1. Field of the Invention
The present invention is directed toward the field of data communication networks. In particular, the invention is directed to a system and method for providing protected communication paths between a LAN and a carrier network.
2. Description of the Related Art
FIG. 1 sets forth a schematic drawing of a communication system 2 that provides a user or a user""s local area network 3 (xe2x80x9cLANxe2x80x9d) with access to the internet or some other wide area network (xe2x80x9cWANxe2x80x9d). In the embodiment shown, a LAN 3 is provided with internet access through a fiber optic system 4. The fiber optic system 4 provides a connection between the user LAN 3 and an internet access device such as an internet backbone router 5 (xe2x80x9cBRxe2x80x9d). The BR 5 has a number of ports (not shown) with internet protocol (xe2x80x9cIPxe2x80x9d) addresses assigned thereto. Internet access is achieved through accessing the ports on the BR 5.
The preferred user LAN 3 is an Ethernet LAN but other LAN types such as token ring, FDDI, etc., could be used. LAN Hosts 7b preferably are personal computers (xe2x80x9cPCsxe2x80x9d) but optionally could be servers or other computer or communication equipment. LAN router 7a preferably comprises computer or communication hardware that forwards data from or to other computer or communication equipment on the LAN 3. LAN router 7a optionally could be coupled to other subnets (not shown) on the user""s premises which interconnect other LAN hosts (not shown).
FIG. 2 sets forth a more detailed view of an exemplary communication system 2 for providing a plurality of user LANs 3 with access to the internet or other WAN via a fiber optic system. The exemplary communication system 2 includes a fiber optic system that preferably is arranged in a ring network 10 and more preferably in a Synchronous Optical Network (xe2x80x9cSONETxe2x80x9d) or SDH ring. The communication system 2 also includes a plurality of network nodes 12a, 12b, 12c, and 12d that are coupled together in the SONET/SDH ring 10, a plurality of local or user LANs 3a, 3b and 3c that are coupled to the network nodes 12a, 12b and 12c, respectively, preferably via fiber optic cables 15, and an internet or WAN access device 5 such as an internet backbone router (xe2x80x9cBRxe2x80x9d) coupled to network node 12d. 
FIG. 3 sets forth a system diagram of a preferred SONET/SDH ring 20 for use in a communication system that practices the present invention. The SONET/SDH ring 20 includes a plurality of network nodes 22, labeled N0-N3, coupled in a ring structure by one or more communication paths 24A, 24B. As shown in FIG. 3, the two paths 24A, 24B transport SONET/SDH data streams (many packets/cells) in opposite directions about the ring (i.e., east and west). The communication paths 24A, 24B are preferably fiber optic connections (in SONET/SDH), but could, alternatively be electrical paths or even wireless connections (in other types of ring networks). In the case of a fiber optic connection, paths 24A, 24B could be implemented on a single fiber 24, on dual fibers 24A, 24B, or some other combination of connections. Each network node 22 is preferably coupled to two other network nodes 22 in the ring structure 20. For example, network node N0 is coupled to network nodes N1 and N3. The coupling between the nodes in FIG. 3 is two-way, meaning that each node 22 transmits and receives data (packets/cells) to and from each of the two other nodes 22 to which it is connected Each network node 22 includes at least two transmitter/receiver interfaces, one for each connection to another node 22. The network nodes 22 could be many types of well-known network devices, such as add-drop multiplexers (xe2x80x9cADMsxe2x80x9d), switches, routers, cross-connects or other types of devices. The devices 22 shown in FIG. 3 are preferably ADMs. An ADM is a three terminal device having a local add/drop interface, an upstream network node interface, and a downstream network node interface. These ADMs 22 are coupled to local nodes 26, and are used to add packets/cells from the local nodes 26 to the SONET/SDH data stream, and conversely to drop packets from the SONET/SDH data stream to the local nodes 26. A system and method for packet transport in a SONET/SDH ring network and an exemplary ADM is described in more detail in commonly-assigned U.S. patent application Ser. No. 09/378,844 (xe2x80x9cthe ""844 applicationxe2x80x9d), which is incorporated herein by reference. For more information on SONET/SDH formats, line-speeds, and theory of operation, see John Bellamy, Digital Telephony, 2d Edition (1991), pp. 403-425.
The network nodes 22 shown in FIG. 3 may be logically connected by a plurality of virtual paths that coexist on the physical network connection(s) 24. Virtual paths are also known as logical paths or xe2x80x9cpipes.xe2x80x9d For example, although there is only one physical connection from node N0 to node N1 to node N2, there may be numerous virtual paths between these nodes, such as one virtual path from N0 to N1, another from N0 to N2 and another from N1 to N2. Each virtual path may include a plurality of virtual channels, wherein each virtual channel transports packets (or cells) formatted according to the SONET/SDH SPE. The use of virtual paths in SONET/SDH ring networks is described in more detail in commonly-assigned U.S. Pat. No. 6,594,232, which also is incorporated herein by reference.
