US20050047355A1

Movatterモバイル変換

Info

Publication number: US20050047355A1
Application number: US10/954,728
Authority: US
Inventors: Scott Wood; Daniel Roady; Shane Ramey
Original assignee: Keyon Communications Inc
Current assignee: Keyon Communications Inc
Priority date: 1999-09-10
Filing date: 2004-09-29
Publication date: 2005-03-03
Also published as: US6888834B1

Abstract

An embodiment of the present invention comprises a wireless communication network topology having a wireless head end coupled to multiple Internet Service Providers, which are in turn coupled to the Internet. In addition, the topology features a radio transceiver in a tower coupled to the wireless head end via an Ethernet switch for sending and receiving data to and from customer premise equipment, which in turn is coupled to a host computer or a network of host computers. The wireless head end may perform traffic control and forwarding operations for data received from the Network Service Providers and the host computer(s). The wireless head end may also perform security measures to ensure that only messages from valid host computers are forwarded to the Network Service Providers. The customer premise equipment can assign a private IP address range to the computer(s) and perform network address translation.

Description

PRIORITY REFERENCE TO PRIOR APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 09/657,947, which claims benefit of provisional patent application Ser. No. 60/153,299, entitled “BroadLink Communications Wireless Router CPE,” filed on Sep. 10, 1999, by inventors Wood and Roady, both of which are hereby incorporated by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to computer networks, and more particularly provides a system and method for using wireless routing to connect customers to internet service providers.

2. Description of the Background Art

FIG. 1 is a block diagram illustrating a priorart DSL network100.DSL network100 includesmultiple servers102 coupled via acomputer network104 tomultiple ISPs106. EachISP106 is in turn coupled via virtual customer circuits110 to an ATM cloud112 (e.g., AT&T, Sprint, etc.). TheATM cloud112 is in turn coupled viavirtual paths114 to a DSL access multiplexer (DSLAM)116 (e.g., Pacific Bell, Covad, Northpoint, etc.). The DSLAM116 is in turn coupled viaphone pairs118 tosubscribers120.

The DSLAM116 manages traffic betweenmultiple ISPs106 andmultiple subscribers120, and manages non-overlapping virtual customer circuits110 with theISPs106. Although the virtual customer circuits110 may share the same physical line, the DSLAM116 enables traffic to be sent from eachindividual subscriber120 over the virtual customer circuits110 to theappropriate ISP106. Similarly, theISPs106 can viewsubscribers120 as individual virtual customer circuits110. Every packet being sent to or from thesubscriber120 from or to the connectedISP106 includes a virtual path identifier (VPI) and a virtual circuit identifier (VCI). A VPI/VCI pair identifies the permanent virtual circuit (PVC) over which the traffic is sent.

A message is kept secure by virtue of the network. That is, whenever asubscriber120 transmits or receives a message, the message goes straight to theDSLAM116. Because the phone pairs are physically separate,other subscribers120 cannot read the message. Similarly, when the DSLAM116 communicates upward, the messages are maintained logically separate, and thusother subscribers120 still cannot read the message.

FIG. 2 is a block diagram illustrating an exampleprior art subscriber200.Prior art subscriber200 includes aDSL modem202 coupling thephone pair118 to Ethernet204. The Ethernet204 is coupled via an intranet to one ormore computers206. In theDSL network100, theDSL modem202 is referred to as the “customer premise equipment” or “CPE.” It will be appreciated that, in the Ethernet-shared network, each of thecomputers206 within the intranet typically receive and can read each others messages.

For example,FIG. 3 is a block diagram illustrating a prior art Ethernet-shared LAN (intranet)300. Theintranet300 includes a singlecoaxial cable302 with all these computers1.1-1.254 connected thecable302. Each computer has an interface card that identifies the media access control (MAC) address. When a computer1.1-1.254 sends a message, every other computer1.1-1.254 receives that message. Every other computer1.1-1.254 uses the MAC address to determine whether that message was intended for it. A unicast message is addressed to a single computer. A broadcast message is addressed to all stations that are listening. Every station listens to two MAC addresses, namely, a unique dedicated MAC address and a broadcast MAC address. For example, a computer sends a broadcast message when a user goes to “Network Neighborhood.” In this example, responses to the broadcast message enable the sending computer to illustrate thenetwork300. Although broadcast messages are inefficient, they provide an easy technique for gathering information in a shared environment.

