This invention relates to computer systems, in particular virtual private networks (VPNs) and especially to a resilient implementation of a VPN.
A VPN is a connection between two “sites” that has the appearance of a dedicated link but which occurs over a shared network, such as the Internet or a direct RAS (Remote Access Service) dial-in connection. Using a technique known as “tunnelling”, data packets are transmitted over the shared network in a private “tunnel” between the sites. Tunnelling is the encapsulation of a data packet, for example an IP (Internet Protocol) packet inside another IP packet, after encrypting the data packet. The outer packet has a different destination IP address from the inner one and is used to direct the inner encrypted packet to a VPN security gateway at a site, where the outer layer can be stripped off, the inner packet decrypted and sent to the appropriate one of a number of destinations within the site. If this gateway should fail, no connection to these destinations is possible.
It is an object of the invention to provide means which ensure that full or partial failure of a gateway (for example failure of either one or both of the interfaces onto its connected networks) does not result in such a lack of connection.