1. Field of the Invention
The present invention relates to communication networks and, more particularly, to a method and apparatus for obtaining routing information on demand in a virtual private network.
2. Description of the Related Art
Data communication networks may include various computers, servers, nodes, routers, switches, hubs, proxies, and other devices coupled to and configured to pass data to one another. These devices will be referred to herein as “network elements.” Data is communicated through the data communication network by passing protocol data units, such as packets, frames, cells, or segments, between the network elements by utilizing one or more communication links. A particular packet may be handled by multiple network elements and cross multiple communication links as it travels between its source and its destination over the network. The communication links may be wireless links, metal wired links, optical links, or formed using other communication technologies.
The various network elements on the communication network communicate with each other using predefined sets of rules, referred to herein as protocols. Different protocols are used to govern different aspects of the communication, such as how signals should be formed for transmission between network elements, various aspects of what the protocol data units should look like, and how the protocol data units should be handled or routed through the network by the network elements.
A Virtual Private Network (VPN) may be formed to connect two or more networks or network elements over a private or public network. A VPN may be formed using encryption, which protects the data from being viewed if intercepted by an unintended third party, or using encapsulation which protects the data by putting the data on a special path through the network that is unavailable to unintended third parties. One common encapsulation method is to attach a unique label that may be used to place the traffic on a label switched path formed on a Multiprotocol Label Switching (MPLS) network.
Using VPN tunnels to transport traffic enables geographically separated network elements to communicate securely over an otherwise insecure environment without requiring the network participants to lease dedicated lines through the network. As used herein, the term “autonomous network” will be used to refer to a network or group of networks under a common administration and with common routing policies. The term “VPN site” will be used to refer to a network or portion of a network that is to be connected to a VPN tunnel. VPN sites situated on opposite ends of a VPN tunnel may be autonomous networks, parts of different autonomous networks, or parts of the same autonomous network.
The network connectivity service provider, such as an Internet service provider (ISP), may provide services to facilitate establishment of VPN tunnels over the network. For example, the connectivity provider may configure the customer edge network elements in such a way that the customers may transparently run routing protocols to configure static routes through the VPN tunnels. Additionally, the ISP may manage distribution of inter-site reachability information and take other actions to establish the VPN network for the subscriber.
Routing within an autonomous network (intra-site reachability information) is typically handled by the VPN customer. An autonomous network, such as may be used by a university or corporation, will generally employ an interior gateway protocol such as RIP (Routing Information Protocol), OSPF (Open Shortest Path First), or Interior Border Gateway Protocol (IBGP) to exchange routing information between network elements within the network attached to the site.
To enable devices on one VPN site to communicate with devices on another VPN site via the VPN tunnel, it is necessary to exchange routing information between the two VPN sites. Likewise, as network elements are added and removed from the networks, or as problems are encountered and fixed in the networks, the routing tables need to be updated and advertised to the other participating sites in the VPN. This may be accomplished in a variety of ways, such as by running OSPF or RIP through the tunnel. Another way this may be accomplished is to treat each VPN site as an autonomous network, and to exchange routing information between the VPN sites using a protocol designed to exchange routing information between autonomous networks, such as Border Gateway Protocol (BGP).
In a meshed VPN architecture topography, each VPN site may be allowed to communicate directly with multiple other VPN sites. In this topography, each site needs to be aware of and maintain n−1 routing adjacencies, which does not scale well and causes configuration problems. Additionally, requiring each VPN site to maintain routing information received from each of the other VPN sites may cause the routing tables at each of the sites to grow excessively large. While some of the network elements may be capable of storing large numbers of routes in their routing tables, other network elements at other smaller VPN sites may be capable of only storing hundreds or thousands of routing table entries. For example, a bank may have a central office and thousands of branch offices. While the main office may have a rather large gateway with a large memory that is able to store many routes, some of the branch offices may have much small gateway capable of storing a limited number of routes in their routing tables.
In this and other instances, requiring the VPN sites to maintain adjacencies with all other cites in the VPN and exchange routing information prevents the size of the VPN network from scaling. Accordingly, although meshed VPN architectures may be preferred in particular instances, such topographies may be eschewed for other VPN architectures, such as hub and spoke architectures, due to limitations associated with particular VPN sites.