1. Field of the Invention
The present invention relates to systems that establish virtual private net LANs or virtual private networks (VPNs).
2. Description of the Related Art
FIG. 1 shows a system configuration of the related art. A long distance carrier 1 includes a system capable of providing a VPN. VPNs include internet protocol virtual privet networks (IP-VPN) and Layer-2 virtual local area networks (L2-VLAN).
The IP-VPNs may use at least layer 3 protocol for example internet protocol. The L2-VLANs may use Layer-2 protocol. L2-VPNs are also referred to as Layer-2 virtual local area networks (L2-VLANs).
A system established an L2-VPN uses a media access control (MAC) address for forwarding a packet. The packet has a frame structure, including a destination MAC address and a source MAC address. A MAC address is also referred to as a physical address.
A physical address is recorded on a LAN card to be connected to a personal computer (PC) when the LAN card is manufactured, and is typically composed of 48 bits.
IP has IP addresses to be processed at layer 3 or higher. An example IP datagram is composed of about 1,500 bytes, and includes a source IP address (source network address) and a destination IP address (destination network address) each of 32 bits.
Referring to FIG. 1, the long-distance carrier 1 provides services via an IP-VPN and an L2-VPN in combination.
A packet forwarding service via the L2-VPN is indicated by a dotted line, and a service via the IP-VPN is indicated by a two-dot chain line.
An asynchronous transfer mode (ATM) access network 3-1 that is owned by a local carrier 3 is established between customers (end users) 2-1 and 2-2 and the long-distance carrier 1. The long-distance carrier 1 accesses the ATM access network 3-1 via a carrier-to-carrier access point (POI) 3-2.
Thus, the long-distance carrier 1 needs to provide the L2-VPN and L3-VPN services via the network owned by the local carrier 3.
Since the ATM access network 3-1 of the local carrier 3 is of a type different from an L2-VPN network 1-8 that is owned by the long-distance carrier 1, it is necessary to forward a packet according to an ATM protocol different from that of the long-distance carrier 1.
When a user establishes a virtual private network, there is a need for a communications common carrier (e.g., an Internet service provider (ISP)) to forward a packet according to the individual protocols depending on the system of the user.
The ATM cell transmission system encapsulates an IP datagram or Ethernet datagram into an ATM cell (hereinafter referred to as an “ATM packet”). The ATM cell transmission system transmits the ATM packet, thereby forwarding data.
A metropolitan network (metro network) 1-9 includes add-drop multiplexers (ADMs) 1-1a and 1-1b. In general, metro networks are bi-directional ring/loop networks.
The ADM 1-1a transmits an ATM packet forwarded via the POI 3-2 to the ADM 1-1b via the metro network 1-9 using a synchronous multiplexing scheme, such as a SONET (synchronous optical network) or SDH (synchronous digital hierarchy) scheme.
The ADM 1-1a also forwards L2 and IP packets that are synchronously multiplexed and transmitted from the ADM 1-1b to the ATM access network 3-1 via the POI 3-2.
The ADM 1-1b synchronously multiplexes and transmits L2 and IP packets from an L2 switch (L2-SW) 1-2 and an L3 switch (L3-SW) 1-3 to the ADM 1-1a, and forwards the ATM packet from the ADM 1-1a to the L2-SW 1-2 and the L3-SW 1-3.
The L2-SW 1-2 converts the ATM packet from the ADM 1-1b into an L2 packet, and forwards the L2 packet to a path with a destination address.
The L2-SW 1-2 also forwards an L2 packet to the ADM 1-1b, the packet forwarded from an edge switch 1-6. The edge switch 1-6 is positioned at an end of the L2-VPN network 1-8, and is adapted to bridge L2 packets.
Bridging (bridge) is a relaying function for interconnecting networks, and is a function for relaying a frame by identifying a MAC address of a PC or the like in the MAC layer of Layer 2. In other words, the bridging function is a frame distributing function at the Layer-2 level.
A frame transmitted or received at Layer 2 does not represent an IP address, and is thus transmitted or received only using a MAC address (physical address).
Specifically, a frame transmitted or received at Layer 2 is constantly processed by using a MAC address.
Thus, a bridging apparatus implementing a bridging function manages a MAC address, a VLAN number, and a port number (indicating a forwarding port of the MAC address) to realize the bridging function.
The L3-SW 1-3 picks it up an IP packet from the ATM packet, the ATM packet from the ADM 1-1b, and forwards the IP packet to a path having a destination address.
The L3-SW 1-3 also forwards an IP packet to the ADM 1-1b the IP packet forwarded from an edge router 1-5. The edge router 1-5 is positioned at an end of the IP-VPN network 1-7, and is adapted to perform IP routing on IP packets.
IP routing (routing) is a function for determining a suitable forwarding route from among a plurality of routes to a final goal (destination) such as another network system or a gateway server.
In other words, the routing function is an IP datagram distributing function primarily at the Layer-3 level (Layer 3).
Unlike the bridging apparatus, a routing apparatus (such as a routing modem) is not adapted to manage MAC addresses in layer 2, but is adapted to manage only IP data grams.
In FIG. 1, routing and bridging are separately accommodated by different apparatuses, and two apparatuses are therefore illustrated. Japanese lid open Patent Publication No. 2002-290399 discloses an arrangement in which input and output interfaces of such two apparatuses are shared.
As in the arrangement shown in FIG. 1, when an L2-VPN user and an IP-VPN user are accommodated by different apparatuses, two packet forwarding apparatuses are needed, thus increasing the cost of the apparatuses. Moreover, two lines for connecting the ADMs and the packet forwarding apparatuses are also needed to support the two packet forwarding apparatuses, leading to high line leasing cost.
The packet forwarding apparatus includes only a device for performing bridging at an L2-SW and a device for performing routing at an L3-SW, and, due to its dual-switching function, becomes costly.