JAERVIRANTA JUHA-MATTI (FI)
ALA-LUUKKO SAMI (FI)
KORHONEN JOUNI (FI)
JAERVIRANTA JUHA-MATTI (FI)
ALA-LUUKKO SAMI (FI)
| WO2002058336A2 | 2002-07-25 | |||
| WO2004073237A2 | 2004-08-26 |
| US20040196812A1 | 2004-10-07 |
| 1. | A system, which comprises one or more wireless local area networks (110, 120, 130, 140) as well as a base station (160) of a wireless local area network, which base station (160) is shared by said one or more wireless local area networks (110, 120, 130, 140) in such a manner that the base station (160) is arranged to route traffic for said one or more wireless local area networks (110, 120, 130, 140) by means of a virtual base station function arranged in said one base station (160), which virtual base station function comprises a virtual base station corresponding to each said one or more networks (110, 120, 130, 140), characterized in that said base station (160) is arranged to find the correct virtual base station by comparing the network identifier it has received to virtual base stations by round robin. |
| 2. | The system according to claim 1 , characterized in that said one base station (160) is arranged to route traffic for said one or more wireless networks (110, 120, 130, 140) based on the network identifier of the network in question. |
| 3. | The system according to claim 1 or 2, characterized in that said one base station (160) is arranged to route traffic for said one or more wireless networks (110, 120, 130, 140) based on the base station address of the wireless local area network. |
| 4. | The system according to any of the claims 1 to 3, characterized in that said one base station (160) is arranged to route traffic for said one or more networks (110, 120, 130, 140) based on the network identifier of the wireless local area network. |
| 5. | The system according to any of the claims 1 to 4, characterized in that said one base station (160) is arranged to manage IPSec tunnels (170) corresponding to external networks. |
| 6. | The system according to claim 5, characterized in that said one base station (160) is arranged to direct traffic via a virtual base station to an IPSec tunnel corresponding to it. |
| 7. | The network system according to any of the claims 1 to 6, characterized in that the provider of each said wireless network (110, 120, 130, 140) is arranged to manage the access control of the wireless network in question. |
| 8. | The network system according to any of the claims 1 to 7, characterized in that the wireless network is a WLAN network. |
| 9. | A base station (160) for a wireless local area network in a network system, which comprises one or more wireless local area networks (110, 120, 130, 140), which base station (160) is arranged to be shared by each wireless local area network (110, 120, 130, 140) in such a manner that said base station (160) is arranged to route traffic for said one or more wireless local area networks (110, 120, 130, 140) by means of a virtual base station function arranged in said one base station (160), which virtual base station function comprises a virtual base station corresponding to each said one or more networks (110, 120, 130, 140), characterized in that said base station (160) is arranged to find the correct virtual base station by comparing the network identifier it has received to virtual base stations by round robin. |
| 10. | The base station according to claim 9, characterized in that the base station (160) is arranged to route traffic for said one or more wireless local area networks (110, 120, 130, 140) based on the network identifier of the network in question. |
| 11. | The base station according to claim 9 or 10, characterized in that the base station (160) is arranged to route traffic for said one or more wireless local area networks (110, 120, 130, 140) based on the base station address of said wireless local area network. |
| 12. | The base station according to any of the claims 9 to 11 , characterized in that the base station (160) is arranged to manage IPSec tunnels (170). |
| 13. | The base station according to any of the claims 9 to 12, characterized in that in the base station is a WLAN base station for WLAN networks. |
Field of the invention
The present invention relates to a system and a base station for wireless networks.
Background of the invention
Wireless local area networks, such as those based on, for example, WLAN technology, have become more common, thus enabling data transfer of portable devices. Data transfer from a portable device is enabled by means of a wireless network card, which operates as access to a WLAN network. The WLAN arrangement can be implemented temporarily between individual devices, in which case the devices communicate with each other without a specific base station. The WLAN arrangement can also be infrastructural, wherein the devices are connected by one or more base stations to a wired local area network. A network comprising one base station is called BSS (Basic Service Set) and a network comprising several base stations is called ESS (Extended Service Set).
The name of a wireless local area network can be determined by means of a public network identifier, SSID (Service Set Identifier). While BSSID (Basic Service Set Identifier) describes the address of the base station in numerics, the network identifier SSID expresses the name of the network or operator in a character string, such as "OperatorA". This network identifier is used by the devices and base stations of the wireless local area network in question. The wireless local area networks are generally closed operator networks, which means that each network provider has their own network, which also comprises their own base station.
In some environments, such as, for example, public premises, more than one network provider may have an interest in establishing a wireless local area network, in which case the number of network
providers, as well as the number of wireless local area networks in said environment increases. There may also be situations, where one network provider wishes to arrange more than one wireless local area network in one area. In both situations the number of base stations on said area increases as more wireless local area networks are provided.
Dividing one base station for several network providers has in prior art been solved by implementing a partially virtual base station (virtual access point), where from a WLAN base station different WLAN networks (separated by SSID) are brought in a different virtual LAN (VLAN) by tunnelling (L2) to a centralized Access Controller or a router, from where the possible IPSec tunnels (IP Security Architecture) are established for possible network providers. In this kind of VLAN solutions the L2 connection to a centralized point is a significant component, from where connections are distributed further.
Thus, a solution based solely on VLAN functionality may become problematic, because the L2 connections must be "stretched" all the way to the base stations. As a result of this, the division of the base station between different operators may be difficult.
