The present invention relates to firewalls in network elements. More specifically, the invention relates to firewalls in gateway network elements between IP (Internet Protocol) based networks.
SONET/SDH ADMs (Add Drop Multiplexers) and MSPPs (Multi Service Provisioning Platforms) use SONET/SDH overhead bytes to establish communication channels between nodes. These communication channels are called DCCs.
In configuring ADMs and MSPPs, special purpose nodes, referred to as GNEs (Gateway Network Elements), act to terminate the DCCs and to forward management traffic across a DCN (Data Communications Network) to the NOC (Network Operations Center).
The industry specification for SONET/SDH ADMs was originally included in GR-253, the contents of which are herein incorporated by reference in their entirety, and it prescribed an OSI communication stack for DCCs. Because DCNs traditionally used IP based communication, the GNE became a natural demarcation between the OSI based DCC and the IP based DCN. This demarcation has become well understood and several features of the behavior of SONET ADMs and MSSPs have developed as a consequence of this OSI/IP separation enforced on the GNEs.
Today, the industry standard G.7712, the contents of which are herein incorporated by reference in their entirety, allows IP DCCs as a standard option. Thus, the DCN and DCC can both be IP based.
The problem that has been encountered is that users have come to rely on certain features of the separation between an OSI based DCC and an IP based DCN, but, in a system with an IP based DCC, this separation and these features are missing. In a system with a GNE between two IP based networks, there is a strong need for the GNE to have an onboard separation between the networks that mimics the features of the separation between the OSI based DCC and the IP based DCN found in legacy systems. Additionally, it would be desirable if the GNE implemented this onboard.