(1) Field of the Invention
The present invention relates to a packet forwarding apparatus and an access network system for controlling an access from a user terminal to the Internet.
(2) Description of the Related Art
When user terminals use the Internet, each of the user terminals communicates with the subscriber authentication server of an Internet service provider (hereinafter abbreviated as ISP) to which the user is subscribed upon each connection to the Internet and receives an allocation of an IP (Internet Protocol) address. The user terminal performs packet communication with a target server on the Internet by using the foregoing IP address as a source address. Each of the user terminals is connected to the Internet via an ISP network managed by the ISP. Between the ISP network and the user terminal, there exists generally a network termed an access network provided by a carrier. The service of providing connection between the user terminal and the ISP network via the access network is implemented under a contract between the carrier and the ISP.
In the access network mentioned above, a plurality of packet forwarding apparatuses (hereinafter referred to as access servers) termed access servers or BASs (Broadband Access Servers) are generally provided. Each of the access servers accommodates a plurality of user terminals (subscriber terminals) subscribed to the ISP and controls the connection and disconnection of each of the user terminals to and from the Internet. Each of these access servers provides an area-by-area Internet connection service such as a server for subscriber terminals located in the Tokyo district, a server for subscriber terminals located in the Nagoya district, or a server for subscriber terminals located in the Osaka district.
In such a network structure, the allocation of an IP address to a user terminal (IP address distribution) is performed in accordance with the following two methods, as shown in, e.g., Japanese Unexamined Patent Publication No. 2003-087299.
In accordance with the first IP address allocation method, a group of IP addresses (hereinafter, the group of addresses will be referred to as an address pool) to be distributed to user terminals are managed by a subscriber authentication server located in the ISP network, e.g., a Radius (Remote Authentication Dial In User Service) server. When an access server received an Internet connection request from a user terminal and transmitted an authentication request message (Access-Request) to the subscriber authentication server to determine whether the user terminal should be connected to the Internet, the subscriber authentication server specifies an IP address to be allocated to the user terminal in a response message (Access-Accept) issued in response to the authentication request. According to the method, it is necessary for the ISP subscriber authentication server to manage whether or not each of IP addresses registered in the address pool has been allocated to a user terminal. This causes the problem of increased load on the subscriber authentication server because a process of updating address status information in the address pool occurs every time a user terminal is connected/disconnected to or from the Internet.
In accordance with the second IP address allocation method, the ISP entrusts to the carrier (access server) actual allocation of an IP address to a user terminal and actual status management of the IP address. The IP addresses registered in the address pool of the ISP are divided preliminarily into a plurality of address groups corresponding to access servers such that each of the access servers performs the allocation of an IP address to a user terminal within the limits of the address group (hereinafter referred to as a sub-address pool) entrusted thereto by the ISP.
In accordance with the Radius protocol, as described at, e.g., page 33 in RFC 2865, a Radius server can instruct an access server (NAS: Network Access Server) to allocate an IP address from a sub-address pool held therein to a user terminal by setting a fixed value “255.255.255.254” to the address field of a Framed-IP-Address attribute when the Radius server specifies an IP address to be allocated to a terminal by a response message (Access-Accept) issued in response to an authentication request. Since the allocation of IP addresses to terminals that have succeeded in user authentication and the management of the IP addresses are distributed to a plurality of access servers, the second IP address allocation method can reduce the load on the subscriber authentication server.
In accordance with the second conventional IP address allocation method described above, however, the IP addresses preserved in the address pool of the ISP have been divided into the plurality of address groups (sub-address pools) and the management of the IP addresses has been entrusted to each of the access servers in units of address-group. This leads to the problem that, when Internet connection requests from a large number of user terminals are concentrated on a specified one of the access servers, the specified access server comes short of the IP addresses irrespective of the presence of a sufficient number of IP addresses in the entire ISP.
For example, the case is assumed where three access servers for the Tokyo district, the Nagoya district, and the Osaka district exist in the access network and the ISP has entrusted the access server for the Tokyo district with the allocation of the 256 IP addresses “10.10.0.0” to “10.10.0.255” to user terminals and the status management thereof, the access server for the Nagoya district with the allocation of the 256 IP addresses “10.10.1.0” to “10.10.1.255” to user terminals and the status management thereof, and the access server for the Osaka district with the allocation of the 256 IP addresses “10.10.2.0” to “10.10.2.255” to user terminals and the status management thereof.
If it is assumed here that Internet connection requests have issued from the total of 650 users including 300 users in the Tokyo district, 150 users in the Nagoya district, and 200 users in the Osaka district in a specified time zone, the situation occurs in which the access server for the Tokyo district comes short of idle IP addresses and some of the users cannot be provided with the Internet connection service irrespective of the total of 768 distributed IP addresses entrusted by the ISP to the carrier which is larger than the total number of the connection requests.