(1) Field of the Invention
The present invention relates to a packet forwarding apparatus and a communication network and, more particularly, to a packet forwarding apparatus and a communication network for Internet access suitable for wide area Ethernet service.
(2) Description of the Related Art
Conventionally, dedicated lines have been used to ensure layer 2 connectivity for communications between remote cites. However, since dedicated lines solely provide point-to-point connections, if the number of communication bases is great, the need for full-mesh connections between the communication bases has posed problems in network management and cost.
Recently, attention has focused on wide area Ethernet services to connect a plurality of communication bases through Ethernet and communicate Ether frames among these communication bases. Because this network scheme looks to users like as if a plurality of communication bases were directly connected via a switching hub, interconnecting the bases can be done as easily as constructing a LAN. It is advantageous in that communication cost can be reduced as compared with subscribing to a plurality of dedicated lines.
Wide area Ethernet implementation is roughly classified into three methods below:
A first method is to actually configure a huge bridge-connected Ethernet network by using switching hubs and optical interfaces. This method allows for multiplexing a plurality of connections on the network by using VLAN tags, for example, compliant with IEEE 802.1Q.
A second method is to configure a virtually bridge-connected Ethernet network on MPLS routers by applying Ethernet over Multi Protocol Label Switching (EoMPLS) technology. This method allows for multiplexing a plurality of connections on the network, using, for example, SHIM headers and VLAN tags.
A third method is to configure a virtually bridge-connected Ethernet network by setting up virtual tunnels on an IP network and connecting these tunnels to a server functioning as a virtual switching hub. This method allows for multiplexing many connections on the network by deploying many switching hubs (routers).
Communications service by the above wide area Ethernet is usually provided, oriented to middle-scale or larger corporate users. However, the wide area Ethernet is expected to be a communications service useful for home and SOHO users as well.
FIG. 2 shows an example of a typical architecture for Internet connection service that an access service provider provides to home and SOHO users. This network architecture is described, for example, in Japanese Unexamined Patent Publication No. 2002-354054 (patent document 1).
In FIG. 2, networks 1 and 2 are ISP networks belonging to different Internet Service Providers (ISPs). A network 3 is the Internet network and a network 4 is an access network formed by an IP network. The access network 4 and each of the ISP networks 1 and 2 are connected by Layer 2 Tunneling Protocol (L2TP) network servers (LNSs) 20-1 and 20-2, respectively, and LNS management servers 21-1 and 21-2 are connected to the ISP networks 1 and 2, respectively. On the access network 4, a plurality of L2TP Access Concentrators (LACs) 10 (10-1 and 10-2) and an LAC management server 11 are located. L2TP is prescribed by RFC2661 (layer Two Tunneling Protocol “L2TP”).
In-home LANs L1 to L4 installed in homes are connected to the LAC 10-1 or LAC 10-2 via in-home gateways Ri-1 to Ri-4. Thus, the LACs 10-1 and 10-2 serve as ingress nodes from the gateways to the access network 4 and the LNSs 20-1 and 20-2 serve as ingress nodes from the access network 4 to the ISP networks 1 and 2.
Between the gateways Ri-1 to Ri-4 and the LACs 10 which are the ingresses to the access network, PPP sessions ip1 to ip4 are set up by PPP over Ethernet (PPPoE) prior to communication and encapsulated IP packets pass over these sessions during communication. PPP is prescribed by RFC 1661 (The Point-to-Point Protocol: PPP) and PPPoE is prescribed by RFC 2516 (A Method for Transmitting PPP over Ethernet: PPPoE). The access network 4 is normally independent of the Internet network 3 and L2TP tunnels Tn-1 to Tn-4 are formed in advance between the LACs 10 and the LNSs 20. Within the access network 4, user traffic only passes across these tunnels, and each user cannot have direct access to a communication node in the access network 4.
Upon receiving a request for connection to the Internet from a user terminal TE (TE-1, TE-2, . . . ) connected to a LAN, each LAC 10 communicates with the LAC management server 11 and sends a query asking for an identifier of LNS which is the egress of the L2TP tunnel corresponding to the user ID. The LAC management server 11 identifies the LNS located at the egress of that tunnel from the domain name that forms a part of the user ID and notifies the LAC of the LNS identifier. The LAC 10 sets up an L2TP session iL (iL1 to iL4) over a tunnel Tn-j toward the LNS notified from the LAC management server 11 and transits a PPP packet received from the PPPoE session between the LAC and the gateway Ri to the L2TP session over the L2TP tunnel during packet communication.
Meanwhile, when receiving the connection request from the user, the LNS 20 (20-1, 20-2) communicates with its affiliated LNS management server 21 (21-1, 21-2) in order to carry out user authentication by the LNS management server. The LNS management server 21 notifies the LNS 20 of a result of the user authentication. During packet communication, the LNS 20 decapsulates a PPP packet received over the L2TP tunnel and L2TP session and routes the IP packet extracted from the received PPP packet onto the ISP network 1 or 2. The above PPPoE session (ip1 to ip4), L2TP session (iL1 to iL4), L2TP tunnel (TE-1 to TE-4) are respectively assigned identifiers (IDs) and the LNS 20 can identify the user by the combination of a L2TP tunnel ID and a L2TP session ID.