1. Field of the Invention
The present invention relates to the field of networking and more specifically to virtual overlay networks (VONs) and virtual private networks (VPNs).
2. Description of the Related Art
Virtual private networks (VPNs) allow users to appear to be on the same private network although there may be many (usually public) networks in between the users. FIG. 1A illustrates the logical appearance to users of a virtual private network. FIG. 1B illustrates a high level view of the actual network configuration.
Packets destined from one user (say in Chicago in the illustration of FIG. 1B) to another user (say in Boston in the illustration of FIG. 1B) may be transmitted through an internet service provider (ISP) which supports VPNs. Each site connected to the ISP network advertises to the ISP a set of destinations reachable within the site. The ISP then redistributes this information to all other sites in the set of sites which form the VPN. This process is further described in Heinanen, et al., VPN support with MPLS, Internet Draft, March 1998.
Since the ISP may support multiple VPNs, and since these VPNs may use private address spaces (and, thus the addresses spaces may be non-unique), the routing system within the ISP needs to be able to unambiguously differentiate reachability information (i.e., private address space information) for the various VPNs. Heinanen, et al describes that this may be accomplished by having the ISP assign each VPN its own VPN identifier (VPN-ID) and having the routing system use a combination of the VPN-ID and the reachability information provided by the sites for routing. In such a system, a single routing system may support multiple VPNs whose address spaces overlap with each other.
FIG. 2 illustrates an exemplary prior art routing system using VPN-IDs and reachability information provided by the sites for routing. As illustrated by FIG. 2, a packet to be routed may include a virtual private network identifier (VPN-ID) 201, reachability information (e.g., private addressing information) 202, an internet protocol (IP) header 203 and payload information 204. A single route table 206 is maintained and is indexed by the combination of the VPN-ID 201 and the reachability information 202.
As is shown in FIG. 2, prior art solutions provide a flat address routing space by simply combining the VPN-ID with the reachability information provided by the sites.
It would be useful to provide more fine-grained control over the routed topology for individual VPNs.