The present invention relates to a method of composing a VPN (Virtual Private Network) on the Internet and an interwork router used to connect Internet service providers to each other.
Various applications such as E-mail and WWW (World Wide Web) programs can be used on any Internet Protocol (IP) networks. In addition, such IP networks can be composed at lower costs than the conventional switching networks that use are associated with telephones. This is why the Internet has rapidly come into wide use in recent years. Under such circumstances, intracompany networks (intranets) composed on the IP level are now indispensable for facilitating the activities of those companies.
Companies are often distributed unevenly in local areas. In such a situation, therefore, there will appear a demand that the intranets in those local areas should be connected into one network as a logical consequence. In such a case, there are the following two methods possible for connecting those intranets to each other in local areas.
Firstly, private lines are used for connecting those intranets in local areas. In this case, each of those intranets can be isolated from external networks for ensuring security.
Secondly, the IPsec (IP security protocol) technique is used to provide each terminal with a function for identifying packets of its own company's network, so that those packets are transferred on the Internet as IP packets using global addresses. This identifying function, when combined with an encoding technique, can make up a Virtual Private Network (VPN) so as to be protected from the attacks of malicious users.
If such private lines are used; however, some problems arise; for example, the network cost is increased, and furthermore, the VPN realized by the IPsec method cannot be protected from the attacks and invasions of malicious users who can crack the codes. In addition, the encoding processing becomes a bottleneck of increasing the speeds for fast networks and terminal costs are increased.
Along with the rapid spread of the Internet, as well as the cost reduction of using the Internet, there have appeared strong demands for forming virtual private networks on the Internet using the functions of lower layers than the IP layer provided by networks, while suppressing the cost and isolating each of those virtual private networks from external networks so as to assure the security and quality thereof.
In order to meet such demands, the following VPN is proposed. A packet is encapsulated at the inlet of the object network of an Internet Service Provider (ISP) that provides the VPN. On the ISP network, each packet is transferred according to the capsule header, then the capsule header is removed at the outlet of the network. According to this VPN composing method, since a packet is encapsulated peculiarly to the VPN, the VPN is isolated from external networks, thereby assuring the security of the VPN. More concretely, for such an encapsulation protocol various methods are available, such as IP encapsulation, MPOA (Multi Protocol over ATM), MPLS (Multi Protocol Layer Switching), etc. Since February of 1999, those methods have been under examination in such standardization groups as ITU-T SG13 (International Telecommunications Union-Telecommunications Standardization Section, Study Group 13), IETF (Internet Engineering Task Force), etc. In addition, ITU-T SG13 is also examining the Core Protocol of the Global Multi-media Network Connection Less (GMN-CL) for transferring packets encapsulated according to E.164 addresses in the object network.
“Access Network Systems and Edge Nodes Systems for the Next-Generation Computer Network”, pp. 425-434, NTT R&D vol. 47 No. 4, 1998 (issued on Apr. 10, 1998) has also proposed a method for composing an edge node in an accessing system used to interwork between each of a plurality of user networks and the core network in the GMN-CL.