Over the last few years the telecommunications industry has devoted a considerable amount of work and time toward defining the capabilities of Broadband ISDN (B-ISDN). The goal has been to match transport capabilities available in B-ISDN to potential user applications. Examples of such user applications are accessing remote data bases with very low latency, transmitting large multimedia files containing photographic quality images and/or video snipets, and performing desktop multimedia teleconferencing including video. All of these applications demand high-speed transmission and switching within the interconnection network and many require new signaling capabilities beyond that of the current ISDN signaling protocol Q.931.
However, many people knowledgeable about the network recognize that the time-frame necessary to deploy all of these capabilities is well into the future; therefore it is believed that this feature-rich B-ISDN technology is still years away. Accordingly, there is a market opportunity for a broadband service that can be quickly and inexpensively deployed. Such a market opportunity can be met with a virtual private network capability deployed within the B-ISDN public network.
B-ISDN is characterized by the transport of Asynchronous Transport Mode (ATM) cells over ATM connections. ATM cells are fixed length packets which contains addressing and transmission instructions along with user data. This allows ATM cells to be independently addressed and transmitted on demand over ATM connections facilitating transmission bandwidth to be allocated, as needed, without fixed hierarchical channel rates. ATM connections are set-up between various nodes in the network and also between the customer premises equipment and the network nodes. ATM connections are organized in two levels: virtual channels (VCs) and virtual paths (VPs). End-to-end virtual channel connections are made up from virtual channel links which are switched or cross-connected at the broadband switching systems. Virtual channel links are carried within virtual path links which in turn are switched or cross-connected to form end-to-end virtual path connections. The virtual channel identifier (VCI) and virtual path identifier (VPI) fields in the ATM cell header identify the virtual channel link and the virtual path link to which the ATM cells belong. Multiple virtual channel links (of varying bandwidths) can be grouped into virtual path links and multiple virtual channel links and virtual path links can be carried on a physical link. Virtual channel connections and virtual path connections are bi-directional with either symmetric or asymmetric cell transfer capability.
One of the basic characteristics of ATM networks is the provisioning of ATM traffic parameters at the user-network access interfaces (UNIs) and the network-node interfaces (NNIs). The ATM traffic parameters describe the traffic characteristics such as cell transfer rate and quality of service of an ATM connection (which can be a virtual channel connection or a virtual path connection). Traffic parameters include, but are not limited to, peak cell transfer rate, average cell transfer rate, and burst length. Currently, only peak cell transfer rate has been standardized into CCITT I.371 1992 recommendations. Even though a customer can contract for a peak cell transfer rate on an ATM connection, in principle, the user could exceed the negotiated traffic parameter up to the maximum capacity of the physical facility. Therefore, a network function called "usage parameter control" or "policing" as defined in CCITT recommendation I.311. is needed. This function controls the cell stream during the entire active phase of the ATM connection and restricts the peak traffic to the characteristics negotiated in the contract. Thus, it will protect the network against excessive congestion resulting in a degradation of the quality of service of all connections sharing the same network resources.
To protect all network resources, the policing function is located as close as possible to the actual traffic source and is under the control of the network providers. Depending on the service being provided, the policing function may be performed on virtual channel links or on virtual path links. The prior art policing function is performed at the ingress of the broadband switching systems at both the user-network interfaces and the network-node interfaces. To protect the network and the coexisting connections, actions must be taken by the policing function after detecting a violation of the contract. The prior art policing action is to discard those cells which are in violation of the traffic contract. Other policing actions, such as marking the violating cells as low priority cells and discard them only during network congestion, are being discussed in the art.
The prior art B-ISDN allows for the deployment of Virtual Private Network (VPN) services by either cross-connecting virtual channel links (Virtual Channel Cross-connect (VCX) functionality) or cross-connecting virtual path links (Virtual Path Cross-connect (VPX) functionality). In the prior art B-ISDN, when cross-connecting virtual channel links, policing is accomplished on the traffic on the virtual channel links. Similarly, when cross-connecting virtual path links, the policing is accomplished only on the traffic carried on the virtual path links. Therefore, when using VPX or VCX functionality to deploy Virtual Private Networks, ATM connections and its bandwidth (peak cell transfer rate) are directly coupled. As a result, as the number of customer locations and therefore the number of desired connections in a VPN increases, the transmission capacity needed on the physical facilities must increase to support the cumulative bandwidth of all the connections on the facility even though all the connections would never be simultaneously active with traffic at their peak bandwidth. This excess provisioning of transmission capacity can cause the whole concept of virtual private networks (VPNs) to fail. Therefore, a primary objective of our invention is to provide a viable private network capability by separating bandwidth from connectivity requirements.