This invention relates generally to communications and, more particularly, to packet communications systems.
One use of the Internet as a communications vehicle is as an enhanced data back-bone for coupling together workgroups to provide what is referred to as a xe2x80x9cvirtual private networkxe2x80x9d (VPN). One application of a VPN is in a corporate environment such that employees, e.,g., at home, can remotely access, via the Internet, corporate data networks. A VPN provides security, and authentication, for a remote user to join a closed user group notwithstanding the use of public facilities. In effect, the use of a VPN provides a WAN-like vehicle to the corporation and its employees. (Although the corporate network could also provide direct remote access, e.g., a user dials directly into the corporate network, there are economic advantages to the use of a VPN.) To provide a VPN, tunneling protocols are used such as the xe2x80x9cPoint-to-Point Tunneling protocolxe2x80x9d (PPTP) and the xe2x80x9cLayer 2 Forwardingxe2x80x9d (L2F) protocol. Generally speaking, a tunnel protocol enables the creation of a private data stream via a public network by placing one packet inside of another. In the context of a VPN, an IP packet is placed inside another IP packet. In an attempt to develop an industry standard, the Internet Engineering Task Force (IETF) is developing the xe2x80x9cLayer 2 Tunneling Protocolxe2x80x9d(L2TP), which is a hybrid of the PPTP and L2F protocols (e.g., see K. Hamzeh, T. Kolar, M. Littlewood, G. Singh Pall, J. Taarud, A. J. Valencia, W. Verthein; Layer Two Tunneling Protocolxe2x80x9cL2TPxe2x80x9d; Internet draft, March, 1998).
For a remote user, a typical form of access to a VPN is via a xe2x80x9cplain-old-telephone servicexe2x80x9d (POTS) connection to an xe2x80x9cInternet service providerxe2x80x9d (ISP) that provides the VPN service. For example, a user incorporates an analog modem into a personal computer, or equivalent, and has a customer account with a particular ISP, referred to herein as the xe2x80x9chomexe2x80x9d ISP. (It is also assumed that the user""s personal computer is properly configured to support one of the above-mentioned tunneling protocols.) The user accesses the VPN by simply making a data call to the home ISP, e.g., dialing a telephone number associated with the xe2x80x9chomexe2x80x9d ISP and then xe2x80x9clogging inxe2x80x9d to the VPN.
We have realized that the above-described tunneling protocols do not allow a remote user to log into any ISP other than their home ISP for accessing a VPN. In today""s mobile world this is significantly limiting, especially when viewed in the context of a Personal Communications Service (PCS) wireless environment in which the user may physically change their location during the call. In other words, as the remote user changes location, the home ISP may, at least temporarily, be no longer available to the userxe2x80x94thus blocking the user from accessing the VPN.
Therefore, and in accordance with the invention, a packet server establishes a multi-hop tunnel between other packet endpoints and relays messages between portions of the multi-hop tunnel. Thus, a remote user is allowed to access a VPN via a visiting ISP in addition to their home ISP.
In an embodiment of the invention, a virtual dial-up service is provided via multiple Internet Service Provides (ISPs). In particular, a remote user accesses the virtual dial-up service by establishing a connection to a serving ISP. The Serving ISP establishes a first tunnel to an anchor ISP. The latter establishes a tunnel to, e.g., a private intranet. As a result, a virtual private network (VPN) service is provided that enables remote access, via multiple tunnels, to a private network.