Asynchronous Transfer Mode (ATM) technology enables a carrier to provide integrated data, video, and voice services over a single network. In accordance with standard ATM technology, a shared ATM network 10, such as shown in FIG. 1, transfers and routes video, data, and voice traffic in 53 byte fixed-length packets from a source 12 to a destination 15 over a series of ATM switches 20a-g and interconnected links. The capability of carrying multi-media traffic on a single network makes ATM the preferred technology for B-ISDN services. The Asynchronous Transfer Mode protocol is connection oriented, and traffic for an ATM "call" is routed as cells over a virtual connection that extends from the source to the destination.
As known, a virtual connection is comprised of Virtual Channels (VC) and Virtual Paths (VP) in a multiplexing hierarchy. A physical transmission system is partitioned into multiple VCs and VPs, with some being designated for customer traffic (bearer channels) and some being designated for signaling. A VC is identified by a Virtual Channel Identifier (VCI), and a VP is identified by a Virtual Path Identifier (VPI). Prior to transmitting traffic over a bearer channel, the ATM network sets up an ATM call with signaling messages over a signaling channel. First, a setup message containing a Source Address ("SA"), representing the location of the call originator, and a Destination Address ("DA"), representing the location of the call recipient, is received and processed by an originating ATM switch, e.g., switch 20a. The originating ATM switch routes the setup message to a terminating ATM switch, e.g., switch 20f, via zero or more intermediate switches, in which the terminating ATM switch 20f serves the DA. Each ATM switch processes the setup message to ensure that it recognizes the DA and can route the call.
From each switch's processing of the setup message, a virtual connection is established from source to destination to transport the customer traffic as cells over bearer channels. A virtual path or channel connection (VPC or VCC) refers to one or more concatenated links, one of which is depicted as link 25 shown in FIG. 1 connecting two ATM switches. A VP or VC link is defined as the transport between a point at which a VPI/VCI is assigned and a point at which a VPI/VCI is removed or translated. Specifically, at the inbound port of a switch, the VCI/VPI is used to determine the outbound port. The cell is then switched to an outboard port of the switch where a VCI/VPI is assigned to the cell. The cell is then transported to the next switch. Thus, a connection (VCC/VPC) extends from the source, usually the inbound port on the originating ATM switch, to the destination, usually the outbound port on the terminating ATM switch.
The signaling protocol is defined in ATM standards according to network interfaces. As shown in FIG. 2, the ATM Forum has defined, among other interfaces, a public User-Network Interface ("UNI") 50, defined as the interface between an ATM user and a public ATM network; a private User-Network Interface 55, defined as the interface between an ATM user and a private ATM network; and, a Private Network-Network Interface ("PNNI") 60 defined as the network-network interface between two private networks or switching systems. A description of the signaling procedures over the UNI interface can be found in ATM Forum "User Network Interface Signaling Specification", V4.0, July 1996, the contents of which are incorporated by reference herein and, a description of the signaling procedures over the PNNI interface can be found in ATM Forum "Private Network-Network Interface Specification", V. 1.0, March, 1996, the contents of which are incorporated by reference herein. Various features of ATM are enabled by signaling messages defined by these interfaces.
One standard feature of ATM PNNI is hierarchical routing. If an ATM switch cannot route to a DA for some reason, e.g., a congested link, it routes the setup message to an alternate address, as part of a hierarchical routing scheme. Two standard features provided by the PNNI standard are: 1) the Designated Transit List ("DTL") which is a list of network node identifiers and optional port identifiers that describe a complete route across the network and is typically provided by an originating ATM switch, and passed to each subsequent node or switch in the setup message; and, 2) crankback, which is a mechanism that causes an ATM switch (or other processing node) to return a setup message to a previous node if it cannot process or further route the setup message due to congestion link failure or node failure.
Presently, ATM networks are most commonly used as private networks, i.e., they are either owned and operated by an exclusive user, or they are owned/operated by a carrier that provides network services to customers. There are many benefits of using a private network for a customer. These include network security, custom rates and billing, abbreviated dialing and other custom calling features, and closed user groups. However, private networks and private network services are very expensive and require extensive management.
Shared network services offer these same features along with the advantages of lower costs through more efficient use of network resources, and carrier management. However, while an ATM network may be shared among multiple customers, data network security is a significant problem as there is nothing to ensure that a customer's traffic does not get routed to or intercepted by another customer. Basic shared network services are also limited in the custom calling features and account management services that can be offered.
To alleviate the problem, Virtual Private Networks ("VPN") have been developed which currently offer circuit-switched voice services to communications customers and provide the benefits of a private network coupled with the efficiencies, lower costs, and carrier management of a shared network.
Currently, there are no effective means for using a common, shared ATM network for VPN services to multiple customers for data and video, as well as voice, much less a shared ATM network for VPN services that provides security to prevent multiple customers connected to the shared ATM network from routing traffic to or receive traffic from, other customers.