The invention relates to a communication apparatus (virtual private network (VPN) apparatus) for providing VPN services to customers having a plurality of bases, for example, a VPN apparatus for providing Ethernet (registered trademark) LAN services by using a virtual private LAN service (VPLS).
For example, in a communication apparatus which provides Ethernet (registered trademark) LAN services (hereinafter, referred to as “E-LAN” services), an extreme standby router protocol (ESRP, registered trademark) is well-known as a technology of making an accommodation base redundant. The ESRP (registered trademark) is an Ethernet (registered trademark)/IP layer redundancy technology developed by Extreme Networks Inc.
FIG. 1 shows an outline of an operation of the ESRP (registered trademark). In an example shown in FIG. 1, a customer Ethernet (registered trademark) network 1 is accommodated in two provider edge switches (hereinafter, referred to as “PE”) 2 and 3 via two access lines A1 and A2. The PEs 2 and 3 are connected to a provider Ethernet (registered trademark) network 4. In FIG. 1, the PE 2 is in an active state (ACT) while the PE 3 is in a standby state (STBY).
The ESRP (registered trademark) is carried out between the PE 2 and the PE 3. Between the PE 2 and the PE 3 where the ESRP (registered trademark) is carried out, a special Ethernet (registered trademark) frame (hereinafter, referred to as “hello frame”) called ESRP (registered trademark) hello is forwarded. Each of the PEs 2 and 3 recognizes a state of the PE (one of active and standby states) based on setting information or failure information in the hello frame.
The PE 2 having the active state operates as a normal Ethernet (registered trademark) switch (hereinafter, referred to as “E-switch”) except for exchange of a hello frame message with the PE 3 having the standby state. Accordingly, communication can be carried out between the customer Ethernet network 1 and the provider Ethernet network 4 through the PE 2 (refer to customer traffic as shown in FIG. 1).
On the other hand, the PE 3 having the standby state discards an Ethernet (registered trademark) frame (hereinafter, referred to as “E-frame”) inputted to the PE 3 itself (refer to block of FIG. 1) except for exchange of a hello frame message with the PE 2 having the active state. Accordingly, looping of the E-frame is prevented.
As shown in FIG. 2, when a failure occurs in the PE 2 in the active state, the PE 3 in the standby state recognizes this failure through the hello frame, changes its own state from the standby state to an active state, and releases blocking the E-frame. Accordingly, a state is set where user traffic (customer traffic) passes through the PE 3 newly set in the active state.
As a method of providing the E-LAN services, a technology called a virtual private LAN service (VPLS) has been discussed with the Internet Engineering Task Force (IETF) taking the lead. Internet drafts such as “draft-ietf-12vpn-vpls-ldp-09.txt” or “draft-ietf-12vpn-vpls-bgp-08.txt” have been issued, and standardization of the VPLS has been pursued.
FIG. 3 shows an operation of the VPLS. The VPLS configures an Ethernet (registered trademark) virtual private network (VPN) (hereinafter, referred to as “E-VPN”) for customers on a provider's multi-protocol label switching (MPLS) network which functions as a VPLS network. Customers have a plurality of bases (in this example, a customer head office and customer branches), and each base is accommodated in the PE through an access line.
In the example shown in FIG. 3, PEs 6 to 8 are connected to the provider MPLS network (provider network) 5. The PE 6 accommodates three customer bases (head office, and branches #3 and #4) via individual access lines A. The PE 7 accommodates a base (branch #2) via an access line A. The PE 8 accommodates a base (branch #1) via an access line A.
The PEs 6 to 8 are connected in a full mesh shape via pseudo lines called “Pseudowire”. The Pseudowire is a technology of emulating lines such as the Ethernet (registered trademark), an asynchronous forward mode (ATM), or a frame relay (FR) in a packet network. Standardization of the Pseudowire has been pursued by the IETF, and is described in RFC 3985. The Pseudowire in the specification is, for example, a pseudo line for emulating an E-line in the MPLS network. The Pseudowire will be referred to as “pseudo line” hereinafter.