In the exemplary communication system 2 shown in FIG. 2, the network nodes 12a, 12b and 12c are access nodes. The network devices that make up access nodes 12a, 12b and 12c each include an access device or access card (xe2x80x9cACxe2x80x9d) 14. Each access card 14 is operable to transfer data packets between a user""s equipment on a LAN 3 and other nodes 12 on the ring network 10. The access cards 14 of the present invention may physically reside within a network device of the SONET/SDH ring 10 or alternatively may be coupled to a network device.
The network node 12d of the exemplary communication system 2 is an internet gateway node and the network device that makes up the gateway node 12d includes a multiplexor device or concentrator card (xe2x80x9cCCxe2x80x9d) 16. The CC 16 functions as a switch that multiplexes data packets transmitted by the access nodes 12a, 12b and 12c onto a single data transmission channel 18 for further routing to the internet access device 5. The CC 16 also functions as a switch for forwarding data packets received over the data transmission channel 18 from the internet access device 5 to one or more access nodes 12a, 12b or 12c. 
Router ports have been configured for shared use between multiple virtual circuits and sub-interfaces. The concentrator card 16 facilitates the shared use of a router port and has a two-fold role. The concentrator card 16 merges the data from the various LANs 3 and access cards 14 on the ring network into a single pipe for forwarding to the single router port of the BR 5 to which the concentrator card 16 is coupled. In merging the data, the concentrator card 16 couples the data to different interfaces within the router port. The concentrator card""s 16 second task is to take data from the BR 5, packet by packet, and forwards the data to the various access nodes 12 on the ring network.
Each access card 14 includes at least one protocol engine 30, as shown in FIG. 4, for providing a fiber extended router port 6 to a LAN 3. The protocol engine 30 provides a permanent address for use by the LAN devices 7 when transmitting data packets to the WAN. The protocol engine 30 reformats data packets from the LAN devices 7 and transmits the reformatted data packets over the ring 10 through the concentrator interface of CC 16 to a sub-interface of BR 5. The protocol engine 30 also receives data packets from a sub-interface of BR 5 through the concentrator interface and reformats those data packets to the format used on the LAN 3. The protocol engine 30 addresses at least three main architectural issues: encapsulation, maximum transfer unit (xe2x80x9cMTUxe2x80x9d), and address resolution. The use of protocol engines and Access Cards in SONET/SDH ring networks are described in more detail in commonly-assigned U.S. patent application Ser. No. 09/514,032 (xe2x80x9cthe ""032 applicationxe2x80x9d), which also is incorporated herein by reference.
If there is only one concentrator node for the entire network and there is a malfunction in that concentrator node or in a virtual path to that concentrator node, then wide area network access for one or more nodes in that network may be interrupted.
Therefore, there remains a need in this art for a method and system for providing protected virtual paths between local area networks (LANs) and wide area networks (WANs). There remains a particular need for a method and system for detecting malfunctions in a primary virtual path and for switching to the protection virtual path when a malfunction is detected. There also remains a more particular need for a method and a system that can provide protected virtual paths in a manner that minimally impacts the user computer equipment on a LAN connected to the network node on the system.
The present invention provides protected virtual paths to a customer network or LAN by providing access to a carrier network via a plurality of virtual channels. The present invention provides a mechanism for detecting failures associated with the virtual channels and a mechanism for switching from a failed virtual channel to a protection virtual channel upon detection of a failure.
The present invention provides many advantages over the presently known communication systems for providing access to a carrier network. Not all of these advantages are simultaneously required to practice the invention as claimed, and the following list is merely illustrative of the types of benefits that may be provided, alone or in combination, by the present invention. These advantages include: (1) the overall architecture of the network, with the concentrator interfaces connected to the carrier network at two different redundant locations, and the interaction between the carrier network devices (routers and bridges) and the system according to the present invention; (2) the concentrator device failure detection capability in the access device; (3) the Backbone Router failure detection capability and consequent triggering of VC switching; (4) IP layer faults detection and reporting to the access device; and (5) ATM layer fault detection and reporting to the access device.
In accordance with the present invention, a method and system for providing a customer network with high speed access to a carrier network is provided. The system comprises an access device for providing a communication path for the customer network, a first concentrator device that is operable to establish a communication path with the carrier network, and a second concentrator device that is operable to establish a communication path with the carrier network. The access device is operable to receive data traffic from the customer network and to forward the data traffic within the system. The access device is also operable to receive data traffic from the system and to drop some of the data traffic to the customer network. The first concentrator device is operable to drop data received from the system to the carrier network and also operable to add data received from the carrier network to the system data traffic. The second concentrator device is also operable to drop data received from the system to the carrier network and also operable to add data received from the carrier network to the system data traffic. The access device and the first concentrator device cooperate to form a first virtual channel for allowing data traffic to flow from the customer network to the carrier network and from the carrier network to the customer network and wherein the first virtual channel is the primary communication channel for the customer network. The access device and the second concentrator device cooperate to form a second virtual channel for allowing data traffic to flow from the customer network to the carrier network and from the carrier network to the customer network and wherein the second virtual channel is a backup communication channel for the customer network. The system is operable to switch the primary communication channel from the first virtual channel to the second virtual channel upon detection of a failure in the first virtual channel.