The present invention relates to a method to perform end-to-end authentication between a customer premises network termination and a network access server as defined in the non-characteristic part of claim 1, a customer premises network termination as defined in the non-characteristic part of claim 6, and a network access server as defined in the non-characteristic part of claim 10.
End-to-end authentication, i.e. authentication between a customer premises network termination and a network access server, in an MPLS (Multi Protocol Label Switching) based broadband internet access network can be implemented straightforwardly by encapsulating the data packets, for instance IP (Internet Protocol) packets into PPP (Point to Point Protocol) frames and by transporting the PPP (Point to Point Protocol) frames over MPLS. The end-to-end authentication functionality of PPP (Pont to Point Protocol) is then used to authenticate the customer premises network termination to the network access server. End-to-end authentication mechanisms of PPP (Point to Point Protocol) are described for instance in the IETF RFC (Request for Comments) 1334 entitled ‘PPP Authentication Protocols’ and authored by B. Lloyd and W. Simpson.
The just described straightforward implementation of end-to-end authentication in an MPLS (Multi Protocol Label Switching) based access network requires that the encapsulation format for PPP over MPLS is defined in order to have a standard way of carrying the additional protocol, i.e. the PPP frames, over MPLS. In addition thereto, the MPLS/LDP (Label Distribution Protocol) has to be enhanced to be able to signal the new type of traffic, i.e. the PPP frames that will be carried. Furthermore, even if the PPP over MPLS encapsulation format would be standardised and even if the MPLS/LDP would be enhanced accordingly, the straightforward implementation uses an additional protocol, i.e. the PPP protocol, only for authentication and this solution therefore significantly increases the overhead and complicates traffic management because an additional layer is inserted in the protocol stack.