This invention relates to recovery from device and communication link failures in a virtual private network (VPN).
Virtual private networks are used to provide virtual communication links, called “tunnels,” between different sites that are coupled by a communication network. Typically, the communication network separating the sites is a public network, such as the Internet, which may not provide secure communication. The tunnels are then established to provide secure communication paths between the sites. One approach to establishing secure tunnels is according to the IPSec standard (see IETF RFCs 2401-2411 and 2451).
Network based services are often configured to have more than one gateway to the public network to provide high availability and communication capacity. For example, a service may have two separate gateways that make use of different communication links to different points-of-presence (POPs) for network service providers on the public network. In this way, if one of the communication links fails, then traffic may be able to pass over the other link. By connecting the gateways to different POPs, this approach also provides redundancy in case a POP fails, or a particular network service provider's network infrastructure (e.g., backbone network) fails. Multiple gateways also provide a basis for balancing communication load, and to reacting to performance degradation, such as congestion, that does not necessarily result in complete failure of a communication path.
Internet Protocol (IP) based networks can make use of dynamic routing protocols to maintain routing information at routing hosts and devices (routers) in the network in order to route IP packets through the network to their destination based on destination address information in packet headers. Two standard protocols for dynamically maintaining routing information are RIP (see RFC 1058) and OSPF (see RFC 2328). One characteristic of these protocols is that if a router determines that a neighboring router is inaccessible, for example because is does not receive responses to a number of requests for routing information from that neighbor, that router updates its routing tables and propagates an indication that the neighbor is inaccessible to its other neighboring routers.
In some virtual private networks, routing information passes between devices over the tunnels such that the tunnels act as virtual links and the devices at each end of the tunnels act as routing devices that are coupled by the virtual links. In this way devices at different sites can dynamically update routing information for paths that use those virtual links.