The network of a network service provider may be connected to many different computer networks. This configuration allows the network service provider to provide Virtual Private Network (VPN) service to many different computer networks. A user of the service connects to the service provider's equipment, which accepts the connection and prompts the user for the destination network with which the caller wishes to communicate. The user provides an identifier of the destination network, and the network service provider connects the user to a home gateway of that destination network. The home gateway is a point of communication between the network service provider and the destination network. The destination network can then use security procedures to authenticate the user, and if properly authenticated, can allow communication with other equipment communicating with the destination network.
Conventional access communication devices route information using virtual circuits, which are paths through a network. In the example above, the virtual circuit is from a router or switch acting as the access communication device, through the network service provider's network and to the home gateway of the destination network that is connected to the service provider's network. The connection to the access communication device may be through a dial-in connection or a permanent connection. As used herein, an “access communication device” can be any device such as a switch or a router that can accept information from a computer or network device and send it to a specified number of several home gateways, or receive information from such home gateway and provide it to a computer or network device, or both. Described below are access communication devices that are reached by dial-in connections, but other forms of connections may be used.
Conventional access communication devices can support at least one of two forms of virtual circuits, SVCs and PVCs. SVCs are switched virtual circuits and are established as needed. When the SVC is no longer needed, it is torn down until it is needed again. PVCs are permanent virtual circuits, which are established and remain available for use even when they are not in use.
A network service provider may employ hundreds of access communication devices in different locations to provide coverage in a large geographic area. To allow dial-in user to select the nearest access communication device, the network service provider can publish a list of telephone numbers and corresponding locations. The user can identify on this list the location nearest the user, and then dial into the network service provider's network using the number or numbers corresponding to the neared location identified.
When the user wishes to connect to a destination network served via a virtual circuit on the service provider's network, the user establishes a connection to the access communication device (e.g. by dialing in or using an existing connection), supplies an identifier of the destination network he or she wishes to access and may supply other information. This other information may be the user's logon name. The identifier of the destination network may be a domain name. For example, the user may specify “xyz@cisco.com”. The user's logon name is the text “xyz” before “@” and the domain name is the text “cisco.com” after “@”. The access communication device can then route the call using the identifier of the network or home gateway supplied by the user, by matching the identifier of the destination network requested by the user with an available virtual circuit to that network.
To match a domain name of the destination network with an available SVC, a database is used. The database stores the domain name of the home gateway associated with the network address of the home gateway. The network address can then be retrieved using the domain name received from the user, and an SVC is set up between the access communication device and the home gateway using the network address. This capability is similar to the way people place a conventional telephone call to another person: a knowing the name of the desired party, a telephone book is consulted to locate the telephone number, which is used to place the call. Like an individual's telephone number, the network address used to reach a home gateway via an SVC is the same from any access communication device. In other words, it is globally unique, allowing every access communication device to refer to a home gateway using the same identifier. Once the information is entered into the database, it may be made available to any access communication device in the service provider's network for use as described above.
Unlike the SVC case above, every access communication device in a network using PVCs does not refer to a home gateway using the same identifier as every other access communication device. If a PVC is used to connect to the home gateway rather than an SVC, then it is necessary to know the identifier of the PVC that connects the access communication device to the home gateway. Every access communication device can use a different numbering scheme for its PVCs used to reach the same set of home gateways. Using the telephone analogy above, it is as if everyone can place telephone calls but only using a user-programmable ten-digit speed dial code, which is different on every telephone that originates the call. Every telephone would require its own customized directory, and a central directory would be useless. To allow users of access communication devices to reach home gateways using PVCs, every access communication device must maintain its own database. Creating and maintaining multiple versions of the database would be too cumbersome and error-prone to implement.
What is desired is a method and apparatus that can allow a user to enter a domain name to access a destination network in a service provider's network using PVCs without requiring manual data entry to relate each PVC identifier of each access communication device with an identifier of the destination network served by that PVC.