A local area network (LAN) for digital data communications typically includes a plurality of network hubs interconnected by a suitable backbone transmission network. Individual hubs in a LAN may include one or more internal ports to which end stations may be connected and one or more external ports for transmitting messages from the hub to the backbone transmission network and for receiving messages for the hub from the backbone transmission network. In such a LAN, messages originating at an internal port of one hub, or at an end station connected to an internal port of such a hub, are commonly transmitted to every other hub and end station in the LAN, although typically they are addressed to only a single end station within the LAN. Message security depends upon limiting access by individual hubs and end stations to only those messages specifically addressed to them. Because all messages share the same transmission media (including the backbone network), both the number and the size of the messages carried by the LAN at any one time are limited by the available transmission bandwidth. If enhanced security and more efficient use of the available bandwidth are desired, it is generally necessary to rewire the LAN physically so that it includes only the smaller sub-set of hubs or end stations needed.
In the past, separately wired LANs have often been interconnected by so-called bridging or routing functions allowing the transfer of messages from a port or end station of a hub in one LAN to a port or end station of a hub in another LAN. Bridges, as a minimum, examine the addresses contained by a message to accomplish the desired transfers, whereas routers provide more functionality, commonly supplying such capabilities as protocol conversions and store and forward operation. Bridging and routing functions not only tend to be complex to implement but also can potentially detract from both message security and most efficient use of transmission bandwidth.
A previous approach to enhancing message security and improving bandwidth efficiency in the context of interconnected data terminals avoided the shared transmission media of a hard wired LAN entirely and depended, instead, upon use of a switched telecommunications network as the sole interconnection medium. Such an approach is illustrated in U.S. Pat. No. 4,823,338, which issued Apr. 18, 1989, to Kenneth K. Chan et al.
In the arrangement disclosed by the Chan et al. patent, a plurality of data terminals are interconnected by a switched telecommunications network and a central processor is used as a server to control all switched actions. More specifically, each data terminal requires a separate connection, known as an "umbilical connection", to the server and the server is connected to control the appropriate telecommunications network switch or switches.
The server in the arrangement disclosed in the Chan et al. patent also keeps track of both an address and a "LAN" designation of each data terminal and permits calls to be established through the switched network only to those data terminals which not only share a "LAN" designation with the originating data terminal but also have the destination addresses for which the messages are intended. For any given message, no switching connection is established to data terminals other than those to which the message is addressed and also bear the "LAN" designation of the originating terminal, thereby providing a relatively high degree of message security. Also, because the message needed to traverse only that portion of the telecommunications network extending from the originating terminal to the terminating terminal, message bandwidth is constrained only by transmission bandwidth made available by the portion of the network actually used. The resulting arrangement is called a "virtual LAN" because there are no fixed interconnections between its member terminals. Instead, interconnections can be established or disestablished simply by messages sent to the central server to identify members of the "virtual LAN".
Because the approach disclosed in the Chan et al. patent avoids use of shared transmission media and depends upon use of a switched telecommunications network as the sole interconnection between terminals, it is inapplicable to and will not work in the context of a conventional LAN. Moreover, the central processor used as a server not only imposes substantial overhead costs upon the system but also is vulnerable to failure in the sense that, when it fails, the whole "virtual LAN" fails. An important need for enhancing message security and improving bandwidth efficiency in more conventional LANs, dependent upon shared transmission media which may be hard wired, switched, or both, thus still remains.