US20050047355A1 - System and method for providing wireless internet services - Google Patents
System and method for providing wireless internet services Download PDFInfo
- Publication number
- US20050047355A1 US20050047355A1 US10/954,728 US95472804A US2005047355A1 US 20050047355 A1 US20050047355 A1 US 20050047355A1 US 95472804 A US95472804 A US 95472804A US 2005047355 A1 US2005047355 A1 US 2005047355A1
- Authority
- US
- United States
- Prior art keywords
- head end
- network
- address
- wireless head
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2539—Hiding addresses; Keeping addresses anonymous
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/02—Communication route or path selection, e.g. power-based or shortest path routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
Definitions
- This invention relates generally to computer networks, and more particularly provides a system and method for using wireless routing to connect customers to internet service providers.
- FIG. 1 is a block diagram illustrating a prior art DSL network 100 .
- DSL network 100 includes multiple servers 102 coupled via a computer network 104 to multiple ISPs 106 .
- Each ISP 106 is in turn coupled via virtual customer circuits 110 to an ATM cloud 112 (e.g., AT&T, Sprint, etc.).
- the ATM cloud 112 is in turn coupled via virtual paths 114 to a DSL access multiplexer (DSLAM) 116 (e.g., Pacific Bell, Covad, Northpoint, etc.).
- DSLAM 116 is in turn coupled via phone pairs 118 to subscribers 120 .
- DSLAM DSL access multiplexer
- the DSLAM 116 manages traffic between multiple ISPs 106 and multiple subscribers 120 , and manages non-overlapping virtual customer circuits 110 with the ISPs 106 . Although the virtual customer circuits 110 may share the same physical line, the DSLAM 116 enables traffic to be sent from each individual subscriber 120 over the virtual customer circuits 110 to the appropriate ISP 106 . Similarly, the ISPs 106 can view subscribers 120 as individual virtual customer circuits 110 . Every packet being sent to or from the subscriber 120 from or to the connected ISP 106 includes a virtual path identifier (VPI) and a virtual circuit identifier (VCI). A VPI/VCI pair identifies the permanent virtual circuit (PVC) over which the traffic is sent.
- VPN virtual path identifier
- VCI virtual circuit identifier
- a message is kept secure by virtue of the network. That is, whenever a subscriber 120 transmits or receives a message, the message goes straight to the DSLAM 116 . Because the phone pairs are physically separate, other subscribers 120 cannot read the message. Similarly, when the DSLAM 116 communicates upward, the messages are maintained logically separate, and thus other subscribers 120 still cannot read the message.
- FIG. 2 is a block diagram illustrating an example prior art subscriber 200 .
- Prior art subscriber 200 includes a DSL modem 202 coupling the phone pair 118 to Ethernet 204 .
- the Ethernet 204 is coupled via an intranet to one or more computers 206 .
- the DSL modem 202 is referred to as the “customer premise equipment” or “CPE.” It will be appreciated that, in the Ethernet-shared network, each of the computers 206 within the intranet typically receive and can read each others messages.
- FIG. 3 is a block diagram illustrating a prior art Ethernet-shared LAN (intranet) 300 .
- the intranet 300 includes a single coaxial cable 302 with all these computers 1 . 1 - 1 . 254 connected the cable 302 .
- Each computer has an interface card that identifies the media access control (MAC) address.
- MAC media access control
- a unicast message is addressed to a single computer.
- a broadcast message is addressed to all stations that are listening.
- Every station listens to two MAC addresses, namely, a unique dedicated MAC address and a broadcast MAC address.
- a computer sends a broadcast message when a user goes to “Network Neighborhood.”
- responses to the broadcast message enable the sending computer to illustrate the network 300 .
- broadcast messages are inefficient, they provide an easy technique for gathering information in a shared environment.
- Each intranet 300 has a range of IP addresses assigned to it and has tables that identify these addresses.
- the IP addresses within the intranet 300 are shown as 1.x addresses.
- the IP addresses outside the intranet are x.x addresses.
- To send a message outside the intranet 300 i.e., to the computer network 104 , e.g., the internet, either the computer 1 . 1 - 1 . 254 transmits the message to the x.x address and the CPE 1 .
- the sending computer 1 . 1 - 1 . 254 recognizes the x.x address as not within the intranet 300 , or the sending computer 1 . 1 - 1 . 254 recognizes the x.x address as not within the intranet 300 and addresses the message directly to the CPE 1 . 254 . In either case, the CPE 1 . 254 transmits the message to phone pair 118 . It will be appreciated that, to locate the address of the CPE 1 . 254 , the sending computer may transmit a broadcast message to locate the IP address of the CPE 1 . 254 .
- FIG. 4 is a block diagram illustrating an example prior art cable network 400 .
- Prior art cable network 400 includes a server 102 coupled via a computer network 104 to a cable head end 402 .
- the cable head end 402 is coupled via fiber cables 404 to subscribers 410 , 412 and 414 .
- a security concern with the cable network 400 is that, when one of the subscribers 410 , 412 or 414 transmits a message, the rest of the subscribers 410 , 412 and 414 receive and can read the message.
- a restriction of the cable network 400 is that all subscribers 410 , 412 and 414 connected to the head end 402 must be connected to the same ISP, typically, the same party as the cable service provider. In the case where the cable service provider is also the ISP, the cable provider must be responsible for running the cable and for providing internet services.
- IP routing interconnects the different network segments.
- Each IP address is limited to a particular size, e.g., 32 bits. Part of the IP address identifies the network, and part of the address identifies the computer within the network. The address can be split to make few huge networks or several little ones.
- the first and the last IP address typically have special meanings. For example, the first address typically identifies the network access device (e.g., CPE 1 . 254 ), and the last address typically identifies a broadcast message.
- the network access device e.g., CPE 1 . 254
- the last address typically identifies a broadcast message.
- An embodiment of the present invention provides a system for a data network system to securely and efficiently connect multiple ISPs to subscribers across a shared medium high-speed wireless network and delivery infrastructure.
- the system enables translation, filtration, identification and transmission of data from one or more computers or networks of computers to one or more than one ISP.
- An embodiment of the present invention comprises a wireless communication network topology having a wireless head end coupled to multiple Internet Service Providers, which are in turn coupled to the Internet.
- the topology features a radio transceiver in a tower coupled to the wireless head end via an Ethernet switch for sending and receiving data to and from customer premise equipment, which in turn is coupled to a host computer or a network of host computers.
- the wireless head end has a traffic control/forwarding engine for controlling, receiving and forwarding signals to and from the Network Service Providers and the Ethernet switch.
- the traffic control/forwarding engine maintains an ARP table and a ATM SIP table in a memory device of the wireless head end.
- the traffic control/forwarding engine further performs security operations to verify that signals from the host computer or computers are valid.
- the customer premise equipment is coupled to the host computer or network of host computers via a Category 5 UTF Ethernet cable and includes a radio transceiver for transmitting and receiving information to and from an antenna.
- the customer premise equipment further includes a single board computer coupled to the host computer or the network of host computers and to the transceiver for processing data coming from or going to the Network Service Providers.
- the customer premise equipment is powered by a power inserter coupled to a power module, which draws power from a power source through an AC/DC converter.
- the customer premise equipment can assign a private range of IP addresses to the host computer(s) and can perform network address translation. Further, the customer premise equipment can operate in Layer 2 3 mode.
- the system and method may advantageously enable wireless connections to multiple ISPs.
- the system and method may also enable connections to the internet without having wire running underground, in a conduit, or on a utility pole.
- the system and method may further enable a significantly less expensive infrastructure than wired counterparts.
- the system and method may still further enable flexible and efficient allocation of IP addresses to subscribers and prevent any subscriber from detecting or intercepting messages to other subscribers.
- the system and method may also enable ISPs to use existing off-the-shelf equipment intended to service subscribers connected via DSL to service subscribers connected via the wireless network infrastructure.
- FIG. 1 is a block diagram illustrating a prior art DSL network
- FIG. 2 is a block diagram illustrating an example prior art subscriber
- FIG. 3 is a block diagram illustrating a prior art Ethernet-shared LAN (intranet);
- FIG. 4 is a block diagram illustrating an example prior art cable network
- FIG. 5 is a block diagram illustrating a wireless network system in accordance with an embodiment of the present invention.
- FIG. 6 is a block diagram illustrating details of a radio-to-subscriber portion of the wireless network system
- FIG. 7 is a block diagram illustrating details of the wireless head end of the wireless network system
- FIG. 8 is a block diagram illustrating details of a CPE of the wireless network system
- FIG. 9 is a block diagram illustrating details of a tower
- FIG. 10 is a block diagram illustrating a wireless network system in accordance with another embodiment of the present invention.
