In a conventional computer network (e.g., the Internet), computers communicate over a network infrastructure made up of interconnected nodes, such as routers and/or switches, connected by communication links such as optical fiber, copper cable, and wireless links. Typically, the topology of the network infrastructure is configured in such a way that the infrastructure contains more than one path through which data may be carried from one computer to another. The topology, for example, may include a partial mesh configuration, where a node is connected to multiple other nodes. A router in such a network, therefore, may contain a plurality of interface ports for connection to multiple neighboring routers.
Such a router typically receives data in discrete units (herein referred to as “packets,” which may include frames, cells, packets, or any other fixed- or variable-sized unit of data) at one or more of its ingress interface ports. The router examines destination address information embedded in the packets and determines the appropriate egress interface ports for outputting the respective packets, typically by performing a table lookup. To construct and update tables, routers may use dynamic routing protocols to systematically exchange information with other devices in the network to obtain a view of the network topology (this information being maintained in a routing database, such as one or more routing tables). Based on this information, the router constructs and updates a forwarding table, which associates ranges of destination addresses to respective egress interface ports.
In some cases, a router may use more than one forwarding table for forwarding packets. For example, a router carrying traffic for both a virtual private network (“VPN”) and a public network (such as the Internet) may use one forwarding table for VPN traffic and a different forwarding table for public network traffic. The router has a set of ingress and egress interface ports dedicated to carrying VPN traffic and a set of ingress and egress interface ports dedicated to carrying public traffic. The router distinguishes traffic according to which ingress interface port respective packets are received at.
Such an approach, however, does not permit the router to pass packets from the VPN to the public network and vice-versa. One approach for permitting such passing is to include static routes in the VPN forwarding table, which contain nexthops to interfaces connected to the public network. Static routes, however, do not allow dynamic updates if changes in the network occur.
Thus, there is a need for an invention that more adequately addresses problems occurring in the network.