The logical topology of the infrastructures built of Marlin node units is always hub and spoke. All traffic is back-hauled to the hub and there is no possibility of traffic passing between two access interfaces without passing the router or switch that constitutes the hub. The prior art infra-structure 10 in FIG. 1 shows routers 12, 14 connected to an access network 16 that are associated with customers C1–C6 that may be companies that in turn are connected to internal networks. The network 16 may be a metro access system that has a plurality of Ethernet switches that are suitable for VLAN structures. Operators often use VLAN technology and extra functionality in the switches to prevent any direct communication between customers although the Ethernet switches permit such communication. In this way, the operators can measure the traffic and charge the customer accordingly and furthermore the operator can protect the customers from one another. Each trunk link 18, 20 connecting to the hub node may carry the traffic from several customers attached to leaf-access ports in the system. Individual leaf-access ports are represented by a distinct tag that is associated with a router sub-interface or VLAN table entry in the hub node.
Ethernet switches forwards packets based on the destination address. Ethernet switches are intended for friendly enterprise environments and include a number of automatic features in order to ease the installation and operation of the network. However, these automatic features become problematic in large scale operator environments. The automatic features do not scale to large infrastructures and needs sometimes to be disengaged to increase security. This requires manual configuration of possibly a large number of individual units. One specific example of an automatic feature of Ethernet switches is that they dynamically learn each unique source address of the packets received in order to optimize the forwarding of traffic. It is sometimes necessary to disengage this learning process to prevent customers from being able to communicate directly with each other without going through a service provider. In summary, problems with basic Ethernet switches include: no support for customer separation; low degree of security due to the fact that cross traffic directly between end-customers is allowed; dynamic address learning may open up for DoS attacks; requires distributed element management and service creation due to the fact that a potential large set of distributed units needs to be configured and managed; and the standard based Spanning Tree Protocol (STP) based restoration is slow.
The system of the present invention provides a solution to the above-outlined problems. More particularly, the tandem node system of the present invention has a first node having an access link connected to a first port group of a first customer and a first network link connected to a first router. A second node has an access link connected to the first port group of the first customer and a first network link connected to a second router. The first node has a second network link connected to the second node. Each node prevents direct communication between two separate access ports. Preferably, the first node is in an active status and forwards traffic from the access port while the second node is an inactive stand-by status and discards traffic coming in on the access port.