Internet Protocol (IP) traffic can be carried over an Asynchronous Transfer Mode (ATM) network using Switched Virtual Circuits (SVCs) or Soft Permanent Virtual Circuits (SPVCs). Conventionally, ATM switches are used to provide Customer Premises Equipment devices (CPEs) with access to the ATM network. If a CPE wishes to use multiple IP services, such as by using a Digital Subscriber Line (DSL), then use of ATM switches and conventional ATM signaling requires a separate SVC or SPVC to be used for each such IP service. Each SVC or SPVC uses resources within the ATM network, and also uses resources (such as output ports) of a CPE modem used by the CPE to access the ATM network (usually through a DSL access modem).
U.S. patent application Ser. No. 10/417,116, entitled “SVC/SPVC with L3 IP Forwarding”, filed on Apr. 17, 2003 and incorporated by reference herein, teaches a method of carrying IP traffic over an ATM network in which only a single SVC or SPVC is used to carry IP traffic from multiple sources, such as from multiple users beyond a DSL access modem (DSLAM). Multiservice switches are used to provide the CPEs with access to the ATM network. By modifying the ATM signaling, IP forwarding within the multiservice switches can be used. Traffic from multiple services, either from a single CPE or from multiple CPEs sharing a DSLAM, accesses the ATM network through a single IP interface at the multiservice switch. The multiservice switch forwards the IP packets across its switch fabric to an egress port of the multiservice switch. The egress port is one endpoint of a single SPVC or SVC used to carry all traffic from the multiple services. The other endpoint of the SPVC or SVC is an ingress port of the destination multiservice switch. The destination multiservice switch extracts the IP packets arriving over the SPVC or SVC, and forwards them using IP forwarding to one or more IP interfaces at the destination multiservice switch, each of which leads to a service.
While the method and system taught by U.S. patent application Ser. No. 10/417,116 allows efficient use of resources when transporting IP traffic over an ATM network, the system is inherently insecure. In conventional ATM networks, Closed User Groups (CUGs) can be used to provide security, as described in ITU-T, “Stage 3 Description for Community of Interest Supplementary Services using B-ISDN Digital Subscriber Signaling System No. 2 (DSS2)”, Section 1, Draft ITU-T Recommendation Q.2955.1. However, conventional use of CUGs with Layer-3 SVCs or Layer-3 SPVCs is not currently supported, partly because a user location to associate with a CUG is not easily identifiable during creation of Layer-3 SVCs and Layer-3 SPVCs. Similarly, Layer-3 forwarding SVCs and SPVCs do not support other conventional security features.