Computer networks known as “subscriber networks” offer high speed long-haul transport of data communications between remote installations of subscriber or customer network facilities. As an example, a bank with several branches, or a large chain restaurant or other customer with several remote or geographically distributed installations that each operate a computer network (e.g., local area network installations) may subscribe to a subscriber or carrier network to provide data communications capabilities between that customer's remote network installations. Subscriber networks are able to transport many different types of data on behalf of many different customers of the subscriber network. One technology that supports this capability of a subscriber network to transport different types of data on behalf of different customers is called Multi-Label Protocol Switching (MPLS). MPLS is a technology known to those skilled in the art and is documented in several Request For Comments (RFCs) published by a standards organization called the Internet Engineering Task Force (IETF).
Subscriber networks supporting MPLS typically include a number of edge routers (Provider Edge or PE routers) to which customer edge routers (CE routers on the edge of each customer facility) connect with in order to communicate over the subscriber network. MPLS-based subscriber networks may provide wholesale services in which subscribers access various services of the network based on use of certain layer-2 service selection criteria. Layer-2 service selection requires the use of a PPP (Point-to-Point) client such as PPPoE (Point-to-Point Protocol over Ethernet) or PPPoA (Point-to-Point Protocol over ATM). Generally, to initiate a PPP session with a wholesale Service Provider (who may own the service supporting the subscriber), the client selects a given service and enters a username@servicename and password.
One type of wholesale service supported by an MPLS network may be “hub & spoke” Internet type access between a client (e.g., spoke) and an upstream ISP (Internet Service Provider) (e.g., a hub). According to this topology, multiple Internet subscribers may be provided with Internet access and connectivity with other subscribers through the MPLS core to the hub ISP. The upstream ISP typically includes a node that assigns public IP (Internet Protocol) addresses from a given subnet to subscribers initiating session requests to communicate over the Internet. In this case, such clients may be, for example, dial-in users such as employees that require access to an employer's facility.
To establish a session for such a service, a subscriber may initiate a PPP session based on a given username@servicename such as subscriberA@ISP-A.com. An LAC/PE-router receives and sends the username@servicename and password information to a wholesale Service Provider RADIUS server (i.e., a Remote Authentication Dial-In User Server). At the Service Provider RADIUS server, the “servicename” is used to index into a profile that contains information on the IP address of the RADIUS server for the “servicename” Service Provider (for example ISP-A.com). The username@servicename and password is then forwarded from the Service Provider RADIUS server (which acts as a “proxy-radius”) to an ISP RADIUS server. The ISP RADIUS server authenticates the received information and assigns and returns an IP address for use by the requesting subscriber.
After authentication, a so-called “Access-Accept” is then sent back from the ISP RADIUS server to the wholesale Service Provider RADIUS server. The wholesale Service Provider RADIUS server adds authorization information to the Access-Accept packet (based on the servicename or domain-name) and forwards the Access-Accept packet back to the LAC/PE-router, where a temporary Virtual-Access interface (with associated /32 IP address) for the user is placed into an appropriate VRF (Virtual Routing & Forwarding Instance) for routing purposes.