JP2001274843A - Remote access server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a plurality of networks using the same address space to share the same remote access server. SOLUTION: This server consists of WAN side interfaces 21 connected to a public network, LAN side interfaces 25 connected to a LAN, WAN side L2 processing parts 22 and LAN side L2 processing parts 24 for performing layer 2 processing of data frames received from the interfaces and a switch connecting part 23 for performing one-to-one connection of the WAN side L2 processing parts and the LAN side L2 processing parts. The server directly transfer the data frame from a user to a designated LAN side interface without going through a layer 3 by changing switch connections of the switch connecting part to connect a proper WAN side L2 processing part and a proper LAN side L2 processing part in the case of receiving a connection request through the public network.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD The present invention relates to a LAN for a company or the like,
An Internet service provider accommodates users who make dial-up connections using the ISDN or analog public telephone network, and connects to a data network such as a LAN, that is, a remote service used when providing a remote access service. It concerns the access server.

[0002]

2. Description of the Related Art In many cases, a LAN or an Internet service provider of a company or the like provides a remote access service. In this case, a remote access server having both a WAN interface connecting to a public network (WAN) and a LAN interface connecting to a LAN is used.

[0003] The remote access server determines the frame format and transmission method with the WAN before starting communication, and thereafter transmits and receives user data frames. In the present invention, this prior determination is performed in the same manner as in the related art, and in the following description, only the transmission and reception of the user data frame will be described. Although the term "layer 2" is used as an example of a lower layer and the term "layer 3" is used as an example of an upper layer, the following processing can be performed in another lower layer / upper layer.

FIG. 1 shows a configuration diagram of a conventional remote access server. When the WAN-side interface 11 receives the WAN-side frame, the WAN-side interface 11 sends the frame to the corresponding WAN-side L2 processing unit 12. Upon receiving the frame, the WAN-side L2 processing unit 12 performs a layer 2 process on the frame to generate a layer 2 frame, and generates a layer 3 packet such as an IP from the layer 2 frame. The generated layer 3 packet is sent to the L3 processing unit 13. The L3 processing unit 13 stores address information (for example, an IP address) contained in a layer 3 packet.
The route of the packet of the layer 3 is determined based on the above, and the packet is transferred to an appropriate LAN side L2 processing unit 14 according to the route. When receiving the layer 3 packet, the LAN side L2 processing unit 14 encapsulates the layer 3 packet into a layer 2 frame, and outputs the encapsulated layer 2 frame to a LAN (not shown) through the LAN side interface 15. .

Conversely, when the LAN-side interface 15 receives a LAN-side frame, the LAN-side L2 processing unit 14 performs a layer 2 process on the frame to generate a layer 2 frame. Layer 3 packets such as IP are extracted from the frame of
It is supplied to the processing unit 13. The L3 processing unit 13 determines a route to which the packet of the layer 3 is to be sent based on the address information included in the packet of the layer 3, and determines an appropriate route according to the route.
The layer 3 packet is transferred to the WAN side L2 processing unit 11.
When the layer 3 packet is received by the WAN-side L2 processing unit 11, the packet is encapsulated in a layer 2 frame.
The encapsulated layer 2 frame is output to a WAN (not shown) through the corresponding WAN-side interface 11.

In the conventional remote access server having the above-described configuration, when a frame from a LAN or a WAN is received, a layer 3 packet is extracted from the frame and a route determination (for example, based on a layer 3 address such as an IP address) is performed. Routing) to determine the output destination.
As described above, when a route is determined using a layer 3 address such as an IP address, a plurality of networks using the same layer 3 address space (for example, a corporate intranet using a private IP address) are connected to the same remote access server. Cannot be shared. this is,
When the L3 processing unit 13 of the conventional remote access server receives a layer 3 packet having an IP address addressed to a plurality of networks using the same layer 3 address space, the L3 processing unit 13 sends the packet to any of the plurality of networks. This is because it is not possible to determine whether to send.

As described above, when remote access is provided using a conventional remote access server, a plurality of networks using the same address space cannot share the same remote access server.

[0008] It is an object of the present invention to enable a plurality of networks using the same address space to share the same remote access server.

[0009]

According to the present invention, in order to achieve the above-mentioned object, a WAN interface connected to a public network, a LAN interface connected to a LAN, a WAN interface and a LAN interface are provided. It consists of a WAN-side L2 processing unit and LAN-side L2 processing unit that performs layer 2 processing of data frames, and a switch connection unit that connects the WAN-side L2 processing unit and the LAN-side L2 processing unit on a one-to-one basis. When receiving a request, change the switch connection of the switch connection unit and connect the appropriate WAN side L2 processing unit and LAN side L2 processing unit to specify the data frame from the user without going through Layer 3 The main feature is that the data is directly transferred to the specified LAN interface.

