Digital packets of information may be communicated between an organization's internal network and the public Internet. Many organizations use Internet gateways, implemented by computer workstations executing software, to provide a connection between the internal network and the Internet. These Internet gateways can include firewall protection for the internal network, in addition, to providing connectivity between the internal network and the Internet. Where an organization uses more than one Internet gateway, each user on the organization's internal network can, for example, be assigned to a designated Internet gateway. The users of the internal network are thereby provided access to the Internet through the designated Internet gateways.
Information is generally transmitted over the Internet using transmission control protocol/Internet protocol (TCP/IP) suite. The base layer of the TCP/IP suite is a physical layer, which defines the mechanical, electrical, functional and procedural standards for the physical transmission of data over communications media. Overlying the physical layer is the data link layer that provides the function and protocols to transfer data, e.g., transfer of data between clients of different networks and to detect errors that may occur at the physical layer.
Network layer protocols overlay the data link layer and provide the means for establishing connections between the networks. The standards of the network layer protocols provide operations control procedures for networking communications and routing information through multiple heterogeneous networks. Examples of the network layer protocols are the Internet protocol (IP) and Internet control message protocol (ICMP). Typically, the address resolution protocol (ARP) is used to obtain the corresponding medium access control (MAC) address for a known IP address. The ICMP is an internal protocol for passing control messages between hosts on various networks. The ICMP messages provide feedback about events in the network environment or can help determine if a path exists for a particular host in the network environment, which is generally referred to as “ping”.
Typically, routing of digital packets of information may continue despite the fact that some routers are inoperative. If a host's next-hop gateway, i.e., a first gateway to the Internet host, becomes inoperative, the host may not adjust and may continue to transmit digital packets of information through a gateway that is inoperative. Hence, the host is effectively transmitting digital packets of information down a “black hole.”
One prior art solution to the host to detect dead gateway uses the above described ICMP ping packet method of sending to gateways. A ping response received from the gateways indicates that they are up and running. However, most firewalls block ICMP packets, as ICMP packets can be used to probe the type of operating system, probe for the systems that are present and probe for weaknesses in a network. Further, the ICMP can serve as a launch pad for further attacks on a network and therefore they are generally blocked.
Another prior art solution uses TCP to check for dead gateways. The transport layer of the TCP/IP suite provides for end-to-end transport service across multiple heterogeneous networks. Example protocols used in this layer include, TCP, user datagram protocol (UDP) and stream control transmission protocol (SCTP). Protocols like TCP and SCTP can infer if the transmission to a host is failing. However, protocols like UDP cannot infer if the transmission to a host is failing. Further, it is difficult to detect which one of the gateways in the end-to-end transport service is dead, as this information is not available because the TCP technique is based on end-to end transportation of traffic.
Yet another prior art solution uses unicast ARP request to detect dead gateways. However, this technique works only on the Ethernet-based networks and cannot be used for non Ethernet-based networks, such as integrated services digital network (ISDN), point-to-point protocol (PPP), asymmetric digital subscriber line (ADSL) and so on. Further, the ARP can be misused for ARP spoofing, ARP flooding, and ARP table poisoning attacks and hence this technique is generally not secure.
Other features of the present embodiments will be apparent from the accompanying drawings and from the detailed description that follows.