Each of the PEs 6 to 8 shown in FIG. 3 forwards an E-frame received from the access line A or the pseudo line PW by the same process as that of a normal E-switch. However, in the case of the E-frame received from the pseudo line PW, no forwarding and flooding are carried out for the other pseudo lines. Only this point is different from the normal E-switch. This is called “split horizon”
Referring to FIG. 3, the split horizon will be described. For example, the PE 7 permits forwarding of E-frames received from the branch #2 to the PE 6 and/or the PE 8. On the other hand, the PE 7 permits forwarding of E-frames received from the PE 6 to the branch #2, but not to the PE 8 (no forwarding is carried out). Further, the PE 7 permits forwarding of E-frames received from the PE 8 to the branch #2, but not to the PE 6. This split horizon prevents looping of the E-frames in the provider network 5.    [Non-Patent document 1] “Configuration Guide ESRP (registered trademark)”, [retrieved on Nov. 15, 2006], Internet <URL□http://www.extremenetworks.co.jp/technology/configure#guide/ESRP/index.htm    [Non-Patent document 2] “Virtual Private LAN Service (VPLS) Using BGP for Auto-discovery and Signaling”, Network Working Group, Internet-Draft, K. Kompella, Ed., Y. Rekhter, Ed., Juniper Networks, Jun. 21, 2006, “draft-ietf-12vpn-vpls-bgp-08.txt”    [Non-Patent document 3] “Virtual Private LAN Services Using LDP”, Internet Draft Document, L2VPN Working Group, Marc Lasserre, Vach Kompella (Editors), June 2006, “draft-ietf-12vpn-vpls-ldp-09.txt”
In the ESRP (registered trademark), only one of redundant PEs is set in an active state, thereby preventing looping of the E-frames. Thus, for example, even when two PEs accommodate one customer base by using two active lines, customer traffic always flows only to a PE in an active state. A bandwidth of an access line of a side connected to a PE in the standby state is not used before a state of the PE becomes active. Accordingly, only half of a bandwidth for the two access lines is always used.
In the VPLS, when one customer base is accommodated in a plurality of PEs by a method of not setting one of the two access lines in a standby state as in the case of the ESRP (registered trademark), the following two problems occur.
The first problem is the occurrence of looping of the E-frames. FIG. 4 shows a situation of looping of the E-frames. A case where a customer (user) tries to make a head office redundant by using two access lines A1 and A2 to improve failure resistance of a connection between the head office and an E-VPN will be assumed. In FIG. 4, the E-VPN includes a provider MPLS network 5 equipped with a plurality of PEs #1 to #4 for accommodating customer bases.
In this case, as shown in FIG. 4, looping occurs between the head office and the E-VPN. In other words, the E-frame transmitted from the head office to the PE #4 is forwarded from the PE #4 to the PE #1 through the pseudo line PW. In this case, as an access line for connecting the PE #1 to the head office is not a pseudo line, the PE #1 permits forwarding of the E-frame to the head office. As a result, the E-frame returns to the head office. When the head office transmits an E-frame to the PE #1, the E-frame returns to the head office via the PE #1 and the PE #4. Different from a loop in the provider network 5, such a loop is not eliminated in the split horizon which inhibits forwarding from one pseudo line to another.
The second problem is a possibility of double arrival from another base. FIG. 5 shows double arrival of E-frames. In FIG. 5, in the network configuration shown in FIG. 4, a terminal (not shown) in a branch #1 as one of a plurality of bases transmits an E-frame to a terminal (not shown) in the head office.
Further, in FIG. 5, it is presumed that the E-VPN has not learned a forwarding destination regarding a destination node (terminal in the head office) of the E-frame. When a destination of an E-frame received by the PE #3 and directed to the head office is yet to be learned, the PE #3 executes flooding for all the pseudo lines (PW 1, PW2 and PW3 in FIG. 5). Accordingly, the PE #1 and PE #4 receive the E-frame. Then, the PE #1 executes flooding for all the access lines A1 and A3 including the head office. The PE #4 executes flooding for the access lines A2 and A4. Thus, the head office doubly receives the E-frame sent from the branch #1 through the access lines A1 and A2.