FR2827103A1 - Internet telecommunications network digital word packet routing having digital words set exchange node marked and filtering mechanism authorizing set node packet transmission. - Google Patents

Abstract

The packet routing system between users (10,11) over a network (20) has connected network operators (30,31) using Internet IP protocol. Each operator is connected to an exchange node (40) by a router (50,51). Digital words are marked for a particular exchange node (60) and a filtering mechanism (70,71) authorizes the marked word to transmit by a particular node.

Description

<Desc / Clms Page number 1>

METHOD OF ROUTING DATA BY PACKETS
The present invention relates to the field of packet data routing on telecommunications networks.

 The present invention relates more particularly to a method of routing packet data between a plurality of users via a telecommunications network network of the Internet type or an interconnection of telecommunications networks, said users being each linked to a source and / or destination network operator using the Internet IP protocol, said network operators each being connected to at least one exchange node, via an on-board router.

 We use, below, the term network in the sense of autonomous system (or AS for Autonomous System), that is to say a set of IT and telecoms infrastructures following an identical routing policy. In general, an operator's network consists of a single AS, but this is not necessarily always the case, and the methods and devices described in this document can then be used to improve inter-AS communications within from the network of the same operator. That said, in order to simplify the descriptions, in the rest of the document we will assume that the network of an operator consists of a single AS.

 To exchange traffic with the rest of the Internet, a network operator using the Internet IP protocol may consider two possibilities depending on the relative size of its network compared to that of other networks. Either he subscribes to a transit contract

<Desc / Clms Page number 2>

 (subject to payment of financial compensation) to another operator, or he negotiates an interconnection agreement with another operator without financial compensation, known as a peering agreement, public or private depending on the site where the interconnection takes place .

 The three characteristics of peering are: - There is no financial compensation between operators.

 - Traffic is exchanged on a 'best effort' basis, that is to say that each operator does not guarantee any quality of service to the traffic it receives from another operator via a peering node. Consequently, IP data packets are exchanged according to a 'hot potato' policy, which consists, for each operator, of getting rid of traffic that is destined for addresses outside of the world as quickly as possible. of his network.

 - In a peering agreement, each of the two operators gives access to only its network; that is, each operator accepts only traffic that is destined for an IP address belonging to its own network, and refuses to let packets generated outside pass through its network to reach a destination located on a third network.

 For many of the new applications that appear on the Internet every day, including real-time, two-way and interactive applications (such as voice over IP or videoconferencing), the Internet's 'Best Effort' transport service is no longer suitable. The delivery of information itself is no longer sufficient. These applications require a certain Quality of Service (QoS for Quality of Service)

<Desc / Clms Page number 3>

 end to end that the Internet is still unable to guarantee.

 QoS corresponds to a certain level of service that can be provided to an element of the network (an application, a machine or a router, for example) so that these requirements in terms of service and traffic are satisfied. Services with QoS require the cooperation of all network layers from top to bottom, and that of all elements of the network from end to end. The end-to-end QoS corresponds to the minimum of that of all the segments of the path taken by this flow, between the sender and the recipient.

End-to-end QoS is absent from the public Internet for two main reasons:
1-From a technological point of view, two fundamental mechanisms necessary to offer end-to-end QoS guarantees are absent from most IP telecommunications networks: signaling and intelligent queue management in network equipment . The IP network therefore has no way of informing an application using adequate signaling of what it may require from the network, or of anticipating congestion by reporting traffic-related information.

 Recent technological advances make it possible to add numerous complements to the IP protocol to make up for the absence of the mechanisms mentioned above. The first is the Resource Reservation Protocol (RSVP) which provides signaling mechanisms. The second is Differentiated Services (DiffServ) which allows traffic priority management. These QoS management protocols and algorithms are neither competitive nor mutually exclusive. On the contrary, they are complementary. They are

<Desc / Clms Page number 4>

 designed to be used together to meet widely varying operational requirements in different network contexts. Of course, they do not, on their own, completely solve the technological problem. In fact, all these protocols make it possible to improve the quality of Internet traffic on a single autonomous system, but do not make it possible to solve these problems when the IP packets must cross several networks managed by different operators.

It is in particular at this level that the present invention intervenes.

