A virtual private network (VPN), such as Websphere Everyplace Connection Manager (WECM) published by International Business Machines Corp. (IBM) of Armonk, N.Y., enables a client device to connect from outside of a firewall to a corporate network protected by the firewall. Using a VPN, a client device or application can communicate with server processes on the corporate network over a secure channel, or “tunnel.” When logging into a server through a VPN connection, the client typically must negotiate a new VPN session with the server and enter credentials, which may entail entering a secure identification (ID) code. This “up-front” overhead can be time consuming. To avoid the overhead associated with establishing a VPN connection, a client typically logs into the server through the VPN and remains logged in for extended periods of time.
Many current communication devices are wireless and depend upon battery power to operate. Three (3) areas in which battery-powered devices employing VPN expend energy are as follows: 1) transferring data through the device's network hardware; 2) transmitting regular “keep-alive” packets to refresh a network address translation (NAT) server; and 3) scanning for and connecting to faster, higher priority network connections.
A Network Address Translation (NAT) is often employed to enable a group of machines with local area network (LAN) access to share a single or small group of external IP addresses. The NAT maintains a table to keep track of connection mappings, which are identified via port addresses. An incoming packet from an external network must have an open mapping entry to ensure a message is delivered to a destination, or client, machine serviced by the NAT. A NAT serves three main purposes: 1) providing a type of firewall by hiding internal IP addresses; 2) enabling a company to use more internal IP addresses since they're used internally only; and 3) allowing a company to combine multiple communication connections into a single Internet connection.
To maximize efficiency, VPN software typically encapsulates transformed network traffic into UDP packets for sending over a network. One issue with UDP over a NAT is that frequent “keep-alive” packets must be transmitted. NAT mapping entries are only created from the client side and are typically discarded if not used for a pre-configured period of time. This timeout is implemented to prevent further, and perhaps unauthorized, traffic from coming in on the particular mapping. Since a NAT timeout prevents a client from receiving further packets from a server, keep-alive packets are sent at regular intervals, with each interval shorter than the NAT mapping timeout value. This prevents the situation in which the client sends a request, the server takes longer than the timeout value to respond and the NAT therefore discards the server's response.
UDP NAT timeouts are often in the range of thirty (30) second to one (1) minute, as opposed to TCP connections that may remain open up to twenty-four (24) hours. Further, a connection may only need to remain active during specific, client-initiated operations, such as, but not limited to, synching an email program or browsing a web page. In these situations, a premature NAT timeout can cause a program hang or a synchronization event to failure.
Scanning for and connecting to faster, higher priority connections, or “roaming,” also present issues. Power is expended both searching for a new connection and making the connection. The power expenditure may be worthwhile if a device is active but may be wasteful if not. For example, a device that is not in use is wasting power if the device scans and makes connections while a user is simply walking down the street or driving in an automobile.
As explained above, during periods of inactivity, a connection through a NAT is typically maintained by transmitting keep-alive packets. Otherwise, information returned from a server may be lost due to a NAT timeout. Although the power necessary to transmit keep-alive packets is not an issue for personal computers (PCs) or laptops that are connected to a sustainable power source, extra packet transmission is an issue for devices powered by batteries. Devices such as pocket PCs and cellular telephones have a limited battery charge and any unnecessary power usage limits the amount of time the devices can be used in between charges.
What is needed is a power conservation technique for mobile devices that minimize the need for keep-alive messages. In addition, such a method should preferably also reduce the overhead associated with establishing a VPN connection and the processing and associated power usage of roaming when the device is not in use.