| Vpn router and vpn identification method by using logical channel identifiers -> Monitor Keywords |
|
|
 
Vpn router and vpn identification method by using logical channel identifiersRelated Patent Categories: Multiplex Communications, Pathfinding Or Routing, Switching A Message Which Includes An Address Header, Message Transmitted Using Fixed Length Packets (e.g., Atm Cells), Multiprotocol Network, Emulated Lan (lane/elan/vlan, E.g., Ethernet Or Token Ring Legacy Lan Over A Single Atm Network/lan)Vpn router and vpn identification method by using logical channel identifiers description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20060126644, Vpn router and vpn identification method by using logical channel identifiers. Brief Patent Description - Full Patent Description - Patent Application Claims
[0001] The present application is a continuation of application Ser. No. 09/811,440, filed Mar. 20, 2001, the contents of which are incorporated herein by reference. BACKGROUND OF THE INVENTION [0002] The present invention relates to routers, particularly, a router that interconnects Virtual Private Networks (VPNs) to build a network system via the Internet, a method of packet forwarding control to be used on the router, and a method of registering routing and related settings with the router. DESCRIPTION OF RELATED ART [0003] When networking a plurality of intra-corporation networks existing in different areas, corporations conventionally used private lines to interconnect these networks, thus forming a network system that is isolated from external networks (to ensure network security). This, however, posed a problem that the use of private lines increases the networking cost. As a result, along with the prevalence of the Internet that can be used at a low charge, there have been increasing needs for an art of forming a low-cost Virtual Private Network (hereinafter referred to as VPN) by using the Internet. This art is to virtually build private networks via the Internet by using the Internet Protocol (IP) facilities provided by IP networks and the facilities of lower layer protocols below IP. This art enables building a safe network that is isolated from external networks and can provide quality assurance service of any level even via the Internet. [0004] One implementation method of reliable data transmission across a VPN is such that data encapsulation is performed at the entrance to a network of an Internet service provider (hereinafter referred to as ISP) that provides the VPN. The encapsulated data is transferred across the ISP's network, according to the capsule header, and this header is removed at the exit of the network. By using VPN-specific encapsulation headers for datagrams that pass across the Internet, VPNs with ensured security can be formed. Practically used encapsulation protocols are IP capsule, Multi Protocol Over ATM (MPOA), Multi Protocol Label Switching (MPLS), and other ones. The Internet Engineering Task Force (IETF) and other organizations for standardization are working toward the standardization of the encapsulation protocols as of May 2000. SUMMARY OF THE INVENTION [0005] IP addresses are divided into global IP addresses and private IP addresses. Global IP addresses are globally defined unique addresses, whereas private IP addresses can be freely defined by a corporation. Private IP addresses are often used in intra-corporation networks. Thus, it is desirable that private IP addresses can be used when corporations use VPN service. If there are a plurality of VPNs and private IP addresses are used in the VPNs, it may happen that an IP address used in one VPN is also used in another VPN. If IP address duplication exists among a plurality of VPNs, a router that is placed at the entrance to the ISP network and interconnects Local Area Networks (LANs) belonging to the VPNs (this router is hereinafter referred to as a VPN edge router) must hold routing tables separately created for the VPNs in order to properly forward packets across the VPNs. Upon the reception of a packet, the VPN edge router finds one of the VPNs to which one of the LANs belongs across which the packet passed. Then, the VPN edge router searches the routing table for the thus found VPN, determines the forwarded-to-destination of the packet across the ISP network, and encapsulates the packet. Because the VPN edge router holds the routing tables separately created for the VPNs, even if it receives packets passed across different VPNs, but having a same destination IP address, it can forward the packets to their correct destinations without mistaking one for another. [0006] As a method of identifying the above VPNs, for example, the method is known in which a VPN ID is assigned to a user line interface for unique VPN identification and VPN identification is performed by VPN ID, as described in the Oct. 18, 1999, issue of "Nikkei Communication," p. 100. According to this method, VPN identification is performed on a physical interface by interface basis, wherein correspondence of one physical interface to one VPN is required. [0007] In the above method, however, it is required that one physical line connects a corporate network to the ISP network. In order to connect one corporate network to a plurality of VPNs, as many physical lines as the number of the VPNs must be prepared. At the same time, the VPN edge router that interconnects the VPNs must have as many physical interfaces as the number of the VPNs. Consequently, a problem arises that expansion of VPNs interconnected by the VPN edge router expands the physical interfaces of the VPN edge router and eventually additional routers are required. [0008] In a case where an ATM network or a frame relay network provided another ISP or carrier is used as intermediate access means from a corporate network to the ISP network that provides VPN service, a plurality of logical channels are multiplexed and terminated to one physical interface at the entrance of the ISP network. These multiplexed logical channels cannot be identified by VPN identification by physical interface and this is another problem due to the limitation of the previous VPN identification method. [0009] An object of the present invention is to enable VPN identification by using the identifiers of logical channels multiplexed and terminated to a physical interface. [0010] Another object of the present invention is to enable VPN identification by using different kinds of VPN identifiers proper for a plurality of different protocols that are used as lower layer protocols below IP predefined for LANs that are interconnected by the router. [0011] In order to solve the above problems, the VPN edge router of