Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider

US 7,469,298 B2
Filed: 03/08/2002
Issued: 12/23/2008
Est. Priority Date: 08/15/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A communication system comprising:

(a) an access network on which a virtual private network is established;

(b) a service provider coupled to said access network; and

(c) user terminals comprising;

a user-side session management unit that performs processing for designation of the service provider, user authentication, and IP address assignment, by using a signaling protocol to exchange management frames with the access network in an authentication phase, anda main-signal transmission-and-reception unit that exchanges main-signal frames with said service provider by using IPoE protocols over the virtual private network established on said access network in a communication phase, wherein the main-signal frames being distinguishable from the management frames on the basis of Ether Type field values as part of Layer 2 header information; and

(d) a subscriber-side edge switch placed between said access network and said user terminal, comprising;

a transfer control unit that transfers a first main signal frame from the user terminal to the access network and a second main-signal frame from the access network to the user terminal, anda said network-side session management unit performs processing for signaling control, whereinsaid transfer control unit attaches to the first main-signal frame a tag indicating the first virtual private network when transferring the first main-signal frame from the user terminal to the access network, andsaid transfer control unit removes a tag indicating the virtual private network from the second main-signal frame when transferring the second main-signal frame from the access network to the user terminal,said network-side session management unit comprises a first table indicating correspondences between the Layer 2 address of said user terminal and a session involving said user terminal, and performs processing for signaling control by software using the first table,said transfer control unit comprises a second table indicating correspondence between the Layer 2 address of the user terminal and the tag indicating the virtual private network connected to said service provider,said transfer control unit further comprises a third table indicating forwarding information corresponding to said service provider,said transfer control unit further comprises a fourth table indicating attributes of each port of said subscriber-side edge switch,said transfer control unit controls the transfer of said main-signal frames by hardware processing using the second, third, and fourth tables, andsaid transfer control unit performs processing for determination of whether or not an input frame is to be handled by the subscriber-side edge switch, and whether an output frame is to be tagged or untagged, and whether or not broadcast filtering is activated, and filtering of unicast flooding, based on said at least one attribute indicated in said fourth table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a communication method: processing for designation of a service provider, user authentication, and IP address assignment is performed by exchanging management frames between a user terminal and a service provider through an access network; and main-signal frames each having an IPoE form and containing a source Layer 2 address of the user terminal are exchanged between the user terminal and the service provider through the access network. The management frames have a form which can be discriminated from the main-signal frames in Layer 2, and the access network holds information on correspondences between source Layer 2 addresses and virtual private networks. The access network recognizes one of the virtual private networks connected to the service provider, based on the source Layer 2 address contained in each main-signal frame, and transfers the main-signal frames in Layer 2 by MAC bridging.

Citations

20 Claims

1. A communication system comprising:
- (a) an access network on which a virtual private network is established;
  
  (b) a service provider coupled to said access network; and
  
  (c) user terminals comprising;
  
  a user-side session management unit that performs processing for designation of the service provider, user authentication, and IP address assignment, by using a signaling protocol to exchange management frames with the access network in an authentication phase, anda main-signal transmission-and-reception unit that exchanges main-signal frames with said service provider by using IPoE protocols over the virtual private network established on said access network in a communication phase, wherein the main-signal frames being distinguishable from the management frames on the basis of Ether Type field values as part of Layer 2 header information; and
  
  (d) a subscriber-side edge switch placed between said access network and said user terminal, comprising;
  
