Owners of Internet Protocol (IP) access infrastructure typically need to be able to wholesale their facilities to external Retail Internet Operators. The Layer 2 Tunneling Protocol (L2TP) is typically used today in such circumstances. The retail operator operates the Local Network Server (LNS) whilst the access wholesaler operates the Local Access Concentrator (LAC). The LNS and LAC are separated by a switched connection, and L2TP provides an IP tunnel between the LAC and LNA for forwarding of Point-to-Point Protocol (PPP) frames and users' IP packets.
The user is authenticated and authorized using PPP mechanisms and then obtains an IP address from the LNS prefix. The PPP access, LAC and L2TP tunnel then hides that retail address from the wholesale IP routing capabilities. A number of problems are apparent with this architecture when applied to the wholesaling of a mobile wireless access infrastructure. Firstly, placing a LAC at the Access Router in a mobile network, where the Mobile Node (MN) changes Access Routers frequently, creates the need to hand-off a large amount of PPP and L2TP state between Access Routers. In addition, L2TP and PPP themselves are not designed for hand-off and no signaling exists in either protocol to facilitate hand-offs efficiently.
Mobility management in the wholesale domain instead typically requires Mobile IP between the Mobile Node (MN), Foreign Agent (FA) and a Local Home Agent (LHA) in the wholesale domain. This ensures that hand-off signaling is isolated to the wholesale domain to ensure low latency and high availability. MIP already provides capabilities for authentication, authorization and address assignment from a prefix at the LHA. PPP is not then required. MIP was not however designed with wholesaling in mind and a number of additional problems are apparent.                1) A Virtual Private Network (VPN) needs to be established between a VPN Server in the retailer domain and the LHA in the wholesaler domain so that the retailer is responsible for packet forwarding to and from the Internet.        2) The LHA needs to obtain delegated prefixes from that VPN Server in the retail domain so that the addresses assigned to the MN are retailer addresses.        3) The LHA needs to be able to forward packets from multiple retailers, when each retailer is delegating addresses from private address space. This means that the customer's address is not globally unique in the retailer's network, and especially in the FA and LHA.        4) The VPN Server needs to be kept informed by the LHA of what happens to those delegated addresses so that the retailer can manage the retail mobile service given to its customers in that wholesale domain.        
In view of the above discussion, it is apparent that there is a need for improved methods and apparatus to provide a more efficient architecture and more efficient signaling to facilitate the hand-off signaling and packet forwarding between retail Internet operators and wholesale Internet operators. Methods and apparatus directed to efficiently establishing and maintaining VPNs between VPN servers in the retailer's addressing domain and a LHA in the wholesaler's addressing domain are needed.