Eachintranet300 has a range of IP addresses assigned to it and has tables that identify these addresses. In this example, the IP addresses within theintranet300 are shown as 1.x addresses. The IP addresses outside the intranet are x.x addresses. To send a message, e.g., a unicast single address message, to another computer within theintranet300, a computer1.1-1.254 uses the 1.x address. To send a message outside theintranet300, i.e., to thecomputer network104, e.g., the internet, either the computer1.1-1.254 transmits the message to the x.x address and the CPE1.254 recognizes the x.x address as not within theintranet300, or the sending computer1.1-1.254 recognizes the x.x address as not within theintranet300 and addresses the message directly to the CPE1.254. In either case, the CPE1.254 transmits the message tophone pair118. It will be appreciated that, to locate the address of the CPE1.254, the sending computer may transmit a broadcast message to locate the IP address of the CPE1.254.

FIG. 4 is a block diagram illustrating an example priorart cable network400. Priorart cable network400 includes aserver102 coupled via acomputer network104 to acable head end402. Thecable head end402 is coupled viafiber cables404 to

subscribers

410,412 and414. A security concern with thecable network400 is that, when one of the

subscribers

410,412 or414 transmits a message, the rest of the

subscribers

410,412 and414 receive and can read the message. A restriction of thecable network400 is that all

subscribers

410,412 and414 connected to thehead end402 must be connected to the same ISP, typically, the same party as the cable service provider. In the case where the cable service provider is also the ISP, the cable provider must be responsible for running the cable and for providing internet services.

In any of the networks identified above with reference toFIGS. 1-4, IP routing interconnects the different network segments. Each IP address is limited to a particular size, e.g., 32 bits. Part of the IP address identifies the network, and part of the address identifies the computer within the network. The address can be split to make few huge networks or several little ones. The first and the last IP address typically have special meanings. For example, the first address typically identifies the network access device (e.g., CPE1.254), and the last address typically identifies a broadcast message. Although a system of fewer networks, each with a larger customer base, is more cost effective, it is often less secure. On the other hand, a system of many networks, each with a small customer base, is more secure but inefficient with address use and network management needs.

SUMMARY

An embodiment of the present invention provides a system for a data network system to securely and efficiently connect multiple ISPs to subscribers across a shared medium high-speed wireless network and delivery infrastructure. The system enables translation, filtration, identification and transmission of data from one or more computers or networks of computers to one or more than one ISP.

An embodiment of the present invention comprises a wireless communication network topology having a wireless head end coupled to multiple Internet Service Providers, which are in turn coupled to the Internet. In addition, the topology features a radio transceiver in a tower coupled to the wireless head end via an Ethernet switch for sending and receiving data to and from customer premise equipment, which in turn is coupled to a host computer or a network of host computers.

The wireless head end has a traffic control/forwarding engine for controlling, receiving and forwarding signals to and from the Network Service Providers and the Ethernet switch. The traffic control/forwarding engine maintains an ARP table and a ATM SIP table in a memory device of the wireless head end. The traffic control/forwarding engine further performs security operations to verify that signals from the host computer or computers are valid.

The customer premise equipment is coupled to the host computer or network of host computers via aCategory 5 UTF Ethernet cable and includes a radio transceiver for transmitting and receiving information to and from an antenna. The customer premise equipment further includes a single board computer coupled to the host computer or the network of host computers and to the transceiver for processing data coming from or going to the Network Service Providers. The customer premise equipment is powered by a power inserter coupled to a power module, which draws power from a power source through an AC/DC converter. The customer premise equipment can assign a private range of IP addresses to the host computer(s) and can perform network address translation. Further, the customer premise equipment can operate inLayer 2³mode.

Additional features, advantages, and details will be apparent from the drawings and detailed description as set forth below.

