A LAN is a high-speed network (typically 10 to 1000 Mbps) that supports many computers connected over a limited distance (e.g., under a few hundred meters). Typically, a LAN spans a single building. U.S. Pat. No. 6,757,286 provides a general description of a LAN segment. A Virtual Local Area Network (VLAN) is mechanism by which a group of devices on one or more LANs that are configured using management software so that they can communicate as if they were attached to the same LAN, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
The IEEE 802.1Q specification defines a standard for Virtual LAN and its associated Ethernet frame format. Broadcast and multicast frames are typically constrained by VLAN boundaries such that only devices whose ports are members of the same VLAN see those frames. Since 802.1Q VLANs commonly span many switches across different LAN segments, sharing of Virtual LANs by a common set of infrastructure switches is achieved by inserting a VLAN tag into the Ethernet frame. For example, according to the existing standard, a VLAN tag with 12-bit VLAN identifier (VLAN ID) is inserted into an Ethernet frame. This VLAN ID may be used to specify the broadcast domain and to identify the customer associated with a particular VLAN. The customer identifier is frequently referred to as the service instance domain since it identifies the service provided for a particular customer. In a typical service provider (SP) metropolitan area network (MAN) the broadcast domain constrains the scope of traffic among network devices such that data packets are not multicast to all devices connected to the network. A system and method for efficiently distributing multicast messages within computer networks configured to have one or more VLAN domains is disclosed in U.S. Pat. No. 6,839,348.
A Virtual Private Network (VPN) enables IP traffic (the Internet is basically a conglomeration of WANs) to travel securely over a public Transmission Control Protocol (TCP)/IP network by encrypting all traffic from one network to another. A VPN uses “tunneling” to encrypt all information at the IP level. In a Layer 3 IP VPN, customer sites are connected via IP routers (e.g., provider edge (PE) devices and nodes) that can communicate privately over a shared backbone as if they are using their own private network. Multi-protocol label switching (MPLS) Border Gateway Protocol (BGP) networks are one type of L3VPN solution. An example of an IP-based Virtual Private Network is disclosed in U.S. Pat. No. 6,693,878. U.S. Pat. No. 6,665,273 describes a MPLS system within a network device for traffic engineering.
One problem associated with existing IEEE 802.1 specifications is that the 12-bit VLAN ID can only support a combined total of up to 4,094 broadcast domains and service instance domains. The 4K VLAN ID space thus limits the number of VLANs or VPNs that can be handled, and is inadequate for operations over a SP MAN/WAN network. A proposed solution to the scalability problem imposed by the 4K VLAN ID space limitation is described in U.S. Patent Application Publication 2004/0165600.
Virtual Private LAN Service (VPLS) has recently emerged to meet the need to connect geographically dispersed locations with a protocol-transparent, any-to-any connectivity service. VPLS is an architecture that delivers Layer 2 service that in all respects emulates an Ethernet LAN across a WAN and inherits the scaling characteristics of a LAN. All sites in a VPLS instance appear to be on the same LAN, regardless of location. In other words, with VPLS, customers can communicate as if they were connected via a private Ethernet LAN segment. Basically, VPLS offers a MPLS-based approach with multipoint connectivity for L2 services, i.e., multipoint Ethernet LAN services, often referred to as Transparent LAN Service (TLS). VPLS thus supports the connection of multiple sites in a single broadcast domain over a managed IP/MPLS network. Since a VPLS is normally provided over a service provider MAN/WAN network, it therefore needs to scale to accommodate a very large number of VPNs (e.g., a large number of customers, numerous services for each customer, and a large number of customer sites).
Conceptually, VPLS can be thought of as an emulated Ethernet LAN network with each Virtual Switch Instance (VSI) being analogous to a virtual Ethernet switch. Current VPLS models are described in the Internet Engineering Task Force (IETF) working group (WG) documents draft-ietf-l2vpn-vpls-ldp-03.txt and draft-ietf-l2vpn-vpls-bpg-02.txt, which are herein incorporated by reference. These documents address the aforementioned scalability problem in terms of the number of VPNs that can be supported. These VPLS models, however, create additional problems in terms of Operations and Management (OAM) maintainability and scalability because of the very large number of pseudowire (PW) meshes required.
In the VPLS model described in the IETF draft-ietf-l2vpn-vpls-ldp-03.txt, a VPLS instance has a filtering database for supporting its own MAC address domain, and uses a set of PWs per service instance for defining the broadcast domain of the L2 VPN. It also uses split horizon mechanism on each set of PWs to prevent loops in the MPLS/IP network. Since the current model uses a set of PWs per L2 VPN, the number of PWs that need to be supported per PE can be very large, i.e., on the order of 100K or 1M (e.g., 10K L2 VPNs with 10-100 sites per VPN). Considering existing requirements for partial mesh detection and timing constraints, it is extremely difficult to run a fast failure detection mechanism on a per PW basis for such a large number of PWs and exchange state information among PEs for partial mesh detection.
Thus, what is needed is a new VPLS architectural model that reduces the number of PWs in the network while maintaining scalability and support for a large number of VPNs as well as OAM.