A. Field of the Invention
This invention relates generally to the subject of mobile Internet Protocol (xe2x80x9cIPxe2x80x9d) data networking. The invention also relates to the subject of virtual private networking.
B. Description of Related Art
A virtual private network (xe2x80x9cVPNxe2x80x9d) is a service provided by a telecommunications carrier (such as Sprint or ATandT) in which their public network resources are logically organized by the company but managed by the customer, in a manner to provide capabilities similar to those offered by private networks. The concept can be applied to public packet switched networks, e.g., Internet Protocol or Internet Packet eXchange (xe2x80x9cIPXxe2x80x9d) networks. Essentially, a virtual private network is equivalent to a private data network defined logically within a public network, offering the user the economies of scale of the public network, but the control and management capabilities that are found in a private network.
Where a public IP/IPX network supports virtual private networks, then the elements of the network must be configured to handle data traffic for multiple virtual private networks at the same time. For example, a router in the network would have to handle packets for each virtual private network individually, since each virtual private network is managed separately and will typically have its own unique addressing and routing schemes.
Public packet switched networks can be used to carry traffic to and from a mobile communications device, such as a laptop computer or personal digital assistant equipped with a cellular telephone modem. The basic architecture of mobile IP data networking is known in the art and described in several publications, including the Request for Comments document RFC 2002 (1996) and in the textbook of Charles E. Perkins, Mobile IP Design Principles and Practices, Addison-Wesley Wireless Communications Series (1998), the contents of both of which are incorporated by reference herein.
Basically, in Mobile IP communication, a wireless mobile node communicates with a terminal on an IP network by means of a foreign agent and a home agent. Typically, foreign agent functionality is incorporated into a router or network access server chassis located on a mobile node""s visited network. The foreign agent provides routing services for the mobile node while it is registered with the foreign agent. The foreign agent de-tunnels and delivers datagrams to the mobile node that were tunneled by the mobile node""s home agent. The home agent is a router on a mobile node""s home network that tunnels datagrams for delivery to the mobile node via the foreign agent when the mobile node is away from home. The home agent maintains current location information for the mobile node, through a variety of possible mechanisms, such as described in the patent application of Richard J. Dynarski, et al., xe2x80x9cDynamic Allocation of Wireless Mobile Nodes Over an Internet Protocol (IP) Networkxe2x80x9d, Ser. No. 09/233,381, which is incorporated by reference herein. When multiple home agents are handling calls for multiple mobile nodes simultaneously, the home agents are providing, in essence, a service analogous to virtual private network services. Each mobile node is typically associated with a separate home network and the routing path from that home network, through the home agent, to the foreign agent and mobile node is like a virtual private network for the mobile node.
The known prior art for providing Mobile IP networking services has embraced the concept of a single home agent for a given network. However, some larger scale providers of Mobile IP networking services may require multiple home agents on their networks. One possible approach is to provide multiple home agents in separate chassis. Another approach is to provide a single home agent, but design the home agent such that it has an internal architecture to support multiple networks (e.g., multiple virtual private networks). This approach is not considered very attractive, in that management of the home agent would be cumbersome. Furthermore, the home agent would not be particularly fault tolerant, in that any mechanical or software problem in the home agent would potentially affect a large number of virtual private networks.
The present invention provides an efficient, easy to manage method for providing a plurality of home agents on a network. All of the home agents are implemented in a single computing platform. That is, rather than attempting to use a single home agent with an internal architecture to support multiple networks, multiple real home agents, each comprising an instantiation of a home agent software program or code, are implemented in the computing platform. Each home agent is dedicated to performing home agent tasks for a single virtual private network. Each home agent is given its own unique address in the computing platform, thereby providing a mechanism for isolating the processing for each home agent from the other processing. The result is an easily managed, scaleable, and fault tolerant mechanism for providing home agent services, particular in high density and large scale implementations of mobile IP.
These and other features of the present invention will be more apparent from the following detailed description of presently preferred embodiment.
