(1) Field of the Invention
The present invention relates to a packet forwarding apparatus forming an Internet access network. More particularly, the invention relates to a packet forwarding apparatus having a gateway load distribution function of selecting one gateway from among plural gateways connected to an Internet transit network and connecting a user terminal to the Internet transit network via the selected gateway.
(2) Description of Related Art
At the moment, an authentication-based high-speed Internet connection service is provided. In this connection service, a user terminal is connected to an authentication server via a high-speed access line such as an Asymmetric Digital Subscriber Line (ADSL), Fiber to The Home (FTTH), or wireless LAN, and the user terminal is connected to the Internet when successful in authentication.
In the authentication-based high-speed Internet connection service, each user terminal is connected to a transit network managed by an Internet Services Provider (ISP) via, for example, a gateway node such as a Broadband Access Server (BAS) that terminates a high-speed access network. If the user terminal is a PPPoE terminal for Point to Point Protocol over Ethernet (PPPoE) prescribed in RFC 2516, the BAS terminates PPPoE or PPP, a protocol for connecting with the user terminal, and forwards layer-3 packets to the transit network.
As IP telephone services have launched recently, the above-mentioned high-speed access network is required to provide a high quality of communication comparable to that of an existing telephone network. For this reason, an enhanced access network having a plurality of redundant BASs deployed at the entrance to the transit network is configured so as to keep redundant routes for connecting user terminals to the transit network and to minimize downtime of a BAS service having a large impact on the network operation when a failure occurs. In an access network including such redundant BASs, it is expected to provide a network configuration that can distribute the connection load among the BASs properly.
In addition to the above layer-3 Internet connection service, an authentication-based connection service at a layer-2 level is also provided in recent years. In the layer-2 level authentication-based connection service, user authentication is carried out in accordance with a PPP Extensible Authentication Protocol (EAP) in IEEE 802.1X prescribed in RFC 2284. In this case, the transit network is comprised of Ethernet. In the EAP, user authentication is performed by communicating EAP over LAN (EAPOL) packets between a supplicant which is a user terminal to be an authentication requester and an authenticator which is a gateway node to be an authentication executor. The authenticator forwards each packet transmitted from an authenticated user terminal to the transit network by layer-2 packet forwarding.
In the layer-2 level Internet connection service using the IEEE 802.1X, each user terminal (supplicant) sends an IP address request to a Dynamic Host Configuration Protocol (DHCP) server which is managed by an ISP and receives an IP address assigned, for example, in an EAP forwarding phase which is executed after the completion of an EAP authentication phase. Because IEEE 802.1X fundamentally assumes to connect each supplicant with an authenticator in a one-to-one connection manner, the authenticator has to be provided with a plurality of connection ports at least equal to the number of supplicants it serves. However, in a case where a plurality of supplicants (user terminals) are connected to the authenticator via a layer-2 switch (L2SW), the authenticator can communicate with the plurality of supplicants through one connection port if each user terminal uses a special multicast MAC address (“01-80-C2-00-00-03”) to a EAPOL packet and the L2SW can pass the multicast EAPOL packet to the authenticator.
For the layer-2 level Internet connection service, redundant gateways (authenticators) and load distribution among them are also demanded with the spread of IP telephone service, as in the case of the layer-3 connection service described above.
As a related art, for example, Japanese Patent Application Laid-Open Publication No. 2005-64936 (Patent Document 1) proposes a system and method for PPPoE session distribution. In this system, a PPPoE session management apparatus is placed between a plurality of Broadband Remote Access Servers (BRASs) each connected to a plurality of ISPs, and PPPoE terminals. Upon receiving a PADI packet from one of the PPPoE terminals, the PPPoE session management apparatus selects a most suitable BRAS to be connected with the PPPoE terminal and forwards the PADI packet to the selected BRAS.
In order to provide an IP telephone service to each user terminal via the above transit network, it is required to enhance the communication performance of the access network and the transit network up to a level comparable to that of an existing telephone network. In the layer-3 connection service according to PPPoE, an access network having a redundant BASs configuration can be built as described above.
In the network of the redundant BASs configuration, a plurality of BASs reply with response packets called a PPPoE Active Discovery Offer (PADO) in response to a PPPoE Active Discovery Initiation (PADI) packet broadcasted from a PPPoE terminal, the PPPoE terminal selects one of the BASs that reply with the PADO packets and executes a succeeding communication control procedure starting from transmission of a PPPoE Active Discovery Request (PADR) packet with the selected BAS.
However, the selection of a BAS by the PPPoE terminal depends on the reception timing of each PADO packet or a BAS selection algorithm implemented on the PPPoE terminal. Thus, in a communication network in which each PPPoE terminal selects one of BASs, it is unable to control load distribution among the redundant BASs from ISP or telecommunications carrier side that operates the transit network. Therefore, it is impossible for the ISP to manage the BASs, for example, in a load distribution manner in which a BAS to be connected with a PPPoE is selected so as to equalize the connection loads of the redundant BASs, or to operate the redundant BASs by dividing them into an active group and a standby group.
According to the PPPoE session distribution system proposed in Patent Document 1, the load is distributed among a plurality of BRASs by the PPPoE session management apparatus.
The PPPoE session management apparatus described in Patent Document 1 is provided with a BRAS IP address management table for storing the number of remaining IP addresses for each ISP held by each BRAS, and an ISP PPP session mapping table for indication the correspondence of a terminal MAC address to an ISP to which the terminal is connected.
Upon receiving a PADI packet broadcasted from a user terminal, the PPPoE session management apparatus determines a destination ISP by referring to the ISP PPP session mapping table, selects a BRAS having the largest number of remaining IP addresses for the destination ISP by referring to the BRAS IP address management table, and transmits the PADI packet after converting it into a unicast packet to the selected BRAS.
In Patent Document 1, however, each BRAS having terminated a PPPoE session has to report the number of PPPoE sessions and the number of remaining IP addresses currently held by it to the PPPoE session management apparatus, in order to make proper the contents of the BRAS IP address management table to be referred by the PPPoE session management apparatus. The PPPoE session management apparatus updates the BRAS IP address management table according to the data reported from each BRAS. According to the load distribution method described in Patent Document 1, therefore, each BRAS must be provided with a new function of reporting the number of PPPoE sessions and the number of remaining IP addresses to the PPPoE session management apparatus.
As to the layer-3 connection service according to PPPoE or layer-2 connection service according to IEEE 802.1X, the present inventors have proposed, as Japanese Patent Application No. 2006-162074, a network topology in which a packet relay apparatus connected to a plurality of user terminals multicasts a PADI packet (or EAPOL-Start packet) received from each user terminal to a transit network, a plurality of gateways (BASs or authenticators) reply PADO (or EAP-Request/ID Request) packets in response to the PADI packet, and the packet relay apparatus forwards only one response packet received from a particular gateway selectively to the requester user terminal. According to the above network topology, redundant gateways become feasible without changing the functionality of each gateway. However, the above patent application does not describe about the control of load distribution among the redundant gateways by the packet relay apparatus.