Another embodiment of the present invention selectively connects at least one first network and at least one second network in response to a connection request signal from a user. A remote access server for transferring an information signal between a first and a second network, the remote access server including at least one first connection device for connecting to the first network. A first processing device connected to the first connection device, at least one second connection device for connecting to the second network,
A second processing device connected to each of the connection devices, and a switch connection portion connected to the first processing device and the second processing device, wherein the switch connection portion is connected to the user by the user. The first processing device and the second processing device are selectively connected to each other in response to a connection request signal, and the first processing device receives information from the first connection device or the switch connection unit. Processing the signal in accordance with a first communication protocol and sending the processed information signal to the switch connection or the first connection device, wherein the second processing device is configured to switch the second connection device or the switch connection Processing the information signal received from the unit in accordance with a second communication protocol, and transmitting the processed information signal to the switch connection unit or the second connection device.

[0011] The first network may be, for example, a WAN connected via a public network, and the second network may be a LAN. Further, the first and second connection devices may be interface devices for connecting to respective networks. The first communication protocol is, for example, HD over a dial-up connection.
PPP connection encapsulated in LC frame, PPP over ATM
Protocol stack, PPP over L2TP, PPP ov
er Ethernet® protocol stack, and the second communication protocol is a 10
Ethernet with VLAN function, not limited to Mbps Ethernet LAN
et and faster 100Mbps, 1Gbps Ethernet, IPo
ver A frame relay using ATM such as ATM or LANE or a frame relay may be used. In addition, the switch device freely selects a plurality of first processing devices and a plurality of second processing devices,
For example, it operates to establish a connection in a desired form according to a connection request, such as one-to-one, many-to-one, or one-to-many, between a plurality of first processing devices and a plurality of second processing devices. You may. A plurality of connections between the first processing device and the second processing device may be simultaneously established. In addition,
In the present invention, a plurality of first processing devices, a plurality of second processing devices,
Processing devices, a plurality of first connection devices connected thereto, and a plurality of second connection devices do not necessarily need to be physically independent devices, and these devices are logically independent It may be a single device that can function as a device. For example, if a physically single connection device (interface device) can logically function as a plurality of connection devices, such a physically single connection device may be used as the plurality of connection devices. it can. This is the same for the processing device.

According to the present invention, it is possible to provide a remote access service by sharing a remote access server with a plurality of networks using the same address space.

[0013]

FIG. 2 shows an embodiment of a remote access server according to the present invention. In FIG. 2, reference numeral 21 denotes a WAN.
Side interface, 22 is a WAN side L2 processing unit, 23 is a switch connection unit, 24 is a LAN side L2 processing unit, and 25 is a LAN side interface.

As shown in FIG. 1, a remote access server according to this embodiment includes a plurality of WAN interfaces 21 connected to a WAN (not shown) and a plurality of WAN interfaces connected to the WAN interface 21. An L2 processing unit; a switch connection unit 23 connected to the plurality of WAN-side L2 processing units; a plurality of LAN-side L2 processing units 24 respectively connected to the switch connection unit 23;
A LAN interface 25 connected to the AN-side L2 processing unit 24, and the LAN interface 25 is further connected to at least one LAN (not shown).

As in the description of the prior art, it is assumed that prior to transmission and reception of a user data frame, a frame format and a transmission method with the WAN are determined in advance. Although the word “layer 2” is used as an example of the lower layer and the word “layer 3” is used as an example of the upper layer, the following processing can be performed in other upper and lower layers.

[0016] As an example of the lower layer, the WAN side is an ISD.
PPP connection encapsulated in HDLC frame by dial-up connection using N or POTS line, Ethernet on LAN side, IP as upper layer WAN and LAN side protocol, but other protocols (stack) The present invention can be easily applied to the case where is used.

For example, as a lower layer example on the WAN side, a PPP over ATM protocol stack, a PPP over L2T
There are P and PPP over Ethernet protocol stacks. In addition, the remote success server according to the present invention is an ISDN or
Not only those used for dial-up access using a POTS line, but also applicable to remote access servers for constant access such as ADSL and FTTH.

In the case of the LAN side, the lower layer is not limited to a normal 10 Mbps Ethernet LAN, but may be an Ethernet having a VLAN function or a higher speed 100 Mbps, 1 Gbps Ethernet.
Other than et, it is possible to use an ATM such as IP over ATM or LANE, or a frame relay, etc.
The network does not need to be closed in the same station, but may be deployed over a wide area.

Further, as the protocol of the upper layer,
In addition to IP, protocols such as IPX and AppleTalk may be used. When the lower layer protocol used on the LAN side is Ethernet, the remote access server according to the present invention can also function as a bridge, and in that case, the upper layer protocol is considered to be an Ethernet bridge.

Further, according to the present invention, before transmitting / receiving a user data frame, connection request information from a user or LAN
From the start to the end of a certain communication (or session), it is necessary to permanently connect the user to a certain LAN based on the user management information on the side. For this purpose, a procedure is included in which the switch connection in the switch connection unit is changed before the communication starts, and the switch connection is released when the communication is completed.

