The present invention relates generally to telecommunications. The invention relates more specifically to apparatus and methods for allowing a first node of a network, which is communicating with a second node, to know when the second node has gone offline.
Many telecommunication functions require computer nodes or servers to connect to remote nodes or servers to retrieve or transmit information. Increasingly, these remote servers are accessed using an asynchronous dial up connection. This class of functions may include, but is not limited to, dial up connections to the Internet, connections to bulletin boards, connections to internal and external databases and sending and receiving faxes. These functions are carried out during interactive communication sessions according to an agreed-upon protocol.
An example of a system that communicates in this manner comprises an Access Control Server and a Network Access Server, both of which are commercially available from Cisco Systems, Inc., and which communicate using protocols called TACACS+or RADIUS. The term xe2x80x9cnodexe2x80x9d refers broadly to a computer or computer device of any kind that communicates within a network, such as a server, client or workstation, router, or switch.
To support remote login sessions, and for other reasons, certain computer facilities allow users to log in remotely from one computer to another. Within the Internet, the most commonly used method is a facility called xe2x80x9ctelnet,xe2x80x9d which is the name of the protocol used to support remote login sessions and also the name of the Transmission Control Protocol/Internet Protocol (xe2x80x9cTCP/IPxe2x80x9d) remote login program. TCP/IP refers to the suite of protocols that define the Internet. Originally designed for the UNIX(trademark) operating system, TCP/IP software is now available for every major kind of computer operating system. To be on the Internet, a computer must have TCP/IP software. The telnet protocol defines how local and remote computers talk to each other to support a remote login session. A more complete discussion of remote login using telnet is described in D. Dem, xe2x80x9cThe Internet Guide For New Users,xe2x80x9d pp. 247-67 (McGraw Hill 1994).
Many computer users are connected to the Internet by access servers on local area networks or enterprise networks. An example of an access server is model number (AS5200), commercially available from Cisco Systems, Inc. To help defer the cost of installing and maintaining additional phone lines, which may be used very little per user, many equipment manufacturers have added the ability to establish remote sessions on the outbound ports of access servers and routers. These remote sessions are supported by an embedded telnet protocol operating in conjunction with other communication software, such as a communication port director.
To support remote sessions via an access server, as opposed to a direct personal computer/remote service connection, the telnet protocol has undergone revision. The name and the result of the process for disseminating information about a proposed standard on the Internet is known as Request for Comments (xe2x80x9cRFCxe2x80x9d). The standards are currently proposed and published on-line at urlinfo.internet.isi.edu/in-notes/rfc/files/rfc2217. txt.
A first computer connects to a second computer, under the telnet protocol, using a process known as xe2x80x9cloginxe2x80x9d. The login process involves establishing a logical connection between the first computer and the second computer. Generally, a login is carried out as follows. A user issues a login command to the first computer, and provides values for the following parameters: name of the second computer; name of a user account on the second computer; and a password associated with the user account. The first computer sends a login request, packaged according to the telnet protocol and containing the parameter values, to the second computer. The second computer authenticates the user account name and password. If they are valid and associated with one another, the second computer grants access to the first computer. The terminal interface of the second computer then becomes remotely available to the first computer, such that the user appears to be directly connected to the second computer.
If the first computer and second computer are communicating using a protocol such as RADIUS or TACACS+, without using telnet, the need may arise for either the first computer or the second computer to determine whether the other is still active and available over the logical connection. For example, the first computer may send a command to the second computer and not receive an acknowledgment from the second computer within a reasonable time. The first computer may wish to re-send the command or terminate the session to save system resources. Generally, a reasonable time period to re-send or terminate would be twice the delay acknowledgement (xe2x80x9cdelay ackxe2x80x9d) timer in TCP/IP. If the delay ack timer is ten seconds, then the client would wait approximately 20 or 30 seconds before re-sending or terminating. This 20-30 second time period ensures that commands will not be re-sent or that the receiver will not be terminated unnecessarily in the event that the receiver is only slowing down or interrupted temporarily.
As another example, a system may be arranged to permit a predefined maximum number of connections between a client and server, or between a first server and a second server. A user, xe2x80x9cfredxe2x80x9d, may be entitled to establish a maximum of one connection from an access server associated with fred to a remote server. If the access server loses power or crashes, fred will not be able to dial in or establish a second connection because that connection would violate the allowed maximum. Thus, there is a need for a method that can enable the client to determine whether the access server is active.
Unfortunately, certain encrypted server-to-server communication languages or protocols, such as TACACS+ and RADIUS, provide no efficient way for a first server to know when a second server at the other logical end of the connection has gone offline. In this context, xe2x80x9cofflinexe2x80x9d is used broadly to mean unavailable as a result of power failure, catastrophic system crash, transition to a degraded state, or disconnection of a logical or physical connection to a network. In a past approach, a user would execute telnet using a terminal interface, so that the user could type commands to the telnet program and view responses by the remote system. In this past approach, there are visual cues to indicate when either the client or access server had gone off-line. If a user of the client, a PC user for example, depressed a key at the client machine and received no response, the user could surmise that the host had gone offline, and could thereafter terminate the session. Alternatively, the user could test whether the PC had stopped operating or crashed. In this context, a device is xe2x80x9coff-linexe2x80x9d when it is disconnected, crashed, or otherwise logically or physically unavailable.
