Instead of the conventional dial-up Internet connection, always-on high-speed lines (so-called broadband lines) including the ADSL (Asymmetric Digital Subscriber Line) are now rapidly wide-spread among personal users mainly in Japan, Korea, Europe, and America. Many Internet service providers (ISP) provide those personal users with Internet connection services through such always-on high-speed lines. And recently, there has also come to appear some Internet service providers (ISP) and carriers that provide enterprises with access lines to be installed less expensively and more easily. Those access lines, which are oriented to branch offices of enterprises, as well as SOHO (Small Office/Home Office) users, are realized by diverting the infrastructure common to home-use always-on high-speed lines to them.
In the case of the conventional dial-up connection, an RAS (Remote Access Server) that is a communication apparatus for authenticating user connections and collecting accounting information is deployed in each ISP network. The RAS is connected to each user only through a PSTN (Public Switched Telephone Networks) telephone line or with use of its equivalent tunneling protocol in the IP layer. Consequently, the ISP and the users are connected directly in the network layer. The network layer mentioned here means the layer 3 defined in the OSI (Open System Interconnection) reference model. For example, in the TCP/IP (Transmission Control Protocol/Internet Protocol) system, it means the IP layer.
FIG. 4 illustrates a network structure between user networks and ISP networks connected to each other through a conventional enterprise access line and a conventional BGP routing method employed in such a network structure.
Conventional lines such as dedicated, ATM and frame relay lines used for enterprises are regarded as directly connected lines from the standpoint of the network layer, that is, the IP layer. Consequently, if any of such lines is used for the connection between an enterprise user network 101 and an ISP network 103, the user network 101 and the ISP network 103 are regarded as adjacent autonomous systems (AS's) connected directly to each other through the line. Therefore, ordinary EBGP peer sessions can be established between the ordinary BGP routers of those AS's. And, those peer sessions make it possible to realize policy routing easily with use of various attribute information items including such attribute information as MED attributes usable only between adjacent AS's.
In the case of such always-on high-speed lines as ADSL and FTTH (Fiber To The Home); however, the line band width is far wider than that of the dial-up connection. In addition, the ADSL requires deployment of a user line concentrator referred to as a DSLAM (Digital Subscriber Line Access Multiplexer) in each of many line stations existing in a narrow area. This is why access line providers for housing user lines and Internet service providers (ISP) for providing users with Internet connection services have been different except for just a few cAS's in Japan. The access line provider provides a plurality of such Internet service providers (ISP) with ADSL and FTTH access lines. The access line provider connects a plurality of user lines connected to each another through user line concentrators to a kind of router referred to as a BAS (Broadband Access Server) to authenticate the users and aggregate the user traffic on behalf of each ISP and forwards the traffic to each ISP. This is to make user authentication and band_width utilization more efficient.
On the other hand, the policy routing mentioned above means controlling what route should be used for sending/receiving packets in a network according to the intention of the network administrator. As an example of such policy routing, there is a controlling method that determines “an ISP from which communication packets are to be received”, “a line to which communication packets are to be sent”, etc. A range of networks managed under the same policy is referred to as an autonomous system (AS). Such AS's are divided into two types; global AS having an AS number assigned from an assigning organization and private AS assigned an AS number in the subject network independently. A routing protocol used for routing between different AS's is referred to as an EGP (Exterior Gateway Protocol). The BGP (Border Gateway Protocol) is one of the EGPs used widely. In such a BGP, each router, when receiving routing information, adds various attribute information items to the routing information automatically or according to the setting by the administrator, then advertises the routing information to its adjacent AS's. Consequently, it enables integrated policy routing between AS's which have different policies respectively.
As described above, AS's are divided into transit AS's and stub AS's according to how packets are forwarded between the AS's themselves and other AS's. The stub AS sends only the packets of which the sources are the AS itself to its adjacent AS's and receives only the packets of which the destinations are the AS itself from its adjacent AS's; it never receives packets of which the destinations are other AS's. On the other hand, the transit AS relays packets received from an adjacent AS to another through itself, as well as sends/receives packets from/to itself. A typical transit AS example is an ISP network and a typical stub AS example is a general enterprise network (or each office site of the enterprise).
The BGP is used widely as an inter-AS routing protocol that is practically the standard of routing between transit AS's. On the other hand, no BGP may be used for routing between a transit AS and a stub AS or between stub AS's in some structures of the subject network. For example, just like when an ordinary personal user is connected to an ISP, in a stub AS connected to a single transit AS through a single line, no BGP is usually used for the routing. However, in the case of the multi-home connection for connecting one or more transit AS('s) through a plurality of lines or in the case of the IP-VPN (Virtual Private Network) method, which is one of the technology for providing virtual private lines among a plurality of sites through an ISP network, a BGP is usually used between an edge router deployed in a stub AS and an edge router deployed in a transit AS.
In such a BGP, routers used to exchange routing information directly with each other are connected to each other virtually through TCP sessions and those TCP sessions are used to actually exchange routing information between them. This TCP session is referred to a peer session and the other router of a pair of routers used for the peer session is referred to as a peer router from the standpoint of one of the routers. The peer session is divided into two types; EBGP (External BGP) sessions between routers belonging to different AS's and IBGP (Internal BGP) sessions between routers belonging to the same AS. The EBGP session is used for exchanging routing information between different AS's while the IBGP session is used for sharing routing information obtained by an EBGP session among all the BGP routers in each AS. Routing information obtained through any of those peer sessions is used for policy routing between AS's; it is usually not used for routing in each AS.
