The present invention relates, generally, to telephone networks, and more specifically, to a method and an apparatus for providing Virtual Private Networks over the Public Switched Telephone Network.
Virtual Private Networks (VPNs) provide multi-site organizations with an internal communication network, at a lower cost than placing equivalent long distance calls over the Public Switched Telephone Network (PSTN). Furthermore, additional services can be offered to such customers that are not available on the Public Switched Telephone Network, such as abbreviated private numbering plans and the ability to recognize an incoming call as being on-net. Typical organizations which demand such services are banks, real estate firms, health care systems, school systems and governmental agencies.
Currently, Virtual Private Network (VPN) services are provisioned with the use of Dedicated Access Lines (DALs) that connect the Customer""s Premises Equipment (CPE) directly to a Service Switching Point (SSP) from a local End Office (EO). The CPE is hardwired to an EO, and there is a trunk, dedicated to that VPN customer, between the EO and the SSP. In many instances, such dedicated trunks may be hundreds of miles long. From the SSP, other SSPs can be accessed which have similar Dedicated Access Lines (DALs) connecting them to the other VPN sites in the customer""s organization.
However, the cost of providing DALs to a customer is a relatively costly method of providing the VPN service. Because the End Office (EO) and associated Service Switching Point (SSP) may be hundreds of miles apart, the cost of installing and maintaining a physically dedicated trunk may be very great. This is in contrast to the Public Switched Telephone Network (PSTN) which uses long distance trunks far more efficiently by sharing the same trunks between a large number of users. As well, the routing of a long distance call over the PSTN may be flexible so that inoperative equipment or lines are avoided.
Given the potentially great physical lengths of the DALs and because they lack the redundancy of the PSTN, there is far greater potential for line failure. A customer would have to lease multiple DAL trunks to obtain reliability comparable to the PSTN, at a substantially greater cost than placing the same long distance calls via the PSTN.
It is known that the costs of offering VPN DAL services could be reduced with the use of a VPN service offered over the PSTN. This is illustrated in an article entitled xe2x80x9cEvolution in Business Networksxe2x80x9d BNR Telesis 1988 three. In the BNR article, a VPN is described where translations are performed from the private numbering plan to NANP format, at the respective Ingress and Egress End Offices. The biggest problem with this implementation is that any initial setup or change to a customer""s VPN requires that each End Office be accessed and changed. Such a system requires that changes be made at all sites, possibly at great labour cost and downtime, and that the timing of changes be coordinated.
The fundamental problem with using the PSTN is that phone numbers can only be routed over the PSTN in the format of the North American Numbering Plan. Since VPNs generally use an abbreviated private numbering system and not the North American Numbering Plan, private number plans are not able to route a call through the PSTN.
A VPN may also be subject to regulatory requirements. These requirements may vary from location to location, but generally it is required that the VPN be secure, in that it operates as an isolated network from the PSTN, unless authorization is made otherwise. That is, means is required to prevent non-VPN callers from accidentally, or deliberately, placing calls into the VPN, and for VPN customers to dial outside the VPN. Furthermore, although the same physical trunks may carry both VPN and PSTN traffic, means is generally required to identify VPN calls as such.
Some attempts to address these problems that are known in the art, place great demands on the resources of the network. Any increased degree of transmission or handling within the telecommunications network, will tie up resources and increase the cost, and also increase the possibility of network failure. Clearly, a solution which places too great a demand on the network resources, will be no more reliable or cost effective than the existing DAL system.
Some of the proposals in the prior art require intelligence to be distributed about the telecommunications network, for example, in End Offices, Tandem Office or Service Switching Points. Having intelligence distributed among a number of databases requires that changes be made at all pertinent locations, and that the timing of changes be coordinated.
