Tunnel Setup Protocol

Abstract: One embodiment of the present invention provides a switch. The switch includes a tunnel management module, a packet processor, and a forwarding module. The tunnel management module operates the switch as a tunnel gateway capable of terminating an overlay tunnel. During operation, the packet processor, which is coupled to the tunnel management module, identifies in a data packet a virtual Internet Protocol (IP) address associated with a virtual tunnel gateway. This virtual tunnel gateway is associated with the switch and the data packet is associated with the overlay tunnel. The forwarding module determines an output port for an inner packet in the data packet based on a destination address of the inner packet.

Abstract: A method and apparatus for managing network access to internal hosts protected by a firewall is provided. A user on an external host logs in into a firewall. Once the user has been authenticated to the firewall, a session is established for the user, and tunnel configuration is transmitted to the user's process on the external host. The tunnel configuration data indicates the configuration of at least one tunnel for connecting to at least one internal host protected by the firewall. When creating a socket for connecting to the internal host, the socket is configured based on the tunnel configuration data. Tunnel objects and tunnel socket objects may be specially configured to establish a connection in a way that takes advantage of the power and simplicity of the inheritance feature of object oriented software. Various tunnel classes are provided to configure tunnels in a variety of manners.

Abstract: An IP tunnel is constructed between routers connected with the INTERNET. A bandwidth of the IP tunnel is assured by setting up a reservation resource protocol (RSVP) on the IP tunnel. Further as a traffic control of the routers and on the IP tunnel, a frequency for sending packets, which are processed by an input processor and an output processor inside of the router, is allotted based on a ratio of the reserved bandwidth in each IP tunnel, then an algorithm for controlling the traffic is simplified. Furthermore each of the routers on the IP tunnel has a function for scheduling a reservation and manages a time period at which the virtual private network (VPN) of a type of the reservation resource protocol (RSVP) will be used, then it is possible to reserve the assurance of the bandwidth on the designated date and time in the future.

Abstract: A method and system for monitoring the status of an active secure tunnel between a pair of network elements in a communications network. The first network element originates and transmits an Internet Protocol Security (IPSec) test message to a second network element using a first unidirectional secure tunnel in response to the receipt of an active tunnel monitor command. The second network element receives the IPSec test message and transmits a response back to the first network element using a second unidirectional secure tunnel. The number of times that second network element failed to return a response to an IPSec test message is accumulated during a predetermined time interval and then compared with a threshold value to determine if the active secure tunnel has become disabled.