 2-From a political point of view, today, except in the case of a transit agreement, where the customer operator pays for the traffic it dumps at the operator providing the transit, it is still the operator selling services that keeps all the money collected and pays nothing to dump traffic to the other operator. This is true both for operators participating in a peering agreement and for the operator providing transit vis-à-vis one of its operator customers. This is the Sender Keep All (SKA) model. This interconnection model is the most stable in the operator industry. However, it is not suited to end-to-end QoS requirements in a multi-operator environment. The marketing of services guaranteeing end-to-end QoS requires the establishment of QoS interconnection mechanisms relating, among other things, to parameters such as latency (network crossing time), jitter (variation in latency) and the rate of loss or error, in addition to the only bandwidth parameter usually specified.

It obliges the operator who initiated the QoS signal to share the income generated by this QoS service with all operators who operate on the path taken by the end-to-end QoS flow.

<Desc / Clms Page number 5>

 The establishment of interconnection agreements with quality of service guarantees therefore requires the prior establishment of financial incentives or compensation between operators, in a similar fashion to the telephone industry. However, the telephone telecommunications industry differs in two points from the IP network industry: - The Internet is based on packet switching, or routing, which is by nature non-deterministic: one cannot a priori know in advance the path that an IP packet will use to go from point A to point B. It is therefore difficult or even impossible to define contractually the interconnection points where a given IP packet will pass from a network to an exchange node .

 Operators have adopted the hot potato routing policy for peering, which consists of an operator getting rid of packets destined for an IP address outside its network as quickly as possible.

 The termination operator, as for him, will make sure to receive these packets as late as possible (assignment of traffic received from another operator to a queue with reduced priority, disconnection of the link for a short period, voluntary and / or artificial degradation of the metric ...). As a result, each exchange node currently constitutes a center of conflict between the routing policies of the two operators. In telephony, the situation is of course completely different insofar as the circuit established during a communication is completely predetermined.

- Unlike telephony, the quality of service must be measured on end-to-end networks. Indeed, in telephony, the caller sends a

<Desc / Clms Page number 6>

 request for point-to-point circuit establishment between the two networks for a given class of service. This request is either accepted (in which case the circuit is actually established with this class of service, and the minutes of communication between the two points counted down), or rejected (in which case, no circuit is established, and there is no therefore no traffic between the two points). The calling network therefore knows that, when the circuit is established, the quality of service is effectively delivered end to end, including on the network of the termination operator. We note that the case of the Internet is indeed different since the problem is not binary (established circuit therefore QoS actually delivered, or not established circuit, and therefore no QoS actually delivered), insofar as there can be delivery of packets without the termination operator ensuring the quality of service, and without the sending operator being able to know the QoS actually delivered. This information can now only be measured and given to the first operator by and with the consent of the termination operator; One can naturally wonder about the value given to this information without the existence of a trusted third party to validate the measurement.

 The usual exchange nodes (GIXs for Global Internet exchanges) offer infrastructure and interconnection services to operators. They are hosted in specialized and secure technical accommodation centers (datacenters, carrier hotels, telecom hotels ...).

 Most of them are not neutral: they are managed by operators or sometimes by a consortium of operators. They are not able to

<Desc / Clms Page number 7>

 guarantee and measure the Quality of Service actually delivered from start to finish because they are only present at the exchange point and use ATM switches (invisible at IP level).

 Public peering still plays an important role in the interconnection of large Internet networks: the main operators are linked by hundreds of bilateral peering agreements. These agreements are concluded on a 'best effort' basis, and therefore do not guarantee performance levels when data is sent from one network to another: the public peering points are congested.

 Currently many operators claim that 80% of their peering agreements are private, and the quality of private peering is assumed to be better.

However, users find that, despite everything, Internet traffic remains slow and congested, while all the operators' tips are completely oversized. Indeed, IP packets transit and access the exchange nodes in a non-deterministic way, which does not allow operators or predict a priori the effective cost of transporting IP packets from point A to point B with guarantees of quality of service, nor to guarantee any quality of service to their customers.

In addition, only very high quality private peering would be extremely expensive for operators since only a minority of their customers would be willing to pay a QoS premium.

 The present invention intends to remedy the drawbacks of the prior art.

