(1) Field of the Invention
The present invention relates to a packet forwarding apparatus and, more particularly, to a packet forwarding apparatus with the function of limiting the number of user terminals to be connected to an ISP (Internet Service Provider) in an access network connected to the Internet as a wide-area network.
(2) Description of Related Art
With the tendency toward a broader-band access line from a user terminal to the Internet, and with the prevalence of various home electrical products equipped with network functions, there have been increasing requests from users to simultaneously connect a plurality of terminals owned by a single user, to the management server of an ISP (Internet Service Provider). The term “single user” used herein means a user or subscriber who has personally signed up for an Internet connection service provided by an ISP and commonly indicates an individual household connected to the ISP via an access line.
To connect user terminals to the Internet, it is necessary to assign IP (Internet Protocol) addresses to the individual user terminals. The assignment of the IP addresses is typically performed in accordance with a communication protocol such as the DHCP (Dynamic Host Configuration Protocol) or the PPPOE (Point-to-Point Protocol over Ethernet).
The DHCP is a communication protocol for dynamically assigning, when any of the user terminals is connected to a Layer-2 sub-network, an IP address which is proper for a terminal on the sub-network to the user terminal. On the other hand, the PPPOE is a communication protocol for connecting a point-to-point virtual Layer-2 session (PPPOE session) on the Ethernet™ between a BAS (Broadband Access Server) belonging to each ISP and any of the user terminals. In this case, an IP address is assigned to the user terminal via the PPPOE session in accordance with the PPP (Point-to-Point Protocol).
When a single user owns a plurality of terminals, each of the user terminals takes either of a connection form in which the user terminal is connected to an access network via, e.g., a home router (Layer-3 packet repeater) placed at the user's home and a connection form in which the user terminal is connected to an access network via a hub as a Layer-2 packet forwarding apparatus. In the DHCP or PPPOE, a client to which the management server of an ISP assigns an IP address is the home router in the former connection form, while it is an individual user terminal in the latter connection form.
For example, when the DHCP is applied, an IP address is assigned only to the home router in the former connection form, while different IP addresses are individually assigned to the plurality of terminals owned by the user in the latter connection form. When the PPPOE is applied to the latter connection form, the plurality of terminals owned by the user are allowed to be individually connected to PPPOE sessions. In a communication environment to which the PPPOE is applied, there are cases where one client device (user terminal or home router) requires a plurality of PPPOE sessions, for example, when a client uses multiple PPPOE sessions for different services or when the same client wishes to connect to a plurality of different ISPs.
Thus, the number of IP addresses assigned by an ISP to each user and the number of PPPOE sessions to be connected to the same user are differ depending on conditions such as the number of terminals owned by the same user, the presence or absence of a home router, and the type of a service the user wishes to use. However, if requests for IP address assignment and requests for PPPOE session connection are accepted without limitation from each user, a load on a BAS or the DHCP server as the management server of an ISP increases. In addition, if a specific user uses a large number of IP addresses, a communication service to be shared among users becomes partial due to the occupation of communication resources. Therefore, it is necessary to limit the number of assignable IP addresses and the number of simultaneously connectable sessions for each of the users.
For example, in the case of adopting a network configuration in which each of user terminals and the management server (DHCP server or BAS) of an ISP are connected by an individual access line (physical line or logical line such as a VLAN: Virtual Local Area Network) on a per user basis, the number of assigned IP addresses and the number of connections for each user can be limited by controlling the number of assigned IP addresses and the number of sessions for each access line at the management server.
However, in a network configuration having a Layer-2 switch (L2SW) disposed between individual access lines to which user terminals are connected and a management server such that the traffic of a plurality of users is concentrated by the L2SWs to a single access line and forwarded to the management server, the management server cannot identify the individual access lines on a user-by-user basis. In this case, it becomes impossible for the management server to limit the number of assigned IP addresses and the number of connected sessions for each user.
As examples of a prior art technology for limiting the number of assigned IP addresses and the number of connected sessions for each user in an access network configuration to which the L2SW mentioned above has been applied, there have been known the following technique.
(1) The first technique associates the management server (DHCP server or BAS) of an ISP and an L2SW with each other so that, when receiving a session-connection request packet or an IP-address-assignment request packet from a user terminal, the L2SW notifies the management server of identification information of the access line from which the request packet has been received.
(2) The second technique stores the number of already assigned IP addresses and the number of currently connected sessions in an authentication server on a user-by-user basis so that when user authentication is performed in association with a session connection procedure, the authentication server can reject a new session connection request from a user of which these numbers have reached maximum values.
As an example of a known document which describes the first technique (1) in a communication environment to which the DHCP has been applied, there is Japanese Unexamined Patent Publication No. 2000-112852.