The system and method may advantageously enable wireless connections to multiple ISPs. The system and method may also enable connections to the internet without having wire running underground, in a conduit, or on a utility pole. The system and method may further enable a significantly less expensive infrastructure than wired counterparts. The system and method may still further enable flexible and efficient allocation of IP addresses to subscribers and prevent any subscriber from detecting or intercepting messages to other subscribers. The system and method may also enable ISPs to use existing off-the-shelf equipment intended to service subscribers connected via DSL to service subscribers connected via the wireless network infrastructure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a prior art DSL network;

FIG. 2 is a block diagram illustrating an example prior art subscriber;

FIG. 3 is a block diagram illustrating a prior art Ethernet-shared LAN (intranet);

FIG. 4 is a block diagram illustrating an example prior art cable network;

FIG. 5 is a block diagram illustrating a wireless network system in accordance with an embodiment of the present invention;

FIG. 6 is a block diagram illustrating details of a radio-to-subscriber portion of the wireless network system;

FIG. 7 is a block diagram illustrating details of the wireless head end of the wireless network system;

FIG. 8 is a block diagram illustrating details of a CPE of the wireless network system;

FIG. 9 is a block diagram illustrating details of a tower;

FIG. 10 is a block diagram illustrating a wireless network system in accordance with another embodiment of the present invention;

FIG. 11 is a table including a combined address resolution protocol (ARP) table identifying MAC address to IP address correspondence and an ATM source IP (SIP) table identifying IP address to ATM PVC identifier correspondence;

FIG. 12 is a flowchart illustrating a method of receiving a frame from a subscriber by the wireless head end;

FIG. 13 is a flowchart illustrating a method of receiving a message from the ATM PVC by the wireless head end;

FIGS.14A-G are a flowchart illustrating a method of processing by the single board computer of the CPE; and

FIG. 15 is a block diagram illustrating a computer system in accordance with a first embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The following description is provided to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application and its requirements. Various modifications to the embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles, features and teachings disclosed.

FIG. 5 is a block diagram illustrating awireless network system500 in accordance with an embodiment of the present invention. Thewireless network system500 includesservers502 coupled via acomputer network504 to ISP506 (“ISP A”) and to ISP508 (“ISP B”).ISP506 is coupled via virtual path510 (“VPI_A”), e.g., ATM or Ethernet, towireless head end514.ISP508 is coupled via virtual path512 (“VPI_B”), e.g., ATM or Ethernet, to thewireless head end514. Thewireless head end514 is coupled viaEthernet516 to antthernet switch518. TheEthernet switch518 is coupled viatower520 andother towers524 toradio526.Radio526 is coupled via an RF signal tosubscribers528. The Ethernet switch is also coupled viatower522 toradio530, which is in turn coupled via an RF signal tosubscribers532. One skilled in the art will recognize that, although the connection between thewireless head end514 and the

towers

520 and522 are shown as a wired Ethernet connection, other connections, whether wired or wireless, may alternatively be used. It will be appreciated that thewireless head end514 simulates a traditional DSLAM when connected via ATM interface.

In accordance with an embodiment of the present invention, any message received from one of the

subscribers

528 or532, whether broadcast or unicast, is only allowed to be transmitted to a “higher” node. Accordingly, the

subscriber

528 or532 transmits the message to a

radio

526 or530, which transmits the message successively to the next higher node, e.g.,

tower

520,522 or524, which transmits the message to theEthernet switch518.Ethernet switch518 in turn transmits the message to thewireless head end514, which in turn transmits the message onward to the intended recipient.

Subscribers

528 or532 cannot communicate directly with each other. Only thewireless head end514 or an ISP router can return a message back down to the

subscribers

528 or532.

All the distribution nodes (e.g., towers, radios, etc.) record the MAC address and the originating port of a request coming from a

subscriber

528,532 and transmit that message, whether unicast or broadcast, out the port designated as its backhaul or uplink port. All backhaul or uplink ports are configured, using VLAN (virutal LAN) technology in the switches, to provide the most direct path to the wireless head-end. Accordingly, when a distribution node sees a response intended for a particular subscriber,528,532, i.e., with the subscriber's MAC address as the destination in the frame, the distribution node knows the port that services that subscriber and transmits it out only that port. If the subscriber's MAC address has not yet been recorded by the switch, the message is sent out all ports to ensure the subscriber will receive it. This technique provides efficient broadcast and unicast traffic control in both the upstream and downstream directions. The switches in all the distribution equipment operate only on source and destination MAC addresses and have no knowledge of the IP addresses being used.