<Desc / Clms Page number 8>

 To do this, the present invention is of the type described above and it is remarkable, in its broadest sense, in that said data are marked in order to authorize them to borrow at least one particular exchange node and in this that at least one filtering device is provided, authorizing said data thus marked to pass through said particular exchange node.

 Said data are preferably marked at the level of active elements at the IP level (routers, servers, etc.) situated between the station of said user and an on-board router of said source network operator.

 Said particular exchange node preferably comprises at least one screen router intended to be connected to the routers of the network operators at the level of the IP layer.

 Said screen router preferably announces the presence of the particular exchange node for the marked data and does not announce the presence of the particular exchange node for the unmarked data.

 Said marking of the data respectively allows the on-board routers of the operator to route the marked packets from the operator's network to the screen router of the particular exchange node.

 The particular exchange node filters and preferably accepts to route only correctly marked packets.

 Said particular exchange node preferably accepts to transfer said data only if the

<Desc / Clms Page number 9>

 Source and destination network operators are directly and / or exclusively connected to one or more specific exchange nodes.

 In a variant, the particular exchange node is produced virtually on interconnection infrastructures already assigned to interconnections, by using the possibility of certain routers to carry several different IP addresses and to treat the IP packets directed to these differently. different addresses.

 The marking step can be performed recursively, in order to allow said network operators to introduce a defined dose of determinism into the path of the marked packets within their respective networks.

 The present invention also relates to a device for implementing the method according to the invention.

 The device is preferably constituted at least by an interconnection of networks comprising a plurality of particular exchange nodes.

 Advantageously, the method according to the invention makes it possible to predefine in a completely deterministic manner the point where the transfer of packets will take place from one network to another, thus allowing each operator to give a price for its service, and thereby committing to ensuring a quality of service previously determined in the terms of an SLA (Service Level Agreement) for packets coming from an outside network (for example

<Desc / Clms Page number 10>

 compatibility of routing policies with those of its partners, non-degradation of metrics, etc.).

 Advantageously also, the method according to the invention allows the operators connected to the particular exchange node on the one hand to perform service differentiation for their end customers without having to implement specific protocols such as DiffServ and MPLS on their networks and on the other hand to offer discriminated services and prices to their customers and thus maximize their income.

 The administrator of the particular exchange node can also play the role of a trusted third party since he is able, thanks to the devices placed with end users, to measure the quality of service from end to end on all autonomous systems. , so as to guarantee operators interconnected via the particular exchange node a neutral measure of Quality of Service on all networks connected to the particular exchange node.

 The invention will be better understood with the aid of the description, given below for purely explanatory purposes, of an embodiment of the invention, with reference to the appended figures: FIG. 1 illustrates the diagram of the advertisements of routes by screen routers in the method according to the invention; FIG. 2 illustrates the paths of the standard IP data packets (or “best effort” packets), and of the marked IP data packets (authorized to access the particular exchange node), using the method according to the invention;

<Desc / Clms Page number 11>

 FIG. 3 illustrates a recursive use of the method allowing an operator to manage the degree of determinism which he wants to impose on the routing of certain authorized packets; FIG. 4 illustrates an example of generalization of the use of the particular exchange node between a plurality of operators; and 'Figure 5 illustrates the realization of a particular virtual exchange node between two network operators.

 The present invention relates to a method for routing and filtering certain data packets produced under Internet Protocol (Internet Protocol), said to be authorized, sent by a first autonomous system of an operator? 1 from a source network (30) to a particular exchange node (60) interconnected with one or more other autonomous systems of an operator? 2 of the destination network (31), as illustrated in FIGS. 1 and 2. The authorized packets are determined according to various parameters (type of application, source or destination address, etc.). This process can in particular be used to allow authorized IP data packets to short-circuit certain congestion points on the Internet (peering points, interconnection nodes for autonomous systems, etc.) and thus to ensure guarantees of End-to-end Quality of Service (or QoS) on networks managed by different operators.

 This method uses two means: a first routing device (100,101), placed between the stations of the end users (10,11) and the on-board routers on the client side (90,91), making it possible to "mark" the packets authorized to borrow the particular exchange node (60),

<Desc / Clms Page number 12>

 and a second filtering means (70,71), placed between the routers of the operators (50,51) and that (80) of the particular exchange node, which "cleans" the "marked" packets and ensures that no packets unauthorized does not access the particular exchange node.

