1. Field of the Invention
This invention relates to systems and methods for switching data within a data communications network. In particular, the present invention is related to systems and methods of isolating a group of network clients connected to a network device, such as a switch, router, repeater, etc.
2. Description of the Related Art
Over the last several years, the proliferation of the Internet has had a significant impact on many industries, especially the computer industry. The Internet has grown into an enormous worldwide system of computer networks to which virtually any large or small computer network, or individual computer, may be connected. Internet access is typically obtained via an Internet Service Provider (ISP). ISPs provide access to the Internet for their customers usually through membership subscriptions in conjunction with service level agreements (SLAs). ISPs make at least a portion of their income on service fees such as subscription fees, on demand provisioning of services, etc. One technique employed by ISPs is to regulate the amount of Internet bandwidth (i.e., data speed) that a customer is entitled based upon how much they pay. By regulating the amount of bandwidth available to each customer, ISPs may provide different levels or qualities of service at different rates.
Recently, a new class of service providers is targeting the needs of businesses and individuals in a multi-tenant unit (MTU), which is a generic term for a residential neighborhood, a building or group of buildings that accommodate more than one tenant. Examples of MTUs include high-rise office buildings, commercial business parks, hotels, college and university campus dormitories, and apartment buildings.
In addition to access to the Internet, ISPs, cable operators, and competitive local exchange carriers (CLECs) can leverage Internet access to offer a variety of value-added services to both business and residential subscribers, each available at an incremental additional fee or as part of a bundled services package. These same service providers also need the ability to change their services to meet shifting customer demands. A flexible, intelligent network infrastructure is needed that requires few changes to provision new services. Such networks in order to be successful must be easy to manage, monitor, and maintain, and also must be able to change with technology.
CLECs are now using fiber in metropolitan area networks (MANs) to deliver Ethernet connections to buildings having Category 5 wiring. For example, referring to FIG. 1, a group of subscribers may access the Internet via a Digital Subscriber Line Access Multiplexer (DSLAM) device, downstream from the Internet 100. A DSLAM is a network device, usually at a telephone company central office (CO), that receives signals from multiple customer Digital Subscriber Line (DSL) connections and puts the signals on a high-speed backbone line using multiplexing techniques. Depending on the product, DSLAM devices connect DSL lines with some combination of asynchronous transfer mode (ATM), frame relay, or Internet Protocol networks. DSLAM enables a phone company to offer business or homes users the fastest phone line technology (DSL) with the fastest backbone network technology (ATM).
DSLAM switches using ATM are circuit switches similar to telephone switches. Each subscriber 104 to 108 may be connected to the DSLAM 102 via ATM or DSL lines. Point-to-point protocol (PPP) is used to communicate subscribers 104 to 108 with the DSLAM 102. However, if the DSLAM 102 is changed to Ethernet and configured to use internet protocol (IP), then without any additional system or method to isolate the subscribers from one another, each subscriber will have direct access to each other via PPP. In order to provide security and isolation, typically a virtual LAN (VLAN) is established for an individual subscriber or a group of subscribers. A VLAN may be useful to isolate and restrict traffic between different departments in a company, such as a payroll, sales, engineering, and marketing, or to isolate and restrict traffic to different segments or nodes of a network. There are numerous types of VLANS, such as port configuration VLANs, MAC-based VLANs, LAYER 3 VLANs, IP Multicast VLANs, and Rule-based VLANs.
One disadvantage of a port-configuration VLAN is that a separate VLAN must be used for each port on the DSLAM 102 in order to provide security and isolation to each subscriber connected thereto. For example, referring to FIG. 2, shown is a block diagram of an Ethernet switch 102 connecting subscribers 104 to 108 to the Internet. As shown by a dotted line, in order to isolate each subscriber, a VLAN is added to the configuration of switch 102. Since VLANs are their own subnet, each VLAN takes up one IP address. Therefore, under this configuration, an undesirable high number of IP addresses are used. Also, each VLAN requires its own configuration and control, and switch 102 must be configured for each VLAN set up (i.e., for each subscriber connected thereto). As subscribers are added or subtracted, resources are spent configuring and reconfiguring network devices. Therefore, under this configuration, more time and money are spent on configuration and implementation of the Ethernet connections.
Accordingly, there is a need for new and improved systems and methods for providing Ethernet connections and while providing security and isolation users.