The present invention is related to computer networking and more specifically to computer network tunneling protocol software.
The network of a network service provider may be connected to many different computer networks. This configuration allows the network service provider to provide Virtual Private Network (VPN) service to many different computer networks. A user of the service connects to the service provider""s equipment, which accepts the connection and prompts the user for the destination network with which the caller wishes to communicate. The user provides an identifier of the destination network, and the network service provider connects the user to a home gateway of that destination network. The home gateway is a point of communication between the network service provider and the destination network. The destination network can then use security procedures to authenticate the user, and if properly authenticated, can allow communication with other equipment communicating with the destination network.
Conventional access communication devices route information using virtual circuits, which are paths through a network. In the example above, the virtual circuit is from a router or switch acting as the access communication device, through the network service provider""s network and to the home gateway of the destination network that is connected to the service provider""s network. The connection to the access communication device may be through a dial-in connection or a permanent connection. As used herein, an xe2x80x9caccess communication devicexe2x80x9d can be any device such as a switch or a router that can accept information from a computer or network device and send it to a specified number of several home gateways, or receive information from such home gateway and provide it to a computer or network device, or both. Described below are access communication devices that are reached by dial-in connections, but other forms of connections may be used.
Conventional access communication devices can support at least one of two forms of virtual circuits, SVCs and PVCs. SVCs are switched virtual circuits and are established as needed. When the SVC is no longer needed, it is torn down until it is needed again. PVCs are permanent virtual circuits, which are established and remain available for use even when they are not in use.
A network service provider may employ hundreds of access communication devices in different locations to provide coverage in a large geographic area. To allow a dial-in user to select the nearest access communication device, the network service provider can publish a list of telephone numbers and corresponding locations. The user can identify on this list the location nearest the user, and then dial into the network service provider""s network using the number or numbers corresponding to the neared location identified.
When the user wishes to connect to a destination network served via a virtual circuit on the service provider""s network, the user establishes a connection to the access communication device (e.g. by dialing in or using an existing connection), supplies an identifier of the destination network he or she wishes to access and may supply other information. This other information may be the user""s logon name. The identifier of the destination network may be a domain name. For example, the user may specify xe2x80x9cxyz@cisco.comxe2x80x9d. The user""s logon name is the text xe2x80x9cxyzxe2x80x9d before the xe2x80x9c@xe2x80x9d and the domain name is the text xe2x80x9ccisco.comxe2x80x9d after the xe2x80x9c@xe2x80x9d. The access communication device can then route the call using the identifier of the network or home gateway supplied by the user, by matching the identifier of the destination network requested by the user with an available virtual circuit to that network.
To match a domain name of the destination network with an available SVC, a database is used. The database stores the domain name of the home gateway associated with the network address of the home gateway. The network address can then be retrieved using the domain name received from the user, and an SVC is set up between the access communication device and the home gateway using the network address. This capability is similar to the way people place a conventional telephone call to another person: a knowing the name of the desired party, a telephone book is consulted to locate the telephone number, which is used to place the call. Like an individual""s telephone number, the network address used to reach a home gateway via an SVC is the same from any access communication device. In other words, it is globally unique, allowing every access communication device to refer to a home gateway using the same identifier. Once the information is entered into the database, it may be made available to any access communication device in the service provider""s network for use as described above.
Unlike the SVC case above, every access communication device in a network using PVCs does not refer to a home gateway using the same identifier as every other access communication device. If a PVC is used to connect to the home gateway rather than an SVC, then it is necessary to know the identifier of the PVC that connects the access communication device to the home gateway. Every access communication device can use a different numbering scheme for its PVCs used to reach the same set of home gateways. Using the telephone analogy above, it is as if everyone can place telephone calls but only using a user-programmable ten-digit speed dial code, which is different on every telephone that originates the call. Every telephone would require its own customized directory, and a central directory would be useless. To allow users of access communication devices to reach home gateways using PVCs, every access communication device must maintain its own database. Creating and maintaining multiple versions of the database would be too cumbersome and error-prone to implement.
What is desired is a method and apparatus that can allow a user to enter a domain name to access a destination network in a service provider""s network using PVCs without requiring manual data entry to relate each PVC identifier of each access communication device with an identifier of the destination network served by that PVC.
When a PVC is established, a method and apparatus uses a tunneling protocol to request the domain name and other characteristics of the home gateway served by that PVC. The domain name is then automatically matched with the identifier of the PVC and stored in a list. If desired, conventional tunneling protocol security features may be employed to prevent a home gateway from masquerading as a home gateway to a different network by providing an incorrect domain name identifier. When a user uses an access communication device to establish a connection with the home gateway, the domain name received by the user is used to find the PVCs serving that home gateway using the list. If multiple PVCs serve the requested home gateway, the least utilized PVC or a PVC that has a capacity specified by the user may be selected to carry the call, helping to balance the load among all of the PVCs serving the requested home gateway. Because the process is performed automatically after the PVC is established, little or no data entry is required to match the PVC with the domain name of the network of the home gateway served by that PVC, and thus, the process is simpler to administer and less prone to error.