. In a network using such a firewall product, one firewall protecting a first computing device can be used to communicate termination of a session to other firewalls protecting other computing devices that use a particular Internet Protocol (IP) address, upon the detection of the termination of the tunnel, known in a GPRS network as a GPRS tunnel protocol (GTP) tunnel, through which the session using that IP address has been tunneled.
However, at least one problem with the Juniper NetScreen™ firewall approach is that a firewall itself is attempting to communicate termination of a session to other firewalls. Firstly, a firewall may typically reside on a computing device with limited processing capacity. Thus, to require a firewall to communicate session termination to other firewalls can be prohibitive from a processing capacity perspective. Secondly, a Juniper NetScreen™ firewall stores only a static, predetermined topology of the network and, thus, has no way of reliably communicating a session termination event to all firewalls that may be participating in a session. That is, the nature of a session may be that computer devices join after the session begins and leave before the session ends. Thus, the predetermined topology that the Juniper NetScreen™ firewall stores is inadequate to permit the firewall to reliably communicate a session termination event to all firewalls that should be notified of the event.