A virtual private network (VPN) is defined as a temporary and secure connection that is established through a public network (commonly the Internet). It is a secure and steady tunnel that passes through the disordered public network. Data may be encrypted multiple times by using this tunnel, to achieve an objective of secure usage of the Internet. The virtual private network is an extension to an intranet. The virtual private network may help a remote user, a company branch, a business partner, and a supplier to establish a credible security connection to an intranet of a company and ensures the security of data transmission.
The VPN is classified into a client-based VPN and a network-based VPN according to whether it is implemented by an enterprise customer or a service provider. A client-based VPN establishes a tunnel between a customer edge node (CE) and another CE, and directly transfers routing information. Routing protocol data is always exchanged between customer devices, so that a carrier network may know nothing about the structure of a customer network. In addition, different customer address spaces may overlap with good confidentiality and security. Therefore, after the concepts of “cloud computing”/“data center” are proposed, it becomes a research hotspot to implement “cloud computing”/“data center” interconnection on the client-based VPN.
On an access network defined by the Broadband Forum, such as a TR101 digital subscriber loop access network or a passive optical access network, the “cloud computing”/“data center” interconnection is implemented on the client-based virtual private network, as shown in FIG. 1A. FIG. 1A shows a client-based virtual private network on the TR101 digital subscriber loop access network. In FIG. 1A, site 1, site 2, and site 3 belong to a same virtual private network a, and the identifier of the virtual private network is VPN1. Each site is a data center, and in each site, there are one customer edge node and several user terminals. A site accesses data center interconnect network through a customer edge node and an access node (for example, a DSLAM). The data center interconnect network includes an access node for site access and an IP edge device. An IP edge node may be a broadband remote access server (BRAS), a broadband network gateway (BNG), or the like.
Between CE nodes, the Intermediate System to Intermediate System routing protocol (IS-IS) uses a flooding mechanism to multicast routing information. A problem is that, the access network, that is, the data center interconnect network, does not support user multicast. Therefore, an IS-IS multicast packet from a CE node will be filtered by an access node, that is, CE nodes in different sites cannot exchange routing information with each other by using a routing protocol.
The preceding problem not only exists on a client-based virtual private network on which cloud computing interconnection is implemented, but also may exist on other networks.