- FIG. 11 is a table including a combined address resolution protocol (ARP) table identifying MAC address to IP address correspondence and an ATM source IP (SIP) table identifying IP address to ATM PVC identifier correspondence;
- ARP address resolution protocol
- SIP ATM source IP
- FIG. 12 is a flowchart illustrating a method of receiving a frame from a subscriber by the wireless head end
- FIG. 13 is a flowchart illustrating a method of receiving a message from the ATM PVC by the wireless head end
- FIGS. 14 A-G are a flowchart illustrating a method of processing by the single board computer of the CPE.
- FIG. 15 is a block diagram illustrating a computer system in accordance with a first embodiment of the present invention.
- FIG. 5 is a block diagram illustrating a wireless network system 500 in accordance with an embodiment of the present invention.
- the wireless network system 500 includes servers 502 coupled via a computer network 504 to ISP 506 (“ISP A”) and to ISP 508 (“ISP B”).
- ISP 506 is coupled via virtual path 510 (“VPI A ”), e.g., ATM or Ethernet, to wireless head end 514 .
- ISP 508 is coupled via virtual path 512 (“VPI B ”), e.g., ATM or Ethernet, to the wireless head end 514 .
- the wireless head end 514 is coupled via Ethernet 516 to an tthernet switch 518 .
- the Ethernet switch 518 is coupled via tower 520 and other towers 524 to radio 526 .
- Radio 526 is coupled via an RF signal to subscribers 528 .
- the Ethernet switch is also coupled via tower 522 to radio 530 , which is in turn coupled via an RF signal to subscribers 532 .
- One skilled in the art will recognize that, although the connection between the wireless head end 514 and the towers 520 and 522 are shown as a wired Ethernet connection, other connections, whether wired or wireless, may alternatively be used. It will be appreciated that the wireless head end 514 simulates a traditional DSLAM when connected via ATM interface.
- any message received from one of the subscribers 528 or 532 is only allowed to be transmitted to a “higher” node.
- the subscriber 528 or 532 transmits the message to a radio 526 or 530 , which transmits the message successively to the next higher node, e.g., tower 520 , 522 or 524 , which transmits the message to the Ethernet switch 518 .
- Ethernet switch 518 in turn transmits the message to the wireless head end 514 , which in turn transmits the message onward to the intended recipient.
- Subscribers 528 or 532 cannot communicate directly with each other. Only the wireless head end 514 or an ISP router can return a message back down to the subscribers 528 or 532 .
- All the distribution nodes e.g., towers, radios, etc.
- All the distribution nodes record the MAC address and the originating port of a request coming from a subscriber 528 , 532 and transmit that message, whether unicast or broadcast, out the port designated as its backhaul or uplink port.
- All backhaul or uplink ports are configured, using VLAN (virutal LAN) technology in the switches, to provide the most direct path to the wireless head-end. Accordingly, when a distribution node sees a response intended for a particular subscriber, 528 , 532 , i.e., with the subscriber's MAC address as the destination in the frame, the distribution node knows the port that services that subscriber and transmits it out only that port.
- VLAN virtual LAN
- the message is sent out all ports to ensure the subscriber will receive it.
- This technique provides efficient broadcast and unicast traffic control in both the upstream and downstream directions.
- the switches in all the distribution equipment operate only on source and destination MAC addresses and have no knowledge of the IP addresses being used.
- a security concern with this approach is that if a malicious subscriber were to discover the MAC address of another subscriber, he could transmit messages with the source MAC of the unknowing subscriber and cause the switches to transmit replies to the wrong port, resulting in the malicious user denying access to and/or intercepting messages intended for the unknowing subscriber.
- the CPE to which the subscriber is connected through replaces the source MAC address of any message sent to the wireless network with its own radio's MAC address. Accordingly, if someone tries to abuse the system deliberately, for example, by getting a neighbor's station address and attempting to send out a message, the CPE would simply replace it with its own valid MAC address and prevent any attack of this nature.
- the CPE also stores a table of IP address to MAC address mappings, similar to ARP but learned passively for each message sent, so it knows how to rewrite the response so the appropriate subscriber's computer receives it.
- the above behavior is known as prior art to exist in network devices operating as routers, which is a mode the CPE can operate in. This is true as well when using Masquerading or Network Address Translation, as the device operates as a router for those functions. This behavior is not consistent with devices operating as ethernet bridges.
- FIG. 6 is a block diagram illustrating details of a radio-to-subscriber portion (referred to herein as the “last block”) 550 of the wireless network system 500 .
- Last block 550 includes radio transceiver 530 coupled via an RF signal 605 to subscribers 532 .
- Each subscriber 532 includes a CPE 610 coupled to an internal network (intranet) 615 .
- the intranet 615 includes a set of hosts 620 coupled together according to an intranet topology.
- subscribers 532 include CPEs 1 B, 2 A, 3 B, 4 B, 5 A, 6 B, 7 C and 8 X.
- the letter identifier identifies the ISP 506 , 508 to which the CPE 610 is connected. That is, all users of CPEs 610 having the letter identifier “A” subscribe to ISPA 506 , all users of CPEs 610 having the letter identifier “B” subscribe to ISPB 508 , and all users of CPEs 610 having the letter identifier “X” subscribe to ISPX (not shown). Details of an example CPE 610 are described with reference to FIG. 8 . Details of an example host 620 are described with reference to FIG. 17 . Methods of transmitting information between the radio transceivers 530 and the subscribers 532 are described in greater detail with reference to FIGS. 11-16 .
- FIG. 7 is a block diagram illustrating details of the wireless head end 514 of the wireless network system 500 .
- Wireless head end 514 includes a processor 705 (such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor), temporary memory 710 (such as RAM), permanent memory 715 (such as a magnetic disk), a serial port 720 , an ATM interface 725 coupled to the virtual channels 512 , an Ethernet interface coupled to Ethernet 516 , each coupled to the communications channel 750 .
- processor 705 such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor
- temporary memory 710 such as RAM
- permanent memory 715 such as a magnetic disk
- serial port 720 such as an Ethernet interface coupled to Ethernet 516 , each coupled to the communications channel 750 .
- the wireless head end 514 also includes a traffic control/forwarding engine 735 .
- the engine 735 includes software, hardware and/or firmware that receives messages (e.g., requests, data, etc.) from either the virtual paths 510 or 512 or from the Ethernet 516 and forwards the messages respectively to Ethernet 516 or to virtual paths 510 or 512 .
- the traffic control/forwarding engine 735 maintains SIP (Source IP) and ARP tables, such as those described with reference to FIG. 11 .
- SIP Source IP
- ARP Address Resolution Protocol
- the communications channel 750 may be coupled to a computer network such as computer network 504 or the wide-area network commonly referred to as the Internet.
- a computer network such as computer network 504 or the wide-area network commonly referred to as the Internet.
- the wireless head end 514 may also include additional information or components, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc.
- additional information or components such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc.
- programs and data may be received by and stored in the system in alternative ways.
- a computer-readable storage medium (CRSM) reader 740 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to the communications channel 750 for reading a computer-readable storage medium (CRSM) 745 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc.
- CRSM computer-readable storage medium
- the wireless head end 514 may receive programs and data via the CRSM reader 740 .
- the term “memory” herein is intended to cover all data storage media whether permanent or temporary.
- FIG. 8 is a block diagram illustrating details of a CPE 800 of the wireless network system 500 .
- the CPE 800 includes an antenna 805 , coupled to a data processing “black” box 810 , which is in turn is coupled to a power inserter 815 .
- the power inserter 815 is coupled to an AC/DC converter 820 , which is coupled to a power source 823 .
- the power inserter 815 is further coupled via CAT 5 (Ethernet) to the internal hosts 620 .
- CAT 5 Ethernet
- the black box 810 includes a radio transceiver (PCMCIA) component 825 transmits and receives information to and from the antenna 805 and to and from the hosts 620 .
- the power module 830 is coupled via CAT 5 to the power inserter 815 .
- the black box 825 further includes single board computer 835 that processes data coming from or going to the outside network.
- the power inserter 815 and power module 830 provide power to the radio transceiver 825 and to the single board computer 835 . Because of the power module 830 and power inserter 815 , a separate power line need not be connected.
- the power module 830 and power inserter 815 provide flexibility in the placement of the antenna 805 , which is critical to the quality of the connection and connectability of a subscriber 532 . It will be appreciated that some antenna locations may prove to be difficult to run normal power.
- the radio transceiver 825 processes the signal into data and forwards the data to the single board computer 835 .