 According to the present invention, the administrator of the particular exchange node (60) can measure the QoS between the two routing devices (100, 101) placed at the end customers. Furthermore, the administrator of the particular exchange node (60) can act as a clearinghouse between all operators so as to guarantee that the traffic they send to the particular exchange node (60) will be processed with a given class of service from source to destination with possible financial compensation.

 Conventional public or private peering points have neither the infrastructure nor the economic model that would allow them to offer end-to-end QoS guarantees similar to those made possible by the method according to the invention. Indeed, these exchange nodes exclusively use ATM switches while the management of QoS parameters requires management at the IP level (at level 3 of the OSI model (Open System Interconnection)) and therefore a router (80), called a screen. , only accessible to authorized packages.

 The proposed solution thus allows operators connected to the particular exchange node to offer their customers (10,11) services that they are unable to perform alone (for example Multi-operator IP Virtual Private Networks for Intranet or Extranet between several organizations, Voice over IP and videoconference between different autonomous systems ...).

<Desc / Clms Page number 13>

The solution according to the invention consists in:
Have specific exchange nodes (60), deployed in the main datacenters (telecom equipment hosting centers, etc.) where IP traffic exchanges between operators are carried out in particular (Peering agreements, purchase of transit. ..). These different particular exchange nodes can possibly be themselves linked together by a network (for example of optical fibers), whether on a local, metropolitan, national or international scale, so as to make all these points equivalent. In each of these exchange nodes, one or more so-called screen routers (80) will be placed which will interconnect with the peering routers or on-board routers (50, 51) of the operators at the IP layer.

 . provide routing (100.101) and filtering (70.71) devices (software or hardware) that allow authorized IP packet flows initiated by end users connected to the networks of operators interconnected via the particular exchange node to be dumped on the exchange node without the other 'best effort' flows (not allowed). a Interconnect the networks of operators connected to the particular exchange node between which the administrator of the exchange node can, possibly, play the role of clearing house and / or trusted third party (by ensuring the measurement of the quality of service actually delivered from start to finish and by redistributing penalties and financial compensation between operators).

 Figure 2 shows the installation of the two parts of the routing / filtering device within the

<Desc / Clms Page number 14>

 three networks, as well as the paths of unauthorized IP packets (or "best effort" packets), represented in solid lines, and "authorized" IP packets (authorized to access the particular exchange node), represented in dotted lines, when the packets must go from the network of the null operator, source network operator (30), to the network of operator N02, destination network operator (31).

 The concept of this filtering makes it possible to make a passage and / or a network invisible for all the routers of the adjacent networks and usable only by authorized packets.

 The screen router (s) (80) of this particular exchange node (60) does not advertise any route to the on-board routers (50, 51) of other networks similar to the network of the source operator (30). Thus, no unauthorized packets will be directed to these routers. On the other hand, the screen routers (80) of the exchange node signal their existence like any router, by sending KEEPALIVE signals (command used to verify that a partner is actually active) to their neighbors (50, 51), so as to that the corresponding road remains open (is not closed by the neighbors ...).

 In principle, the device is achievable in at least two different ways, depending on the references, technologies and policies of users, administrators of the particular exchange node and / or end users: by routing technologies to the source (source-routing), or by an encapsulation process.

<Desc / CRUD Page number 15>

 The particular exchange nodes (60) accept the authorized IP packets entrusted by the autonomous systems of the operators connected to the particular exchange nodes and dump on their networks the authorized traffic originating from other networks of operators interconnected with the nodes. private exchange. The particular exchange nodes (60) accept to transport flows only if the two ends of these flows are in the network of two operators interconnected directly to the particular exchange nodes.

 Each particular exchange node therefore only communicates with other networks via screen routers so as to remain completely invisible with respect to the edge routers of the adjacent networks. The particular exchange node therefore only receives marked packets, it encapsulates them and transmits them to the destination networks if these are directly connected to the particular exchange node, the destination network contractually committing to processing IP packets which are transmitted to it by the particular exchange node with certain guarantees of quality of service,; in particular at the level of the interconnection with the exchange node (60). Financial compensation can possibly be put in place to encourage operators to deliver this quality of service from start to finish.