  a transfer control unit that transfers a first main signal frame from the user terminal to the access network and a second main-signal frame from the access network to the user terminal, anda said network-side session management unit performs processing for signaling control, whereinsaid transfer control unit attaches to the first main-signal frame a tag indicating the first virtual private network when transferring the first main-signal frame from the user terminal to the access network, andsaid transfer control unit removes a tag indicating the virtual private network from the second main-signal frame when transferring the second main-signal frame from the access network to the user terminal,said network-side session management unit comprises a first table indicating correspondences between the Layer 2 address of said user terminal and a session involving said user terminal, and performs processing for signaling control by software using the first table,said transfer control unit comprises a second table indicating correspondence between the Layer 2 address of the user terminal and the tag indicating the virtual private network connected to said service provider,said transfer control unit further comprises a third table indicating forwarding information corresponding to said service provider,said transfer control unit further comprises a fourth table indicating attributes of each port of said subscriber-side edge switch,said transfer control unit controls the transfer of said main-signal frames by hardware processing using the second, third, and fourth tables, andsaid transfer control unit performs processing for determination of whether or not an input frame is to be handled by the subscriber-side edge switch, and whether an output frame is to be tagged or untagged, and whether or not broadcast filtering is activated, and filtering of unicast flooding, based on said at least one attribute indicated in said fourth table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The communication system according to claim 1, wherein said main-signal transmission-and-reception unit transmits a frame for confirming connectivity at regular time intervals in said communication phase.
  - 3. The communication system according to claim 1, wherein said user-side session management unit monitors transmission and reception of the main-signal frames, and terminates a connection with said service provider when said user terminal to which said user-side session management unit belongs does not transmit or receive a main-signal frame for a predetermined time which can be set by a user.
  - 4. The communication system according to claim 1, wherein said transfer control unit decapsulates the first main-signal frame before the said transfer control unit transfers the first main-signal frame, when the first main-signal frame received by the subscriber-side edge switch is encapsulated in accordance with a PPP protocol.
  - 5. The communication system according to claim 1, wherein when the user terminal is concurrently connected to a plurality of service providers, and said subscriber-side edge switch receives a frame, said transfer control unit uniquely identifies one of the plurality of service providers as a destination of the frame based on Layer 2 addresses of the user terminal and the one of the plurality of service providers.
  - 6. The communication system according to claim 1, wherein when the user terminal is concurrently connected to a plurality of service providers, and said subscriber-side edge switch receives a frame, said transfer control unit uniquely identifies one of the plurality of service providers as a destination of the frame based on a Layer 2 address of the user terminal and a Layer 3 address of the one of the plurality of service providers.
  - 7. The communication system according to claim 1, wherein said access network comprises a subscriber-side edge switch including a network-side session management unit and a transfer control unit,said network-side session management unit performs processing for signaling control,when the user terminal is concurrently connected to a plurality of service providers, said network-side session management unit delivers to the user terminal a plurality of tags corresponding to the plurality of service providers during the processing for signaling control,in order to transmit a main-signal frame from said user terminal to one of the plurality of service providers, said main-signal transmission-and-reception unit in the user terminal attaches to the main-signal frame one of the plurality of tags corresponding to the one of the plurality of service providers, and transmits said main-signal frame to said subscriber-side edge switch, andwhen said subscriber-side edge switch receives the main-signal frame from the user terminal, the subscriber-side edge switch identifies the one of the plurality of service providers as a destination of the main-signal frame, based on the one of the plurality of tags.
  - 8. The communication system according to claim 1, wherein said access network comprises a provider-side edge switch having a first transfer control unit, a second transfer control unit, and a plurality of ports respectively connected to a plurality of service providers,when said provider-side edge switch receives a first main-signal frame from a first user terminal through said access network, and a first tag indicating a first service provider is attached to the first main-signal frame, said first transfer control unit recognizes the first service provider based on the first tag, removes the first tag from the first main-signal frame, and transfers the first main-signal frame through a first port to the first service provider, andwhen said provider-side edge switch receives a second main-signal frame from a second service provider through a second port, said second transfer control unit recognizes the second service provider based on the second port, attaches to the second main-signal frame a second tag indicating the second service provider, and transfers the second main-signal frame toward a second user terminal connected to the second service provider.
  - 9. The communication system according to claim 1, further comprising a communication control server which controls operations for authentication in a centralized manner, where the operations for authentication includes collection of authentication information from each of a plurality of user terminals, transfer of the authentication information to said service provider to which one of said plurality of user terminals is connected, and transfer of an authentication frame to said each of the plurality of user terminals, and the authentication frame indicates a result of an operation for authentication performed by said service provider.
  - 10. The communication system according to claim 1, further comprising a communication control server including a network-side session management unit which performs processing for signaling control,said access network comprises a subscriber-side edge switch including a transfer control unit which is separately arranged from the network-side session management unit,when said subscriber-side edge switch receives a first main-signal frame from a first user terminal, said transfer control unit attaches to the first main-signal frame a first tag indicating a first virtual private network, and transfers the first main-signal frame through the access network, andwhen said subscriber-side edge switch receives a second main-signal frame transferred through the access network, and a second tag indicating a second virtual private network is attached to the second main-signal frame, said transfer control unit removes the second tag from the second main-signal frame, and transfers the second main-signal frame to a second user terminal.
  - 11. The communication system according to claim 10, wherein said subscriber-side edge switch attaches to each management frame transferred from a third user terminal a tag indicating that the third user terminal is connected to the subscriber-side edge switch, and transfers the management frame to said communication control server by hardware processing, andwhen authentication succeeds, said communication control server remotely configures a table in said subscriber-side edge switch, and said table indicates information for identification of each of a plurality of service providers.
  - 12. The communication system according to claim 10, wherein said communication control server produces a table indicating at least one correspondence between at least one Layer 2 address and at least one Layer 3 address, andsaid subscriber-side edge switch performs an address resolution by hardware processing for transferring to the communication control server a request for a Layer 2 address corresponding to a Layer 3 address of a destination indicated in the request.
  - 13. The communication system of claim 1 further comprising a communication control server includingan authentication control unit which controls operations for authentication in a centralized manner so that the communication control server behaves as an authentication server, where the operations for authentication includes collection of authentication information from the user terminal, transfer of the authentication information to at least one service provider to which the user terminal is connected, and transfer of an authentication frame to the user terminal, and the authentication frame indicates a result of an operation for authentication performed by said at least one service provider;
    - anda session management unit which performs processing for signaling control so that the communication control server behaves as a session management server.