On the protocol stack side, in the PPP user authentication, the validity of the dial-up user can be confirmed by comparing the user name and the password input by the dial-up user. If the identifier of the LAN to be connected is included in the user name information using, for example, the format of “user name @ LAN identifier”, the user can select the Ethernet port of the connection destination LAN. Using this information, for a dial-up user whose validity has been confirmed, the PPP session and the requesting Ethernet port can be fixedly connected. When the PPP ends, the connection between the PPP session and the Ethernet port is released. In the following description, the description of these procedures will be omitted, and only the transmission and reception of the user data frame will be described.

When the WAN-side interface 21 receives a PPP frame encapsulated in HDLC, the WAN-side L2 processing unit 22 performs processing of the HDLC and the PPP protocol. In the embodiment, an IP packet is extracted. This IP packet is transmitted to the WAN side L based on the switch connection set in advance by the switch connection unit 23.
2 Eth where the processing unit 22 is permanently connected (with this session)
The data is transferred to the LAN side L2 processing unit 24 corresponding to the Ethernet port.

When this IP packet is received by the LAN side L2 processing unit, it is encapsulated in a layer 2 frame, and the corresponding Ethernet
Output to LAN through t port.

Conversely, the LAN side interface 25 is
When an rnet frame is received, the LAN-side L2 processing unit 24
Performs ernet frame processing, and converts Ethernet frames to IP
Take out the packet. Based on the switch connection set in advance by the switch connection unit 23, this Ethernet port is processing the fixedly connected PPP session W
Transfer to the AN side L2 processing unit 22. This IP packet is sent to WAN side L2
Upon receipt by the processing unit 22, a PPP frame encapsulated in HDLC is created, and this is
Output to AN.

[0025]

According to the remote access server of the present invention, since the route control using the address information of the layer 3 packet is not performed at the time of transferring the user data frame, even in a plurality of networks using the same address space,
It is possible to share a remote access server.

[Brief description of the drawings]

FIG. 1 is a schematic block diagram illustrating a configuration example of a conventional remote access server.

FIG. 2 is a schematic block diagram illustrating a configuration example of a remote access server according to an embodiment of the present invention.

[Explanation of symbols]

 21: WAN side interface, 22: WAN side L2 processing unit, 23: Switch connection unit, 24: LAN side L2 processing unit, 25: LAN side interface

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5K030 GA08 HA08 HC01 HC14 HD03 HD06 HD09 JL07 KA13 KX09 LB13 5K033 AA09 CB08 CC01 DA06 DB03 DB18 EC03 9A001 BB04 CC03 CC04 CC06 CC08 DD10 JJ18 JJ25 KK56 LL03 LL09

Claims (6)

[Claims] 1. A WAN interface (21) connected to an access network, a LAN interface (25) connected to a LAN, and a layer 2 process of a data frame received from a WAN interface and a LAN interface. Perform the WAN-side L2 processing unit (22) and the LAN-side L2 processing unit (2).
4) and a switch connection unit (23) for connecting the WAN-side L2 processing unit and the LAN-side L2 processing unit. When a connection request is received from a user, the connection of the switch connection unit is made according to the connection request. Change to WAN side L2 processing unit and LAN
A remote access server for selectively connecting a side L2 processing unit to connect between a WAN interface and a LAN interface according to the communication request and to transfer a data frame. 2. A method for selectively connecting at least one first network and at least one second network in response to a connection request signal from a user, wherein information is provided between the first and second networks. A remote access server for performing signal transfer, the remote access server comprising: at least one first connection device (21) for connecting to the first network; and the first connection device. A first processing device connected to the second network, at least one second connection device connected to the second network, and a second processing device connected to the second connection device. A second processing unit (24); and a switch connection unit (23) connected to the first processing unit and the second processing unit. Selectively connects the first processing device and the second processing device in response to the connection request signal of the first processing device, and the first processing device receives the signal from the first connection device or the switch connection unit. Processing the information signal according to a first communication protocol, sending the processed information signal to the switch connection unit or the first connection device, wherein the second processing device is a second connection device or the switch A remote access server, which processes an information signal received from a connection unit according to a second communication protocol, and sends the processed information signal to the switch connection unit or the second connection device. 3. The remote access server according to claim 2, wherein said first communication protocol and said second communication protocol are both communication protocols belonging to the same layer. Remote access server. 4. The remote access server according to claim 3, wherein said layer is a data link layer. 5. The remote access server according to claim 2, wherein the connection request signal includes an identifier of a second network for which the user requests connection, and the switch connection unit includes: A remote access server for selectively connecting the first processing device and the second processing device using the identifier. 6. The remote access server according to claim 2, wherein the switch connection unit uses the physical address included in the information signal to communicate with the first processing device and the first processing device. A remote connection server for selectively connecting between the two processing devices.