The present invention relates to a packet transfer system forming an Internet access network. More particularly, the present invention relates to a packet transfer system with a gateway load distribution function for selecting one of plural gateway devices connected to an Internet relay network, and for connecting a user terminal to the relay network through the selected gateway device.
Currently, authentication-based high-speed Internet connection service is provided. This service connects a user terminal to an authentication server via a high speed access line such as an asymmetric digital subscriber line (ADSL), fiber to the home (FTTH), or wireless LAN, and connects the user terminal to the Internet only when the user terminal has succeeded in authentication. In the authentication-based high-speed Internet connection service, the user terminal is connected to a relay network operated by an Internet service provider (ISP), for example, through a gateway device that terminates a high-speed access network such as a broadband access server (BAS). When the user terminal is a point to point protocol over Ethernet (PPPoE) terminal specified in RFC 2516, the BAS terminates connection protocols, PPPoE and PPP, with the user terminal. Then, the BAS transfers a layer-3 packet to the relay network.
Recently, in the above-mentioned high-speed access networks, IP telephone service has been started. This leads to a demand for high quality in the high-speed access network that is comparable to the quality of the existing telephone. To meet this demand, it is necessary to reduce service downtime in a BAS having significant influence on a network when a failure occurs. Thus, there is constructed an access network in which a connection path between each user terminal and a relay network is made redundant by providing plural redundant BASs at the gates of the relay network. In such an access network including plural redundant BASs, it is desirable that the connection load of each BAS can be appropriately distributed in the future.
In addition to the above layer-3 Internet connection service, an authentication-based connection service at a layer-2 level has also been provided recently. In the layer-2 level authentication-based connection service, user authentication is performed using PPP extensible authentication protocol (EAP) in IEEE 802.1X specified in RFC 2284. In this case, the relay network is constructed by Ethernet. EAP provides user authentication by communicating an EAP over LAN (EAPOL) packet between a supplicant (an authentication requester, namely, a user terminal) and an authenticator (an authentication provider, namely, a gateway device). The authenticator receives a packet from an authenticated user terminal, and transfers the packet as a layer-2 packet to the relay network.
In the layer-2 Internet connection service using IEEE 802.1X, for example, in EAP transfer phase after completion of EAP authentication phase, each user terminal (supplicant) requests an IP address to a dynamic host configuration protocol (DHCP) server operated by an ISP, and receives an assignment of the IP address to be used by the user terminal. IEEE 802.1X is based on a one-to-one connection between the supplicant and the gateway device. Thus, the gateway device as the authenticator should have plural connection ports according to the number of supplicants to be accommodated.
However, it is also possible to accommodate plural supplicants in one connection port of the authenticator. In this case, plural user terminals are accommodated in the authenticator through layer 2 switch (L2SW). Each user terminal applies a special multicast MAC address (“01-80-C2-00-00-03”) to an EAPOL packet so that the EAPOL packet can pass through the L2SW.
Also in the Internet connection service at the layer 2 level, similarly to the case of the connection service at the layer 3 level as described above, redundancy and load distribution of the gateway devices (authenticators) are demanded in connection with the provision of IP telephone service.
JP-A No. 2005-064936 proposes a PPPoE distribution system and method, including plural broadband remote access servers (BRASs) each connected to plural ISPs, and a PPPoE session management device provided between the plural BRASs and a PPPoE terminal. Upon reception of a PPPoE active discovery initiation (PADI) packet from the PPPoE terminal, the PPPoE session management device selects the appropriate BRAS to which the PPPoE terminal should be connected. Then, the PADI packet is transferred to the selected BRAS.
In order to provide an IP telephone service to each user terminal through the relay network, it is necessary to enhance the communication performance of the access network and relay network, up to a level comparable to that of the existing telephone network. As described above, the layer-3 connection service using PPPoE can construct an access network with redundant BAS configuration.