- the single board computer 835 processes the data, and transmits it to the power module 830 , which extracts power from the data line that it comes in. Wherever the data needs to go, the power module 830 sources the power into the data part.
- the single board computer 835 uses Linux's masquerading feature.
- the masquerading feature essentially restricts the IP addresses of internal hosts 600 to those within a private address range not Internet routable.
- the single board computer 835 performs IP address translation by replacing an ISP's address with its address and by replacing a host computer's addresses with its address.
- the CPE 800 effectively hides all computers and addresses behind its address. Computers outside the internal network see only more traffic to and from this CPE's IP address (with different port numbers). As is known in the art, a port number identifies the program on the host 600 that requested that piece of information.
- Masquerading restricts the use of applications which transmit IP information in the data payload of an IP packet, or applications for which a remote server connects to a port on the Masqueraded client which was not previously transmitted through the Masquerading firewall.
- the CPE has a hybrid bridge-router mode, dubbed Layer2 3 , which allows bridging of certain configured IP addresses in a manner which prevents many security problems that exist using standard bridging technology on a network with multiple customer and ISP entities.
- the CPE operates the customer-side ethernet interface in promiscuous mode, receiving all frames to all stations on the intranet, and determines to transmit them to the ISP using a specific combination of IP address filtering, MAC address filtering, rewriting of ARP request and reply messages, ARP request generation and ARP reply generation in accordance with the processes described in FIG. 14 .
- FIG. 9 is a block diagram illustrating details of a tower 900 .
- Tower 900 includes cooling fans 905 , a radio power inserter switch 910 , a surge suppressor 915 , a network monitoring server 920 , an Itouch OptiSwitch 800 (i.e., the traffic controller portion), an environmental manager 930 and an APC SmartUPS 2200 935 , mounted on an equipment rack 940 .
- Itouch OptiSwitch 800 i.e., the traffic controller portion
- APC SmartUPS 2200 935 mounted on an equipment rack 940 .
- FIG. 10 is a block diagram illustrating a wireless network system 1000 , in accordance with another embodiment of the present invention.
- FIG. 11 is a combined table 1100 containing an address resolution protocol (ARP) table 1105 identifying MAC address to IP address correspondence and an ATM source IP (ATM SIP) table 1110 identifying IP address to ATM PVC identifier correspondence.
- ARP address resolution protocol
- ATM SIP ATM source IP
- FIG. 12 is a flowchart illustrating a method 1200 by the wireless head end 514 of handling a message (frame) received from a subscriber 528 / 532 .
- Method 1200 begins with the wireless head end 415 in step 1205 receiving a frame from the Ethernet 516 .
- the wireless head end 514 in step 1210 checks whether the IP address is in its ATM SIP table 1110 . If not, then the wireless head end 514 in step 1215 discards the frame (as an invalid subscriber), and method 1200 ends. If so, then the wireless head end in step 1220 determines if the IP address is in the ARP table 1105 .
- the wireless head end 514 in step 1230 assumes the IP address is a new entry, in step 1235 records the MAC address (i.e., whatever MAC address was used to send the message) in the ARP table for all entries having the same ATM PVC identifier in the ARM SIP table 1110 , and proceeds to step 1240 .
- the wireless head end 514 can add the MAC address for all IP addresses since the system 500 uses MAC address multiplexing (or MAC address translation), i.e., the function the CPE 610 performs by substituting its MAC address for the MAC address of the host 620 .
- step 1225 determines whether the MAC addresses match. If not, then method 1200 jumps to step 1215 to discard the frame. If so, then method 1200 proceeds to step 1240 .
- step 1240 the wireless head end 514 retrieves the ATM PVC identifier upon which to send the frame, and in step 1245 sends the frame to the appropriate ISP. Method 1200 then ends.
- An alternate embodiment could have the wireless head end learn a new source MAC address and source IP address in its ARP table every time a frame is received.
- the above-described method 1200 provides fast, low overhead provisioning.
- the method 1200 enables adding hosts 620 (e.g., particular desktops) to the system 500 without going through a repetitive tedious manual process, especially since the CPE can automatically assign the correct IP addresses via DHCP when using tha masquerading feature.
- the ATM SIP table 1110 is set up in advance, preferably manually. Essentially, when a new ISP is being added, the new ISP assigns a range of IP addresses. An ATM PVC is assigned to each or several of those IP addresses, and the IP addresses and assigned ATM PVC are added to the ATM SIP table 1110 .
- the wireless head end 514 can make sure that none of the IP addresses associated with the particular ATM PVC have been used before. This is to prevent more than one subscriber or CPE from using different IP addresses assigned to the same PVC.
- the system 500 enables transmission of messages from a CPE 610 to the wireless head end 514 using a predefined, most efficient path. Accordingly, the system 500 enables responsive messages to be transmitted via the same, most efficient path. Since the system 500 is built in a tree-like topology, each node (e.g., wireless head end 514 , towers 520 , 522 , 524 , radios 526 , 528 , subscribers 528 , 532 , etc.) knows which port a feed is coming in on. The intermediary nodes (e.g., towers 520 , 522 , 524 , radios 526 , 528 , etc.) record, for each CPE 610 , which port the message came out. Accordingly, when the intermediary nodes receive responsive messages from the wireless head end 514 , each tower 520 , 522 , 524 has a record of the most efficient path.
- each node e.g., wireless head end 514 , towers 520 , 5
- the towers 520 , 522 , 524 are programmed to deliver all messages from CPEs 610 only to the wireless head end 514 .
- the towers 520 , 522 , 524 need only know which direction CPEs 610 are and which direction the wireless head end 514 is.
- any intermediary (leaf) node e.g., tower or radio
- the intermediary nodes cannot send information directly to any other nodes (e.g., towers, radios, subscribers, etc.).
- FIG. 13 is a flowchart illustrating a method 1300 by the wireless head end 514 of handling a message from an ISP.
- Method 1300 begins with the wireless head end 514 in step 1305 receiving a message from the ATM PVC 510 or 512 .
- the wireless head end 514 in step 1310 determines whether the message is of type ARP (e.g., unknown host) or type IP (e.g., normal message). If the message is type ARP, then the wireless head end 514 in step 1315 determines if the MAC address corresponding to the IP address contained in the message is in the ARP table 1105 .
- type ARP e.g., unknown host
- type IP e.g., normal message
- the wireless head end 514 in step 1320 sends a response identifying the host's MAC address back to the inquiring ISP 506 or 508 . If an entry is not in either table 1110 or 1105 , then the wireless head end 514 in step 1320 forwards a broadcast message to the Ethernet 516 .
- the wireless head end 514 can wait until the CPE 610 or host 620 sends an outgoing message, can fill in the MAC addresses in the ARP table 1110 , and then can forward the incoming messages to the host. As another alternative option, the wireless head end 514 can discard the incoming messages. In some embodiments, an ISP 506 or 508 that cannot find a MAC address sends a broadcast ARP message down all its ATM PVCs 510 or 512 .
- the receiving CPE 610 will apply some filtering of source IP and source MAC address to determine if the message came from its assigned ISP and for an address within the right range, as described in FIGS. 14 A-G.
- the appropriate host receives that message and replies with the appropriate MAC address. It will be appreciated that, in a typical LAN, different IP addresses have different MAC addresses. However, in the present scenario, many IP addresses use the same MAC address.
- the wireless head end 514 in step 1330 uses the ATM SIP table 1110 to determine whether the IP address identified in the message comes from the correct ISP 506 or 508 . If not, then the wireless head end 514 proceeds to step 1325 to respond to the ISP 506 or 508 that the message is incorrectly addressed. If the IP address corresponds to the ISP 506 or 508 , the wireless head end 514 in step 1335 checks the ARP table 1105 for the MAC address. If the IP address is not in the ARP table 1105 , the wireless head end 514 in step 1340 sends a broadcast to discover which hosts 620 are on connected and what MAC addresses they have, and adds the entry to the ARP table 1105 . Method 1300 then proceeds to step 1320 to forward the message.
- FIGS. 14 A-G are a flowchart illustrating a method of processing messages by the single board computer of the CPE.
- FIG. 15 is a block diagram illustrating an example computer system 1500 that exemplifies details of server 502 and hosts 620 .
- the computer system 1500 includes a processor 1505 , such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor, coupled to a communications channel 1510 .
- the computer system 1500 further includes an input device 1515 such as a keyboard or mouse, an output device 1520 such as a cathode ray tube display, a communications interface 1525 , permanent memory 1530 such as a magnetic disk, and working memory 1535 such as Random-Access Memory (RAM), each coupled to the communications channel 1510 .
