1. Technical Field
The present invention relates to a technique of constructing a virtual private network (hereafter referred to as VPN).
2. Description of the Related Art
Various techniques have been proposed as the configurations including a large number of VPNS and interconnecting the respective VPNs.
One proposed technique uses a virtual private network (VPN) routing and forwarding table. In the description hereof, the VPN routing and forwarding table or a module equipped with the VPN routing and forwarding table is referred to as ‘VRF’. Functions actualized by the VRF are called ‘VRF functions’. A layer 3 forwarding apparatus having the VRF functions is called a ‘VRF forwarding apparatus’. The VRF forwarding apparatus has multiple VRFs with virtual forwarding functions. Each of the multiple VRFs has an individual routing table. One VRF is allocated to one VPN, and a layer 3 interface is assigned to a VRF corresponding to a VPN of a connection destination. This arrangement ensures forwarding functions of individual VPNs and enables the VRF forwarding apparatus to include multiple VPNs.
Another proposed technique allows extranet communication in the VRF forwarding apparatus by exchange of routes between VRFs in the VRF forwarding apparatus. In the description hereof, the terminology ‘extranet communication’ represents communication between different VPNs. In the specification hereof, a forwarding apparatus making internal extranet communication is referred to as an ‘inter-VRF forwarding apparatus’.
Still another proposed technique utilizes a layer 2-layer 3-integrated forwarding table. The layer 2-layer 3-integrated forwarding table is integration of a routing table with a correspondence table (ARP table) specifying a correspondence relation of a layer 3 address to a layer 2 address of an adjacent device. The conventional configuration requires two searches in the routing table and in the correspondence table for specifying a forwarding destination of a packet, while the configuration utilizing the layer 2-layer 3-integrated forwarding table requires only one search in the layer 2-layer 3-integrated forwarding table for specifying the forwarding destination of the packet. This technique accordingly aims to increase the overall processing speed and save the electric power.
The prior art forwarding apparatus in combination with the technique of the layer 2-layer 3-integrated forwarding table, however, does not allow communication by an extranet direct route. In the description hereof, the terminology ‘direct route’ represents a route using a packet destination layer 3 address as a forwarding destination layer 3 address. The ‘extranet direct route’ represents an extranet route created by the direct route.