1. Field of the Invention
The present invention relates to a method for transferring a Multi-Protocol Over Asynchronous Transfer Mode (hereinafter called MPOA) address request packet received by a conventional MPOA server to the other MPOA server or to the other MPOA client.
2. Background Art
The conventional Multi-Protocol Over Asynchronous Transfer Mode (hereinafter, called MPOA) is a communication mode used on a ATM network using existing protocols such as an Internet Protocol (IP), an Internetwork Packet Exchange (IPX), as specified by the version 1.0 (AF-MPOA-0087.00, ATM Forum).
However, in such a conventional packet transfer method, since a source layer 3 address of a data packet which is desired to be short cut is not included in the MPOA address resolution request packet, a problem has been encountered that, when the MPOA server receives the MPOA address resolution request packet, the MPOA server can not determine based on the layer 3 packet filter information whether or not the MPOA address resolution request packet is to be forwarded to the other MPOA server or the other MPOA client. Moreover, since the above-described source layer 3 address is not included, the MPOA server can not check whether or not it is the desired MPOA address resolution request. Thus, even when an address resolution request is transmitted from an MPOA client, triggered by a data communication from an undesired source, another problem encountered is that when such an MPOA address resolution request is processed by a normal procedure, there is a possibility that an undesirable short cut path will be established.
For example, as shown in FIG. 7, it is assumed that the data communication is started from a terminal 700 to another terminal 701. If no layer 3 packet filter information is set in an MPOA server 500 or in another MPOA server 501, the data packet from the terminal 700 arrives at the terminal 701 through a router 800, an MPOA client 600, MPOA servers 500 and 501, and an MPOA client 601. When a data flow to the terminal 701 is detected at the MPOA client 600, the MPOA client 600 sends an MPOA address resolution request packet to the MPOA server 500. This MPOA address resolution request packet is forwarded through the MPOA servers 500 and 501 to the MPOA client 601, and the reply for the request packet is forwarded through the MPOA clients 601 and the MPOA servers 501 and 500, to the MPOA client 600, so that the MPOA client 600 learn the ATM address of the MPOA client 601. When a short cut path is established from the MPOA client 600 to the MPOA client 601, the data packet sent from the terminal 700 to the terminal 701 is forwarded through the terminal 700, the router 800, and the MPOA clients 600 and 601 to the terminal 701.
In contrast, if a rule such as “the data packet from a subnet X is not permitted to reach a subnet C” is configured, the data packet from the terminal 700 addressed to the terminal 701 will be discarded by the layer 3 function portion of the MPOA server 500 or 501 based on the layer 3 packet filter information, while if the MPOA client is not provided with a short cut path, the data packet from the terminal 700 is forwarded through the router 800 and the MPOA client 600 to the MPOA servers 500 and 501.
However, in that period, since a data flow to the terminal 701 is detected in the MPOA client 600, the MPOA client 600 sends an MPOA address resolution request packet to the MPOA server 500. This address resolution request packet is forwarded through the MPOA servers 500 and 501 to the MPOA client 601, and the reply for the request is forwarded through the MPOA client 601 and the MPOA servers 500 and 501 to the MPOA client 600, so that the MPOA client 600 can learn the ATM address of the MPOA client 601. Thereby, the MPOA client 600 establishes a short cut path to the MPOA client 601, and thereafter the data packet sent from the terminal 700 to the terminal 701 is forwarded through the terminal 700, the router 800, the MPOA clients 600 and 601, to the terminal 701. Consequently, a serious security problem arises that a data packet, which should be originally discarded, arrives at the terminal 701 through the short cut path developed by the above process.