- the communications channel 1510 may be coupled to a network such as the wide-area network commonly referred to as the Internet.
- the permanent memory 1530 and working memory 1535 are illustrated as components within a single computer, the permanent memory 1530 and working memory 1535 can be distributed units.
- the system 1500 may also include additional information, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc.
- additional information such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc.
- programs and data may be received by and stored in the system in alternative ways.
- a computer-readable storage medium (CRSM) reader 1540 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to the communications bus 1510 for reading a computer-readable storage medium (CRSM) 1545 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc.
- CRSM computer-readable storage medium
- the system 1500 may receive programs and data via the CRSM reader 1540 .
- the term “memory” herein is intended to cover all data storage media whether temporary or permanent.
Abstract
An embodiment of the present invention comprises a wireless communication network topology having a wireless head end coupled to multiple Internet Service Providers, which are in turn coupled to the Internet. In addition, the topology features a radio transceiver in a tower coupled to the wireless head end via an Ethernet switch for sending and receiving data to and from customer premise equipment, which in turn is coupled to a host computer or a network of host computers. The wireless head end may perform traffic control and forwarding operations for data received from the Network Service Providers and the host computer(s). The wireless head end may also perform security measures to ensure that only messages from valid host computers are forwarded to the Network Service Providers. The customer premise equipment can assign a private IP address range to the computer(s) and perform network address translation.
Description
- This application is a continuation of U.S. patent application Ser. No. 09/657,947, which claims benefit of provisional patent application Ser. No. 60/153,299, entitled “BroadLink Communications Wireless Router CPE,” filed on Sep. 10, 1999, by inventors Wood and Roady, both of which are hereby incorporated by reference.
- 1. Field of the Invention
- This invention relates generally to computer networks, and more particularly provides a system and method for using wireless routing to connect customers to internet service providers.
- 2. Description of the Background Art
-
FIG. 1 is a block diagram illustrating a priorart DSL network 100.DSL network 100 includesmultiple servers 102 coupled via acomputer network 104 tomultiple ISPs 106. EachISP 106 is in turn coupled via virtual customer circuits 110 to an ATM cloud 112 (e.g., AT&T, Sprint, etc.). TheATM cloud 112 is in turn coupled viavirtual paths 114 to a DSL access multiplexer (DSLAM) 116 (e.g., Pacific Bell, Covad, Northpoint, etc.). The DSLAM 116 is in turn coupled viaphone pairs 118 tosubscribers 120. - The DSLAM 116 manages traffic between
multiple ISPs 106 andmultiple subscribers 120, and manages non-overlapping virtual customer circuits 110 with theISPs 106. Although the virtual customer circuits 110 may share the same physical line, the DSLAM 116 enables traffic to be sent from eachindividual subscriber 120 over the virtual customer circuits 110 to theappropriate ISP 106. Similarly, theISPs 106 can viewsubscribers 120 as individual virtual customer circuits 110. Every packet being sent to or from thesubscriber 120 from or to the connectedISP 106 includes a virtual path identifier (VPI) and a virtual circuit identifier (VCI). A VPI/VCI pair identifies the permanent virtual circuit (PVC) over which the traffic is sent. - A message is kept secure by virtue of the network. That is, whenever a
subscriber 120 transmits or receives a message, the message goes straight to theDSLAM 116. Because the phone pairs are physically separate,other subscribers 120 cannot read the message. Similarly, when the DSLAM 116 communicates upward, the messages are maintained logically separate, and thusother subscribers 120 still cannot read the message. -
FIG. 2 is a block diagram illustrating an exampleprior art subscriber 200.Prior art subscriber 200 includes aDSL modem 202 coupling thephone pair 118 to Ethernet 204. The Ethernet 204 is coupled via an intranet to one ormore computers 206. In theDSL network 100, theDSL modem 202 is referred to as the “customer premise equipment” or “CPE.” It will be appreciated that, in the Ethernet-shared network, each of thecomputers 206 within the intranet typically receive and can read each others messages. - For example,
FIG. 3 is a block diagram illustrating a prior art Ethernet-shared LAN (intranet) 300. Theintranet 300 includes a singlecoaxial cable 302 with all these computers 1.1-1.254 connected thecable 302. Each computer has an interface card that identifies the media access control (MAC) address. When a computer 1.1-1.254 sends a message, every other computer 1.1-1.254 receives that message. Every other computer 1.1-1.254 uses the MAC address to determine whether that message was intended for it. A unicast message is addressed to a single computer. A broadcast message is addressed to all stations that are listening. Every station listens to two MAC addresses, namely, a unique dedicated MAC address and a broadcast MAC address. For example, a computer sends a broadcast message when a user goes to “Network Neighborhood.” In this example, responses to the broadcast message enable the sending computer to illustrate thenetwork 300. Although broadcast messages are inefficient, they provide an easy technique for gathering information in a shared environment. - Each
intranet 300 has a range of IP addresses assigned to it and has tables that identify these addresses. In this example, the IP addresses within theintranet 300 are shown as 1.x addresses. The IP addresses outside the intranet are x.x addresses. To send a message, e.g., a unicast single address message, to another computer within theintranet 300, a computer 1.1-1.254 uses the 1.x address. To send a message outside theintranet 300, i.e., to thecomputer network 104, e.g., the internet, either the computer 1.1-1.254 transmits the message to the x.x address and the CPE 1.254 recognizes the x.x address as not within theintranet 300, or the sending computer 1.1-1.254 recognizes the x.x address as not within theintranet 300 and addresses the message directly to the CPE 1.254. In either case, the CPE 1.254 transmits the message tophone pair 118. It will be appreciated that, to locate the address of the CPE 1.254, the sending computer may transmit a broadcast message to locate the IP address of the CPE 1.254. -
FIG. 4 is a block diagram illustrating an example priorart cable network 400. Priorart cable network 400 includes aserver 102 coupled via acomputer network 104 to acable head end 402. Thecable head end 402 is coupled viafiber cables 404 tosubscribers cable network 400 is that, when one of thesubscribers subscribers cable network 400 is that allsubscribers head end 402 must be connected to the same ISP, typically, the same party as the cable service provider. In the case where the cable service provider is also the ISP, the cable provider must be responsible for running the cable and for providing internet services. - In any of the networks identified above with reference to
FIGS. 1-4 , IP routing interconnects the different network segments. Each IP address is limited to a particular size, e.g., 32 bits. Part of the IP address identifies the network, and part of the address identifies the computer within the network. The address can be split to make few huge networks or several little ones. The first and the last IP address typically have special meanings. For example, the first address typically identifies the network access device (e.g., CPE 1.254), and the last address typically identifies a broadcast message. Although a system of fewer networks, each with a larger customer base, is more cost effective, it is often less secure. On the other hand, a system of many networks, each with a small customer base, is more secure but inefficient with address use and network management needs. - An embodiment of the present invention provides a system for a data network system to securely and efficiently connect multiple ISPs to subscribers across a shared medium high-speed wireless network and delivery infrastructure. The system enables translation, filtration, identification and transmission of data from one or more computers or networks of computers to one or more than one ISP.
- An embodiment of the present invention comprises a wireless communication network topology having a wireless head end coupled to multiple Internet Service Providers, which are in turn coupled to the Internet. In addition, the topology features a radio transceiver in a tower coupled to the wireless head end via an Ethernet switch for sending and receiving data to and from customer premise equipment, which in turn is coupled to a host computer or a network of host computers.
- The wireless head end has a traffic control/forwarding engine for controlling, receiving and forwarding signals to and from the Network Service Providers and the Ethernet switch. The traffic control/forwarding engine maintains an ARP table and a ATM SIP table in a memory device of the wireless head end. The traffic control/forwarding engine further performs security operations to verify that signals from the host computer or computers are valid.
- The customer premise equipment is coupled to the host computer or network of host computers via a
Category 5 UTF Ethernet cable and includes a radio transceiver for transmitting and receiving information to and from an antenna. The customer premise equipment further includes a single board computer coupled to the host computer or the network of host computers and to the transceiver for processing data coming from or going to the Network Service Providers. The customer premise equipment is powered by a power inserter coupled to a power module, which draws power from a power source through an AC/DC converter. The customer premise equipment can assign a private range of IP addresses to the host computer(s) and can perform network address translation. Further, the customer premise equipment can operate inLayer 23 mode. - Additional features, advantages, and details will be apparent from the drawings and detailed description as set forth below.
