Many businesses (e.g., customers) often employ a single service provider to handle Internet Protocol (IP) services for all of the customer networks. For example, a customer can organize and maintain multiple Virtual Private Networks (VPNs) at disparate locations around the globe with a single service provider managing services such as Internet connectivity (e.g. by way of the service provider's backbone) for all of the individual VPNs. In some cases, there will exist varying levels of security between these VPNs. Thus, all traffic between VPNs must first traverse a firewall or De-Militarization Zone (DMZ). In other cases, public access (e.g., non-secure access) can also require a firewall or DMZ before entering any of the disparate VPNs. Some customers, especially large businesses maintain a central DMZ through which all traffic must traverse before reaching any of the VPNs.
Conventionally, establishing connectivity between VPNs has been difficult, if not impossible due to loop detection checks necessarily enforced by standard Border Gateway Protocol. Thus, in some cases, BGP standards have been relaxed by various functions to mitigate this difficulty. As one example, the AS-override function can be employed, however, this function can only be employed between neighboring autonomous systems (peers). Another example is the allowAS-in function, but this function is not implemented by many service providers. In other cases, BGP can be redistributed to Interior Gateway Protocol (IGP), but this scheme is very labor intensive and inefficient.