 The authorized IP packets will therefore be treated with a particular quality of service from end to end through the three autonomous systems at least crossed (AS of the first operator, at least one particular exchange node, AS of the second operator).

 The routing / filtering solution according to the invention uses source routing technologies

<Desc / Clms Page number 16>

 (source-routing) and / or encapsulation which allow operators connected to the particular exchange node to send to the latter only QoS flows that they wish to entrust to it. The filtering system (70, 71) placed at the level of the particular exchange node thus thus makes it possible to receive on the particular node only marked packets and to destroy the unauthorized packets which could have reached it.

Routeras)', routeurs de bord (90, 91) : a Il marque le champ TOS (Type of Service) de l'en-tête des paquets IP autorisés pour distinguer les paquets autorisés des paquets non autorisés, et éventuellement les traiter de façon différenciées au niveau des noeuds d'échange particuliers. a Il dirige les paquets autorisés vers le noeud d'échange particulier (60) :
0 si l'opérateur dispose d'un réseau MPLS, ce dispositif utilise un tunnel MPLS pour diriger le trafic autorisé directement vers le routeur écran (80) du noeud d'échange particulier. The two devices constituting the routing / filtering system are more precisely described in the following lines (cf. FIG. 2):
The first routing device (100,101) is available in several versions depending on the network of operators. It is placed between the Customer Terminal Devices M, users (10,11) and the Customer Edge

Routeras) ', edge routers (90, 91): a It marks the TOS (Type of Service) field of the header of authorized IP packets to distinguish authorized packets from unauthorized packets, and possibly treat them in a way differentiated at the level of the particular exchange nodes. a It directs the authorized packets to the particular exchange node (60):
0 if the operator has an MPLS network, this device uses an MPLS tunnel to direct authorized traffic directly to the screen router (80) of the particular exchange node.

 0 if the operator does not have an MPLS network but supports source routing (source-routing), the device uses source routing (for example soft routing or Loose Routing) which allows '' impose the passage, between the source IP address and the destination IP address, by the screen router (80) of the node

<Desc / Clms Page number 17>

 exchange itself characterized by an intermediate IP address.

 0 If the operator does not support source-routing, the device uses an IP encapsulation process (for example IP tunneling) so as to pass the packets marked by the buffer IP address of the router screen (80), before finally directing them to the destination IP address of the destination user (11).

 These techniques make it possible for traffic originating from a first network operator (30) (hosting the source IP address machine), intended for a second network operator (31) (hosting the IP address machine) destination) goes through a particular address router (the address of the screen router (80) in question belonging to the particular exchange node (60)). Thus, the routers (50, 51) route these packets to the screen router (80) without being concerned further with the fact that according to their routing tables this router constitutes a dead end.

This first device can take the form of a physical card or software installed at the user stations which wish to send authorized packets. The cards must be embedded on servers hosted on the network. Several types of cards are proposed in order to adapt to the different operating systems used on the servers (Linux, Windows NT, Windows 98, Windows 2000 ..., registered trademarks)
The second device, the filtering device (70,71) is a filter which is placed between the on-board routers (50,51) of the operators and the screen router (80) which

<Desc / Clms Page number 18>

 communicates with the on-board routers (50,51). It performs several tasks: 'It filters all the packets destined for the screen router (80) of the exchange node and eliminates all the unauthorized packets.

 'II filters all the BGP messages announcing the routes of the screen router (80) for the attention of the on-board routers (50, 51) of the operators without touching the other routing messages. Consequently, for the on-board routers (50, 51) of the operators, the screen router (80) of the exchange node knows no route but remains 'alive'.

 'If the first device, the routing device (100,101) uses encapsulation, the second must also unpack the packets.

 This second device is preferably placed at the level of the particular exchange node (60), for example on screen routers (80). Some of the features of this device can be directly configurable on certain routers, and therefore do not necessarily require the addition of a card or software. A physical card or software can nevertheless be installed at this level in order to complete the functionality of screen routers (filtering, security, etc.). The MPLS (MultiProtocol Label Switching) protocol is preferably implemented on the whole of the particular exchange node (60).

 The authorized IP packets, which have reached the particular exchange node (60), are then transmitted to the network of the operator hosting the destination IP address and connected to the particular exchange node.

