Generally, the VPN network includes a Customer Edge (CE) device, a Provider Edge (PE) device, and a Provider (P) device which is an internal device in the network. The CE device is a customer edge node and is an egress/ingress of VPN user ends on the same site. The PE device is an edge node of the transport network and functions as an edge device responsible for providing users with VPN services in the transport network. One PE device is connected to at least one CE device and is at least connected to another transport network device. In other words, the PE device is connected with P device. The P device is an internal transport device in the transport network and is connected with other transport network devices in the transport network. However, the P device does not directly connect to the CE device.
One solution of the prior art is as follows.
The VPN service is generally implemented by a Network Management System (NMS). As shown in FIG. 1, the NMS implements the VPN configuration and the establishment of the user VPN connection service. Specifically, the solution includes the following steps.
1. VPN information, including VPN member information and VPN policy information, is manually configured in the NMS.
2. When a user needs to establish a VPN connection, the user sends a VPN connection request message to the NMS.
3. The NMS performs a verification on the request from the user according to the VPN information preconfigured, and establishes the network connection when the verification is passed.
Another solution of the prior art is as follows.
An auto-detection for VPN member is implemented and the VPN service is provided via Border Gateway Protocol (BGP). In combination with the auto-detection for VPN member as described in BGP, the VPN connection service is provided by the network through the following processes.
1. The VPN member information is configured on the PE device and the VPN member is identified with <CPI PPI>. The CPI is the port ID of the access network device on the CE device and the PPI is the port ID of the port connecting with the CE device on the PE device.
2. The PE device interacts with other PE devices in VPN via BGP after configuring the VPN member information. Thus, a VPN member information table PIT is configured on all PE devices in the VPN through the auto-detection mechanism for VPN member.
3. When a CE device needs to communicate with other VPN members, a PE device performs a verification on a VPN communication request from the CE device, according to the VPN member information table PIT. After the verification is passed, the VPN connection is established.
In the above solutions, both the VPN member information and the VPN policy information are configured manually on the NMS or the PE device by an administrator. When the VPN member changes dynamically, the VPN network configuration information needs to be added, deleted, or modified; thus, a large time delay is caused and the management mode is not flexible.