A security concern with this approach is that if a malicious subscriber were to discover the MAC address of another subscriber, he could transmit messages with the source MAC of the unknowing subscriber and cause the switches to transmit replies to the wrong port, resulting in the malicious user denying access to and/or intercepting messages intended for the unknowing subscriber. To avoid this, the CPE to which the subscriber is connected through replaces the source MAC address of any message sent to the wireless network with its own radio's MAC address. Accordingly, if someone tries to abuse the system deliberately, for example, by getting a neighbor's station address and attempting to send out a message, the CPE would simply replace it with its own valid MAC address and prevent any attack of this nature. The CPE also stores a table of IP address to MAC address mappings, similar to ARP but learned passively for each message sent, so it knows how to rewrite the response so the appropriate subscriber's computer receives it. The above behavior is known as prior art to exist in network devices operating as routers, which is a mode the CPE can operate in. This is true as well when using Masquerading or Network Address Translation, as the device operates as a router for those functions. This behavior is not consistent with devices operating as ethernet bridges.

FIG. 6 is a block diagram illustrating details of a radio-to-subscriber portion (referred to herein as the “last block”)550 of thewireless network system500.Last block550 includesradio transceiver530 coupled via anRF signal605 tosubscribers532. Eachsubscriber532 includes aCPE610 coupled to an internal network (intranet)615. Theintranet615 includes a set ofhosts620 coupled together according to an intranet topology.

As shown,subscribers532 include

CPEs

1B,2A,3B,4B,5A,6B,7C and8X. For simplicity, the letter identifier identifies the

ISP

506,508 to which theCPE610 is connected. That is, all users ofCPEs610 having the letter identifier “A” subscribe toISPA506, all users ofCPEs610 having the letter identifier “B” subscribe to ISPB508, and all users ofCPEs610 having the letter identifier “X” subscribe to ISPX (not shown). Details of anexample CPE610 are described with reference toFIG. 8. Details of anexample host620 are described with reference toFIG. 17. Methods of transmitting information between theradio transceivers530 and thesubscribers532 are described in greater detail with reference toFIGS. 11-16.

FIG. 7 is a block diagram illustrating details of thewireless head end514 of thewireless network system500.Wireless head end514 includes a processor705 (such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor), temporary memory710 (such as RAM), permanent memory715 (such as a magnetic disk), aserial port720, anATM interface725 coupled to the virtual channels512, an Ethernet interface coupled toEthernet516, each coupled to thecommunications channel750.

Thewireless head end514 also includes a traffic control/forwarding engine735. Theengine735 includes software, hardware and/or firmware that receives messages (e.g., requests, data, etc.) from either thevirtual paths510 or512 or from theEthernet516 and forwards the messages respectively toEthernet516 or tovirtual paths510 or512. The traffic control/forwarding engine735 maintains SIP (Source IP) and ARP tables, such as those described with reference toFIG. 11. The traffic control/forwarding engine735 follows procedures such as those described with reference toFIGS. 12-15.

Thecommunications channel750 may be coupled to a computer network such ascomputer network504 or the wide-area network commonly referred to as the Internet. One skilled in the art will recognize that, although thetemporary memory710 andpermanent memory715 are illustrated as separate components of the same computer, they can be portions of the same physical memory device or distributed units. Thewireless head end514 may also include additional information or components, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc. One skilled in the art will also recognize that the programs and data may be received by and stored in the system in alternative ways. For example, a computer-readable storage medium (CRSM)reader740 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to thecommunications channel750 for reading a computer-readable storage medium (CRSM)745 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc. Accordingly, thewireless head end514 may receive programs and data via theCRSM reader740. Further, it will be appreciated that the term “memory” herein is intended to cover all data storage media whether permanent or temporary.