A method for providing home agent services for a plurality of mobile communications devices is provided. The method may be practiced in the context of virtual private network environment, or otherwise. The method makes use of a computing platform (such as a general purpose computer, router, or network access server) that receives a plurality of packets from a first network. The computing platform is configured as a master home agent device, which implements a plurality of real home agents as distinct processing threads in software. For example, the plurality of home agents may comprise multiple instantiations or replications of a home agent software program or process. The packets that are incoming into the computing platform are directed to the home agent that is associated with the packet. This is preferably accomplished by providing each software-replicated home agent with a unique IP address for purposes of directing the packets to the proper home agent.
The packets are processed in the plurality of home agents in accordance with the requirements of RFC 2002 and mobile IP protocols for home agents, or some lesser set of home agent functionality for mobile IP networking if RFC 2002 is not fully supported. For example, the packets may comprise registration request messages from the mobile communications devices. The home agent would then either process the registration request message itself or use an Accounting, Authorization and Authentication (AAA) server to perform some of the processing, such as authentication processing. As another example, the packets may be data packets to be forwarded from the home agent to the mobile communications device. After processing the packet in the home agent, the packets are forwarded onto a second network for transmission to a destination for the packets.
Preferably, in the above method each of the home agents comprise an instantiation of a home agent software program implemented in the computing platform. Further, each instantiation of the home agent software program is given a unique address in the routing chassis. This keeps the processing for each home agent separate from each other. This also makes the system more fault tolerant and more easily managed by known management protocols (SNMP, etc.).
The computing platform or chassis that the above method is implemented may comprise a router, a general purpose computer or any other suitable network element. The main requirement is that it would have a central processing unit and an operating system capable of implementing multiple software-replicated home agents, maintaining separate addresses for each of them, and having the necessary hardware and software interfaces to other communications elements (such as the networks that are used, and possibly an AAA server), in order to provide the desired home agent service for a plurality of mobile communications devices.
The invention is particularly suitable for use in a virtual private network context. The chassis providing the VPN/home agent services would typically be managed by a wireless service provider. Each home agent would be managed separately either by the service provider, or more preferably by the user of that home agent. The exact manner in which the individual home agents would be managed would typically be worked out as a contractual matter between the provider of the chassis and the company it is providing service to. In any event, the segregation of each home agent into separate address space in the computing platform or chassis will allow each home agent to be independently managed.
In another aspect of the invention, a routing chassis processing packets for a plurality of mobile communications devices is provided. The routing chassis comprises an interface to a first network, two or more software-replicated home agents that are running on a computing platform in the routing chassis, and a means (such as a IP stack implemented in a operating system running on the computing platform, or the equivalent) for demultiplexing a plurality of packets arriving from the first network at the first network interface and for forwarding the packets to the plurality of home agents in accordance with addresses contained in the packets. Preferably, each of the home agents comprises an instantiation of a home agent software program.
In a representative embodiment, the routing chassis comprises two or more interfaces to a second network such as wide area network, wherein each of the interfaces to the second network is associated with one of the home agents. The wide area network may for example provide long haul delivery of packets from the mobile communications device to the device""s home network. Furthermore, each of the home agents may be associated with a virtual private network.
In yet another aspect of the invention, a method of handing a registration request from a mobile communications device is provided. The method comprises the steps of implementing a master home agent in a communications chassis such as a router or general-purpose computer. The master home agent comprises a plurality of software-replicated home agents. A registration request message is received from the mobile communications device at the communications chassis and forwarded to one of the plurality of software-replicated home agents. The forwarding is accomplished by reference to an address in the registration request, with each of the software replicated home agents having a unique address.
The software-replicated home agent generates a registration request authentication message and transmits the registration request authentication message to an AAA server. The AAA server either authenticates or does not authenticate the mobile communications device and sends an authentication reply message back to the home agent. The reply is forwarded from the communications chassis to the mobile communications device.