When the first server communicates to the second server using an embedded protocol, however, there are no visual cues. The protocol is executed by the servers within a network, but such servers do not provide a visual display to the end user when they are in operation. Currently, the only way to know whether the client or access server has gone off-line or become unavailable is to use a timeout mechanism. In some telnet systems, timeout code will disconnect the access server and client after a pre-defined period of inactivity. This approach is a waste of system resources, however, because the access servers and/or outbound modems are occupied and unavailable during this period. Maintaining a TCP/IP connection for an Internet activity using the telnet protocol, for example, ties up buffer space and control sources in operating systems on both ends. Most systems have limited resources, and it is undesirable to leave open connections where there is no communication. Leaving an open telnet connection can also be a security breach.
Accordingly, it is desirable to have a method or system that enables a first server to know immediately when a second server has gone off-line. With such a method or system, the connection could be terminated or a recovery option could be implemented immediately.
One solution is to create a new protocol to handle this situation. However, this approach is undesirable because of the burden associated with creating and obtaining approval for a new standard. It is desirable to have a method or system that does not require development of a new system protocol and that could use available standard protocol options.
Further, it is desirable to have a method that would allow a first computer or second computer to let the other know it is xe2x80x9calivexe2x80x9d on a frequent basis without requiring an inordinate amount of system resources.
One past approach to a similar problem involves using the UNIX command xe2x80x9cfingerxe2x80x9d. When the xe2x80x9cfingerxe2x80x9d command is sent from a first node to a second node, in effect, the first node is asking the second node, xe2x80x9cwho are you?xe2x80x9d, and the second node responds by giving its identity. Use of xe2x80x9cfingerxe2x80x9d is impractical in the modern network environment, however, because many network nodes (such as network access servers) can be configured not to respond to xe2x80x9cfingerxe2x80x9d inquiries. In fact, xe2x80x9cfingerxe2x80x9d is commonly xe2x80x9cturned offxe2x80x9d by network administrators because it is not password-protected, and provides a potential way for unauthorized devices or users to penetrate network security.
Another approach to a similar problem is described in co-pending U.S. patent application Ser. No. 09/154,608, filed Sep. 16, 1998, entitled xe2x80x9cDETECTING AN ACTIVE NETWORK NODE USING AN INVALID PROTOCOL OPTION,xe2x80x9d and naming Glenwood Clark as inventor. The Clark application describes an approach to determining whether a remote server is xe2x80x9calivexe2x80x9d by sending an invalid command, in an agreed-upon protocol, to the remote server. The remote server is deemed to be alive if it responds by refusing to carry out the invalid command.
However, this approach may be insufficient for the needs of certain network nodes or applications. For example, some network nodes and applications need to know not only that a second network node is powered-up and operating, but that particular authentication elements of the second network node are active and operating. An example of an application that needs such a capability is CiscoSecure, commercially available from Cisco Systems, Inc. CiscoSecure is a set of application programs that require, in part, that authentication, authorization and accounting (xe2x80x9cAAAxe2x80x9d) software elements are active, operating and available at the second network node. Without the AAA elements, CiscoSecure and similar applications cannot properly interoperate with the second network node.
The Clark approach, however, does not inform the client or other network node that authentication elements of the remote server are functioning properly. In particular, the Clark approach does not provide a way to verify that AAA elements of the remote server are operational; the Clark approach only confirms that the telnet software of the remote server is running. Thus, there is a need for a mechanism to enable a first network node to contact a second network node to determine whether authentication elements of the second network node are up and running.
Another approach is to use the UNIX xe2x80x9cpingxe2x80x9d command. A first node sends a xe2x80x9cpingxe2x80x9d command to the second node, which responds with a message indicating that it is working. This approach, though, operates at a low logical level and is inadequate to assure that certain higher-level software elements of the second node are working. For example, xe2x80x9cpingxe2x80x9d might provoke a correct response from a second node, even though the AAA elements of the second node have crashed. Thus, there is a need for a way to determine whether elements of a node that operate at a higher logical level are operational.
The foregoing needs, and other needs and objectives that will become apparent from the description herein, are achieved by the present invention, which comprises, in one aspect, method of determining from a first node in a network whether a second node is active, wherein the first node has previously established a logical connection to the second node, comprising communicating network messages between the first node and the second node; after a pre-determined period of inactivity in communicating the network messages: generating login information that is invalid at the second node; sending an invalid login command to the second node that contains the invalid login information; and determining that the second node is active when the second node responds to the login command by refusing to execute a login of the first node.
One feature of this aspect involves determining that the second node is inactive when the second node fails to respond to the invalid login command after a predetermined time period. According to another feature, generating login information comprises generating a randomly-selected invalid user identifier and generating a randomly-selected invalid password that is associated with the user identifier.
Another feature is that sending a login command comprises sending a Telnet protocol login command, containing the invalid user information as a parameter, from the first node to the second node. Another feature is that sending a login command comprises sending a Telnet login command, with the invalid user identifier and user password as parameters, to the second node.
Other aspects and features will become apparent from the following description and appended claims. In particular, the invention encompasses an apparatus and a computer-readable medium in the form of a carrier wave that are configured, in certain embodiments, to carry out the foregoing steps.