- The system and method may advantageously enable wireless connections to multiple ISPs. The system and method may also enable connections to the internet without having wire running underground, in a conduit, or on a utility pole. The system and method may further enable a significantly less expensive infrastructure than wired counterparts. The system and method may still further enable flexible and efficient allocation of IP addresses to subscribers and prevent any subscriber from detecting or intercepting messages to other subscribers. The system and method may also enable ISPs to use existing off-the-shelf equipment intended to service subscribers connected via DSL to service subscribers connected via the wireless network infrastructure.
-
FIG. 1 is a block diagram illustrating a prior art DSL network; -
FIG. 2 is a block diagram illustrating an example prior art subscriber; -
FIG. 3 is a block diagram illustrating a prior art Ethernet-shared LAN (intranet); -
FIG. 4 is a block diagram illustrating an example prior art cable network; -
FIG. 5 is a block diagram illustrating a wireless network system in accordance with an embodiment of the present invention; -
FIG. 6 is a block diagram illustrating details of a radio-to-subscriber portion of the wireless network system; -
FIG. 7 is a block diagram illustrating details of the wireless head end of the wireless network system; -
FIG. 8 is a block diagram illustrating details of a CPE of the wireless network system; -
FIG. 9 is a block diagram illustrating details of a tower; -
FIG. 10 is a block diagram illustrating a wireless network system in accordance with another embodiment of the present invention; -
FIG. 11 is a table including a combined address resolution protocol (ARP) table identifying MAC address to IP address correspondence and an ATM source IP (SIP) table identifying IP address to ATM PVC identifier correspondence; -
FIG. 12 is a flowchart illustrating a method of receiving a frame from a subscriber by the wireless head end; -
FIG. 13 is a flowchart illustrating a method of receiving a message from the ATM PVC by the wireless head end; - FIGS. 14A-G are a flowchart illustrating a method of processing by the single board computer of the CPE; and
-
FIG. 15 is a block diagram illustrating a computer system in accordance with a first embodiment of the present invention. - The following description is provided to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application and its requirements. Various modifications to the embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles, features and teachings disclosed.
-
FIG. 5 is a block diagram illustrating awireless network system 500 in accordance with an embodiment of the present invention. Thewireless network system 500 includesservers 502 coupled via acomputer network 504 to ISP 506 (“ISP A”) and to ISP 508 (“ISP B”).ISP 506 is coupled via virtual path 510 (“VPIA”), e.g., ATM or Ethernet, towireless head end 514.ISP 508 is coupled via virtual path 512 (“VPIB”), e.g., ATM or Ethernet, to thewireless head end 514. Thewireless head end 514 is coupled viaEthernet 516 to antthernet switch 518. TheEthernet switch 518 is coupled viatower 520 andother towers 524 toradio 526.Radio 526 is coupled via an RF signal tosubscribers 528. The Ethernet switch is also coupled viatower 522 toradio 530, which is in turn coupled via an RF signal tosubscribers 532. One skilled in the art will recognize that, although the connection between thewireless head end 514 and thetowers wireless head end 514 simulates a traditional DSLAM when connected via ATM interface. - In accordance with an embodiment of the present invention, any message received from one of the
subscribers subscriber radio tower Ethernet switch 518.Ethernet switch 518 in turn transmits the message to thewireless head end 514, which in turn transmits the message onward to the intended recipient.Subscribers wireless head end 514 or an ISP router can return a message back down to thesubscribers - All the distribution nodes (e.g., towers, radios, etc.) record the MAC address and the originating port of a request coming from a
subscriber - A security concern with this approach is that if a malicious subscriber were to discover the MAC address of another subscriber, he could transmit messages with the source MAC of the unknowing subscriber and cause the switches to transmit replies to the wrong port, resulting in the malicious user denying access to and/or intercepting messages intended for the unknowing subscriber. To avoid this, the CPE to which the subscriber is connected through replaces the source MAC address of any message sent to the wireless network with its own radio's MAC address. Accordingly, if someone tries to abuse the system deliberately, for example, by getting a neighbor's station address and attempting to send out a message, the CPE would simply replace it with its own valid MAC address and prevent any attack of this nature. The CPE also stores a table of IP address to MAC address mappings, similar to ARP but learned passively for each message sent, so it knows how to rewrite the response so the appropriate subscriber's computer receives it. The above behavior is known as prior art to exist in network devices operating as routers, which is a mode the CPE can operate in. This is true as well when using Masquerading or Network Address Translation, as the device operates as a router for those functions. This behavior is not consistent with devices operating as ethernet bridges.
-
FIG. 6 is a block diagram illustrating details of a radio-to-subscriber portion (referred to herein as the “last block”) 550 of thewireless network system 500.Last block 550 includesradio transceiver 530 coupled via anRF signal 605 tosubscribers 532. Eachsubscriber 532 includes aCPE 610 coupled to an internal network (intranet) 615. Theintranet 615 includes a set ofhosts 620 coupled together according to an intranet topology. - As shown,
subscribers 532 includeCPEs ISP CPE 610 is connected. That is, all users ofCPEs 610 having the letter identifier “A” subscribe toISPA 506, all users ofCPEs 610 having the letter identifier “B” subscribe to ISPB 508, and all users ofCPEs 610 having the letter identifier “X” subscribe to ISPX (not shown). Details of anexample CPE 610 are described with reference toFIG. 8 . Details of anexample host 620 are described with reference toFIG. 17 . Methods of transmitting information between theradio transceivers 530 and thesubscribers 532 are described in greater detail with reference toFIGS. 11-16 . -
FIG. 7 is a block diagram illustrating details of thewireless head end 514 of thewireless network system 500.Wireless head end 514 includes a processor 705 (such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor), temporary memory 710 (such as RAM), permanent memory 715 (such as a magnetic disk), aserial port 720, anATM interface 725 coupled to the virtual channels 512, an Ethernet interface coupled toEthernet 516, each coupled to thecommunications channel 750. - The
wireless head end 514 also includes a traffic control/forwarding engine 735. Theengine 735 includes software, hardware and/or firmware that receives messages (e.g., requests, data, etc.) from either thevirtual paths 510 or 512 or from theEthernet 516 and forwards the messages respectively toEthernet 516 or tovirtual paths 510 or 512. The traffic control/forwarding engine 735 maintains SIP (Source IP) and ARP tables, such as those described with reference toFIG. 11 . The traffic control/forwarding engine 735 follows procedures such as those described with reference toFIGS. 12-15 . - The
communications channel 750 may be coupled to a computer network such ascomputer network 504 or the wide-area network commonly referred to as the Internet. One skilled in the art will recognize that, although thetemporary memory 710 andpermanent memory 715 are illustrated as separate components of the same computer, they can be portions of the same physical memory device or distributed units. Thewireless head end 514 may also include additional information or components, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc. One skilled in the art will also recognize that the programs and data may be received by and stored in the system in alternative ways. For example, a computer-readable storage medium (CRSM)reader 740 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to thecommunications channel 750 for reading a computer-readable storage medium (CRSM) 745 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc. Accordingly, thewireless head end 514 may receive programs and data via theCRSM reader 740. Further, it will be appreciated that the term “memory” herein is intended to cover all data storage media whether permanent or temporary. -
FIG. 8 is a block diagram illustrating details of aCPE 800 of thewireless network system 500. TheCPE 800 includes anantenna 805, coupled to a data processing “black”box 810, which is in turn is coupled to apower inserter 815. Thepower inserter 815 is coupled to an AC/DC converter 820, which is coupled to apower source 823. Thepower inserter 815 is further coupled via CAT5 (Ethernet) to theinternal hosts 620. - The
black box 810 includes a radio transceiver (PCMCIA)component 825 transmits and receives information to and from theantenna 805 and to and from thehosts 620. Thepower module 830 is coupled via CAT5 to thepower inserter 815. Theblack box 825 further includessingle board computer 835 that processes data coming from or going to the outside network. - The
power inserter 815 andpower module 830 provide power to theradio transceiver 825 and to thesingle board computer 835. Because of thepower module 830 andpower inserter 815, a separate power line need not be connected. Thepower module 830 andpower inserter 815 provide flexibility in the placement of theantenna 805, which is critical to the quality of the connection and connectability of asubscriber 532. It will be appreciated that some antenna locations may prove to be difficult to run normal power. - Signal coming in through the antenna is transmitted to the