FIG. 8 is a block diagram illustrating details of aCPE800 of thewireless network system500. TheCPE800 includes anantenna805, coupled to a data processing “black”box810, which is in turn is coupled to apower inserter815. Thepower inserter815 is coupled to an AC/DC converter820, which is coupled to apower source823. Thepower inserter815 is further coupled via CAT5 (Ethernet) to theinternal hosts620.

Theblack box810 includes a radio transceiver (PCMCIA)component825 transmits and receives information to and from theantenna805 and to and from thehosts620. Thepower module830 is coupled via CAT5 to thepower inserter815. Theblack box825 further includessingle board computer835 that processes data coming from or going to the outside network.

Thepower inserter815 andpower module830 provide power to theradio transceiver825 and to thesingle board computer835. Because of thepower module830 andpower inserter815, a separate power line need not be connected. Thepower module830 andpower inserter815 provide flexibility in the placement of theantenna805, which is critical to the quality of the connection and connectability of asubscriber532. It will be appreciated that some antenna locations may prove to be difficult to run normal power.

Signal coming in through the antenna is transmitted to theradio transceiver825, which processes the signal into data and forwards the data to thesingle board computer835. Thesingle board computer835 processes the data, and transmits it to thepower module830, which extracts power from the data line that it comes in. Wherever the data needs to go, thepower module830 sources the power into the data part.

In the current implementation, thesingle board computer835 uses Linux's masquerading feature. The masquerading feature essentially restricts the IP addresses of internal hosts600 to those within a private address range not Internet routable. Thesingle board computer835 performs IP address translation by replacing an ISP's address with its address and by replacing a host computer's addresses with its address. By using masquerading, theCPE800 effectively hides all computers and addresses behind its address. Computers outside the internal network see only more traffic to and from this CPE's IP address (with different port numbers). As is known in the art, a port number identifies the program on the host600 that requested that piece of information. It is well known that the use of Masquerading restricts the use of applications which transmit IP information in the data payload of an IP packet, or applications for which a remote server connects to a port on the Masqueraded client which was not previously transmitted through the Masquerading firewall.

Additionally the CPE has a hybrid bridge-router mode, dubbed Layer2³, which allows bridging of certain configured IP addresses in a manner which prevents many security problems that exist using standard bridging technology on a network with multiple customer and ISP entities. In this mode, the CPE operates the customer-side ethernet interface in promiscuous mode, receiving all frames to all stations on the intranet, and determines to transmit them to the ISP using a specific combination of IP address filtering, MAC address filtering, rewriting of ARP request and reply messages, ARP request generation and ARP reply generation in accordance with the processes described inFIG. 14. Since the IP and MAC addresses of the ISP's router differ from the IP and MAC addresses assigned to the customer-side interface of the CPE, Masquerading and NAT can work simultaneously with the use of Layer2³employed by the CPE, allowing bridging of certain IP addresses and Masquerading of others.

FIG. 9 is a block diagram illustrating details of atower900.Tower900 includes coolingfans905, a radiopower inserter switch910, asurge suppressor915, a network monitoring server920, an Itouch OptiSwitch800 (i.e., the traffic controller portion), an environmental manager930 and anAPC SmartUPS2200935, mounted on anequipment rack940.

FIG. 10 is a block diagram illustrating a wireless network system1000, in accordance with another embodiment of the present invention.

FIG. 11 is a combined table1100 containing an address resolution protocol (ARP) table1105 identifying MAC address to IP address correspondence and an ATM source IP (ATM SIP) table1110 identifying IP address to ATM PVC identifier correspondence. For simplicity, the ARP table1105 and ATM SIP table1110 are being illustrated as a single table, although they typically are two independent tables.