 The particular exchange node uses RSVP to allocate bandwidth to the MPLS tunnels. In

<Desc / Clms Page number 19>

 combining the three RSVP, DiffServ and MPLS protocols, the exchange node is capable of guaranteeing QoS on the local or metropolitan network. In order to guarantee end-to-end QoS, the two source and destination operators must also ensure QoS on their respective networks, and above all, the exchange of QoS for the transmission of packets at the border.

 With operators having an MPLS network, the particular exchange node can exchange the label which contains the QoS parameters. With the other operators, the DS field (included in the TOS field) is used to mark the packets (DiffServ) before they leave the operators' on-board router (90,91).

Some remarks on this process and its use:
The proposed solution only concerns outgoing packets which cannot carry an external attack against the transmitter if its defense system is functioning properly.

 All the packets passing through the particular exchange node are decapsulated and transmitted to the network of the recipient operator. There is therefore no specific problem vis-à-vis the firewall type protection devices of the networks which receive the packets.

 In the case where an address translation device is implemented on the network, the device can be placed downstream of the NAT routers.

 If the operator is already able to guarantee QoS within its network, the impact of the solution on its network is minimal, since the proposed device adapts to the operator's network, and not the reverse.

The operator can interconnect at the exchange node

<Desc / Clms Page number 20>

 particular to its usual peering point. It suffices that the operator guarantees the bandwidth between the end users (10, 11) located on its network and its bridgehead formed by the router (50, 51) at the peering point.

The operator does not risk more disruption with the particular exchange node than with his own network because the particular exchange node is built to ensure only QoS while his must mix 'Best Effort' and QoS
The cryptography techniques above the transport layer (layer 4 of the Open System Interconnection-OSI model) TCP or UDP, are in essence compatible with all these QoS / Network Engineering technologies.

 The recurrent use of the system described in this patent application can also allow operators of autonomous systems connected to the particular exchange node to impose a well-defined dose of determinism on the routing of certain packets when they circulate on their autonomous system. (cf. figure 3).

 Indeed, it is possible to recursively use the encapsulation process so as to require passage by several intermediate screen routers (82) of the network of a first network operator (30) No 1.

That is to say, it becomes possible to impose on authorized IP packets, not only the point of passage from one autonomous system to another (passage required by the screen router of the particular exchange node 60) , but also a certain number of other intermediate points allowing the operator of a first autonomous system to control at his discretion the number and the IP number of the intermediate screen routers (82) by which he wishes to force the passage of certain packets IP. For each point of

<Desc / Clms Page number 21>

 imposed passage, it is then necessary to carry out an encapsulation of the IP-IP type, as described above. These encapsulations can be carried out either immediately after their generation on the source user station (10), or on the route of their routing before the first imposed router (90). Each intermediate router then plays the role of an intermediate screen router whose operating principle is similar to that of the particular exchange node. The authorized IP packets are therefore decapsulated at each intermediate screen router. FIG. 3 illustrates the case where operator 1 has chosen to impose two intermediate screen routers on his network. Between these routers, packet routing follows the routing policy in force on the network of operator 1 and therefore remains a priori non-deterministic.

 It is also possible, as illustrated in FIG. 4, to imagine the crossing of more than two autonomous systems, each interconnection of autonomous systems being carried out by means of a particular exchange node (60, 61). In this case, the networks of operators able to transport marked packets are no longer necessarily exclusively the networks of operators initiating and terminating traffic. Is it then possible to forward authorized IP packets via one or more other operators (32)? 3 provided that each time that the authorized packets pass from one network to another, it is via a particular exchange node. This process can be particularly interesting when the operators for initiating and terminating traffic have not directly entered into a bilateral interconnection agreement via a particular exchange node.

<Desc / Clms Page number 22>

Figure 4 illustrates the use of several specific exchange nodes (60,61) to ensure QoS across more than two operator networks:
A user (10) located on the operator 1 network wishes to send IP packets to a user (11) located on the operator 2 network. Source and destination network operators (30,31) using the protocol Internet (operators 1 and 2) are not directly interconnected via a particular node (60, 61). This may be the case for two local operators located in remote geographical areas (a local operator in Asia, and a local operator in Europe for example). These two operators can only communicate with each other by using one or more intermediary network operators (32), called transit operators, with a network connecting these two distant geographic areas (((third party operators N 3, for example, with a global network). In Figure 4, the operator? 3 plays the role of transit operator between the two operators operator? 1 and operator? 2.