To establish an EBGP session between peer routers, both of the routers must be connected to each other directly in the IP layer. This is because only the BGP is used for IP routing between AS's generally, so that those routers, before the EBGP session is established, cannot know any route other than the directly connected one outside those AS's. Unless a route leading to a target peer router in the IP layer is known, it is impossible to establish a TCP session that operates in a layer just above the IP layer with the target peer router. No peer session is thus established in such a case. On the other hand, the IBGP session does not require those peer routers to be connected to each other directly in the IP layer. This is because a routing protocol referred to as an IGP (Interior Gateway Protocol) is used together with the BGP for routing in each AS and this IGP makes the routers know the routing in the AS other than the directly connected one.
Peer routes used for an EBGP session are just required to be connected to each other directly in the IP layer; in the layer 2 and under, they are not required necessarily to be connected to each other directly. In other words, the peer routers may be connected to each other through such a tunneling protocol transparent to the IP layer as the MPLS (Multi Protocol Label Switching), PPP (Point to Point Protocol), L2TP (Layer 2 Tunneling Protocol), or the like. For example, the official gazette of JP-A No. 368788/2002 discloses a technique for adding an MPLS label corresponding to BGP attribute information to each received packet to be forwarded to another AS through the MPLS network, thereby reflecting the BGP policy routing on the packet forwarding in an MPLS network while a plurality of AS's are connected to each another through the MPLS network and policy routing is realized between routers belonging to different AS's through an EBGP session.
[Patent document 1] Official gazette of JP-A No. 368788/2002
In the case of the inter-AS connection through a enterprise line such as a dedicated line, an ATM line, frame relay line, or the like, the line between both AS's such as the line between the enterprise network edge router and the ISP edge router are connected directly to each other in the network layer. Consequently, an AS, for example, an enterprise network AS and an ISP belonging AS can be operated completely as adjacent AS's, so that the AS's can advertise the BGP routes to each other through an EBGP session. In other words, any policy including the policy applicable only between adjacent systems (AS) can be employed for policy routing. Even in the conventional dial-up connection, a RAS is deployed in the ISP, so that each user is connected to the ISP directly in the network layer. Consequently, whether it is significant or not practically, if the RAS is provided with the BGP router function, it is possible to assign another AS number to the dial-up user differently from the ISP one to establish an EBGP session between the user and the ISP.
When building up such a network as ADSL, FTTH, or the like, however, the network is often structured so that each user is not connected to the ISP network directly in the network layer. This is because access line providers that have their own BAS's and Internet service providers (ISP) are often different corporations from each other. Under such circumstances, to realize BGP routing between the BAS of an access line provider and an ISP network, different AS numbers are generally assigned to the BAS and the ISP network. Assignment of such different AS numbers makes it possible for the access line provider and the ISP network to keep their independency in routing management, as well as to apply policy routing between the BAS and the ISP network since the peer session between the BAS and the ISP network is an EBGP session.
Assume now here that a user of ADSL, FTTH, or the like wants to make BGP routing between the user's own network and an ISP network. Such an operation form will often appear if the user network is not a personal/home use one, but a business network used for small enterprises and branch offices of enterprises.
In that case, the user wants to realize policy routing with use of a BGP between the user and ISP networks. Therefore, an AS number is naturally assigned to the user network differently from that of the ISP network. In addition, a BAS, that is, a router comes to be deployed between the edge router of the user network and the edge router of the ISP network. It is thus impossible to establish an ordinary EBGP session between the user network and the ISP network. And, in order to realize policy routing between the user and ISP networks with use of a BGP through an ordinary EBGP session on an ADSL/FTTH line in a conventional network structure, different AS numbers must be assigned to the user network, the BAS and the ISP network and an EBGP session is established between the user network and the BAS, as well as between the BAS and the ISP network respectively. In this network configuration, however, attribute information that passes no AS is not forwarded between the user network and the ISP network. Thus, policy routing that is applicable just between adjacent AS's comes to be disabled.
On the other hand, policy routing is realized between the user network and the ISP network if an EBGP multi-hop session is established between the edge router of the user network and the edge router of the ISP network with use of the EBGP multi-hop session function that is used for EBGP sessions between routers that are not adjacent to each other in the network layer, although the EBGP multi-hop session still arises the following problems of troublesome management/operation, as well as security problems of the network;    1) Routes to both of the user network edge router and the ISP network router need additional configurations such as a static route configuration to their peer router.    2) If such BAS-ISP network configuration items as redundant deployment, IP address change, etc. are changed with respect to the ISP network edge router, the change often comes to affect the configuration of the user network edge router. Therefore, The ISP comes to become difficult to change the configuration of the route between the BAS and the ISP network. And, once the BAS-ISP network configuration is changed, the configuration of the user network edge router must also be updated in accordance with the change.    3) The edge routers of both ISP and user networks cannot determine whether or not the source IP address of a BGP packet received through a BAS is spoofed, so that the edge routers might become a target of the DoS (Denial of Service) attack by receiving a peer session request that uses a spoofed source IP address.