FIG. 12 is a flowchart illustrating amethod1200 by thewireless head end514 of handling a message (frame) received from asubscriber528/532.Method1200 begins with the wireless head end415 instep1205 receiving a frame from theEthernet516. Thewireless head end514 instep1210 checks whether the IP address is in its ATM SIP table1110. If not, then thewireless head end514 instep1215 discards the frame (as an invalid subscriber), andmethod1200 ends. If so, then the wireless head end in step1220 determines if the IP address is in the ARP table1105. If not, then thewireless head end514 instep1230 assumes the IP address is a new entry, instep1235 records the MAC address (i.e., whatever MAC address was used to send the message) in the ARP table for all entries having the same ATM PVC identifier in the ARM SIP table1110, and proceeds to step1240. Thewireless head end514 can add the MAC address for all IP addresses since thesystem500 uses MAC address multiplexing (or MAC address translation), i.e., the function theCPE610 performs by substituting its MAC address for the MAC address of thehost620. If thewireless head end514 has the entry in the ARP table1105, then thewireless head end514 instep1225 determines whether the MAC addresses match. If not, thenmethod1200 jumps to step1215 to discard the frame. If so, thenmethod1200 proceeds to step1240. Instep1240, thewireless head end514 retrieves the ATM PVC identifier upon which to send the frame, and instep1245 sends the frame to the appropriate ISP.Method1200 then ends. An alternate embodiment could have the wireless head end learn a new source MAC address and source IP address in its ARP table every time a frame is received.

It will be appreciated that the above-describedmethod1200 provides fast, low overhead provisioning. Themethod1200 enables adding hosts620 (e.g., particular desktops) to thesystem500 without going through a repetitive tedious manual process, especially since the CPE can automatically assign the correct IP addresses via DHCP when using tha masquerading feature. More particularly, the ATM SIP table1110 is set up in advance, preferably manually. Essentially, when a new ISP is being added, the new ISP assigns a range of IP addresses. An ATM PVC is assigned to each or several of those IP addresses, and the IP addresses and assigned ATM PVC are added to the ATM SIP table1110. As a security measure, if there is more than one IP address associated with an ATM PVC and if a frame arrives that does not have an entry in the ARP table1105, then thewireless head end514 can make sure that none of the IP addresses associated with the particular ATM PVC have been used before. This is to prevent more than one subscriber or CPE from using different IP addresses assigned to the same PVC.

In the case where there is only onehost620 behindCPE610, there should only be one IP address in the ATM SIP table1110 mapped to an ATM PVC. In the case where there aremultiple hosts620 in an intranet behind aCPE610, then there should be multiple IP addresses. However, since the hosts are considered the “same” customer, they should go to the same PVC.

It should also be mentioned that thesystem500 enables transmission of messages from aCPE610 to thewireless head end514 using a predefined, most efficient path. Accordingly, thesystem500 enables responsive messages to be transmitted via the same, most efficient path. Since thesystem500 is built in a tree-like topology, each node (e.g.,wireless head end514,

towers

520,522,524,

radios

526,528,

subscribers

528,532, etc.) knows which port a feed is coming in on. The intermediary nodes (e.g., towers520,522,524,

radios

526,528, etc.) record, for eachCPE610, which port the message came out. Accordingly, when the intermediary nodes receive responsive messages from thewireless head end514, each

tower

520,522,524 has a record of the most efficient path.

The

towers

520,522,524 (switches) are programmed to deliver all messages fromCPEs610 only to thewireless head end514. The

towers

520,522,524 need only know whichdirection CPEs610 are and which direction thewireless head end514 is. Similarly, any intermediary (leaf) node (e.g., tower or radio) can only originate messages to thewireless head end514. The intermediary nodes cannot send information directly to any other nodes (e.g., towers, radios, subscribers, etc.).

FIG. 13 is a flowchart illustrating amethod1300 by thewireless head end514 of handling a message from an ISP.Method1300 begins with thewireless head end514 instep1305 receiving a message from theATM PVC510 or512. Thewireless head end514 instep1310 determines whether the message is of type ARP (e.g., unknown host) or type IP (e.g., normal message). If the message is type ARP, then thewireless head end514 instep1315 determines if the MAC address corresponding to the IP address contained in the message is in the ARP table1105. If the MAC address is identified, then thewireless head end514 instep1320 sends a response identifying the host's MAC address back to the inquiring

ISP

506 or508. If an entry is not in either table1110 or1105, then thewireless head end514 instep1320 forwards a broadcast message to theEthernet516.

