The present invention relates generally to network communication, and more particularly to establishing dedicated and secure communication sessions over a wide area network.
Certain types of business activities create the need to transfer information in a timely and secure manner. For instance, banks periodically “backup” their computer files to a remote central database and need to know that these files were successfully copied to the remote database without having been attacked or corrupted during the process. Video conferencing is another example of an application that demands the timely and secure transmission of information (video/voice/data). Network transmission delay or the successful attack by a hacker can cause significant business problems or render applications useless.
One solution to the problem of network delay is to lease dedicated point-to-point digital data lines, such as an ISDN or T1 line, over which time critical information is sent. In addition to carrying the critical traffic, however, these lines carry traffic that is not time critical between the two end points as well. Because neither of the two traffic types is given precedence under these circumstances, time critical traffic may be delayed.
A typical solution to the precedence problem is to introduce a “priority queuing” mechanism into the network. Such queuing mechanisms give precedence to certain time critical traffic while handling the rest of the traffic on a “best effort” basis. However, both dedicated leased lines and priority queuing require a significant configuration effort, usually by the system manager. Typically, the system manager is not on site or may not even be an employee of the company using the service. As a result, the user may have no ready means to modify the configuration, which dictates that the service being provided is static in nature and not adaptable to applications where the timing of critical traffic cannot be regularly scheduled.
Another solution to the problem of network delay typically utilized by network managers is to incorporate an asynchronous transfer mode (ATM) backbone between the various local networks to handle the transfer of information. ATM was designed to provide a wide range of quality of service (QoS) capabilities. An ATM network can support some number of virtual channels (VCs) over which traffic with certain defined QoS characteristics can travel. These QoS characteristics can be used to group traffic according to precedence, and VCs can be established to transmit the different traffic types.
Using ATM interfaces to carry QoS Internet traffic, however, requires the router to map Internet protocol (IP) data flows into the VCs based on QoS characteristics. In addition, the current practice is to default to a single Permanent Virtual Channel (PVC) between routers, which does not allow for multiple service classes within the ATM net work. Although multiple PVCs are sometimes configured, there is no standard way of mapping QoS characteristics to PVCs. Also, there are no multicast PVCs, so Internet multicast traffic cannot be delivered over an equivalent PVC. Consequently, it must be duplicated and sent over separate PVCs to each multicast designation, which uses up a lot more bandwidth.
Inherently, the Internet protocol only provides for the “best effort” transmission of information. This means that all traffic is of equal precedence meaning that if there is more traffic to be transmitted than the network can handle, this traffic must be buffered in a FIFO arrangement for some period of time until it gets to the top of the buffer at which time it would be transmitted. Clearly, “best effort” transmission is not suitable for time critical traffic.
To overcome the problems of “best effort” transmission, the RSVP protocol was developed to allow an application to request QoS on the Internet and avoid delaying time critical traffic. Applications designed to employ this protocol are able to dynamically request specific QoS from a network, thereby ensuring that time critical traffic is transmitted over dedicated network resources. Specifically, the RSVP protocol reserves network bandwidth for certain traffic. Despite these benefits, the RSVP protocol is relatively new, and as a result, most applications have not been redesigned to process RSVP messages.
Security is another critical characteristic that certain types of customers demand before conducting their business over the Internet. Typically, Internet security is provided by a firewall placed between a local area network (LAN) router, or premises router, and the host computers attached to the LAN. Firewall products, such as Gauntlet, are offered commercially by TIS Co.
Because QoS-enhanced applications do not typically include security provisions, firewall type products are needed to provide application security. However, since such firewall products have not been designed to process RSVP messages, Internet security and QoS are mutually exclusive characteristics of Internet communication at the present time, even though both are desirable.