Robust connectivity approach for multichannel devices with VPN client in poor signal level/quality conditions
Original Publication Date: 2016-Jan-26
Included in the Prior Art Database: 2016-Jan-26
Larchenko, Dmitry: INVENTOR [+2]
* Upon request mobile VPN client establishes Security Associations through multiple network interfaces * Client and server create mapping between those Security Associations and specific channel bonding configuration * Client applies data duplication policy for such SAs * Server uses ESP sequence numbers to determine which packets are duplicates and should be rejected (Regardless which SA it belongs each ESP packet has a sequence number in clear text which always start from 0. If we send the same data through those SA simultaneously then each packet will have synchronized sequence number with its duplicates across all SAs)
By Dmitry Larchenko, Vadim Podlesov
Motorola Solutions, Inc.
Modern mission critical mobile devices usually have more than one wireless network interface and a VPN client which provides secure connection over the Internet. On such devices VPN client can use different wireless networking technologies at the same time to increase connection robustness.
Current document provides a description for a protocol which may be used to implement channel bonding on top of standard VPN protocols.
Mission critical devices are commonly used in places with bad network coverage and/or high congestion rates in emergency incident areas. Those factors have a negative impact to connection quality. In case if officer needs to communicate critical information in such conditions it would be a good idea to use all available communication technologies.
This problem may be solved on different IP levels which involve changes in different parts of operating systems, Applications and/or infrastructure. In this paper we propose an implementation on Application layer protocols which are in use by VPN client and server.
This approach will minimize required changes to facilitate channel bonding by reusing some information and capabilities provided by existing protocols used by VPN applications.
Our approach is designed for typical VPN deployment scenario shown in the following diagram.
Figure 1 Typical architecture for VPN deployments
Mobile node (MN) is attached to the public network (e.g. Internet) via multiple interfaces: LTE, LMR and WIFI. VPN server plays a role of a gateway between Public Network and Private Network which contains protected resources.
All data traffic between MN and VPN server is encrypted and encapsulated in ESP packets. VPN server unpacks decrypts and forwards this traffic into Private Network.
Robust connection through multiple network interfaces can be initiated by the server or user as shown in Figure 2. The decision to do that can be based on user request (e.g. button press) or it can be based on connection statistics and sensors information collected on MN.
Initial state of this procedure assumes th...