The case where someone sets up ahost620 andCPE610 and has not sent any messages to the Internet before someone else attempts to send a message to thishost620 orCPE610 is unlikely. In addition to the broadcast option described above, other options exist to care for this case. As one alternative option, thewireless head end514 can wait until theCPE610 orhost620 sends an outgoing message, can fill in the MAC addresses in the ARP table1110, and then can forward the incoming messages to the host. As another alternative option, thewireless head end514 can discard the incoming messages. In some embodiments, an

ISP

506 or508 that cannot find a MAC address sends a broadcast ARP message down all itsATM PVCs510 or512. The receivingCPE610 will apply some filtering of source IP and source MAC address to determine if the message came from its assigned ISP and for an address within the right range, as described in FIGS.14A-G. The appropriate host receives that message and replies with the appropriate MAC address. It will be appreciated that, in a typical LAN, different IP addresses have different MAC addresses. However, in the present scenario, many IP addresses use the same MAC address.

If the message is type IP, then thewireless head end514 instep1330 uses the ATM SIP table1110 to determine whether the IP address identified in the message comes from the

correct ISP

506 or508. If not, then thewireless head end514 proceeds to step1325 to respond to the

ISP

506 or508 that the message is incorrectly addressed. If the IP address corresponds to the

ISP

506 or508, thewireless head end514 instep1335 checks the ARP table1105 for the MAC address. If the IP address is not in the ARP table1105, thewireless head end514 instep1340 sends a broadcast to discover which hosts620 are on connected and what MAC addresses they have, and adds the entry to the ARP table1105.Method1300 then proceeds to step1320 to forward the message.

FIGS.14A-G are a flowchart illustrating a method of processing messages by the single board computer of the CPE.

FIG. 15 is a block diagram illustrating anexample computer system1500 that exemplifies details ofserver502 and hosts620. Thecomputer system1500 includes aprocessor1505, such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor, coupled to a communications channel1510. Thecomputer system1500 further includes aninput device1515 such as a keyboard or mouse, anoutput device1520 such as a cathode ray tube display, acommunications interface1525,permanent memory1530 such as a magnetic disk, and workingmemory1535 such as Random-Access Memory (RAM), each coupled to the communications channel1510. The communications channel1510 may be coupled to a network such as the wide-area network commonly referred to as the Internet. One skilled in the art will recognize that, although thepermanent memory1530 and workingmemory1535 are illustrated as components within a single computer, thepermanent memory1530 and workingmemory1535 can be distributed units.

One skilled in the art will recognize that thesystem1500 may also include additional information, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc. One skilled in the art will also recognize that the programs and data may be received by and stored in the system in alternative ways. For example, a computer-readable storage medium (CRSM)reader1540 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to the communications bus1510 for reading a computer-readable storage medium (CRSM)1545 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc. Accordingly, thesystem1500 may receive programs and data via theCRSM reader1540. Further, it will be appreciated that the term “memory” herein is intended to cover all data storage media whether temporary or permanent.

The foregoing description of the preferred embodiments of the present invention is by way of example only, and other variations and modifications of the above-described embodiments and methods are possible in light of the foregoing teaching. Although the network sites are being described as separate and distinct sites, one skilled in the art will recognize that these sites may be a part of an integral site, may each include portions of multiple sites, or may include combinations of single and multiple sites. Further, components of this invention may be implemented using a programmed general purpose digital computer, using application specific integrated circuits, or using a network of interconnected conventional components and circuits. All wired connections may be wired, wireless, modem, etc. All wireless connections are preferably wireless. The embodiments described herein are not intended to be exhaustive or limiting. The present invention is limited only by the following claims.

Claims

1. A wireless communications network, comprising:

customer premises equipment to securely provide access by multiple internet service providers to multiple subscriber entities, each of which utilizes a customer premises equipment unit, across a shared/switched ethernet delivery infrastructure using techniques which allow but do not require the use of IP routing or encapsulation of customer transmitted data, and presenting the network capabilities and interfaces to both the subscriber and the ISP resembling that of a DSL network.