radio transceiver 825, which processes the signal into data and forwards the data to thesingle board computer 835. Thesingle board computer 835 processes the data, and transmits it to thepower module 830, which extracts power from the data line that it comes in. Wherever the data needs to go, thepower module 830 sources the power into the data part. - In the current implementation, the
single board computer 835 uses Linux's masquerading feature. The masquerading feature essentially restricts the IP addresses of internal hosts 600 to those within a private address range not Internet routable. Thesingle board computer 835 performs IP address translation by replacing an ISP's address with its address and by replacing a host computer's addresses with its address. By using masquerading, theCPE 800 effectively hides all computers and addresses behind its address. Computers outside the internal network see only more traffic to and from this CPE's IP address (with different port numbers). As is known in the art, a port number identifies the program on the host 600 that requested that piece of information. It is well known that the use of Masquerading restricts the use of applications which transmit IP information in the data payload of an IP packet, or applications for which a remote server connects to a port on the Masqueraded client which was not previously transmitted through the Masquerading firewall. - Additionally the CPE has a hybrid bridge-router mode, dubbed Layer23, which allows bridging of certain configured IP addresses in a manner which prevents many security problems that exist using standard bridging technology on a network with multiple customer and ISP entities. In this mode, the CPE operates the customer-side ethernet interface in promiscuous mode, receiving all frames to all stations on the intranet, and determines to transmit them to the ISP using a specific combination of IP address filtering, MAC address filtering, rewriting of ARP request and reply messages, ARP request generation and ARP reply generation in accordance with the processes described in
FIG. 14 . Since the IP and MAC addresses of the ISP's router differ from the IP and MAC addresses assigned to the customer-side interface of the CPE, Masquerading and NAT can work simultaneously with the use of Layer23 employed by the CPE, allowing bridging of certain IP addresses and Masquerading of others. -
FIG. 9 is a block diagram illustrating details of atower 900.Tower 900 includes coolingfans 905, a radiopower inserter switch 910, asurge suppressor 915, a network monitoring server 920, an Itouch OptiSwitch 800 (i.e., the traffic controller portion), an environmental manager 930 and anAPC SmartUPS 2200 935, mounted on anequipment rack 940. -
FIG. 10 is a block diagram illustrating a wireless network system 1000, in accordance with another embodiment of the present invention. -
FIG. 11 is a combined table 1100 containing an address resolution protocol (ARP) table 1105 identifying MAC address to IP address correspondence and an ATM source IP (ATM SIP) table 1110 identifying IP address to ATM PVC identifier correspondence. For simplicity, the ARP table 1105 and ATM SIP table 1110 are being illustrated as a single table, although they typically are two independent tables. -
FIG. 12 is a flowchart illustrating amethod 1200 by thewireless head end 514 of handling a message (frame) received from asubscriber 528/532.Method 1200 begins with the wireless head end 415 instep 1205 receiving a frame from theEthernet 516. Thewireless head end 514 instep 1210 checks whether the IP address is in its ATM SIP table 1110. If not, then thewireless head end 514 instep 1215 discards the frame (as an invalid subscriber), andmethod 1200 ends. If so, then the wireless head end in step 1220 determines if the IP address is in the ARP table 1105. If not, then thewireless head end 514 instep 1230 assumes the IP address is a new entry, instep 1235 records the MAC address (i.e., whatever MAC address was used to send the message) in the ARP table for all entries having the same ATM PVC identifier in the ARM SIP table 1110, and proceeds to step 1240. Thewireless head end 514 can add the MAC address for all IP addresses since thesystem 500 uses MAC address multiplexing (or MAC address translation), i.e., the function theCPE 610 performs by substituting its MAC address for the MAC address of thehost 620. If thewireless head end 514 has the entry in the ARP table 1105, then thewireless head end 514 instep 1225 determines whether the MAC addresses match. If not, thenmethod 1200 jumps to step 1215 to discard the frame. If so, thenmethod 1200 proceeds to step 1240. Instep 1240, thewireless head end 514 retrieves the ATM PVC identifier upon which to send the frame, and instep 1245 sends the frame to the appropriate ISP.Method 1200 then ends. An alternate embodiment could have the wireless head end learn a new source MAC address and source IP address in its ARP table every time a frame is received. - It will be appreciated that the above-described
method 1200 provides fast, low overhead provisioning. Themethod 1200 enables adding hosts 620 (e.g., particular desktops) to thesystem 500 without going through a repetitive tedious manual process, especially since the CPE can automatically assign the correct IP addresses via DHCP when using tha masquerading feature. More particularly, the ATM SIP table 1110 is set up in advance, preferably manually. Essentially, when a new ISP is being added, the new ISP assigns a range of IP addresses. An ATM PVC is assigned to each or several of those IP addresses, and the IP addresses and assigned ATM PVC are added to the ATM SIP table 1110. As a security measure, if there is more than one IP address associated with an ATM PVC and if a frame arrives that does not have an entry in the ARP table 1105, then thewireless head end 514 can make sure that none of the IP addresses associated with the particular ATM PVC have been used before. This is to prevent more than one subscriber or CPE from using different IP addresses assigned to the same PVC. - In the case where there is only one
host 620 behindCPE 610, there should only be one IP address in the ATM SIP table 1110 mapped to an ATM PVC. In the case where there aremultiple hosts 620 in an intranet behind aCPE 610, then there should be multiple IP addresses. However, since the hosts are considered the “same” customer, they should go to the same PVC. - It should also be mentioned that the
system 500 enables transmission of messages from aCPE 610 to thewireless head end 514 using a predefined, most efficient path. Accordingly, thesystem 500 enables responsive messages to be transmitted via the same, most efficient path. Since thesystem 500 is built in a tree-like topology, each node (e.g.,wireless head end 514,towers radios subscribers radios CPE 610, which port the message came out. Accordingly, when the intermediary nodes receive responsive messages from thewireless head end 514, eachtower - The
towers CPEs 610 only to thewireless head end 514. Thetowers direction CPEs 610 are and which direction thewireless head end 514 is. Similarly, any intermediary (leaf) node (e.g., tower or radio) can only originate messages to thewireless head end 514. The intermediary nodes cannot send information directly to any other nodes (e.g., towers, radios, subscribers, etc.). -
FIG. 13 is a flowchart illustrating amethod 1300 by thewireless head end 514 of handling a message from an ISP.Method 1300 begins with thewireless head end 514 instep 1305 receiving a message from theATM PVC 510 or 512. Thewireless head end 514 instep 1310 determines whether the message is of type ARP (e.g., unknown host) or type IP (e.g., normal message). If the message is type ARP, then thewireless head end 514 instep 1315 determines if the MAC address corresponding to the IP address contained in the message is in the ARP table 1105. If the MAC address is identified, then thewireless head end 514 instep 1320 sends a response identifying the host's MAC address back to the inquiringISP wireless head end 514 instep 1320 forwards a broadcast message to theEthernet 516. - The case where someone sets up a
host 620 andCPE 610 and has not sent any messages to the Internet before someone else attempts to send a message to thishost 620 orCPE 610 is unlikely. In addition to the broadcast option described above, other options exist to care for this case. As one alternative option, thewireless head end 514 can wait until theCPE 610 orhost 620 sends an outgoing message, can fill in the MAC addresses in the ARP table 1110, and then can forward the incoming messages to the host. As another alternative option, thewireless head end 514 can discard the incoming messages. In some embodiments, anISP ATM PVCs 510 or 512. The receivingCPE 610 will apply some filtering of source IP and source MAC address to determine if the message came from its assigned ISP and for an address within the right range, as described in FIGS. 14A-G. The appropriate host receives that message and replies with the appropriate MAC address. It will be appreciated that, in a typical LAN, different IP addresses have different MAC addresses. However, in the present scenario, many IP addresses use the same MAC address. - If the message is type IP, then the
wireless head end 514 instep 1330 uses the ATM SIP table 1110 to determine whether the IP address identified in the message comes from thecorrect ISP wireless head end 514 proceeds to step 1325 to respond to theISP ISP wireless head end 514 instep 1335 checks the ARP table 1105 for the MAC address. If the IP address is not in the ARP table 1105, thewireless head end 514 instep 1340 sends a broadcast to discover which hosts 620 are on connected and what MAC addresses they have, and adds the entry to the ARP table 1105.Method 1300 then proceeds to step 1320 to forward the message. - FIGS. 14A-G are a flowchart illustrating a method of processing messages by the single board computer of the CPE.
