The present invention relates to the field of network devices in general and in particular to establishing and maintaining communications between network devices in a transparent manner.
Data communications networks, such as local area networks (LANs) and wide area networks (WANs) often include a variety of network devices for sending, receiving, directing, and optimizing network data traffic. Examples of common network devices include routers, switches, storage-area network front-ends and interfaces, network-address translation (NAT) and firewall devices, and wireless network devices such as access points, bridges, and repeaters. More specialized network devices include standalone print-servers, streaming video and music servers, logging and network management devices, and network monitoring and traffic inspection devices.
WAN accelerators are another example of a network device. WAN accelerators optimize network traffic to improve network performance in reading and/or writing data over a network. WAN accelerators are referred to in the art by many different terms, including, but not limited to, transaction accelerators, WAN optimizers, WAN optimization controllers (WOCs), wide-area data services (WDS) appliances, WAN traffic optimizers (WTOs), and protocol accelerators or optimizers. Additionally, techniques for optimizing network traffic to improve network performance in reading and/or writing data over a network are referred to in the art by many different terms, including, but not limited to, WAN acceleration, transaction acceleration, transaction pipelining, protocol pipelining, request prediction, application flow acceleration, and protocol acceleration. Herein, the term “WAN accelerator” is used to refer to such devices and “WAN acceleration” is used to refer to such techniques.
WAN accelerators communicate with each other to compress, prefetch, cache, and otherwise optimize network traffic over a WAN. Typically, one network device, referred to as a client, will initiate a connection with a second network device, referred to as a server. A first WAN accelerator will intercept this connection request and form an “inner channel” for communicating with a second WAN accelerator using a second, distinct socket pair. In one arrangement, the client's connection is terminated at the first WAN accelerator. The second WAN accelerator may also form a connection for communicating with the server, These connections between the client and the first WAN accelerator and between the server and the second WAN accelerator appear to the client and server as a single logical end-to-end connection and are referred to collectively as an “outer connection.”
A WAN accelerator may intercept outer connection network traffic from a client or server; compress, prefetch, cache, and otherwise optimize this network traffic; and communicate this optimized network traffic to the other WAN accelerator via the inner channel. The other WAN accelerator receives the optimized network traffic via the inner channel; decompresses or otherwise converts the optimized network traffic back to its original form; and forwards the converted network traffic to the receiving client or server via the outer connection.
Often, it is desirable for network devices to operate transparently to other client and server computer systems and network devices. In general, a network device is considered transparent if any intervening network device, referred to as a middle device, cannot distinguish network traffic between transparent devices from any client-server network traffic associated with the same network connection. Transparent network devices may often be installed with little or no reconfiguration of the network. For example, transparent network devices do not require the reassignment of network addresses or ports for other computer systems or network devices or the reconfiguration of routing information. Additionally, transparent network devices may not interfere with network monitoring and security devices. An example of transparent network devices is described in U.S. patent application Ser. No. 10/640,405, filed Aug. 12, 2003, and entitled “Transparent client-server transaction accelerator.”
One complication with transparent network devices occurs when two or more transparent network devices need to communicate with each other. When transparent network devices communicate with each other via an inner channel, the inner channel network traffic between these transparent devices generally has the same source and destination network addresses and ports as outer channel network traffic between other devices, such as client and server computer systems. For example, a first WAN accelerator operating transparently may intercept a connection request from a client to a server and send it on to its destination, forming an outer connection between the client and server using a first socket pair. The first transparent WAN accelerator will then form an inner channel for communicating with a second transparent WAN accelerator using the same socket pair.
This sharing of network addresses and ports makes the network devices and their traffic transparent. Other aspects of the network traffic, such as sequence numbers, window sizes, and/or TCP options or other packet attributes, are used to distinguish between inner channel network packets, which are addressed to a computer system or network device but intended for a transparent network device, and “outer channel” network packets, which are addressed to and intended to reach a computer system or network device. In one type of configuration, it is the responsibility of the transparent network devices to intercept inner channel network traffic before it reaches its destination addresses. In another type of configuration, another network device, such as a router or switch, may intercept network traffic and redirect some or all of it to a transparent network device, for example using mechanisms such as WCCP or PBR.
However, communications between transparent network devices is vulnerable to several problems. First, middle devices, such as firewalls, proxies, network address translation (NAT) devices, can mistakenly block or misdirect communications between transparent network devices, interfering with the establishment and operation of an inner channel between transparent network devices. Additionally, network packets addressed to a computer system or network device but intended for a transparent network device may be directed around the transparent network device. As a result, inner channel network packets may accidentally reach its addressed destination. If the receiving computer or network device accepts the inner channel network packet, it may misinterpret the data intended for the transparent network device as its own data, resulting in errors or data corruption. Furthermore, network traffic associated with an inner channel may be misinterpreted by network monitoring devices and applications as duplicate or redundant connections, invalid network traffic, or network errors such as retransmits and connection resets. This misinterpretation not only makes network monitoring inaccurate, but can hide actual network problems from network administrators.