1. Field of the Invention
The present invention relates generally to network communications and preferred embodiments relate more particularly to communication network service provider selection at a single client location from among a number of different available providers. In accordance with some preferred embodiments, the invention relates to Internet Service Provider (ISP) selection and multihoming by a user at a client node on an access network.
2. Background Discussion
Multihoming is the technique of connecting to the Internet via two or more ISPs, either simultaneously or dynamically. Multihoming has a number of advantages, including providing an essential back-up connection to the public Internet if one ISP fails, improved regional and local connectivity, increased bandwidth, and availability of load-sharing which can improve performance. Currently, there are many situations where multiple ISPs are available at a single user location. For example, home users can choose one ISP via a dial-up connection and another ISP via a cable or DSL (Digital Subscriber Line) modem connection.
DSL providers that use PPPoE (Point-to-Point Protocol over Ethernet) for IP encapsulation can allow subscribers to choose one of a number of connected ISPs, either statically during the initial sign-up, or dynamically by using NAIs (Network Access Identifiers) provided by the subscribers during the PPP authentication phase or by carrying ISP information in the PPPoE discovery stage.
In IEEE 802 LANs (Local Area Networks), a VLAN (Virtual LAN) is used to partition a LAN into multiple smaller LANs. A VLAN is a network of computers that behave as if they are connected to the same wire even though they actually may be physically located on different segments of a LAN. VLANs can be configured through software rather than hardware, which makes them extremely flexible. When a client node is connected to a VLAN through a wired Ethernet connection, the mapping between the Ethernet port of the client node and the VLAN is statically configured in most cases. In public wireless LAN environments, the IEEE 802.11 SSID (Service Set IDentifier) advertised by access points can contain service provider information. SSID also is used for dynamically selecting a VLAN by creating a static mapping between SSID and VLAN, so that stations that are associated with an access point by specifying a particular SSID are connected to a particular VLAN mapped to that SSID.
The current methods for selecting an ISP or a VLAN are closely tied to particular link-layer technologies (i.e., PPP and IEEE 802.11) and therefore are difficult to apply across all link-layer technologies. As such, in an environment where access networks are heterogeneous or more flexibility in VLAN assignment to client nodes is needed, it would be desirable to have an IP (Internet Protocol) layer solution that is independent of any link-layer technology.
As a simple IP-layer solution, it is possible to place multiple access routers in an access network where each access router is connected to a particular ISP or a VLAN, such that a client node on the access network can select a particular access router to send and receive data packets. However, the simple solution has two problems. First, information leakage could occur in the access network among multiple ISPs or VLANs, especially when the access network uses multi-access technologies. Second, if ingress filtering is performed at the access routers, the simple solution is difficult to implement where a client node with a single physical interface is allowed to connect to two or more ISPs or VLANs simultaneously. Ingress filtering is a technique for preventing attackers from injecting packets with a forged source IP address as if they were generated in a different network than the access network to which the access router attaches. In an access network where ingress filtering is employed, a packet generated in the access network can pass through an access router only when it has a source address with a network prefix that is assigned by the router to the network interface where the packet was received. However, most host implementations do not provide any method to choose an appropriate source address when multiple routable IP addresses with different network prefixes are assigned to a given interface, as would be the case where simultaneous connection to different ISPs or VLANs is enabled.
Consequently, there exists a need in the art for, among other things, a solution that prevents any information leakage to occur and also that protects against IP address spoofing attacks.