A. Field of the Invention
This is a telecommunications invention that relates generally to the field of remote access to packet switched networks over point to point links. More particularly, the invention relates to a network access server and method for performing distributed processing of the Point-to-Point Protocol (PPP) and distributed packet forwarding of Internet Protocol (IP) packets using a tunneling protocol, such as the Layer 2 Tunneling Protocol (L2TP). The invention is particularly suitable for use in a high density remote access server, such as a remote access server simultaneously connecting a large number of remotely located users to a packet switched network, e.g., the Internet.
B. Description of Related Art
The methods and techniques disclosed herein can be performed by an element of communications equipment referred to herein as a xe2x80x9cnetwork access serverxe2x80x9d, also known as a xe2x80x9cremote access server.xe2x80x9d A network access server is a device that is capable of receiving a plurality of simultaneous incoming calls from remote users via a circuit switched network, such as the Public Switched Telephone Network (PSTN), and routing them to a packet switched computer network, such as a corporate backbone network, or Internet, for transmission to a host computer system or other device connected to the computer network. The network access server is also capable of handling multiple simultaneous calls from the computer network and directing them onto the PSTN for transmission to the remote user.
The patent to Dale M. Walsh et al., U.S. Pat. No. 5,528,595, which is fully incorporated by reference herein, describes a network access server. The network access server of the Walsh et al. patent has been commercialized widely by 3Com Corporation (previously U.S. Robotics Corp.) under the trade designation Total Control(trademark) Enterprise Network Hub. Network access servers similar in functionality, architecture and design are available from other companies, including Ascend Communication, Lucent Technologies, and others. The invention is suitable for implementation in network access servers from the above companies, and other similar devices.
Typically, the individual remotely located users dial in to the remote access server over a public switched telephone network, cable modem network, ADSL connection, wireless network connection, or other type of communications link. Part of the connection process is the establishment of a Point-to-Point Protocol connection between the remote user""s modem and the remote access server.
Industry and international standards bodies have established sets of functional requirements, conventions or rules that govern the transmission of data over circuit switched and packet switched computer networks. These functional requirements or rules are known in the art as xe2x80x9cprotocols.xe2x80x9d The implementation of protocols is necessary in order to bring order, and standardization, to the communications field and allow equipment of diverse manufacturers to interoperate. Some protocols are considered low level transmission media related protocols, such as modulation schemes implemented in a modem, for example V.34, V.90, etc. Other protocols are considered higher level, as they relate to functions performed at higher levels in the OSI model, and are concerned with such features as error control, transmission control protocols and network level routing and encapsulation of data.
The requirements of these latter protocols are typically prepared as an International Engineering Task Force xe2x80x9cRequest For Commentxe2x80x9d (RFC) document, circulated among the industry and eventually adopted by the standards bodies. Sometimes, they are introduced prior to formal approval by a standards body and adopted by players in the industry, becoming de facto standards. The present invention is concerned with the distributed processing of these higher-level network control protocols, and in particular the Point-to-Point Protocol (PPP). The PPP is well known in the art and described in RFC 1661, the contents of which are incorporated by reference herein.
Briefly, the PPP describes an encapsulation mechanism for transporting muliprotocol packets across layer 2 point-to-point links. Typically, a user obtains a OSI-model layer 2 (i.e., data link layer) connection to a network access server using a number of techniques (dialing up over the PSTN, over an ISDN line, over an ADSL connection, etc.) and then runs PPP over that connection. In such a connection, the layer 2 termination point and the PPP session endpoint reside on the same physical device, namely the network access server on one side and the remote user""s modem on the other side.
The patent to Daniel L. Schoo, et al., U.S. Pat. No. 6,009,101, the contents of which are incorporated by reference herein, describes a method by which the processing of the PPP is distributed among multiple computing platforms in the network access server, in order to increase the efficiency and throughput of the network access server. A first portion of the processing is performed in the modem digital signal processor (DSP) of the network access server, and the remainder of the processing is performed in the gateway computing platform, e.g., DSP or general purpose computing platform in the routing card in the network access server.
