In today's wireless age, consumers can have subscriptions simultaneously to multiple communication networks, such as wireless wide area networks (WWANs), wireless metropolitan area networks (WMANs), wireless local area networks (WLANs), and wireless personal area networks (WPANs) for purposes of using voice, video, and/or data services. For example, voice, video or data messaging calls can be communicated over licensed WWANs using protocols and air interfaces developed specifically for those networks (e.g., Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunications System (UMTS), or Code Division Multiple Access (CDMA)). Alternatively, voice, video or data messaging calls can be communicated over shorter-range wireless networks, such as networks implementing any of the Wi-Fi (IEEE 802.11 a/b/g), WiMax (IEEE 802.16), or Bluetooth protocols.
More recently, unlicensed mobile access (UMA) standards have been developed to define a cellular-over-IP (CoIP) protocol that enables mobile devices (e.g. CoIP handsets) provisioned on WWANs, such as GSM/GPRS, CDMA, UMTS, or other cellular-type networks, to access voice, video, and data messaging services over shorter-range, unlicensed wireless networks (e.g., networks such as Wi-Fi and WiMax that do not require operation by licensed operators using specifically assigned or licensed frequencies). Under such standards, the CoIP handset is a multi-mode device that not only includes appropriate functionality to access a licensed WWAN, but also includes appropriate functionality to access one or more shorter-range, unlicensed wireless networks. Thus, when a CoIP handset detects that it is within range of an unlicensed wireless network, the CoIP handset may select the unlicensed network as its preferred mode of communication because such network generally facilitates higher data rates than does its wide area counterpart and has lower effective airtime costs.
However, one drawback with current UMA standards is that the data (e.g., voice-over-IP (VoIP), text, or video) communicated from the CoIP handset must be routed through the WWAN on which the handset is provisioned. Such routing is generally implemented using the IPsec suite of protocols to tunnel data securely from the CoIP handset to a virtual private network (VPN) server through the WWAN. Because the maximum data rate of the licensed WWAN is typically much less than the maximum data rate of the unlicensed network, the licensed network becomes a bottleneck for the transfer of digital information by users provisioned on the WWAN, but using unlicensed networks for CoIP sessions.
FIG. 8 illustrates an exemplary prior art CoIP architecture. As shown in FIG. 8, the architecture includes a shorter-range, unlicensed wireless network (e.g., a personal home network), an Internet service provider (ISP) network, a mobile virtual network operator (M(V)NO) network, and a mobile network operator (MNO) network providing access to an MNO services network 818 (e.g., voice mail, email, corporate intranets) and a public IP services network 820 (e.g., the Internet). The unlicensed network includes a wireless access point/router 804, such as an integrated access point and digital subscriber line (DSL) or cable modem/router, to receive wireless communications from wireless devices within a coverage range of the access point 804. The ISP network includes appropriate broadband cabling 814 (e.g., DSL or cable) and a broadband IP router 806 or gateway. The M(V)NO network includes a specialized UMA network controller (UNC) 808, which provides a bridge between the ISP network and the MNO network. The interface 816 between the UNC 808 and the WWAN 810 is typically an interface having T1/E1 capacity (e.g., 2 Megabits per second (Mbps)) and must be shared by all CoIP handsets accessing the WWAN 810. The interface 816 is also typically secure to prevent unauthorized access to the WWAN 810. The WWAN 810 is coupled to the MNO services network 818 and the public IP services network 820.
In operation, the CoIP handset 802 is provisioned on the WWAN 810, which is operated by the licensed MNO. The CoIP handset 802 also includes appropriate functionality to communicate data to a target device (e.g., server) in the public IP services network 820 or the NIO services network 818 by transmitting the information over an unlicensed wireless link 812 to an access point/router 804. However, the communication and security protocols running on the CoIP handset 802 require that all transferred data pass through the WWAN 810. Therefore, a user wanting to access corporate email through the MNO services network 818 while attached to the user's unlicensed, home network via CoIP would have to use the WWAN 810, which is not designed to handle heavy volumes of data traffic. Additionally, the interface 816 between the UNC 808 and the WWAN 810 is typically limited to a much lower bandwidth than is the ISP network and further must be shared by many users. For example, when using GPRS as the WWAN, the interface 816 between the UNC 808 and the WWAN 810 is referred to as a “Gb interface” and is typically limited to an E1/T1 capacity of 2 Mbps. However, the Gb interface must be shared by multiple users in multiple cells of the WWAN 810 resulting in traffic entering the UNC 808 from the ISP network at a rate as high as 30 Mbps. Such a mismatch in effective bandwidth between the ISP's broadband IP network and the WWAN 810 produces a data bottleneck.
Other data processing factors further exacerbate the bottleneck at the UNC/WWAN interface 816. For example, such interface 816 is also the location at which broadband IP bearers converge to the WWAN protocols. Additionally, data entering the WWAN 810 is typically characterized by multiple levels of IP traffic tunneling. For instance, the present CoIP handset protocol stack for accessing data service has at least three IP layers (IP layer, Remote IP-IPSec layer, and Transport IP layer). Hence, application traffic is transported through a hierarchy of tunnels, thereby substantially increasing bandwidth. Further, de-tunneling and re-tunneling the traffic at various intermediate nodes adds undesirable processing overhead and latency.
In an attempt to reduce some of the data traffic through the WWAN 810, IPsec-based virtual private networks (VPNs) are known to use a technique referred to as “split tunneling.” Split tunneling provides that certain traffic associated with particular destinations is sent directly to the destinations without tunneling, while other traffic is sent to various destinations through a VPN tunnel and a VPN server. For example, split tunneling enables a VPN client to securely transmit data across the Internet to a VPN server (e.g., on a corporate intranet), while allowing non-tunneled access to local devices, such as printers, copiers, and computers. Split tunneling is implemented primarily to differentiate data traffic intended for VPN use from data traffic intended to remain on a local intranet or home network. Split tunneling can be turned off or on depending on the configuration of the VPN client.
When split tunneling is turned on, a user can remotely access a corporate intranet through secure VPN communications, while retaining non-secure access to his or her local home network (e.g., home network printers, computers, routers, and so forth). However, split tunneling may cause erroneous behavior within certain networks resulting in misdirection of traffic destined for VPN servers. The undesirable behavior can be caused by erroneous domain name system (DNS) lookups and conflicting networking topologies. Additionally, split tunneling often requires specific address settings and may be negatively affected by networks that utilize Network Address Translation (NAT).
Furthermore, the split tunneling feature of IPsec-based VPNs can route traffic only to a local network in a private domain (e.g., home network), but cannot route traffic to multiple networks in separate public domains. For example, when using split tunneling as implemented today, a user could print non-tunneled data on a printer on his or her home network, while being connected through a VPN tunnel to an enterprise network. However, split tunneling does not allow direct access to a network outside the home network without traversing the tunneled enterprise network.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help improve the understanding of the various embodiments of the present invention.