This invention relates to routing devices and, more particularly, to redundancy in packet network devices.
A typical TCP/IP network comprises multiple hosts that are interconnected through a variety of traffic management devices such as Ethernet switches, IP routers, firewalls, load balancers and bandwidth limiters that are employed to manage the traffic flow in the network. A failure of any of these devices may result in the loss of network connectivity that cannot be tolerated in mission-critical environments. In order to prevent such network outages, all such devices support a redundant configuration. A redundant configuration may consist of two or more similar devices, in which one device is designated to be the backup device. The backup device is dormant during normal operating condition, in the sense that it does not handle network traffic, but it does monitor the other active device(s). If any of the active devices fail, the backup device switches over to an active mode, and seamlessly takes over the responsibility of the failed device. Having one backup device for every active device provides a high level of confidence that the network will continue to operate in case of failure.
Each of the devices described above handles packets pursuant to information that is found in different headers in the packet. Ethernet switches perform switching of packets based on information in the Layer 2 header of the packets. IP routers perform routing based on information in the of the Layer 3 headers of the packets. Firewall devices, load balancers and bandwidth managers look deeper into the packets and operate on the basis of Layer 3, Layer 4 and application layer information. In general, the deeper the device has to look into the packet, the higher is its operational complexity and the computational cost. Additionally, a device that is operating at a Layer 4 and higher has to maintain a significant amount of state information. The state information is dynamically obtained from the network and is, therefore, not administratively configurable (or configurable with great difficulty).
In conventional arrangements, there is a finite delay before the passive device detects that there is an irrevocable internal failure in the primary device, or that there is a failure at the interface to the primary device, and decides to switch over. Moreover, typically some time is required to properly configure the backup device, and some more time is required for other devices in the network to learn about the switchover. Therefore, a switchover at times results in a loss of packets for a finite amount of time. More importantly, during a switchover, all the dynamic information learnt by the active device is lost. This is quite undesirable because it may lead to a need to restart of ongoing application sessions between the network hosts. This problem becomes even more serious in devices operating at the higher layers, because these devices build very large databases of dynamic information.