Tunneling protocols, by which frames of data are routed from one node to another on a network, are also known in the art. One of these tunneling protocols that can be used with the invention is the Layer 2 Tunneling Protocol or L2TP, which is described in RFC 2661, the contents of which are incorporated by reference herein. Persons skilled in the art are familiar with the contents of RFC 2661. The L2TP protocol describes a mechanism for tunneling PPP packets across an intervening network in a way that is transparent to both end users and applications. The L2TP extends the PPP model by allowing the layer 2 and PPP endpoints to reside on different devices interconnected by a packet switched network. With L2TP, a user has a layer 2 connection to an access concentrator (e.g., modem bank, or an ADSL Digital Subscriber Line Access Multiplexer or DSLAM), and the concentrator then tunnels the individual PPP frames to a remotely located remote access server over an IP network. This allows the actual processing of the PPP frames to be divorced from the termination of the layer 2 circuit.
One benefit of L2TP is that the separation between the processing of PPP frames and termination of the layer 2 circuit can avoid long distance telephone charges. The layer 2 connection may be a local call to a local switched circuit concentrator, which then extends the logical PPP session over a shared infrastructure such as a frame relay circuit or the Internet to the PPP terminating unit, which can be located anywhere. From the user""s perspective, there is no perceptible difference in having the layer 2 circuit terminate and PPP processing occur in a network access server directly, or the PPP frames processed in a remotely located remote access server using L2TP.
The distributed PPP processing techniques of the Schoo patent, and the off-loading of PPP processing entirely as described in L2TP are, in and of themselves, insufficient mechanisms for handling the processing requirements of next-generation, ultra-high capacity network access servers. The market is demanding that such devices meet performance, throughput, and high availability requirements that are orders of magnitude above what was typically provided for only a few years ago. This phenomenon is a result of the explosive growth in the Internet, and the need for Internet Service Providers to install remote access servers that can keep up with the demand for Internet access. These next-generation network access servers are being designed to handle thousands, and even tens of thousands of PPP sessions simultaneously in a single chassis.
The present invention provides a method and network access server architecture in which high speed Internet Protocol data forwarding is separated from control, route calculation and other configurations overhead using a tunneling protocol, within the network access server itself. It permits ultra-high capacity network access servers to meet the performance and availability requirements that the market demands, while enabling the processing of thousands or tens of thousands of PPP sessions at the same time. Moreover, the invention uses an existing tunneling protocol, albeit with slight modification. This allows for reuse of existing expertise and source code in the tunneling art for achieving this goal instead of developing a tunneling protocol from scratch.
In a first aspect of the invention, a method is provided for distributing the processing of Point-to-Point Protocol frames and distributed Internet Protocol packet forwarding in a network access server. The network access server provides simultaneous access to a packet switched network for a plurality of remote terminals connected to a first network, such as a circuit switched network like the Public Switched Telephone Network. The network access server also includes an egress or interface module providing an interface to the packet switched network.
The method includes the step of providing a tunneling protocol access concentrator function in a modem module in the network access server. The tunneling protocol access concentrator function in the illustrated embodiment is as L2TP Access Concentrator (LAC), similar to that described in the RFC 2661 specification. The LAC acts as one side or node of a L2TP tunnel endpoint. The network access server also has a route server processing module. The route server has software and hardware implementing a tunneling protocol network server function, i.e., a peer to the LAC function in the modem module. The tunneling protocol network server function in the illustrated embodiment is a L2TP Network Server (LNS). The LAC function in the modem module tunnels PPP control packets, e.g., link negotiation and authentication packets, and PPP packets with IP routing control data (such as IP RIP data and Internet Protocol Control Protocol (IPCP) data) to the route server LNS for termination. The route server module performs IP routing and PPP control functions for the PPP frames received from the modem module.
The modem module further includes a distributed forwarding module, preferably operating under instruction from the LNS function in the route server. The distributed forwarding module performs packet forwarding for incoming PPP frames and forwards IP data packets in the frames to the egress module for transmission on the packet switched network. Thus, for IP data traffic in the direction from the circuit switched network to the packet switched network, the LAC in the modem module strips off PPP headers, optionally performs data decompression or other processes on the data, and forwards encapsulated IP data packets directly to the egress module for transmission on the packet switched network. For data in the opposite direction, the egress module forwards IP data packets to the LAC in the modem module. The IP data packets are encapsulated with PPP headers, any required data compression is performed, and the PPP packets are transmitted over the PPP link to the remote terminal.
