(1) Field of the Invention
The present invention relates to a packet forwarding control method and a packet forwarding apparatus and, more particularly, to a packet forwarding control method and a packet forwarding apparatus for a layer 2 virtual private network (L2-VPN) over which packets for a user authentication protocol, such as PPPoE packets, are forwarded by layer 2 tunneling.
(2) Description of the Related Art
As an authentication-based high-speed Internet connection service (high-speed remote access service) using a high-speed access line such as ADSL (Asymmetric Digital Subscriber Line), FTTH (Fiber to the Home), or wireless LAN (Local Area Network) has become prevalent, a communication environment for efficiently forwarding large-capacity information, such as contents data, to user terminals has been established.
In a high-speed remote access service, PPPoE (Point to Point Protocol over Ethernet) and PPP for connection protocols between terminals are terminated with a high-speed access terminating apparatus, such as BAS (Broadband Access Server), which is a gateway apparatus managed by a communication service agent. Upon receiving a connection request for requesting a connection with the Internet from a user terminal, the BAS requests user authentication from an authentication server, for example, a Radius (Remote Authentication Dial-In User Service) server managed by an Internet Service Provider (ISP) or another connection service company. The BAS starts a packet forwarding service at a layer 3 level between the user terminal having succeeded in user authentication and an ISP network.
Conventionally, an ISP or a connection service company which does not have a dedicated high-speed access line has rented a layer 3 IP (internet Protocol) transit network including high-speed access lines and a BAS from a communication service agent. The ISP is allowed to provide an authentication-based high-speed Internet connection service conscious only of user authentication and the layer 3 without being conscious of the PPPoE and PPP, by operating the rented transit network as an IP-VPN (Virtual Private Network).
However, in the high-speed remote access service using the IP-VPN, there is the possibility that ISP cannot provide a connection service desired by a user under constraints placed by a layer 3 communication protocol in the transit network. For example, even though the user desires to use an IPv6 protocol or a specific protocol used in a general-purpose computer, the service cannot respond to a request from the user if the transit network is compatible only with an IPv4 protocol.
In recent years, communication service agents have provided L2-VPN services, in which high-speed access lines such as ADSL, FTTH, or wireless LAN and a wide area Ethernet network are used, in place of the IP-VPN service requiring the existence of an IP network. In a L2-VPN, the range between site A and site B can be treated as if it belongs to the same broadcast domain, by using layer 2 tunneling such as, e.g., Ethernet over Ethernet defined in the IEEE 802.1 ah or expanded VLAN defined in the IEEE 802.1ad.
When a transit network is comprised of a wide area Ethernet network, even an ISP or communication service company having no dedicated lines is allowed to provide a connection service equivalent to the service conventionally provided through a dial-up connection in an ISDN or the like to a user terminal connected with a high-speed access line, by connecting a BAS to the transit network and forming a L2-VPN on the transit network. That is, by supplying a wide area Ethernet network as a L2-VPN from a communication service agent to each ISP (or communication service company) having a BAS, the ISP can provide a highly flexible communication service to users without incurring constraints placed by the L3 communication protocol on the transit network.
Conventionally, when a communication service agent supplies an IP-VPN to a plurality of ISPs, these ISPs have been requested to share communication equipment such as a high-speed access lines and BAS. In this case, the BAS is used to manage user information in association with an ISP to which each user is subscribed so that an authentication request received from each of the users is dynamically distributed to the ISP corresponding to the user, in a PPP protocol authentication phase.
In order to forward packets by layer 2 tunneling between site A and site B when a L2-VPN is provided in place of the IP-VPN to the ISP, it is necessary to set packet forwarding control parameters as tunneling control information depending on the tunneling type such as, e.g., Ethernet over Ethernet or expanded VLAN, to respective packet forwarding apparatuses serving as the sites A and B. However, when layer 2 tunneling control information is statically set in advance to the respective packet forwarding apparatuses serving as the sites A and B, a packet forwarding route is fixedly determined and it becomes difficult to perform dynamic distribution of received packets to the respective ISPs corresponding to the users, as has been performed by the shared BAS in the IP-VPN.