-
FIG. 15 is a block diagram illustrating anexample computer system 1500 that exemplifies details ofserver 502 and hosts 620. Thecomputer system 1500 includes aprocessor 1505, such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor, coupled to a communications channel 1510. Thecomputer system 1500 further includes aninput device 1515 such as a keyboard or mouse, anoutput device 1520 such as a cathode ray tube display, acommunications interface 1525,permanent memory 1530 such as a magnetic disk, and workingmemory 1535 such as Random-Access Memory (RAM), each coupled to the communications channel 1510. The communications channel 1510 may be coupled to a network such as the wide-area network commonly referred to as the Internet. One skilled in the art will recognize that, although thepermanent memory 1530 and workingmemory 1535 are illustrated as components within a single computer, thepermanent memory 1530 and workingmemory 1535 can be distributed units. - One skilled in the art will recognize that the
system 1500 may also include additional information, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc. One skilled in the art will also recognize that the programs and data may be received by and stored in the system in alternative ways. For example, a computer-readable storage medium (CRSM)reader 1540 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to the communications bus 1510 for reading a computer-readable storage medium (CRSM) 1545 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc. Accordingly, thesystem 1500 may receive programs and data via theCRSM reader 1540. Further, it will be appreciated that the term “memory” herein is intended to cover all data storage media whether temporary or permanent. - The foregoing description of the preferred embodiments of the present invention is by way of example only, and other variations and modifications of the above-described embodiments and methods are possible in light of the foregoing teaching. Although the network sites are being described as separate and distinct sites, one skilled in the art will recognize that these sites may be a part of an integral site, may each include portions of multiple sites, or may include combinations of single and multiple sites. Further, components of this invention may be implemented using a programmed general purpose digital computer, using application specific integrated circuits, or using a network of interconnected conventional components and circuits. All wired connections may be wired, wireless, modem, etc. All wireless connections are preferably wireless. The embodiments described herein are not intended to be exhaustive or limiting. The present invention is limited only by the following claims.
Claims (1)
1. A wireless communications network, comprising:
customer premises equipment to securely provide access by multiple internet service providers to multiple subscriber entities, each of which utilizes a customer premises equipment unit, across a shared/switched ethernet delivery infrastructure using techniques which allow but do not require the use of IP routing or encapsulation of customer transmitted data, and presenting the network capabilities and interfaces to both the subscriber and the ISP resembling that of a DSL network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/954,728 US20050047355A1 (en) | 1999-09-10 | 2004-09-29 | System and method for providing wireless internet services |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15329999P | 1999-09-10 | 1999-09-10 | |
US09/657,947 US6888834B1 (en) | 1999-09-10 | 2000-09-08 | System and method for providing wireless internet services |
US10/954,728 US20050047355A1 (en) | 1999-09-10 | 2004-09-29 | System and method for providing wireless internet services |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/657,947 Continuation US6888834B1 (en) | 1999-09-10 | 2000-09-08 | System and method for providing wireless internet services |
Publications (1)
Publication Number | Publication Date |
---|---|
US20050047355A1 true US20050047355A1 (en) | 2005-03-03 |
Family
ID=34220980
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/657,947 Expired - Fee Related US6888834B1 (en) | 1999-09-10 | 2000-09-08 | System and method for providing wireless internet services |
US10/954,728 Abandoned US20050047355A1 (en) | 1999-09-10 | 2004-09-29 | System and method for providing wireless internet services |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/657,947 Expired - Fee Related US6888834B1 (en) | 1999-09-10 | 2000-09-08 | System and method for providing wireless internet services |
Country Status (1)
Country | Link |
---|---|
US (2) | US6888834B1 (en) |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020154629A1 (en) * | 2001-04-23 | 2002-10-24 | Michael Lohman | Integrated PMP-radio and DSL multiplexer and method for using the same |
US20040174872A1 (en) * | 2003-03-03 | 2004-09-09 | Nokia Corporation | Apparatus and method for performing an address resolution protocol function |
US20040258032A1 (en) * | 2003-06-09 | 2004-12-23 | Kabushiki Kaisha Toshiba | Wireless communication apparatus, communication control program, and communication control method |
US20050018655A1 (en) * | 1999-04-21 | 2005-01-27 | Opencell, Inc. | Architecture for signal and power distribution in wireless data network |
US20050078618A1 (en) * | 2003-10-08 | 2005-04-14 | Moo-Yeon Woo | Hybrid base station transceiver |
US20060010318A1 (en) * | 2004-07-12 | 2006-01-12 | Cisco Technology, Inc. (A California Corporation) | Secure manufacturing devices in a switched Ethernet network |
US20060064506A1 (en) * | 2002-04-09 | 2006-03-23 | Mielke Gregory D | Network architecture that supports a dynamic IP addressing protocol across a local exchange bridged network |
US20070156900A1 (en) * | 2005-09-06 | 2007-07-05 | Daniel Chien | Evaluating a questionable network communication |
US20070220605A1 (en) * | 2006-03-15 | 2007-09-20 | Daniel Chien | Identifying unauthorized access to a network resource |
WO2008036723A2 (en) * | 2006-09-21 | 2008-03-27 | Tollgrade Communications, Inc. | Automatic provisioning of a remote test head of a combined ip/telephony/cable network |
US20080147779A1 (en) * | 2004-11-30 | 2008-06-19 | Ali Cherchali | Technique for automated MAC address cloning |
US8379569B2 (en) | 1999-04-21 | 2013-02-19 | Adc Telecommunications, Inc. | Architecture for signal distribution in wireless data network |
US9015090B2 (en) | 2005-09-06 | 2015-04-21 | Daniel Chien | Evaluating a questionable network communication |
US9674145B2 (en) | 2005-09-06 | 2017-06-06 | Daniel Chien | Evaluating a questionable network communication |
US9912677B2 (en) | 2005-09-06 | 2018-03-06 | Daniel Chien | Evaluating a questionable network communication |
US10084791B2 (en) | 2013-08-14 | 2018-09-25 | Daniel Chien | Evaluating a questionable network communication |
US10382436B2 (en) | 2016-11-22 | 2019-08-13 | Daniel Chien | Network security based on device identifiers and network addresses |
US10542006B2 (en) | 2016-11-22 | 2020-01-21 | Daniel Chien | Network security based on redirection of questionable network access |
US10826912B2 (en) | 2018-12-14 | 2020-11-03 | Daniel Chien | Timestamp-based authentication |
US10848489B2 (en) | 2018-12-14 | 2020-11-24 | Daniel Chien | Timestamp-based authentication with redirection |
US11188622B2 (en) | 2018-09-28 | 2021-11-30 | Daniel Chien | Systems and methods for computer security |
US11438145B2 (en) | 2020-05-31 | 2022-09-06 | Daniel Chien | Shared key generation based on dual clocks |
US11509463B2 (en) | 2020-05-31 | 2022-11-22 | Daniel Chien | Timestamp-based shared key generation |
US11677754B2 (en) | 2019-12-09 | 2023-06-13 | Daniel Chien | Access control systems and methods |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6665702B1 (en) * | 1998-07-15 | 2003-12-16 | Radware Ltd. | Load balancing |
KR100353892B1 (en) * | 2001-02-19 | 2002-09-28 | 주식회사 파워콤 | A Multi Internet Service Provider System and a Method |
US7065072B1 (en) * | 2001-12-28 | 2006-06-20 | Cisco Technology, Inc. | Method and system for providing telecommunication services by a plurality of service providers |
US6785265B2 (en) * | 2002-07-08 | 2004-08-31 | Sbc Properties, L.P. | Ethernet-based digital subscriber line methods and systems |
US7471684B2 (en) * | 2004-10-21 | 2008-12-30 | International Machines Corporation | Preventing asynchronous ARP cache poisoning of multiple hosts |
US20080181240A1 (en) * | 2007-01-30 | 2008-07-31 | At&T Knowledge Ventures, L.P. | System and method of CPE stored data collection |
US8977750B2 (en) * | 2009-02-24 | 2015-03-10 | Red Hat, Inc. | Extending security platforms to cloud-based networks |
CN107465529B (en) * | 2016-06-06 | 2022-07-12 | 中兴通讯股份有限公司 | Client terminal equipment management method, system and automatic configuration server |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5600633A (en) * | 1995-02-24 | 1997-02-04 | Lucent Technologies Inc. | Wireless telecommunication base station for integrated wireless services with ATM processing |