The tunneling protocol (e.g., L2TP), is thus a control mechanism for both distributed processing of the PPP, and control of distributed packet forwarding. This latter feature, distributed packet forwarding directly by the modem modules, is of particular significance in a high capacity network access server such as described herein. Whereas in the prior art IP data packet forwarding and routing for a single network access server chassis was typically performed in a single card or xe2x80x9cbladexe2x80x9d (i.e., one card served as a routing or gateway card for all the modems in the chassis), here the routing function is basically distributed to all the modem modules in the network access server, albeit with the route server performing routing control functions as set forth herein. The route server in the illustrated embodiment does not handle the actual IP data packet routing for the modems, rather it off-loads this function to the modem modules. The route server sends updated forwarding tables or information to the modem modules to assist in IP data packet routing, and also sends updated forwarding tables or information to the egress module to enable it to handle both the forwarded IP data packets, and the incoming IP data packets from the packet switched network.
While L2TP is the tunneling protocol used between the modem modules and the route server module in the illustrated embodiment, other tunneling protocols now known or later developed could of course be used, and the selection of a tunneling protocol is not particularly significant. Examples of other suitable tunneling protocols are the PPP Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). L2TP was chosen in the illustrated embodiment because source code for implementing LAC and LNS functions in accordance with the L2TP protocol is known in the art or readily derived from RFC 2661, and does not require writing a new tunneling protocol from scratch. Thus, implementing the invention is very straightforward. The L2TP protocol is modified slightly to provide for distributed forwarding control messages between the route server module and the modem module to implement the distributed forwarding features of the invention.
In another aspect of the invention, a high efficiency, high capacity network access server is described in which Point-to-Point Protocol processing and packet forwarding functions are distributed among multiple computing platforms. The network access server includes an egress or interface module forming an interface to a packet switched network such as the Internet or a corporate backbone network. A plurality of modem modules are provided in the network access server, each of which are operatively connected to a circuit switched network (e.g., PSTN) so as to enable connections over the circuit switched network to the remote terminals.
Each of the modem modules comprises resident software and a computing platform together implementing a node for a tunneling protocol, such as a L2TP Access Concentrator function. The modem module further includes a distributed forwarding module performing IP or Internet Protocol Exchange (IPX) packet forwarding for incoming PPP frames, and forwarding the IP or IPX packets to the interface module.
The network access server further includes at least one route server comprising resident software and a computing platform for providing a peer to the modem tunneling node, such as a tunneling protocol network server function, e.g., an LNS. The route server module in the illustrated embodiment resides in a card or xe2x80x9cbladexe2x80x9d that is separate from the modem module, and separate from the egress or interface module. The route server module performs Internet IP or IPX routing and PPP control functions (e.g., negotiation, authentication) for PPP frames received from the remote terminals.
Further, the route server performs the tunneling node, IP routing and PPP control functions for a multitude of the modem modules. In a extremely high capacity network access server embodiment, there may be a large number of modem modules, more than one egress module, and perhaps two or even three route servers in the same chassis in order to further distribute the LNS tunneling functions and IP routing and PPP control functions among several route servers. However, in such an embodiment the IP data packet forwarding function is distributed to the modem modules, which transparently forward IP data packets directly to their assigned egress or interface module.
In yet another aspect of the invention, a method is provided for distributed protocol processing and IP data packet forwarding performed in a network access server. The method includes the steps of:
a) receiving PPP negotiation packets at the modem module,
b) tunneling the PPP negotiation packets to a route server in the network access server,
c) performing at least one of Link Control Protocol (LCP), PPP link negotiation, PPP authentication, Internet Protocol Routing Information Protocol (IP RIP) and Internet Protocol Control Protocol (IPCP) processing for the PPP connection in the route server;
d) the route server instructing the modem module to perform Internet Protocol (IP) data packet forwarding and providing forwarding information to the modem module;
e) the modem module responsively stripping PPP headers from further incoming PPP packets and forwarding IP data packets contained therein directly to the egress interface module for transmission on the packet switched network.
These and other features of the invention will be more apparent from the following detailed description of a presently preferred embodiment of the invention.