 The device can be installed in two ways.

 On the one hand, it is possible to encapsulate the authorized packets at once on the transmitting network. In this case, the authorized IP packets sent by the user (10) located on the operator's network 1 are encapsulated twice (IP-IP described in the first part of the document) and directed to the screen router (80) of the particular exchange node 1. The device placed at the level of the first particular exchange node (60) will then unpack the packets for the first time, then route them in the direction of the screen router (81) of the next particular exchange node (61) on the way to the termination operator 2.

<Desc / Clms Page number 23>

 One can, on the other hand, proceed by encapsulating the packets only once, for example at the level of the entry router (90, 92) of each network, and by decapsulating them at the level of the particular exchange node (80, 81 ) to which they are then transmitted.

 Finally, as illustrated in FIG. 5, it should be noted that all of these devices can be implemented virtually directly on the edge routers (50, 51) of the operators, without the physical installation of a particular exchange node being necessary: some routers (50,51) can indeed carry several IP addresses and process with different priorities the packets addressed to one or the other of these addresses; it is therefore sufficient to reserve one of these addresses which will be used exclusively for the routing of authorized packets. A completely virtual particular exchange node is thus produced which does not require the physical installation of new routers and new links. Authorized and unauthorized packets then use the same links between operators, but are treated differently in terms of on-board routers (50,51).

Each of the routers (50, 51) then plays the role of a screen router when it receives the IP packets generated on the network of the other operator.

 The invention is described in the foregoing by way of example. It is understood that a person skilled in the art is able to carry out different variants of the invention without going beyond the scope of the patent.

Claims (11)

1. A method of routing packet data between a plurality of users (10,11) via a telecommunications network network of the Internet type or an interconnection of telecommunications networks (20), said users (10,11) being each connected to a source and / or destination network operator (30,31) using the Internet IP protocol, said network operators (30,31) each being connected to at least one exchange node ( 40), via an on-board router (50,51), characterized in that said data are marked in order to authorize them to borrow at least one particular exchange node (60) and in that the at least one filtering device (70,71) is provided, allowing said data thus marked to pass through said particular exchange node (60).  2. A packet data routing method according to claim 1, characterized in that said data are marked at the level of active elements at the IP level (routers, servers ...) located between the station of said user (10,11) and an edge router (90,91) of said source network operator (30,31).  3. A packet data routing method according to claim 1 or claim 2, characterized in that said particular exchange node (60) comprises at least one screen router (80) intended to be connected to the routers (50, 51) network operators (30,31) at the IP layer.  4. Method for routing packet data according to claim 3, characterized in that said screen router announces the presence of the particular exchange node (60) for the marked data and does not announce <Desc / Clms Page number 25>  the presence of the particular exchange node (60) for the unmarked data.  5. A method of routing packet data according to any one of claims 1 to 4, characterized in that the marking of said data allows routers (50,51) respectively to route said marked packets of said network operator (30,31 ) to said screen router (80) of the particular exchange node (60).  6. A packet data routing method according to any one of claims 1 to 5, characterized in that said particular exchange node (60) filters and accepts to route only correctly marked packets.  7. A packet data routing method according to any one of claims 1 to 6, characterized in that said particular exchange node (60) only accepts to transfer said data if the network operators (30,31 ) source and destination are directly and / or exclusively connected to one or more specific exchange nodes (60).  8. A packet data routing method according to any one of claims 1 to 7, characterized in that said particular exchange node (60) is carried out virtually on interconnection infrastructures already assigned to interconnections, using the possibility of certain routers to carry several different IP addresses and to treat IP packets directed to these different addresses differently.  9. A packet data routing method according to any one of claims 1 to 6, characterized in that the marking step is performed recursively, in order to allow said network operators to introduce a defined dose of determinism. at <Desc / Clms Page number 26>  path of marked packets within their respective networks.  10. Device for implementing the method according to any one of claims 1 to 9.  11. Device according to claim 10, characterized in that it is constituted at least by an interconnection of networks comprising a plurality of particular exchange nodes (60).