the present invention identifies VPNs by using the identifiers of logical channels multiplexed and terminated to a physical interface. As the logical channel identifiers, information for lower layer protocols below IP is used; e.g., information equivalent to layer 2 prescribed in an OSI model. For example, the logical channel identifiers are expressed in combined VPI and VCI values specified in the header of packets if an ATM protocol is the lower layer protocol of the IP packets or DLCI values if a frame relay is the lower layer protocol. Furthermore, if IP packets are encapsulated with an L2TP header prescribed by a Layer2 Tunneling Protocol (L2TP), information (such as tunnel ID and session ID) specified in the L2TP header can be used as logical channel identifiers. If the lower layer is an Ethernet and VPN identification is performed by using VLAN Tag prescribed in IEEE802.1Q, VLAN Tag is used as logical channel identifiers. If IP packets are encapsulated with a capsule header prescribed by a PPP Over Ethernet encapsulation protocol, information (such as session ID) specified in the capsule header prescribed by the above protocol is used as logical channel identifiers. [0012] Furthermore, the VPN edge router holds a VPN ID indication table into which what kinds of VPN identifiers are used for VPN identification are registered. To allow the ISP network administrator, who administrates the VPN edge router to register VPN identifier settings into this table, the VPN edge router is provided with a user interface. Assume the ATM protocol to be the lower layer below IP as an example. If physical interfaces are used for VPN identification, a "physical interface number" is set in the above VPN ID indication table. If "VPI, VCI" values are used for VPN identification, a "VPI, VCI" value is set in this table. [0013] The VPN ID indication table may contain settings for all physical interfaces or settings for all interface cards, each of which may accommodate a plurality of lines under a same lower layer protocol. If a plurality of logical channels under different lower layer protocols are multiplexed and terminated to one physical interface (for example, a frame relay channel and a PPP channel are multiplexed on a line by time division), the VPN ID indication table may contain settings for all combinations of a physical interface and a lower layer protocol below IP. [0014] How the VPN edge router actually operates will be explained below, using the case where the ATM protocol is used as the lower layer below IP for VPNs interconnected via the ISP network and VPN identifiers are expressed in "VPI, VCI" values as an example. When the VPN edge router receives a packet, it first determines the VPN identifier type, according to the setting (in this example, "VPI, VCI") in the VPN ID indication table, and determines what VPN identification table is to be searched next. In this example, the VPN edge router next searches the VPN identification table that maps "VPI, VCI" values to VPNs. By searching the VPN identification table for a match with the search key of the "VPI, VCI" value specified in the packet header, the VPN edge router finds a VPN across which the received packet passed. Once the VPN has been found out, the edge router searches the routing table for the VPN across which the received packet passed, determines the next forwarded-to-destination of the packet across the ISP network, and generates a capsule header containing information to be used for VPN identification in the network. The VPN edge router attaches this header to the packet and sends the packet to the determined next forwarded-to-destination. [0015] In the present invention, VPN identification is performed by using the identifiers of logical channels multiplexed and terminated to a physical interface as described above. Therefore, it is not necessary to provide the VPN edge router with physical interfaces corresponding to VPNs interconnected by the router. To connect one corporate network to a plurality of VPNs according to the invention, preparing as many logical channels as the number of VPNs is only required, but preparing as many physical lines as the number of VPNs is not necessary. Even when an ATM network or a frame relay provided by another ISP or carrier is used as intermediate access means from a corporate network to the ISP network that provides VPN service, the present invention enables building a network system having VPNs because the VPNs are identified by their logical channels to the VPN edge router. [0016] Furthermore, when the router is set up to interconnect VPNs, the present invention allows the ISP network administrator to select a VPN identifier type proper for each VPN-specific lower layer protocol below IP and register it in the VPN ID indication table. Therefore, a network system can be built to comprise VPNs that run under various kinds of lower layer protocols. BRIEF DESCRIPTION OF THE DRAWINGS [0017] Other objects and advantages of the invention will become apparent during the following discussion of the accompanying drawings, wherein: [0018] FIG. 1 is a schematic diagram for explaining a preferred embodiment of forming VPNs interconnected by VPN edge routers according to the present invention. [0019] FIG. 2 is a schematic diagram for explaining an example of modification to the network topology embodiment example shown in FIG. 1. [0020] FIG. 3 is a schematic diagram for explaining another example of modification to the network topology embodiment example shown in FIG. 1. Continue reading about Vpn router and vpn identification method by using logical channel identifiers... Full patent description for Vpn router and vpn identification method by using logical channel identifiers Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Vpn router and vpn identification method by using logical channel identifiers patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Vpn router and vpn identification method by using logical channel identifiers or other areas of interest. ### Previous Patent Application: Subscriber loop remote control apparatus, subscriber loop remote control method, and subscriber loop remote control program Next Patent Application: Method and apparatus for coalescing acknowledge packets within a server Industry Class: Multiplex communications ### FreshPatents.com Support Thank you for viewing the Vpn router and vpn identification method by using logical channel identifiers patent info. IP-related news and info Results in 0.14086 seconds Other interesting Feshpatents.com categories: Electronics: Semiconductor , Audio , Illumination , Connectors , Crypto , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
