1. Field of the Invention
The present invention relates to providing network access to a communications system. More particularly, the present invention relates to providing network access to a communications system by locally authenticating and authorizing access requests.
2. The Background
Turning to FIG. 1, one approach for providing network access to a communications system 8 over an access point (such as access point 10a, access point 10b, or access point 10c) using a communications network 12 is shown. An access point is associated with a set of service components and at least one client, enabling a subscriber 14 using a host machine 16, such as a personal computer having a modem, to obtain access to system 8. As known to those of ordinary skill in the art, when referred to in the context of the Internet or other large computer networks, each client coupled to an access point provides connectivity to hosts within an area commonly referred to as a PoP or "Point of Presence." A PoP is a geographical area that is serviced by an access point, which is typically managed by an ISP ("Internet Services Provider"). For dial-up access methods using a public switched telephone network (PSTN), the geographical area may be defined by an area code.
For example, if network 12 is implemented using the Internet, access point 10a may be configured to support subscribers within a geographical area defined by a first area code, such as that covering San Jose, Calif., while access point 10b may be configured to support subscribers within another geographical area defined by a second area code, such as that covering San Francisco, Calif. and/or its surrounding cities and towns. Similarly, access point 10c may be configured to support subscribers within a geographical area defined by a third area code, such as that covering New York City, N.Y.
For dial-up access to network 12, each access point includes a network access server (commonly referred to as a NAS), such as network access server 18. Network access server 18 functions as an interface between host machine 16 (via the modem) and the necessary services which must be provided when subscriber 14 seeks to obtain network access using a dial access method. Responding to a dial-up access request typically includes the process steps (sometimes referred to as "states") of authentication, authorization, and accounting. These states may be provided by an AAA server, such as AAA server 20. AAA server 20 uses the RADIUS protocol to communicate with devices, such as network access server 18, which request authentication, authorization, and accounting services.
To provide authentication, authorization, and accounting services properly, AAA server requires access to a database 21 having a set of user records. For a communications system that has more than one access point, such as communications system 8, database 21 may be maintained as a central database that contains all of the user records required by all of the access points in communications system 8. This provides the advantages of maintaining only one database for more than one access point, reducing the complexity of the system, while permitting a subscriber to obtain network access at an access point other than his originating access point (commonly referred to as "roaming").
For example, if access point 10a is the home access point for subscriber 14, subscriber 14 may still dial-up a different access point, even if the access point is at a different geographical area, such as access point 10c. This is possible because access point 10c has access to the user record corresponding to subscriber 14 by virtue of database 21.
However, centrally locating a database is expensive with respect to network bandwidth consumption because each database transaction generated for every access request that requires AAA services from an access point in communications system 8 must be sent to database 21 (sometimes referred to as "back-hauling"). Moreover, this problem of bandwidth consumption increases and becomes more acute during peak use hours.
One solution includes implementing a local database at each access point. However, this solution offers the challenges of having to maintain synchronicity with other local databases, such as for the purposes of offering roaming as a service.
Accordingly, a need exists for a network access point that can be configured to have at least one local database or cache that holds user records which may be used for authentication, authorization, and accounting purposes.
Further, a need exists for a network access point that can be configured to have at least one local database or cache which can be easily synchronized with other local databases or caches within the access point or within other access points.
Furthermore, a need exists for a communications system having network access points that can be configured to have at least one local database or cache which can be easily synchronized with a central database or cache without consuming network bandwidth used for transporting subscriber data.