Thus, it seems that prior art lacks such an arrangement, as a result of which the WLAN base station can be divided for several network providers without a virtual LAN. It also seems that the network providers lack the opportunity to implement their own access control without a centralized access controller maintained by one network provider.
Summary of the invention
The present invention is intended for the efficient implementation of public wireless local area networks, such as WLAN networks, in environments, where there are several wireless local area networks offered, as well as possible network operators. The purpose of the invention is to provide one base station, which is divided between different wireless local area networks, as well as a network system,
which comprises one or more wireless local area networks and a base station.
To put it more precisely, the network system is characterized in that said base station is arranged to find the correct virtual base station by comparing the network identifier it has received to virtual base stations with round robin.
The base station is primarily characterized in that said base station is arranged to find the correct virtual base station by comparing the network identifier it has received to virtual base stations with round robin.
When the base station routes the traffic for one or more wireless local area networks, this refers to a two-way traffic, i.e. away from the wireless local area network and towards the wireless local area network.
With the invention, it is possible to avoid such a situation where one area comprises several wireless local area networks and several operators, each one of which wireless local area networks comprises at least one base station, because one base station can be divided between several operators and several wireless local area networks.
With the invention, dividing one local area network base station between different local area networks and operators is efficient and the routing onwards from the base station becomes more sensible. The invention enables the establishment of one or more IPSec tunnels all the way to the base station and routing of the traffic based on network identifiers. The fact that the traffic can be directed directly from the base station to the IPSec tunnels enables the base station to be a part of the routing IP network, and not in direct L2 connection with the centralized access controller. The invention is applicable, inter alia, for a WLAN network environment.
Description of the drawings
The invention will be described in more detail with reference to the appended drawing, in which
Fig. 1 shows an example of dividing a base station between different networks.
Detailed description of the invention
Figure 1 shows an example of a network arrangement, where traffic is routed via a base station to external networks and back based on the network identifiers of wireless networks, such as SSID. In addition to the network identifier support that base station also supports several base station addresses, such as BSSID (generally an MAC address) at the wireless local area network side. The network arrangement comprises, for example, wireless local area networks 110, 120, 130, 140 and devices 101 , 102, 103, 104 logged in in them. The wireless local area networks 110, 120, 130, 140 can be, for example, WLAN networks, which comprise wireless networks according to the 802. standard (e.g. 802.11 , 802.16). The devices 101 , 102, 103, 104 are electronic devices, which are applicable for at least wireless data transfer. The devices 101 , 102, 103, 104 are connected to a fixed IP network 165 via each base station 160 and from there further to external networks 115, 125, 135, 145 by means of IPSec tunnelling 170. If necessary, the external network controllers can establish a VPN tunnel (Virtual Private Network) between the device 101 , 102, 103, 104 and their own network 115, 125, 135, 145. In this description an external network refers to, for example, the IP home network of the user.
The base station 160 according to the invention has a virtual base station functionality, thanks to which the base station 160 in question has several virtual base stations. There are at least as many of these virtual base stations in the physical base station 160 as there are wireless local area networks 110, 120, 130, 140. To the outside, each
virtual base station appears to be a physical base station. With this virtual base station functionality, the base station 160 can send several network identifiers to several receivers. The existing local are network technology allows one network identifier for a base station (e.g. SSID="operatorA") as well as one base station address (e.g. BSSID=00:0E:D7:C3:38:61") for each beacon, and therefore sending several network identifiers and base station addresses according to the invention can be implemented by round robin of beacons. Thus, the base station examines the virtual base stations and compares, for example, the received network identifier to them. The examination of network identifiers and base station addresses implemented by round robin is not the only solution according to the invention, but also other solutions, by means of which the aim of the invention is reached (finding the correct virtual base station) can be used. Once the correct virtual base station is found, traffic is directed through this to the correct IPSec tunnel 170, which leads to an external network. The traffic comprises user data, but if necessary, also management data, for example the AAA traffic (Authentication, Authorization and Accounting) required during identification. Figure 1 also shows a default route 175, which is not tunnelled anywhere. This default route 175 operates if the target of the traffic cannot be determined.
In addition, the base station 160 according to the invention is arranged to route traffic on the IP level, as well as to support several network interfaces on the side of the fixed network. The base station 160 is capable of routing and it must also have other functionalities besides, e.g. L2 bridging, in which case the base station 160 can be a part of the routing IP network, and not in a direct L2 connection with the centralized access control.
The base station 160 can use the network identifier for making the routing decision, thus, if necessary, bypassing the typical routing based on sub-networks. In addition, the base station 160 must understand internet protocol (IP) and tunnels. When the base station 160 is a WLAN base station, it enables the use of WLAN-specific data as a part of the routing and configuration decision. In addition, the base station
160 is arranged to decide and manage IPSec tunnels 170. Since the base station 160 is arranged to make a routing decision based on network identifiers and to direct traffic from a local area network with a certain name, the base station 160 can - based on this - thus direct packets to different IPSec tunnels 170.
It will be obvious for a person skilled in the art that the network system described hereinabove may also comprise other functions, which improve the efficiency of the routing of traffic. Thus, the network system may comprise other systems or the network system may comprise interfaces to other systems. Therefore, the above-presented must not be interpreted as restrictive to the invention, but the embodiments of the invention may be freely varied within the scope of the inventive features presented in the claims hereinbelow.