14. A subscriber-side edge switch for connecting a service provider and a user terminals through an access network on which a virtual private network is established, comprising:
- a transfer control unit; and
  
  a network-side session management unit which performs processing for signaling control; and
  
  whereinsaid subscriber-side edge switch includes a mapping of MAC addresses of use terminals and service providers on virtual private networks, andwhen said subscriber- side edge switch receives a first main-signal frame from a first user terminal, said transfer control unit attaches to the first main-signal frame a first tag indicating a first virtual private network, and outputs the first main-signal frame over the first virtual private network, the first main-signal frame containing a MAC address of the first user terminal as a source MAC address, andwhen said subscriber-side edge switch receives a second main-signal frame from a service provider, and a second tag indicating a second virtual private network is attached to the second main-signal frame, said transfer control unit removes the second tag from the second main-signal frame, and outputs the second main-signal frame toward a second user terminal, the second main-signal frame containing a MAC address of the service provider as source MAC address;
  
  said network-side session management unit comprises a first table indicating at least one correspondence between at least one Layer 2 address of at least one user terminal and at least one session with the at least one user terminal, and performs processing for signaling control by software using the first table, andsaid transfer control unit comprises,a second table indicating at least one correspondence between said at least one Layer 2 address and at least one tag each indicating a virtual private network connected to a service provider,a third table indicating forwarding information corresponding to at least one service provider, anda fourth table indicating at least one attribute of each of at least one port of said subscriber-side edge switch,said transfer control unit controls output of said first and second main-signal frames by hardware processing using the second, third, and fourth tables, and performs processing for determination of whether or not an input frame is to be handled by the subscriber-side edge switch, and whether an output frame is to be tagged or untagged, and whether or not broadcast filtering is activated, and filtering of unicast flooding, based on said at least one attribute indicated in said fourth table.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The subscriber-side edge switch according to claim 14, further comprising an address resolution unit which produces a table indicating at least one correspondence between at least one Layer 2 address and at least one Layer 3 address, and returns a response to a first request for a Layer 2 address corresponding to a Layer 3 address of a destination indicated in the first request, by referring to said table, on behalf of the destination, where the response contains said Layer 2 address corresponding to the Layer 3 address of the destination.
  - 16. The subscriber-side edge switch according to claim 15, wherein said address resolution unit unicasts a second request indicating a Layer 2 address of a source of said first request, to said destination indicated in the first request.
  - 17. The subscriber-side edge switch according to claim 14, wherein said transfer control unit uniquely identifies one of a plurality of service providers as a destination of a frame based on Layer 2 addresses of a user terminal and the one of the plurality of service providers when the user terminal is concurrently connected to the plurality of service providers, and said subscriber-side edge switch receives the frame.
  - 18. The subscriber-side edge switch according to claim 14, wherein said transfer control unit uniquely identifies one of a plurality of service providers as a destination of a frame based on a Layer 2 address of a user terminal and a Layer 3 address of the one of the plurality of service providers when the user terminal is concurrently connected to the plurality of service providers, and said subscriber-side edge switch receives the frame.
  - 19. The subscriber-side edge switch according to claim 14, wherein said network-side session management unit outputs toward a user terminal a plurality of tags corresponding to a plurality of service providers during the processing for signaling control when the user terminal is concurrently connected to the plurality of service providers.
  - 20. The subscriber-side edge switch according to claim 14, wherein, said transfer control unit decapsulates a main-signal frame before the transfer control unit transfers the main-signal frame, when the main-signal frame is encapsulated in accordance with a PPP protocol, and received by the subscriber-side edge switch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Okuda, Masato, Kitada, Atsushi
Primary Examiner(s)
Pwu; Jeffrey
Assistant Examiner(s)
Chankong; Dohm

Application Number

US10/094,541
Publication Number

US 20030037163A1
Time in Patent Office

2,482 Days
Field of Search

370/400, 370229-230, 370/360, 370/389, 370/398, 370/506, 370/395.53, 370/395.54, 709236-237, 709/245, 709227-229, 709/213, 713/155, 713/161, 713/168, 713/170, 713200-202
US Class Current

709/236
CPC Class Codes

H04L 12/4645   Details on frame tagging ro...

H04L 12/467   Arrangements for supporting...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/08   for authentication of entit...

H04L 67/14   Session management for real...

H04L 69/329   in the application layer [O...

Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links