U.S. Pat. No. 5,550,904 discloses a VPN service that may be provided via the PSTN, but does not allow for a private numbering system. This system can only be implemented if the dialled telephone numbers are in fact NANP numbers which are understood by the PSTN, and both the Ingress and terminating sites have NANP numbers associated with them which are recognized by the PSTN. Essentially, U.S. Pat. No. 5,550,904 provides a means for screening PSTN calls when they arrive at the Egress End Office. It does not address a private numbering plan, and requires intelligence to be added to the Ingress and Egress End Offices.
U.S. Pat. No. 5,490,212 discloses a VPN provided over the PSTN, by accessing databases at the Ingress and Egress End Offices (EOs) to translate a private numbering plan to NANP and back again. This reference does not provide instruction on how to implement this new database. If each EO is provided with a separate database, setting up or modifying a large number of databases would have the labour and coordination problems noted above. In order to use a single central database, a new communication network would be required to connect all the EOs to this central database.
Area Wide Centrex systems have attempted to address similar problems to Virtual Private Networks (VPNs). Area Wide Centrex is the offering of service features to a business group which may be spread over a broad area, and connected to multiple End Offices, by moving the intelligence out of the End Offices and into a central point. Similarly, VPNs offer a specific group of service features to a business group which may be spread over a broad area, and connected to multiple End Offices, and may be implemented with centralized intelligence. The problems with using Centrex methods to implement a VPN, are outlined below.
U.S. Pat. No. 5,422,941 discloses a Centrex dialling system, based on a central database, in which the Ingress End Office (EO) creates a composite number, and forwards a query to the central database. The call is forwarded to a central database which translates the call into NANP format, and returns the call to the Originating EO. By returning the call to the Originating EO, greater demand is being placed on the network resources. As well, no direction is given regarding how this method could be implemented with the controlled access necessary for a VPN. Because the Called Party is being accessed with a NANP number, the VPN can be accessed by dialling the NANP number.
U.S. Pat. No. 5,583,926 also discloses a Centrex system, with a central database to translate dialled numbers from a Virtual Public Dialling Plan to a North American Numbering Plan. This system also requires that the call be forwarded to a central database which translates the call into NANP format and returns the call to the Originating EO, and gives no direction regarding how this method could be implemented with the controlled access necessary for a VPN.
A need therefore exists for providing a method and system able to provide a VPN DAL service via the PSTN, that fulfills the objects of the invention. The prior art discloses a number of proposals, but none are able to implement a VPN over the PSTN, exploiting its lower cost and increased reliability.
It is therefore an object of the invention to provide a Virtual Private Network on the Public Telephone Network.
One aspect of the invention is broadly defined as a method of providing a Private Network on a Public Network for customers having two or more sites, each site having a unique customer site identification and being associated with an End Office Switch of the Public Network having at least one Service Switching Point adapted to route Private Network calls, the Service Switching Point responsive to an Initial Address Message originating from one of the customer sites and destined for another of the customer sites, comprising the steps of: embedding originating customer site identification and a Private Network Routing Code into an Initial Address Message at the originating End Office associated with the originating customer site; routing the Initial Address Message to the Service Switching Point; embedding a destination End Office identification and a destination customer site identification associated with the destination customer site into the Initial Address Message; and routing the Initial Address Message to the destination End Office Switch associated with the destination customer site.
Another aspect of the invention is broadly defined as a system for providing a Private Network on a Public Network for customers having two or more sites, each site having a unique customer site identification and being associated with an End Office Switch of the Public Network having at least one Service Switching Point accessible from the End Offices for processing of Initial Address Messages originating from one of the customer sites, the system comprising: each End Office Switch associated with the Private Network customer site being responsive to a call from a Private Network customer site by: embedding an originating customer site identification and a Private Network Routing Code into an Initial Address Message at the originating End Office associated with the originating customer site; and routing the Initial Address Message to the Service Switching Point; the at least one Service Switching Point being adapted to route Private Network calls by being responsive to Private Network information embedded in the Initial Address Message by: embedding a destination End Office identification and a destination customer site identification associated with the destination customer site into the Initial Address Message; and routing the Initial Address Message to the destination End Office Switch associated with the destination customer site.