US5790548A (en) * | 1996-04-18 | 1998-08-04 | Bell Atlantic Network Services, Inc. | Universal access multimedia data network |
US5828666A (en) * | 1995-08-17 | 1998-10-27 | Northern Telecom Limited | Access to telecommunications networks in multi-service environment |
US5923655A (en) * | 1997-06-10 | 1999-07-13 | E--Net, Inc. | Interactive video communication over a packet data network |
US6084892A (en) * | 1997-03-11 | 2000-07-04 | Bell Atlantic Networks Services, Inc. | Public IP transport network |
US6304578B1 (en) * | 1998-05-01 | 2001-10-16 | Lucent Technologies Inc. | Packet routing and queuing at the headend of shared data channel |
-
2000
- 2000-09-08 US US09/657,947 patent/US6888834B1/en not_active Expired - Fee Related
-
2004
- 2004-09-29 US US10/954,728 patent/US20050047355A1/en not_active Abandoned
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5600633A (en) * | 1995-02-24 | 1997-02-04 | Lucent Technologies Inc. | Wireless telecommunication base station for integrated wireless services with ATM processing |
US5828666A (en) * | 1995-08-17 | 1998-10-27 | Northern Telecom Limited | Access to telecommunications networks in multi-service environment |
US5790548A (en) * | 1996-04-18 | 1998-08-04 | Bell Atlantic Network Services, Inc. | Universal access multimedia data network |
US6084892A (en) * | 1997-03-11 | 2000-07-04 | Bell Atlantic Networks Services, Inc. | Public IP transport network |
US5923655A (en) * | 1997-06-10 | 1999-07-13 | E--Net, Inc. | Interactive video communication over a packet data network |
US6304578B1 (en) * | 1998-05-01 | 2001-10-16 | Lucent Technologies Inc. | Packet routing and queuing at the headend of shared data channel |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170272923A1 (en) * | 1999-04-21 | 2017-09-21 | Commscope Technologies Llc | Architecture for signal and power distribution in wireless data network |
US8824457B2 (en) | 1999-04-21 | 2014-09-02 | Adc Telecommunications, Inc. | Architecture for signal and power distribution in wireless data network |
US20050018655A1 (en) * | 1999-04-21 | 2005-01-27 | Opencell, Inc. | Architecture for signal and power distribution in wireless data network |
US7969965B2 (en) * | 1999-04-21 | 2011-06-28 | Lgc Wireless, Inc. | Architecture for signal and power distribution in wireless data network |
US9674678B2 (en) | 1999-04-21 | 2017-06-06 | Commscope Technologies Llc | Architecture for signal and power distribution in wireless data network |
US20110216751A1 (en) * | 1999-04-21 | 2011-09-08 | Lgc Wireless, Inc. | Architecture for signal and power distribution in wireless data network |
US10142813B2 (en) * | 1999-04-21 | 2018-11-27 | Commscope Technologies Llc | Architecture for signal and power distribution in wireless data network |
US8379569B2 (en) | 1999-04-21 | 2013-02-19 | Adc Telecommunications, Inc. | Architecture for signal distribution in wireless data network |
US20020154629A1 (en) * | 2001-04-23 | 2002-10-24 | Michael Lohman | Integrated PMP-radio and DSL multiplexer and method for using the same |
US20060064506A1 (en) * | 2002-04-09 | 2006-03-23 | Mielke Gregory D | Network architecture that supports a dynamic IP addressing protocol across a local exchange bridged network |
US20040174872A1 (en) * | 2003-03-03 | 2004-09-09 | Nokia Corporation | Apparatus and method for performing an address resolution protocol function |
US20040258032A1 (en) * | 2003-06-09 | 2004-12-23 | Kabushiki Kaisha Toshiba | Wireless communication apparatus, communication control program, and communication control method |
US7366180B2 (en) * | 2003-10-08 | 2008-04-29 | Samsung Electronics Co., Ltd. | Hybrid base station transceiver for plural networks |
US20050078618A1 (en) * | 2003-10-08 | 2005-04-14 | Moo-Yeon Woo | Hybrid base station transceiver |
US7607166B2 (en) * | 2004-07-12 | 2009-10-20 | Cisco Technology, Inc. | Secure manufacturing devices in a switched Ethernet network |
US20060010318A1 (en) * | 2004-07-12 | 2006-01-12 | Cisco Technology, Inc. (A California Corporation) | Secure manufacturing devices in a switched Ethernet network |
US20080147779A1 (en) * | 2004-11-30 | 2008-06-19 | Ali Cherchali | Technique for automated MAC address cloning |
US7787455B2 (en) * | 2004-11-30 | 2010-08-31 | Ali Cherchali | Technique for automated MAC address cloning |
US20100274917A1 (en) * | 2004-11-30 | 2010-10-28 | Ali Cherchali | Technique for Automated MAC Address Cloning |
US9124474B2 (en) | 2004-11-30 | 2015-09-01 | At&T Intellectual Property Ii, L.P. | Technique for automated MAC address cloning |
US9912677B2 (en) | 2005-09-06 | 2018-03-06 | Daniel Chien | Evaluating a questionable network communication |
US20070156900A1 (en) * | 2005-09-06 | 2007-07-05 | Daniel Chien | Evaluating a questionable network communication |
US9015090B2 (en) | 2005-09-06 | 2015-04-21 | Daniel Chien | Evaluating a questionable network communication |
US8621604B2 (en) * | 2005-09-06 | 2013-12-31 | Daniel Chien | Evaluating a questionable network communication |
US9674145B2 (en) | 2005-09-06 | 2017-06-06 | Daniel Chien | Evaluating a questionable network communication |
US20070220605A1 (en) * | 2006-03-15 | 2007-09-20 | Daniel Chien | Identifying unauthorized access to a network resource |
US8214899B2 (en) | 2006-03-15 | 2012-07-03 | Daniel Chien | Identifying unauthorized access to a network resource |
US20100110894A1 (en) * | 2006-09-21 | 2010-05-06 | Tollgrade Communications, Inc. | Automatic provisioning of a remote test head of a combined ip/telephony/cable network |
WO2008036723A2 (en) * | 2006-09-21 | 2008-03-27 | Tollgrade Communications, Inc. | Automatic provisioning of a remote test head of a combined ip/telephony/cable network |
WO2008036723A3 (en) * | 2006-09-21 | 2008-08-21 | Tollgrade Communications Inc | Automatic provisioning of a remote test head of a combined ip/telephony/cable network |
US10084791B2 (en) | 2013-08-14 | 2018-09-25 | Daniel Chien | Evaluating a questionable network communication |
US10382436B2 (en) | 2016-11-22 | 2019-08-13 | Daniel Chien | Network security based on device identifiers and network addresses |
US10542006B2 (en) | 2016-11-22 | 2020-01-21 | Daniel Chien | Network security based on redirection of questionable network access |
US11188622B2 (en) | 2018-09-28 | 2021-11-30 | Daniel Chien | Systems and methods for computer security |
US10848489B2 (en) | 2018-12-14 | 2020-11-24 | Daniel Chien | Timestamp-based authentication with redirection |
US10826912B2 (en) | 2018-12-14 | 2020-11-03 | Daniel Chien | Timestamp-based authentication |
US11677754B2 (en) | 2019-12-09 | 2023-06-13 | Daniel Chien | Access control systems and methods |
US11509463B2 (en) | 2020-05-31 | 2022-11-22 | Daniel Chien | Timestamp-based shared key generation |
US11438145B2 (en) | 2020-05-31 | 2022-09-06 | Daniel Chien | Shared key generation based on dual clocks |
Also Published As
Publication number | Publication date |
---|---|
US6888834B1 (en) | 2005-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6888834B1 (en) | System and method for providing wireless internet services | |
US9112725B2 (en) | Dynamic VLAN IP network entry | |
US8875233B2 (en) | Isolation VLAN for layer two access networks | |
US9756682B2 (en) | Method and system for partitioning wireless local area network | |
US5684800A (en) | Method for establishing restricted broadcast groups in a switched network | |
US7835370B2 (en) | System and method for DSL subscriber identification over ethernet network | |
US9407495B2 (en) | Combining locally addressed devices and wide area network (WAN) addressed devices on a single network | |
EP1748603B2 (en) | A transmission method for message in layer 2 and an access device | |
KR101151080B1 (en) | Method for exchanging packets of user data | |
WO2011069419A1 (en) | Method, device and system for processing ipv6 messages | |
WO2007124679A1 (en) | Method and system of network communication | |
WO2011107052A2 (en) | Method and access node for preventing address conflict | |
US7570647B2 (en) | LAN type internet access network and subscriber line accommodation method for use in the same network | |
US20100142523A1 (en) | Method for automatically providing a customer equipment with the correct service | |
EP2073506B1 (en) | Method for resolving a logical user address in an aggregation network | |
KR20040011936A (en) | Switching apparatus for ethernet having a plurality of vlans and communication method by using same | |
Jeon et al. | Transmission of IP over Ethernet over IEEE 802.16 Networks | |
JP2003078548A (en) | Subscriber wireless access system | |
JP2004104709A (en) | Access network system | |
US20060064506A1 (en) | Network architecture that supports a dynamic IP addressing protocol across a local exchange bridged network | |
JP3418342B2 (en) | Group communication device and method | |
JPH11341036A (en) | Group communication equipment | |
Jeon et al. | RFC 5692: Transmission of IP over Ethernet over IEEE 802.16 Networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |