FIG. 1 (prior art) is a diagram of an internetwork 10 including two local area networks (LANs) 12 and 14 connected by the Internet 16. A client 18 on LAN 12 wishes to retrieve data from a web server 20 on LAN 14. The client 18 makes a request for the data to a transparent proxy 26 instead of directly to the web server 20. The request passes through a load balancer 24 on its way to transparent proxy 26. The transparent proxy 26, in turn, makes a new request for the data through gateway 22 to web server 20 on behalf of client 18. Web server 20 returns the data to transparent proxy 26, and transparent proxy 26 forwards the data to client 18. The data can be analyzed by application level software executing on the transparent proxy 26. For example, anti-virus software can analyze the data. The transparent proxy does not forward the data to client 18 if a virus is detected.
If the transparent proxy 26 is overloaded, the load balancer 24 forwards a subsequent request to transparent proxy 28 instead of to transparent proxy 26. In this case, the transparent proxy 28, makes a new request for the data to web server 20 on behalf of client 18. Web server 20 returns the data to transparent proxy 28, and transparent proxy 28 forwards the data to client 18.
Web server 20 receives messages from “transparent” proxies 26 and 28 that include the IP addresses of transparent proxies 26 and 28, respectively. Therefore, transparent proxies 26 and 28 are not transparent to web server 20. Web server 20 cannot distinguish among messages from individual clients. Because the original sender of messages coming from transparent proxies 26 and 28 cannot be determined from the source IP address, customizing services towards individual clients is more difficult.
In addition, a conventional load balancer also hinders the transparency as to IP addresses of transparent proxies 26 and 28 with respect to client 18. Transparent proxies 26 and 28 forward the requested data to client 18 in messages containing the source IP address of web server 20, instead of the source IP addresses of transparent proxies 26 and 28, respectively. The load balancer 24, however, forwards the messages to client 18 with the source IP address of the load balancer. In this case, client 18 cannot simply return response messages to the source IP address of web server 20, but must be configured to send such messages through load balancer 24.
Load balancer 24 can be adapted to have the transparency functionality of the transparent proxies 26 and 28 so that load balancer 24 also forwards messages to client 18 containing the source IP address of web server 20. Even in this case, however, load balancer 24 is not transparent with respect to Ethernet hardware addresses, also called MAC addresses.
In the case where the requested data is sent from web server 20 to client 18 through transparent proxy 26, a first TCP connection is established between client 18 and transparent proxy 26, and a second TCP connection is established between transparent proxy 26 and web server 20. When Ethernet frames are received onto client 18 across the first TCP connection, they contain the source MAC address of the load balancer 24 and not the source MAC address of gateway 22. Frames received directly from transparent proxy 26 would also not contain the source MAC address of gateway 22. Thus client 18 is hindered from gathering the MAC addresses of other devices on LAN 12, such as the gateways out of LAN 12. When load balancer 24 is added to LAN 12, client 18, as well as the other clients on LAN 12, must be reconfigured to send requests to the MAC address of the load balancer.
Expertise and effort are therefore required to operate and maintain a LAN network where clients communicate through a load balancer that is not transparent. This is undesirable.