In the network of redundant BAS configuration, plural BASs transmit PPPoE active discovery offer (PADO) packets, in response to a PADI packet which is broadcast from a PPPoE terminal. The PPPoE terminal selects one of the source BASs of the PADO packets. Then, the PPPoE terminal performs the following communication control procedures from transmission of a PPPoE active discovery request (PADR) packet with the selected BAS, according to PPPoE connection procedure.
However, the selection of BAS in the PPPoE terminal depends on the reception timing of PADO packet, or the BAS selection algorithm implemented in each PPPoE terminal. For this reason, in the method of selecting BAS by the PPPoE terminal, the load distribution of plural redundant BASs is not uniquely controlled on the side of the ISP (or carrier) that operates the relay network. This makes it difficult to provide load distribution-type BAS management that determines a destination BAS of the PPPoE terminal so that the connection load is equally distributed among plural BASs. It is also difficult to provide BAS operation in which plural redundant BASs are divided into working system and protection system.
According to the PPPoE session distribution system proposed in JP-A No. 2005-064936, the load is distributed to plural BRASs by PPPoE session management. A PPPoE session management device of JP-A No. 2005-064936 includes a BRAS IP address management table storing the number of remaining IP addresses of each ISP that is held by each BRAS, and an ISP PPP session correspondence table showing the correspondence between a terminal MAC address and a destination ISP. Upon reception of a broadcasted PADI packet from a user terminal, the PPPoE session management device identifies a destination ISP by referring to the ISP PPP session correspondence table, and selects a BRAS with the largest number of remaining IP addresses for the destination ISP by referring to the BRAS IP address management table. Then, the PADI packet converted into a unicast packet is transmitted to the selected BRAS.
However, in JP-A No. 2005-064936, upon termination of the PPPoE session, each BRAS reports the numbers of PPPoE sessions and of remaining IP addresses currently held by the BRAS, to the PPPoE session management device. Then, the PPPoE session management device updates the BRAS IP address management table based on the data reported from each BRAS, in order to optimize the content of the BRAS IP address management table that the PPPoE session management device refers to. Thus, in the load distribution method of JP-A No. 2005-064936, each BRAS should have an additional function for reporting the number of PPPoE sessions and the number of remaining IP addresses. Further, in a network configuration in which plural PPPoE session management devices are connected to each BRAS, the number of PPPoE sessions and the like of each BRAS may not be shared by the PPPoE session management devices. Thus, it is difficult to immediately reflect the latest information such as the number of PPPoE sessions connected by another PPPoE session management device.
Incidentally, the inventors of the present application have proposed, in Japanese Patent Application No. 2006-162074 (JP-A-2007-335945), a network configuration for the connection service at layer 3 using PPPoE (or layer 2 using IEEE802.1X). This network configuration includes a packet transfer device connected to plural user terminals. The packet transfer device multicasts a PADI packet (or EAPOL-Start packet) received from each user terminal, to a relay network. In response to this, plural gateway devices (BASs, or authenticators) transmit PADO (or EAPOL-Request/ID request) packets to the packet transfer device. Then, the packet transfer device only transfers the response packet from a specific gateway device selected from the plural gateway devices, to the user terminal that is the source of connection request.
Further, the present inventors have also proposed a load distribution packet transfer device in Japanese Patent Application No. 2006-295020 (JP-A-2008-113260). In a network configuration in which an access network connected to plural user terminals, and a relay network to the Internet are connected by plural redundant gateway devices (BASs, authenticators and the like), the load distribution packet transfer device can connect a user terminal and a gateway device by distributing the load of the redundant gateway devices, without adding a special function to each gateway device.
With the above described configuration, it is possible to provide redundancy and load distribution control of the gateway devices without changing the function of each gateway device. However, in the above described application, there is no description of load distribution control of redundant gateway devices, in a network configuration in which plural load distribution packet transfer devices are connected to each gateway device, by sharing the user connection information of each packet transfer device.