Network tunnels, often used in the context of virtual private networks (VPNs), create a virtual network link from multiple physical or other virtual links. They do this by encapsulating network traffic at one end of the virtual link and recovering the network traffic at the other end of the virtual link by decapsulating it and re-injecting it into a network. This structure allows a client device to appear to be in a different area of the network than it is actually, physically located. For example, using a network tunnel, a client device can appear to be behind a corporate firewall regardless of its physical location.
Typically, a virtual network interface is used on the client device, assigned an Internet Protocol (IP) address from within an address space of the remote end of the network tunnel, through which some or all of the device's traffic is sent. This architecture allows applications on the client device to operate normally, without any modifications to support the network tunnel.
Since the virtual network interface is assigned a remote IP address, all traffic destined for the client is sent to the end of the network tunnel. As a result, all of the traffic the client decides to tunnel is tunnelled end-to-end. This results in a large traffic load on the VPN concentrator, which must deal with traffic to internal resources and traffic to remote systems.
This problem is exacerbated for a network configuration as described in U.S. Publication No. 2010/0154044, filed Dec. 4, 2009 by Tajinder Manku and titled “Multi-Transport Mode Devices Having Improved Data Throughput”. As described by Manku, the client device comprises a plurality of communication interfaces for communicating using different networks. Data to be transmitted to a destination server is scheduled across the plurality of communication interfaces, thereby aggregating the bandwidth capabilities of each communication interface. The data is received by a proxy server, which reassembles the data for transmission to the destination server. Effectively, Manku teaches a virtual network tunnel to transport traffic between the client device and the proxy server using multiple physical networks.
As the system scales, however, so does the load placed on the proxy server. That is, the greater the number of client devices that use the system, the greater the amount of data that has to be handled by the proxy server. Once solution to this problem is to provide a plurality of proxy servers capable of load balancing the tunnels established by the client devices. However, this solution distributes the load, rather than reducing it, and still requires a significant investment in hardware for the proxy server or servers that increases with the number of client devices.
Accordingly, it is desirable to obviate or mitigate at least some of the above mentioned disadvantages.