Abstract: Redundant gateway methods, apparatus and systems using more than one gateway device in a gateway device group for communications directed outside of a LAN. Failover services are thus provided in the event that an active router or other gateway device fails. Network address translation (NAT) services are provided simultaneously by having all gateway devices in the redundancy group create and maintain IP aliases and static NAT mappings, while disabling all gateway devices operating in a non-active mode from replying to address resolution protocol requests from hosts. A gateway device may be configured to operate in a redundancy group in an active operating mode or a non-active operating mode. The gateway device handles transmissions into and out of the network to which it is connected only when the gateway device is in the active operating mode so as to avoid system corruption due to ARP activity and message transmissions by non-active gateway devices.

Abstract: Gateway load balancing and failover methods, apparatus and systems use more than one gateway device in a gateway device group for communications directed outside of a LAN. In the load balancing arrangement, hosts that send ARP messages to a shared virtual IP address receive replies from one of the gateway devices in the gateway device group, directing the host to address outgoing communications to a virtual MAC address assigned to one of the gateway devices. Hosts are assigned virtual MAC addresses for the gateway devices according to a prescribed algorithm or methodology. In the event that one member of the gateway device group fails, the outgoing communications that would have been handled by the failed gateway device are re-assigned to another member of the gateway device group. A master gateway device controls address assignment and failover features. In the event that the master fails, additional steps are taken to appoint or elect a new master and ensure continuity in the load balancing function.

Abstract: Gateway and NAT services to a single host or large number of hosts on a local network using a redundancy group having gateway devices. A pool of unique IP addresses are partitioned into address blocks, one of which is assigned to a gateway device. Using the unique IP addresses in its assigned address block, the gateway device translates local IP addresses of hosts on a local network to unique IP addresses from the gateway device's assigned address block for host packets destined for outside networks and creates a mapping of the translation. The gateway device notifies other gateway devices in the redundancy group of the mapping. A master mapping database or a local mapping database is updated whenever one of the gateway devices performs a translation.

Abstract: Methods and apparatus are provided for enhancing security and fault tolerance for VPN gateways connecting clients in a public network with entities in a private network. According to various embodiments, primary and standby VPN gateways serving the same private network are configured with the same virtual IP address to allow public network clients the ability to efficiently switchover to a standby VPN gateway upon failure of the primary VPN gateway. Cryptography operations are executed using the virtual IP address. Routes can also be injected into the private network to enhance failover efficiency.

Abstract: The distribution of traffic flows in a load-sharing redundancy group that includes a first gateway device and a second gateway device includes assigning a first set of forwarding addresses to the first gateway device and a second set of forwarding addresses to the second gateway device. The redundancy group distributes forwarding addresses to hosts which in turn use the distributed forwarding addresses to send packets to the redundancy group. The traffic flow for each of the assigned forwarding addresses is measured and may be compared to a target traffic flow. The traffic flow is adjusted to close in on the target traffic flow. Adjustment of the traffic flow can be accomplished either by changing the existing measured traffic flow by re-assigning a forwarding address originally assigned to one gateway device to a different gateway device or by altering future distribution of forwarding addresses so that additional traffic is sent to one or more forwarding addresses having lower measured traffic.

Abstract: Redundant gateway methods, apparatus and systems use more than one gateway device in a gateway device group for communications directed outside of a LAN. Failover services in the event that an active router or other gateway device fails. In determining the priority of members of the group to become the active router/device for the group, a route metric is used as the priority value in elections held to determine the operating mode of each group member. This route metric is a numerical value representing the optimality of a route available between the router and a destination such as a remote network. By comparing the members' respective route metrics from time to time and in the event of a trigger event, the active router/device in a group is guaranteed to be the router with the optimal route to that remote network.

Abstract: Gateway and NAT services to a single host or large number of hosts on a local network using a redundancy group having gateway devices. A pool of unique IP addresses are partitioned into address blocks, one of which is assigned to a gateway device. Using the unique IP addresses in its assigned address block, the gateway device translates local IP addresses of hosts on a local network to unique IP addresses from the gateway device's assigned address block for host packets destined for outside networks and creates a mapping of the translation. The gateway device notifies other gateway devices in the redundancy group of the mapping. A master mapping database or a local mapping database is updated whenever one of the gateway devices performs a translation.