There is increasing use in the data communications field of so-called “layer 2 virtual private networks” or L2-VPNs. Generally speaking, an L2-VPN is an emulated private local-area network (LAN) defined over a (usually non-private) wide-area network. The wide-area network may utilize a collection of technologies, including optical transmission technologies such as Synchronous Optical Networking (SONET), internetworking technologies such as the Internet Protocol (IP) and related protocols, and multi-protocol label switching (MPLS), which is a wide-area switching technology. L2-VPNs provide the benefits of private LANs, which include security and private administration, along with certain benefits of the Internet, which include widespread access and the existence of service providers. Organizations can create and operate far-flung private networks while outsourcing the long-haul infrastructure.
There are two predominant types of L2-VPNs. A virtual private wire service (VPWS) VPN consists of a mesh of point-to-point connections, and may be a particularly desirable service for customers whose networks are based on Asynchronous Transfer Mode (ATM) or Frame Relay techniques. A virtual private LAN service (VPLS) VPN resembles a network of layer-2 bridges having a point-to-multipoint configuration, and is particularly compatible with existing Ethernet technology. In either case, the VPN connections are carried via virtual connections (referred to as “pseudowires”) that tunnel through the wide-area network. Certain specifications for VPWS and VPLS created under the auspices of the Internet Engineering Task Force (IETF) include the following:                1. Draft-ietf-12vpn-signaling-02.txt, entitled “Provisioning Models and Endpoint Identifiers in L2VPN Signaling,” by Rosen et al., published September 2004, which describes mechanisms for establishing L2VPNs using Border Gateway Protocol (BGP)-based auto-discovery and the Label Distribution Protocol (LDP) or Layer-2 Tunneling Protocol (L2TP) for signaling.        2. Draft-martini-pwe3-pw-switching-01.txt, entitled “Pseudo Wire Switching,” by Martini et al., which describes how to splice or stitch pseudowire (PW) segments together to create longer PW segments for carrying layer-2 traffic.        3. Draft-kompella-ppvpn-12vpn-02.txt, entitled “Layer 2 VPNs Over Tunnels,” by Kompella et al., which describes L2VPNs using BGP for both signaling and discovery.        4. Draft-ietf-12vpn-vpls-bgp-05.txt, which updates the above        
L2-VPNs are established in part through provisioning, which is performed by a network administrator, and in part through discovery and connection signaling processes that are performed automatically. For each VPN, logical entities called “forwarders” are created within edge routers of a service provider network. Each forwarder is coupled to one or more customer equipment (CE) devices (such as routers) that provide the connections to local customer network segments. The provider edge (PE) routers are configured with so-called network layer reachability information (NLRI) that identifies the forwarders and the L2-VPNs that they belong to. A routing protocol such as Border Gateway Protocol (BGP) is utilized to distribute NLRI among the PE routers. The PE routers then signal among themselves to establish respective sets of layer-2 connections for the VPNs through the wide-area network. These connections are then utilized to carry layer-2 data packets among sets of attached CE devices.
In addition to the above-listed documents, the following IETF document is also pertinent to the discovery and/or signaling processes in establishing L2-VPNs:                Draft-ietf-13vpn-bgpvpn-auto-04.txt, entitled “Using BGP as an Auto-Discovery Mechanism for Layer-3 and Layer-2 VPNs,” by Ould-Brahim et al., published May 2004.        
L2-VPNs may span multiple domains that may each constitute a separate “Autonomous System” (AS). An AS (also referred to as a “routing domain”), is the unit of router policy in the Internet—either a single network or a group of networks that is controlled by a single administrative entity (such as a university or business enterprise). In most cases, long-haul networks of different service providers constitute different ASes. It is necessary that the membership information for such VPNs be communicated across AS boundaries, and that the PE-to-PE connections also reach across AS boundaries.
An IETF draft draft-hmlu-12vpn-bgp-discovery-01.txt, entitled “BGP-Based Auto-Discovery for L2VPNs”, by Unbehagen et al. and published October 2004, describes a technique for inter-AS auto-discovery in VPWS services specifically. Multiple single-hop pseudowires (PWs) are stitched together to make end-to-end, multiple-hop PWs between pairs of PEs. AS border routers (ASBRs) that provide the interfaces between different ASes operate in either a proxy mode or a transparent mode. In the proxy mode, an ASBR substitutes its address into BGP advertisements that carry VPN forwarder information. PE routers in each AS need establish PWs to only the ASBRs within the same AS, and the ASBRs automatically extend the PWs to adjacent ASBRs of other ASes. In the transparent mode, the ASBRs pass the forwarder information to adjacent ASBRs of other ASes transparently, and also add inter-AS reachability information to enable the PEs in different ASes to establish signaling connections and pseudowires with each other.
A technique for distributing VPN routing information across ASes in the context of Layer-3 VPNs is described in Internet Draft draft-ietf-13vpn-rfc2547bis-03.txt, entitled “BGP/MPLS IP VPNs,” by Rosen et al. and published October 2004. Two specific techniques involve the use of external BGP (EBGP) to distribute labeled VPN-IPv4 routes among ASes. In one case, the ASBRs are provided with the labeled VPN-IPv4 routes and provide them to adjacent ASBRs in other ASes, which in turn distribute them to the PE routers of those ASes. In another case, the ASBRs do not maintain the VPN-IPv4 routes, but rather are utilized to carry multi-hop EBGP connections among the PEs of different ASes. The PEs then signal among themselves to exchange the VPN-IPv4 routes.